HackMD - Collaborative Markdown Knowledge Base

<h1 style='border: none'><center>Parallel and Distributed Systems Lab 2</center></h1> <h2 style='border: none'><center>Amazon Web Service(AWS)<br>Regions & IAM</center></h2> <h5><center>The Islamic University of Gaza<br>Engineering Faculty<br>Department of Computer Engineering</center></h5> <h6>Authors: Usama R. Al Zayan<span style="float:right">2022/09/12</span></h6> --- ## AWS Regions: * AWS has Regions all around the world * Names can be us-east-1, eu-west-3… * A region is a cluster of data centers * Most AWS services are region-scoped <center> ![](https://i.imgur.com/zcqf9hy.png =300x) Figure 1: Change service region </center> ### AWS Global Infrastructure: The AWS Cloud spans 87 Availability Zones within 27 geographic regions around the world, with announced plans for 21 more Availability Zones and 7 more AWS Regions in Australia, Canada, India, Israel, New Zealand, Spain, and Switzerland. [Available region](https://aws.amazon.com/about-aws/global-infrastructure/) <center> ![](https://i.imgur.com/S4u6ekF.png) Figure 2: Available region </center> ### How to choose an AWS Region? * **Compliance** with data governance and legal requirements: data never leaves a region without your explicit permission * **Proximity** to customers: reduced latency * **Available** services within a Region: new services and new features aren’t available in every Region * **Pricing**: pricing varies region to region and is transparent in the service pricing page ## IAM: Users & Groups * IAM = Identity and Access Management, Global service * Root account created by default, shouldn’t be used or shared * Users are people within your organization, and can be grouped * Groups only contain users, not other groups * Users don’t have to belong to a group, and user can belong to multiple groups ### IAM: Permissions * Users or Groups can be assigned JSON documents called policies * These policies define the permissions of the users * In AWS you apply the least privilege principle: don’t give more permissions than a user needs <center> ![](https://i.imgur.com/CGQ0mPV.png) Figure 3: Permissions as JSON </center> ### IAM Policies Structure * Consists of: • **Version**: policy language version, always include “2012-10-17” • **Id**: an identifier for the policy (optional) • **Statement**: one or more individual statements (required) * Statements consists of: • **Sid**: an identifier for the statement (optional) • **Effect**: whether the statement allows or denies access (Allow, Deny) • **Principal**: account/user/role to which this policy applied to • **Action**: list of actions this policy allows or denies • **Resource**: list of resources to which the actions applied to • **Condition**: conditions for when this policy is in effect (optional) ## Create IAM (New User) 1. In IAM Service page, Users section click Add User. ![](https://i.imgur.com/rBtmMCz.png) 2. Set Permission to the Uesr. ![](https://i.imgur.com/nDtEobW.png) 3. Review the details and finish. ![](https://i.imgur.com/UgNezcQ.png) 4. You have created a new user, you can download the new user's credentials by pressing the Download.csv button or send email. ![](https://i.imgur.com/O2dFZY0.png) 5. The new user can login as IMA user. <center> ![](https://i.imgur.com/D6bcDdN.png =500x) </center> 6. As you can see you can see which account you are logged in with at the top right of the screen. <center> ![](https://i.imgur.com/r1YhKp1.png) </center> ## How can users access AWS ? * To access AWS, you have three options: • AWS Management Console (protected by password + MFA) • AWS Command Line Interface (CLI): protected by access keys • AWS Software Developer Kit (SDK) - for code: protected by access keys * Access Keys are generated through the AWS Console * Users manage their own access keys * Access Keys are secret, just like a password. Don’t share them * Access Key ID ~= username * Secret Access Key ~= password ## Install AWS CLI (Command-line interface): **AWS CLI**: A tool that enables you to interact with AWS services using commands in your command-line shell, it's give you a direct access to the public APIs of AWS services, and develop scripts to manage your resources. It’s open-source [GitHub](https://github.com/aws/aws-cli), it's alternative to using AWS Management Console. You can download AWS CLI from [here](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). ###### tags: `Parallel and Distributed Systems` `Cloud computing` `IUG` `Computer Engineering` <center>End Of Lab 1</center>