Amazon AWS Concepts
AWS Security Concepts
AWS has data centers in different areas of the world.
- Asia Pacific (Tokyo) ap-northeast-1
- Asia Pacific (Singapore) ap-southeast-1
- Asia Pacific (Sydney) ap-southeast-2,
- EU (Frankfurt) eu-central-1
- EU (Ireland) eu-west-1
- South America (Sao Paulo) sa-east-1
- US East (N. Virginia) us-east-1
- US West (N. California) us-west-1
- US West (Oregon) us-west-2
Profile Operations: Amazon Profile Operations.
An availability zone is a distinct location within a region engineered to be isolated from failures in other availability zones. Think about it as location: by placing resources in different availability zones you can protect the application from the failure of a single location. Each region provides low-latency network connectivity with other zones within the same region. Example of availability zones within a region: us-west-2b.
Availability zones play an essential role in how subnets are used in a VPC.
An auto-scaling group can span multiple availability zones.
Availability Zone Operations
Amazon Resource Name (ARN)
AWS resources can be tagged with key-value pairs. This is useful for tracking cost allocation among your AWS resources.
AWS Management Console
The AWS management console interacts over backend via API calls.
Signing API Calls
Most API calls are signed for authentication and authorization with a user's API access key, which consists of an access key ID and a secret access key. Some requests do not need to be signed, such as anonymous requests to Amazon S3 and some API operations in AWS Security Token Service (AWS STS). AWS CLI and various SDKs sign requests automatically, provided that they have access to the key. If requests are created "manually", with curl or similar, the users must sign the requests themselves.
The requests are signed because this verifies the identity of the requester and it protects data in transit, as the data is hashed and the hash included in the request, so the data cannot be tampered with. In most cases, a request must reach AWS within five minutes of the time stamp in the request, otherwise AWS denies the request.