Back to course
Week 01

key terms

Week 1 – Key Terms

Glossary

TermDefinition
Access Control Lists (ACLs)A policy type used to control which principals can access a resource, notable for being the only policy type that does not use a JSON document structure.
Access KeysSecurity credentials that provide programmatic access to AWS services, typically used with the AWS CLI, APIs, and SDKs.
Amazon Elastic Compute Cloud (Amazon EC2)A service that provides scalable and optimizable virtual computing environments in the cloud.
Amazon Machine Images (AMIs)Images of server operating systems that can be reused to launch new Amazon EC2 instances.
Amazon Virtual Private Cloud (Amazon VPC)A service used to configure logically isolated virtual networks with configurable IP ranges, routing, gateways, and security settings.
AWS Command Line Interface (AWS CLI)A tool available for Linux, Windows, and Mac used to automate infrastructure creation and expedite administrative tasks via scripts.
AWS Identity and Access Management (IAM)A central service that helps securely control authentication (who can use resources) and authorization (what resources they can use) for users and programs.
Identity FederationA tool that allows users to use single sign-on (SSO) to access AWS accounts using credentials from a corporate directory.
Identity-Based PoliciesJSON policy documents that allow users to attach managed and inline policies to IAM identities, such as users, groups, and roles.
JSON (JavaScript Object Notation)The default output data format for the AWS CLI; a de facto standard for data formatting that is human-readable and easily parsed by machines.
Multi-Factor Authentication (MFA)An extra layer of security that requires a secondary authentication code, recommended for the root account and IAM users.
Resource-Based PoliciesJSON policy documents attached directly to resources to provide granular access control over specific objects within an AWS service.
Service Control Policies (SCPs)Policies that apply permissions boundaries to AWS Organizations or organizational units (OUs).
Software Development Kits (SDKs)Packages provided by AWS that enable access to AWS services using popular programming languages like Python, Ruby, .NET, or Java.
Systems OperationsThe responsibilities and tasks required to build, test, deploy, monitor, maintain, and safeguard complex computing systems.

Important Concepts

  • Systems Operations and Automation: Systems operations replaces manual infrastructure building with scripts and templates (such as AWS CloudFormation) to ensure deployments are automated, repeatable, and well-tested.
  • IAM Policy Evaluation: When AWS evaluates requests, policies authenticate the principal and process request contexts before allowing or denying the action. Importantly, an explicit DENY in any policy will always override an ALLOW.
  • Security Credentials: AWS requires different credentials based on the context of access; root credentials use an email and password, the AWS Management Console requires an IAM user name and password, and programmatic tools like the AWS CLI require an access key ID and secret access key.
  • Filtering CLI Outputs: When using the AWS CLI, the --filter option restricts the result set on the server side, while the --query option limits the specific fields displayed on the client side.

Quick Revision

  • Systems operations — Building, testing, deploying, monitoring, maintaining, and safeguarding computing systems.
  • Automation — Using scripts, programs, or templates for repeatable infrastructure deployment.
  • Amazon VPC — Logically isolated virtual network environments.
  • Amazon EC2 — Scalable virtual computing environments.
  • AMIs — Server images used to launch virtual instances.
  • AWS IAM — Centralized service for managing access, authentication, and authorization.
  • Identity federation — Using single sign-on (SSO) with corporate credentials to access AWS.
  • Access keys — Credentials specifically used for programmatic access via CLI or SDKs.
  • MFA — An extra layer of security recommended for root and IAM accounts.
  • AWS CLI — Command-line tool to automate and expedite AWS administration.

Other materials this week

summary