-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
22edbf8
commit 025b210
Showing
1 changed file
with
60 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,25 +1,73 @@ | ||
| ## AWS | ||
|
|
||
| - [AWS ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) | ||
| Amazon Web Services (AWS) is a versatile cloud computing platform offering a wide array of services and tools for businesses and individuals. Here, we'll delve into fundamental concepts, troubleshooting IAM, essential commands, and valuable tips and tricks to empower your AWS journey. | ||
|
|
||
| - [AWS IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) | ||
| ### Basic Concepts | ||
|
|
||
| - [AWS Troubleshooting IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot.html) | ||
| #### [Amazon Resource Names](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) | ||
|
|
||
| - ARN | ||
| - Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls. | ||
| Amazon Resource Names (ARNs) are unique identifiers for AWS resources, essential for unambiguous resource specification. ARNs are utilized in IAM policies, Amazon RDS tags, and API calls. | ||
|
|
||
| #### [Identity and Access Management (IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) | ||
|
|
||
| IAM enables secure management of access to AWS services. Through users, groups, and roles, IAM policies define permissions, evaluated when users make requests. | ||
|
|
||
| #### [IAM Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_policies.html) | ||
|
|
||
| Policies, entities within AWS, define user and resource permissions. AWS assesses policies during requests, ensuring appropriate access control. | ||
|
|
||
| #### [AWS Troubleshooting IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot.html) | ||
|
|
||
| Troubleshooting IAM involves meticulous policy analysis. Ensure policies grant required permissions. Use AWS Policy Simulator to simulate policy effects, aiding policy refinement. | ||
|
|
||
| ### Essential Commands | ||
|
|
||
| #### Kubernetes Contexts | ||
|
|
||
| Managing Kubernetes contexts is vital for multiple cluster management: | ||
|
|
||
| Get available contexts: | ||
|
|
||
| - get contexts | ||
| ``` kubectl config get-contexts ``` | ||
|
|
||
| - use contexts | ||
| Switch context: | ||
|
|
||
| ``` kubectl config use-context <context-name> ``` | ||
|
|
||
| ### Updating Cluster Configuration | ||
|
|
||
| Update Kubernetes configuration to connect to an AWS EKS cluster: | ||
|
|
||
| Update cluster configuration: | ||
|
|
||
| ``` aws eks update-kubeconfig --region <region-name> --name <cluster-name> ``` | ||
|
|
||
| Switch to the updated context: | ||
|
|
||
| ``` kubectl config use-context arn:aws:eks:<region-name>:<arn-id>:cluster/<cluster-name> ``` | ||
|
|
||
| ### Tips & Tricks | ||
|
|
||
| #### 1. Cost Management: | ||
|
|
||
| AWS Cost Explorer: Utilize AWS Cost Explorer to visualize and understand your AWS spending patterns. Analyze costs by service or region, enabling effective budget management. | ||
|
|
||
| Billing Alerts: Set up billing alerts to receive notifications when your AWS costs exceed predefined thresholds. This proactive approach helps you stay within budget limits. | ||
|
|
||
| #### 2. Security Best Practices: | ||
|
|
||
| Multi-Factor Authentication (MFA): Enable MFA for enhanced security. MFA adds an extra layer of protection to your AWS account by requiring an additional verification step. | ||
|
|
||
| Regular Policy Reviews: Regularly review and update IAM policies. Ensure permissions are correctly assigned and remove unnecessary access to maintain a secure environment. | ||
|
|
||
| #### 3. Performance Optimization: | ||
|
|
||
| ```kubectl config use-context arn:aws:eks:<region-name>:<arn-id>:cluster/<cluster-name>``` | ||
| Amazon CloudFront: Implement Amazon CloudFront as your Content Delivery Network (CDN) solution. CloudFront distributes content globally with low latency, ensuring faster load times for users. | ||
|
|
||
| - update cluster config | ||
| Auto Scaling: Leverage AWS Auto Scaling to automatically adjust the number of instances in your application. Scale your resources based on demand, optimizing performance and reducing costs during low traffic periods. | ||
|
|
||
| ```aws eks update-kubeconfig --region <region-name> --name <cluster-name>``` | ||
| #### 4. Resource Tagging: | ||
|
|
||
| - IAM Policies | ||
| Tagging Strategy: Develop a consistent tagging strategy for your AWS resources. Tags help in organizing resources, managing costs, and ensuring security compliance. | ||
|
|
||
| ```A policy is an entity in AWS that, when attached to an identity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. ``` | ||
| Automate Tagging: Automate resource tagging using AWS Lambda functions or AWS Config rules. Consistent tagging simplifies resource tracking and management. |