\documentclass[10pt,a4paper]{article}

% Packages
\usepackage{fancyhdr}           % For header and footer
\usepackage{multicol}           % Allows multicols in tables
\usepackage{tabularx}           % Intelligent column widths
\usepackage{tabulary}           % Used in header and footer
\usepackage{hhline}             % Border under tables
\usepackage{graphicx}           % For images
\usepackage{xcolor}             % For hex colours
%\usepackage[utf8x]{inputenc}    % For unicode character support
\usepackage[T1]{fontenc}        % Without this we get weird character replacements
\usepackage{colortbl}           % For coloured tables
\usepackage{setspace}           % For line height
\usepackage{lastpage}           % Needed for total page number
\usepackage{seqsplit}           % Splits long words.
%\usepackage{opensans}          % Can't make this work so far. Shame. Would be lovely.
\usepackage[normalem]{ulem}     % For underlining links
% Most of the following are not required for the majority
% of cheat sheets but are needed for some symbol support.
\usepackage{amsmath}            % Symbols
\usepackage{MnSymbol}           % Symbols
\usepackage{wasysym}            % Symbols
%\usepackage[english,german,french,spanish,italian]{babel}              % Languages

% Document Info
\author{datamansam}
\pdfinfo{
  /Title (aws-practitioner-and-sysops-essentials.pdf)
  /Creator (Cheatography)
  /Author (datamansam)
  /Subject (AWS practitioner \& SysOps essentials Cheat Sheet)
}

% Lengths and widths
\addtolength{\textwidth}{6cm}
\addtolength{\textheight}{-1cm}
\addtolength{\hoffset}{-3cm}
\addtolength{\voffset}{-2cm}
\setlength{\tabcolsep}{0.2cm} % Space between columns
\setlength{\headsep}{-12pt} % Reduce space between header and content
\setlength{\headheight}{85pt} % If less, LaTeX automatically increases it
\renewcommand{\footrulewidth}{0pt} % Remove footer line
\renewcommand{\headrulewidth}{0pt} % Remove header line
\renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit
% This two commands together give roughly
% the right line height in the tables
\renewcommand{\arraystretch}{1.3}
\onehalfspacing

% Commands
\newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour
\newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols
\newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns
\newcommand{\tn}{\tabularnewline} % Required as custom column type in use

% Font and Colours
\definecolor{HeadBackground}{HTML}{333333}
\definecolor{FootBackground}{HTML}{666666}
\definecolor{TextColor}{HTML}{333333}
\definecolor{DarkBackground}{HTML}{A3A3A3}
\definecolor{LightBackground}{HTML}{F3F3F3}
\renewcommand{\familydefault}{\sfdefault}
\color{TextColor}

% Header and Footer
\pagestyle{fancy}
\fancyhead{} % Set header to blank
\fancyfoot{} % Set footer to blank
\fancyhead[L]{
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{C}
    \SetRowColor{DarkBackground}
    \vspace{-7pt}
    {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent
        \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}}
    }
\end{tabulary}
\columnbreak
\begin{tabulary}{11cm}{L}
    \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{AWS practitioner \& SysOps essentials Cheat Sheet}}}} \\
    \normalsize{by \textcolor{DarkBackground}{datamansam} via \textcolor{DarkBackground}{\uline{cheatography.com/139410/cs/34355/}}}
\end{tabulary}
\end{multicols}}

\fancyfoot[L]{ \footnotesize
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{LL}
  \SetRowColor{FootBackground}
  \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}}  \\
  \vspace{-2pt}datamansam \\
  \uline{cheatography.com/datamansam} \\
  \end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}}  \\
   \vspace{-2pt}Published 28th April, 2023.\\
   Updated 26th April, 2023.\\
   Page {\thepage} of \pageref{LastPage}.
\end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}}  \\
  \SetRowColor{white}
  \vspace{-5pt}
  %\includegraphics[width=48px,height=48px]{dave.jpeg}
  Measure your website readability!\\
  www.readability-score.com
\end{tabulary}
\end{multicols}}


\begin{document}
\raggedright
\raggedcolumns

% Set font size to small. Switch to any value
% from this page to resize cheat sheet text:
% www.emerson.emory.edu/services/latex/latex_169.html
\footnotesize % Small font.

