AWS Accounts is a containter for identities and resources.
An account root user has full control of the account. Be very careful about this.
Setting up accounts
- An IAMADMIN user is created wwhich is a general account. We will also create a production account.
- With Gmail, you can use one single account and just +AWSAccount1 for e.g. user+AWSAccount1@gmail.com, which is an alias and will point to the original user@gmail.com
- You need least priviledged accounts so you don't user root account otherwise everything will be lost.
IAM
- IAM is an identity provider which authenticates and also authorizes based on policies
- IAM lets you create three different identity objects
- User : represents humans or applications
- Group : Collection of related users e.g. (dev, HR, finance)
- Role : represents granting permissions
IAM Policy
- Document used to allow or deny access services when attached to users/groups or roles.
Juniper
- Revising junos, firewall filters and routing policies
- Day one book
- Junos default export — BGP advertises all active BGP routes; OSPF/IS-IS reject all non-native routes; link-state import policy cannot filter the LSDB (topology must stay consistent for SPF)