📌 AWS Availability Zones (AZ)
- Each region has many availability zones (usually 3, min is 2, max is 6)
- Example:
- AWS Region - Sydney: ap-southeast-2
- ap-southeast-2a
- ap-southeast-2b
- ap-southeast-2c
- Each AZ is one or more discrete data centers with redundant power, networking, and connectivity.
- They're separate from each other, so that they're isolated from disasters.
- Even though they're isolated from each other, they're connected with high bandwidth, ultra-low latency networking.
📌 Identity and Access Management (IAM)
- Your whole AWS security is there
- Root account should never be used (and shared).
- Users must be created with proper permissions.
- IAM is at the center of AWS.
- Policies are written in JSON.
Visualize IAM at a high level
- Users - Usually a physical person.
- Groups - Contains users. Apply users permissions and users will inherit these permissions.
- Functions (admins, devops, ...)
- Teams (engineering, design, ...)
- Roles - Internal usage within AWS resources and services.
- Policies (JSON Documents)
- Defines what each of the above can and cannot do.