\begin{multicols*}{3}

\begin{tabularx}{5.377cm}{x{2.04057 cm} x{2.93643 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{EC2 Storage types}}  \tn
% Row 0
\SetRowColor{LightBackground}
Instance / Ephemeral Storage & Attached to the physical host running an instance \tn 
% Row Count 3 (+ 3)
% Row 1
\SetRowColor{white}
Elastic Block Store / EBS & Attached over the network \tn 
% Row Count 5 (+ 2)
% Row 2
\SetRowColor{LightBackground}
 & preferable to instance storage in nearly all usage scenarios \tn 
% Row Count 8 (+ 3)
% Row 3
\SetRowColor{white}
 & One can create a snapshot from an EBS. \tn 
% Row Count 10 (+ 2)
% Row 4
\SetRowColor{LightBackground}
 & Once you have created a snapshot, you can then create additional EBS volumes that will be identical copies of the source snapshot. You could, for example, create a snapshot containing your database backups \tn 
% Row Count 19 (+ 9)
% Row 5
\SetRowColor{white}
 & EBS volumes can persist after the instance has been terminated \tn 
% Row Count 22 (+ 3)
% Row 6
\SetRowColor{LightBackground}
EBS +ve: & EBS volumes is clearly preferable except in a few cases, such as when you need fast temporary storage for data that can be safely dis- carded. \tn 
% Row Count 29 (+ 7)
% Row 7
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{Multiple volumes (of either type) can be attached to an instance} \tn 
% Row Count 31 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{x{2.28942 cm} x{2.68758 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{AWS EC2 Instance Types}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{Different combinations of CPU, memory, network bandwidth and even custom hard- ware differentiate AWS instance types.} \tn 
% Row Count 3 (+ 3)
% Row 1
\SetRowColor{white}
General Purpose Instance & Balances computing, memory, and networking resources. \tn 
% Row Count 6 (+ 3)
% Row 2
\SetRowColor{LightBackground}
Compute Optimized Instances & Good for high-performance  application servers, gaming servers, and web applications. \tn 
% Row Count 11 (+ 5)
% Row 3
\SetRowColor{white}
Memory Optimized Instances & To quickly deliver large dataset workloads \tn 
% Row Count 13 (+ 2)
% Row 4
\SetRowColor{LightBackground}
Accelerated Computing Instances & Boost data processing for graphics applications and streaming. \tn 
% Row Count 16 (+ 3)
% Row 5
\SetRowColor{white}
Storage Optimized Instances & For large datasets on local storage: \tn 
% Row Count 18 (+ 2)
% Row 6
\SetRowColor{LightBackground}
 & - Large file systems \tn 
% Row Count 19 (+ 1)
% Row 7
\SetRowColor{white}
 & - Data warehouses \tn 
% Row Count 20 (+ 1)
% Row 8
\SetRowColor{LightBackground}
 & - Online transaction systems \tn 
% Row Count 22 (+ 2)
% Row 9
\SetRowColor{white}
Selecting the right instance type: & drive the CPU to 100\% using your application's load generator of choice. Now examine memory use: if you observe the instance running out of mem- ory before the CPU is at full throttle, switch to a higher-memory instance type. Con- tinue this process until you achieve a reasonable balance. \tn 
% Row Count 37 (+ 15)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{x{1.54287 cm} x{3.43413 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Amazon EC2 pricing}}  \tn
% Row 0
\SetRowColor{LightBackground}
On-Demand & Short-term, irregular workloads that cannot be interrupted \tn 
% Row Count 3 (+ 3)
% Row 1
\SetRowColor{white}
Savings Plans & Reduce your compute costs by committing to a consistent amount of compute usage for a 1-year or 3-year term. \tn 
% Row Count 7 (+ 4)
% Row 2
\SetRowColor{LightBackground}
Reserved Instances & Billing discount applied to the use of On-Demand Instances in your account for a 1-year or 3-year term \tn 
% Row Count 11 (+ 4)
% Row 3
\SetRowColor{white}
Spot Instances & Are ideal for workloads with flexible start and end times \tn 
% Row Count 14 (+ 3)
% Row 4
\SetRowColor{LightBackground}
Dedicated Hosts & physical servers with Amazon EC2 instance capacity that is fully dedicated to your use. \tn 
% Row Count 18 (+ 4)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{x{0.9954 cm} x{3.9816 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Purchasing EC2 Instances}}  \tn
% Row 0
\SetRowColor{LightBackground}
\seqsplit{On-demand:} & Allocated by the hour and requiring no upfront committment \tn 
% Row Count 2 (+ 2)
% Row 1
\SetRowColor{white}
\seqsplit{Reserved:} & Represent a pre-paid committment on the part of a customer which is usually rewarded by AWS with very steep discounts, up to 75\% of on-demand pricing. \tn 
% Row Count 7 (+ 5)
% Row 2
\SetRowColor{LightBackground}
