AWS - Other Flashcards Preview

SA-13-Additional Exam Tips > AWS - Other > Flashcards

Flashcards in AWS - Other Deck (29):

General Best Practices

  1. Always enable multi-factor authentication on root account
  2. Always use strong / complex password on root account
  3. Paying account should be used for billing purposes only. Do not deploy resources into a paying account


Linked Accounts

Linked accounts: default limit is 20


Linked Accounts - Billing Alerts

  1. When monitoring is enabled on the paying account, the billing data for all linked accounts is included
  2. You can still have billing alerts on individual account


Linked Accounts - Cloud Trail 

  1. Per AWS Account and is enabled on a per region basis
  2. Can consolidate logs using an S3 bucket
    1. Process consolidation:
      1. Turn on CloudTrail on paying account
      2. Create a bucket policy that allows cross account access
      3. Turn on CloudTrail in the other accounts, and use the bucket in the paying account


Exam Tips: Linked Accounts 

  1. Consolidated billing allows you to get volume discounts on all your accounts
  2. Unused reserved instance for EC2 are applied across the group
  3. CloudTrail is on a per account and per region basis, but can be aggregated into a single bucket in the paying account


What is Cross Account Access?

  1. Helps with managing a multi-account AWS environment by allowing you to switch roles with the AWS management console
  2. Sign-on once to AWS Console with IAM, then switch the console to manage another account without the need to re-login


Exam Tips: Cross Account Access

  1. Steps to set this up
    1. Login - Development Account
      1. Identify our account numbers
      2. Create a group in IAM - DEV
      3. Create User in IAM - DEV
    2. Login - Production
      1. Create the “read-write-app-bucket” policy
      2. Create the “UpdateApp” cross account role
      3. Apply the newly created policy to the role
    3. Login - Development Account
      1. Create a new inline policy
      2. Apply it to the developer group
  2. Login - John
    1. Switch Roles


Resource Groups & Tagging 


What are Tags?

  1. Key value pairs attached to AWS resources
  2. Metadata (data about data)
  3. Tags can be inherited
    1. Autoscaling, CloudFormation, Elastic Beanstak can create resources


Resource Groups & Tagging 


What are Resource Groups?

  1. Make it easy to group resources by their tags
  2. You can group resources that share one or more tags
  3. Resource groups contain:
    1. Region
    2. Name
    3. Health Checks
    4. Specific Information based on resource type


Exam Tips - Active Directory Integration

  1. You can authenticate with Active Directory using SAML
  2. You authenticate against Active Directory FIRST then you are assigned the temporary security credential


What is Workspaces?

  1. It is a cloud based replacement for traditional desktops (compute, storage, applications)
  2. You can connect to a Workspace from any supported device using a free Amazon WorkSpaces client application and credentials (supports Active Directory integration) (does not require an IAM account)


Workspaces Facts

  1. Windows 7 Experience (??) provided by Windows Server 2008 R2 (??)
  2. By default have local administrator access in the Workspaces
  3. Workspaces are persistent
  4. All data on D:\ is backed up every 12 hours
  5. You do not need an AWS account to login to workspaces