Yeah, boys, welcome back, kid.Thank you for joining me again as we get to see a large picture. In this segment, we're going to talk about your AWS Cloud Pie, so let's get started. And as I began working on this tutorial, the old TV show jumped in my mind again, I'm definitely revealing my age a little bit, but there was a Television series that had a theme song that meant we actually got a slice of it. So this is about how you get your piece of the AWS cloud pie. So previously we talked about AWS and the makeup of AWS cloud. So as a customer, you get a slice or a piece of the AWS cloud pie.
Let's have a peek at what the cloud component looks like. And as we speak about AWS Cloud, note that we were thinking about AWS being regional and the AWS cloud being made up of several regions. Such areas have been in different places around the globe. And we saw it right here in the AWS window, where we looked at this
drop-down chart, and we saw a number of various regions where we could bring AWS tools. Well, your piece of the AWS cloud is called a virtual private cloud. So within the AWS environment, you create a VPC or virtual private cloud, where your AWS resources are located.
Your AWS services will now be in one or more Availability Zones inside your VPC. So when we deploy a virtual server that we call an EC2 case, we're placing it within a
VPC and it's going to live in a data centre that sits in one of these Availability Zones. So when you assign resources, you pick the Availability Zone in which you want the resources to be deployed.
But for this article, I mostly want you to realise that the AWS Cloud is again made up of regions and Availability Zones. How your portion of the AWS cloud is a VPC and how you place your money in that VPC so you may have several VPCs in your account. You may provide VPCs in the same area as the Availability Sector.Or you might have VPCs
in various regions of specific histories.
We're going to continue with the next section, section four, which is identity and access management. In this segment, we're thinking about handling members, classes, and functions. And our first tutorial is an summary of identification security and access control. Our subjects in this tutorial should include an outline of IAM, IAM best practises
And let's just go ahead and get right there. So, what's the IAM? IAM stands for information protection and control protection. It's the AWS software you use
to monitor user profiles and classes. In addition to handling usages and classes, certain other items you may do for IAM include controlling access policies that you extend to the users and classes, positions, account passwords, security policy, multi-factor authentication.
And we're going to talk about these as we go through this lesson. So when you first create your AWS account, there is a default account that's created called the root user account. That account has full rights to everything within your AWS account. It has the ability to manage users, access billing information. Essentially, anything that can be done in the or AWS account can be done by the root user account. So when you create your AWS account, the root user account gets full access to anything and everything within your AWS account.
Any existing or modified user accounts that you build would be generated without exposure to any of the AWS tools. The only privileges that the user would get is the freedom to sign in. And you have to grant certain access privileges that you like the user account to have. That is because AWS relies under something called the least privilege concept, which ensures that we only give users access rights to a minimal.
As an example, if someone needs to manage EC2 instances, which are virtual servers, but they don't need to do anything else or manage any other services we would not grant them access to, say, identity and access management, where they could potentially modify someone's user account.
By assigning the least possible amount of access permissions, we're creating the most possible secure environment for our AWS account. So in order for a user to have access to an AWS service, you must assign permissions to that user account and assigning those permissions is done using IAM. So let's go ahead and take a further look at IAM. So there's something called best practices, best practices are guidelines that recommend settings, configuration, and architecture for maintaining the highest level possible of security, accessibility, and efficiency.
So, basically a best practice is guidelines that tell you here's the recommended configuration for your environment to achieve a particular architecture or configuration that is secure, that is efficient as possible but still gives you the most use of the service to accomplish your goals. Now, when you create a new AWS account, your root account has several best practices that should be applied to that account. So let's go ahead and jump into IAM so I'm going to go here and search for IAM. You're taken to the IAM dashboard.
Now, there are a few things on this dashboard, one there's a customized link here, and when you create additional IAM user accounts, you provide them with this link to log in to the AWS console. This link, the first part of it, is the account number that's associated with your account. IAM users are unique only to your organization. So you have to have a customized login link that directs them to your specific account. And I'll show you a little bit later on what that customized login page looks like. Below that you have IAM resources.
So mine could look different from yours, since this is my current AWS account. And you'll find that there are definitely certain variations in what you see in my account versus what you see in your own personal account. But below the protection level, you'll find that there are a few specific items here. Another is to disable
the user access buttons. And you may find that this one already has a green one.
If for some reason, yours doesn't. If you were to click this dropdown link, there's a link here that will take you to the page where you can manage your root access keys and delete them. Again, it's best that you use an IAM user account and not your root account to log in and manage services. So as a result, you should not have root access keys.
If for whatever excuse, it's not yours. If you press this drop-down button, there is a connexion here that will take you to the page where you can handle your root access keys and uninstall them. Again, it's safer to use your IAM user account and not your root account to sign in and access services.
As a rule, you're not allowed to have root access buttons. Then we assign those uses to groups to assign permissions and then, finally, our IAM password policy. So we're going to go through these kind of step by step. But that's an overview of what we're going to talk about as we continue to go through this lesson. So we're going to go ahead and pause right here because this topic is somewhat long. And in the next video, we're going to go ahead and continue on with our overview of identity and access management. Thanks for watching. I'll see you in the next video.