Spot: & Requires no upfront committ- ment, and their pricing fluctuates according to the supply and demand of compute capacity. \tn 
% Row Count 11 (+ 4)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{x{2.4885 cm} x{2.4885 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Working with instances in the console}}  \tn
% Row 0
\SetRowColor{LightBackground}
\# Describe all of your own images in the US East region & aws ec2 describe-images -{}-owners self -{}-region us-east-1 \tn 
% Row Count 3 (+ 3)
% Row 1
\SetRowColor{white}
\# List the AMIs that have a specific set of key/value tags & aws ec2 describe-images -{}-owners self -{}-filters Name=tag:role,Values=webserver \# List the AMIs that have a specific set of key/value tags \seqsplit{Name=tag:environment},Values=production \tn 
% Row Count 12 (+ 9)
% Row 2
\SetRowColor{LightBackground}
\# Basic invocation to create instances & aws ec2 run-instances-{}-image-id ami-6d060707 \tn 
% Row Count 15 (+ 3)
% Row 3
\SetRowColor{white}
\# Another way to display information about your instance is with aws ec2 describeinstances, which will show much more detail & aws ec2 \seqsplit{describe-instance-status} -{}-instance-ids i-64a8a6fe -{}-region us-east-1  -{}-output text \tn 
% Row Count 22 (+ 7)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{x{1.14471 cm} x{3.83229 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{AWS elastic compute workflow}}  \tn
% Row 0
\SetRowColor{LightBackground}
1. Launch & a) Select a template with basic configs \tn 
% Row Count 2 (+ 2)
% Row 1
\SetRowColor{white}
 & b) Specify security settings to control traffic in and out of instance \tn 
% Row Count 5 (+ 3)
% Row 2
\SetRowColor{LightBackground}
2. Connect & Users by loging in and accessing the computer desktop \tn 
% Row Count 7 (+ 2)
% Row 3
\SetRowColor{white}
3. Begin use & Run commands to: \tn 
% Row Count 9 (+ 2)
% Row 4
\SetRowColor{LightBackground}
 & a) Install software \tn 
% Row Count 10 (+ 1)
% Row 5
\SetRowColor{white}
 & b) Add storage \tn 
% Row Count 11 (+ 1)
% Row 6
\SetRowColor{LightBackground}
 & c) Copy and organise files \tn 
% Row Count 12 (+ 1)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{x{1.9908 cm} x{2.9862 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{EC2  Networking}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{launching an instance with the default networking configuration will give you an instance with a public IP address} \tn 
% Row Count 3 (+ 3)
% Row 1
\SetRowColor{white}
Simple Config & Many applications will require nothing more complicated than enabling SSH or HTTP access \tn 
% Row Count 7 (+ 4)
% Row 2
\SetRowColor{LightBackground}
To more sophisitcated cofig & Amazon offers more-advanced solu- tions that can, for example, give you a secure VPN connection from your datacenter to a Virtual Private Cloud (VPC) within EC2. \tn 
% Row Count 14 (+ 7)
% Row 3
\SetRowColor{white}
VPC & A network dedicated to your account, isolated from other networks in AWS, and completely under your control. \tn 
% Row Count 19 (+ 5)
% Row 4
\SetRowColor{LightBackground}
 & You can create sub- nets and gateways, configure routing, select IP address ranges and define its security perimeter \tn 
% Row Count 24 (+ 5)
% Row 5
\SetRowColor{white}
 & Amazon makes a distinction between traffic destined for the public Internet and traffic that will remain on the internal EC2 network \tn 
% Row Count 30 (+ 6)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{x{1.94103 cm} x{3.03597 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Networking - Payload}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{Routing requires:} \tn 
% Row Count 1 (+ 1)
% Row 1
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{Address of sender} \tn 
% Row Count 2 (+ 1)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{Payload or contents} \tn 
% Row Count 3 (+ 1)
% Row 3
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{Address of recipient} \tn 
% Row Count 4 (+ 1)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{IP addresses:} \tn 
% Row Count 5 (+ 1)
% Row 5
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{Unique to each computer, binary} \tn 
% Row Count 6 (+ 1)
% Row 6
\SetRowColor{LightBackground}
IPv4 notation - & Usually binary IP are c \tn 
% Row Count 7 (+ 1)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{x{1.29402 cm} x{3.68298 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Introducing EC2}}  \tn
% Row 0
\SetRowColor{LightBackground}
EC2: & Allows customers to rent computing resources by the hour in the form of virtual machines (known as instances) that run a wide range of operating systems. \tn 
