Book Image

Implementing Cloud Design Patterns for AWS - Second Edition

By : Sean Keery, Clive Harber, Marcus Young
Book Image

Implementing Cloud Design Patterns for AWS - Second Edition

By: Sean Keery, Clive Harber, Marcus Young

Overview of this book

Whether you're just getting your feet wet in cloud infrastructure or already creating complex systems, this book will guide you through using the patterns to fit your system needs. Starting with patterns that cover basic processes such as source control and infrastructure-as-code, the book goes on to introduce cloud security practices. You'll then cover patterns of availability and scalability and get acquainted with the ephemeral nature of cloud environments. You'll also explore advanced DevOps patterns in operations and maintenance, before focusing on virtualization patterns such as containerization and serverless computing. In the final leg of your journey, this book will delve into data persistence and visualization patterns. You'll get to grips with architectures for processing static and dynamic data, as well as practices for managing streaming data. By the end of this book, you will be able to design applications that are tolerant of underlying hardware failures, resilient against an unexpected influx of data, and easy to manage and replicate.
Table of Contents (20 chapters)
Title Page
Dedication
About Packt
Contributors
Preface
Free Chapter
1
Introduction to Amazon Web Services
Index

IAM


IAM gives you the ability to manage users, their service account, their permissions, and their roles across all your services. In addition, you can create instance-, container-, or function-scoped roles. Federation of existing directory services and single sign-on solutions can also be accomplished using IAM. We'll come back to IAM in Chapter 4, Security - Ensuring the Integrity of Your Systems.

Security Token Service

The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users. We'll see why this is a great feature when we cover least privilege security in Chapter 4, Security - Ensuring the Integrity of Your Systems.

Note

Speaking of least privilege, you really shouldn't be using your root user for AWS console access. Let's create a new user. Then go back and see whether you can recreate your environment with the new user.

 

Create a file named user.tf and add the following:

resource "aws_iam_user" "cloudpatterns"...