공개

2024년 4월 30일

AWS Organization

  • global service
  • control over multiple AWS accounts
  • consolidated billing
  • shared reserved instances and savings plans across accounts ## service control policies (SCPs)
  • IAM policy applied to OU or account except management account

cloudwatch agent

cloudwatch agent

IAM role vs Resource-based policy

  • IAM role: cross-account access
  • Resource-based policy: cross-service access cloudwatch agent

IAM Permission boundaries

  • supported for users and roles(not groups)
  • maximum permissions that an entity can have
  • IAM policy + permission boundary = effective permissions cloudwatch agent

AWS IAM Identity center (AWS Single Sign-On)

AWS Directory Service

  • AD Connector: on-premises AD, redirect to on-premises AD (proxy)
  • Simple AD: standalone AD
  • AWS Managed Microsoft AD: managed AD, trust relationship
맨 위로