% Row Count 6 (+ 6)
% Row 1
\SetRowColor{white}
\seqsplit{Customisation:} & Instances can be customized by the user to run any software applications supported by their operating system of choice. \tn 
% Row Count 11 (+ 5)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{p{0.4977 cm} p{0.4977 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{DB instances}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{Standard} \tn 
% Row Count 1 (+ 1)
% Row 1
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{Memory Optimised} \tn 
% Row Count 2 (+ 1)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{Burstable performance} \tn 
% Row Count 3 (+ 1)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{x{2.4885 cm} x{2.4885 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Introducing Cloud Formation}}  \tn
% Row 0
\SetRowColor{LightBackground}
A stack & A collection of AWS resources that you can manage as a single unit. I \tn 
% Row Count 4 (+ 4)
% Row 1
\SetRowColor{white}
 & You can create, update, or delete a collection of resources by creating, updating, or deleting stacks. \tn 
% Row Count 10 (+ 6)
% Row 2
\SetRowColor{LightBackground}
Creating Stacks: & aws cloudformation create-stack -{}-template-body \seqsplit{file://example-stack}.json \textbackslash{} -{}-stack-name example-stack \tn 
% Row Count 16 (+ 6)
% Row 3
\SetRowColor{white}
Modifying Stacks: & \$ aws cloudformation describe-stack-events-{}-stack-name example-stack \textbackslash{} -{}-output text \tn 
% Row Count 21 (+ 5)
% Row 4
\SetRowColor{LightBackground}
 & \$ aws cloudformation \seqsplit{describe-stack-resources} -{}-stack-name example-stack \textbackslash{} -{}-output text \tn 
% Row Count 26 (+ 5)
% Row 5
\SetRowColor{white}
Updating Stacks & . Update the stack.json file \tn 
% Row Count 28 (+ 2)
% Row 6
\SetRowColor{LightBackground}
 & Update the running stack with aws cloudformation update-stack \tn 
% Row Count 32 (+ 4)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{2.4885 cm} x{2.4885 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Introducing Cloud Formation (cont)}}  \tn
% Row 7
\SetRowColor{LightBackground}
 & View with  aws cloudformation describe-stack￾ event \tn 
% Row Count 3 (+ 3)
% Row 8
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{Ensuring local copy of a stack matches the running version:} \tn 
% Row Count 5 (+ 2)
% Row 9
\SetRowColor{LightBackground}
- Get a JSON file with running template, cleaning output & aws cloudformation get-template \tn 
% Row Count 8 (+ 3)
% Row 10
\SetRowColor{white}
use diff to: & compare the local and remote versions \tn 
% Row Count 10 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{x{2.4885 cm} x{2.4885 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Cost Optimization}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{The ability to run systems to deliver business value at the lowest price point} \tn 
% Row Count 2 (+ 2)
% Row 1
\SetRowColor{white}
Govern usage & Employing a checks-and-balance approach, you can innovate without overspending. \tn 
% Row Count 6 (+ 4)
% Row 2
\SetRowColor{LightBackground}
Monitor usage and cost & Establish policies and procedures to monitor and appropriately allocate \tn 
% Row Count 10 (+ 4)
% Row 3
\SetRowColor{white}
To decommission resources & Implement change control and resource management from project inception to end-of-life to u shut down or terminate unused resources to reduce waste \tn 
% Row Count 18 (+ 8)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{Evaluate cost when you select services:} \tn 
% Row Count 19 (+ 1)
% Row 5
\SetRowColor{white}
Building Block AWS Services: & Amazon EC2, Amazon EBS, and Amazon S3 \tn 
% Row Count 21 (+ 2)
% Row 6
\SetRowColor{LightBackground}
Application level: & Amazon RDS and Amazon DynamoDB \tn 
% Row Count 23 (+ 2)
% Row 7
\SetRowColor{white}
 & Reduce or remove administrative tasks and operational overhead \tn 
% Row Count 27 (+ 4)
% Row 8
\SetRowColor{LightBackground}
Meet costs targets when selecting resources & Think type, Size and Number \tn 
% Row Count 30 (+ 3)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{2.4885 cm} x{2.4885 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Cost Optimization (cont)}}  \tn
% Row 9
\SetRowColor{LightBackground}
Plan for data transfer charges: & A small yet effective architectural change can drastically reduce operational costs \tn 
% Row Count 5 (+ 5)
% Row 10
\SetRowColor{white}
Cost Explorer: & View and track your usage in detail \tn 
% Row Count 7 (+ 2)
% Row 11
\SetRowColor{LightBackground}
