Always enable MFA for the "root" user account.
== AWS Identity and Access Management ==
Identity and Access Management (IAM) '''Identity Center''' (formerly called Single Sign-on) is an [[:en:OpenID#OpenID_Connect_(OIDC)|OIDC-capable]] authentication service similar to Microsoft Active Directory. It is enabled by default for a single account (with minor restrictions). For enterprises, setup your organization first, then enable IC. Using IC, an enterprise can leverage their per-existing (Microsoft Azure Active Directory) Identity and Access Control infrastructure in a federated way. [https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html Security Best Practices in IAM] Of course, IAM IC is available for use in your [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html CloudFormation templates]
== EC2 ==Amazon's original 'compute' service, Elastic Compute Cloud or [https://aws.amazon.com/ec2/ EC2] offers Virtual Machines (VMs); and now also offers containerized (e.g. [[Docker]]) and serverless (e.g. Fargate) options in addition to traditional [[Virtualization|Virtual Machines]]. A large aspect of the complexity of AWS can be attributed to the sheer number and variations of EC2 Instance types and sizes. It is every bit as complex as choosing hardware from a traditional hardware vendor. There are multiple purchase models. If you thought that "buy or lease" was a tough comparison for buying a car, wait 'til you see all the purchase models for AWS. For pricing assistance, there are various AWS services that analyze your spend<ref>A bill so complicated, that you need to pay to figure it out.. using Artificial Intelligence</ref> There is the [https://calculator.aws/#/addService pricing calculator] "Free" is listed everywhere, but realistically there is nothing that you can do on a t2.micro (free) instance (unless you're trying to create a "Raspberry Pi in the sky"). To launch a true minimal Linux host, with 8GB of RAM, you're looking at $65 dollars/month PLUS storage costs (S3 + EBS) whereas you can get the same at Digital Ocean for around $30/month. == Containers == == ECS ==[[Docker]] offerings at AWS == EKS ==[[Kubernetes]] offerings at AWS == Fargate ==Fargate is a [https://aws.amazon.com/blogs/architecture/ten-things-serverless-architects-should-know/ serverless architecture] for running 'tasks' on the ECS platform. [https://aws.amazon.com/architecture/this-is-my-architecture/? Customer profiles] "this is my architecture" == Lambda ==AWS Lambda is akin to the 'entrypoint' script of a docker container. It's a function (or program) that can run independently of any hardware via an event trigger. For event-driven architectures it can be useful to have such capabilities. For instance, if we have a video website (e.g. YouTube) and we need to transcode new uploads, that transcoding is a one-time process triggered each time a user uploads a new source video. Another example would be to decouple [https://aws.amazon.com/blogs/compute/resize-images-on-the-fly-with-amazon-s3-aws-lambda-and-amazon-api-gateway/ image resizing] from image uploading.
==Free Software alternatives==
#https://docs.aws.amazon.com/
#https://www.youtube.com/@awsdevelopers
[[Category:Cloud]]
[[Category:System Architecture]]
[[Category:AWS]]