 & Reserved Instance recommendations \tn 
% Row Count 9 (+ 2)
% Row 12
\SetRowColor{white}
Auto Scaling: & Match supply and demand \tn 
% Row Count 11 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{AWS Design Process}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{5.377cm}}{To identify any critical issues and areas that could be improved \newline % Row Count 2 (+ 2)
Update answers as the architecture evolves \newline % Row Count 3 (+ 1)
To facilitate meetings, provide: \newline % Row Count 4 (+ 1)
• Print outs of any diagrams or design notes \newline % Row Count 5 (+ 1)
• Action list of questions that require out-of-band research% Row Count 7 (+ 2)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{5.377cm}{x{2.4885 cm} x{2.4885 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Identity and Access Management}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{Identity and Access Management (IAM) is the name given to the suite of features that let you manage who and what can access AWS APIs using your account.} \tn 
% Row Count 4 (+ 4)
% Row 1
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{The idea behind IAM is to separate users and groups from the actions they need to perform. You do this by creating an IAM policy, which is a JSON-formatted docu- ment describing which actions a user can perform.} \tn 
% Row Count 9 (+ 5)
% Row 2
\SetRowColor{LightBackground}
Amazon Resource Names / ARM: & A globally unique identifier that references AWS objects \tn 
% Row Count 12 (+ 3)
% Row 3
\SetRowColor{white}
ARN Format: & \seqsplit{arn:aws:service:region:account\_ID:relative\_ID} \tn 
% Row Count 15 (+ 3)
% Row 4
\SetRowColor{LightBackground}
A permission: & a combination of two items: an action and one or more resources. \tn 
% Row Count 19 (+ 4)
% Row 5
\SetRowColor{white}
 & Actions are namespaced strings that take the form \seqsplit{service\_name:Permission}. All EC2-related permissions are prefixed with ec2:, such as ec2:DeleteSnapshot. \tn 
% Row Count 27 (+ 8)
% Row 6
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{Create a set of access credentials that are authorized to perform only the specific actions required by the script:} \tn 
% Row Count 30 (+ 3)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{2.4885 cm} x{2.4885 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Identity and Access Management (cont)}}  \tn
% Row 7
\SetRowColor{LightBackground}
Eg,  an AMI policy with enough permissions to run the script that cleans old images and snapshots & Via four Boto function calls: \tn 
% Row Count 5 (+ 5)
% Row 8
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{One can use the command-line tools to create a user and attach a new policy to it, using the iam-usercreate and iam￾ useraddpolicy commands} \tn 
% Row Count 8 (+ 3)
% Row 9
\SetRowColor{LightBackground}
Create a new user for this role, named ami-cleaner: & \seqsplit{mike@ip-10-32-34-116:/tmp\$} iam-usercreate -u ami-cleaner -k \seqsplit{AKIAINAK6ZGJNUAWVACA} \seqsplit{cjJvjs79Xj/kvrJkLFpRrMAIMAxEdQrJLGIQQD28} \tn 
% Row Count 15 (+ 7)
% Row 10
\SetRowColor{white}
 & The -k option says that we want to create a new access key and secret for this use. These get printed to stdout. The first item is the access key ID, and the second is the secret access key. Store these somewhere safe, as we will need them later. \tn 
% Row Count 28 (+ 13)
% Row 11
\SetRowColor{LightBackground}
Create an AMI policy and attach it to the user: & \seqsplit{mike@ip-10-32-34-116:/tmp\$} iam-useraddpolicy -u ami-cleaner -p ami-cleaner -e Allow -r "*" -a ec2:DescribeImages -a ec2:DeleteSnapshot -a ec2:DeregisterImage \tn 
% Row Count 36 (+ 8)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{2.4885 cm} x{2.4885 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Identity and Access Management (cont)}}  \tn
% Row 12
\SetRowColor{LightBackground}
 & The -e and -r arguments state that we are creating an Allow policy that applies to all resources (the asterisk after the -r option). Finally, we specify a list of actions that will be allowed, each preceded by an -a flag. You can specify as many permissions as you need. \tn 
% Row Count 14 (+ 14)
% Row 13
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{Referencing resources in IAM policies} \tn 
% Row Count 15 (+ 1)
% Row 14
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{The Resource attribute of an IAM policy lets you control exactly which resources an action can be performed on. In the previous example, the policy granted the user per- missions to delete any EBS snapshot owned by this account. What if you want a more granular policy that applies only to a subset of resources?} \tn 
% Row Count 22 (+ 7)
% Row 15
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{ARNs are used to globally identify AWS resources. Used in IAM policies, they let you control exactly which resources are included when grant- ing or denying permissions.} \tn 
% Row Count 26 (+ 4)
% Row 16
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{An IAM policy that allows users to perform any action on S3 buckets, with the exception of the one containing your backups. We do this by creating a policy containing two statements. The first grants the user all S3-related permissions, allowing them to be performed on any resource. The second statement denies all S3-related permissions, but only on the protected buckets} \tn 
% Row Count 34 (+ 8)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{2.4885 cm} x{2.4885 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Identity and Access Management (cont)}}  \tn
% Row 17
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{\{ "Statement": {[} \{ "Action": {[} "s3:{\emph{" {]}, "Effect": "Allow", "Resource": {[} "}}" {]} \}, \{ "Action": {[} "s3:*" {]}, "Effect": "Deny", "Resource": {[} \seqsplit{"arn:aws:s3:::db-backups"} {]} \} {]} \}} \tn 
% Row Count 4 (+ 4)
% Row 18
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{Next, create the policy using the command-line tools or Management Console. If using the Management Console, you can create the policy as follows: 1. Navigate to IAM Users. 2. Select an existing User or Group. 3. Click Attach User/Group Policy. 4. Select Custom Policy. 5. Paste the text into the Policy Document box} \tn 
% Row Count 11 (+ 7)
% Row 19
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{Dynamic Policies:} \tn 
% Row Count 12 (+ 1)
% Row 20
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{Conditions can be used to create dynamic IAM policies that behave differently, depending on one or more factors. The attributes of the request (such as the ARN of the requesting user or the source IP address) can be used in Boolean expressions to control whether a request should be allowed or denied.} \tn 
% Row Count 19 (+ 7)
% Row 21
\SetRowColor{LightBackground}
Attributes on which you can base your conditions are as follows: & • Time of day • Source IP address  • Whether the request is being made using HTTP or HTTPS \tn 
% Row Count 24 (+ 5)
% Row 22
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{Limitations of IAM policies} \tn 
% Row Count 25 (+ 1)
% Row 23
\SetRowColor{LightBackground}
Some AWS resources do not use ARNs, and can therefore not be explicitly managed by IAM policies. & Because EC2 instances do not have ARNs, there is no way to reference a specific EC2 instance from an IAM policy \tn 
% Row Count 31 (+ 6)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{5.377cm}{x{2.4885 cm} x{2.4885 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Identity and Access Management (cont)}}  \tn
% Row 24
\SetRowColor{LightBackground}
 & Whenever you refer to EC2 permissions in a policy, the resource will be *, which means it will apply to every instance owned by your AWS account. \tn 
% Row Count 8 (+ 8)
% Row 25
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{IAM Users and Groups} \tn 
% Row Count 9 (+ 1)
% Row 26
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{The user can be assigned one or more IAM policies, which specify the actions the user is allowed to perform.} \tn 
% Row Count 12 (+ 3)
% Row 27
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{Users can be placed in groups. When an IAM policy is assigned to a group, all members of that group inherit the permissions designated by the IAM policy} \tn 
% Row Count 16 (+ 4)
% Row 28
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{IAM is a global AWS service, meaning it is not tied to any particular region. An IAM user will be able to access APIs in any region} \tn 
% Row Count 19 (+ 3)
% Row 29
\SetRowColor{white}
\mymulticolumn{2}{x{5.377cm}}{Map AWS groups to specific roles within your organization, and apply the policy to the group instead} \tn 
% Row Count 21 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{5.377cm}}{Amazon's CloudTrail service keeps track of the API calls made by \newline users in your account. You can use this to review the full history of \newline AWS API calls that have been made by your account, whether they \newline came from the Management Console, cli tools, or services like \newline CloudFormation}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}


% That's all folks
\end{multicols*}

\end{document}