AWS Glossary
AWS 術語與概念整理。
Methods of Deploying
- AWS Web GUI - Management Console
- AWS Command Line Interface
- AWS SDK
AWS SDK
Credentials
{
"AccessKeyId": "*************",
"SecretAccessKey": "*************************************",
"Token": "***************************************************************************",
"Expiration": "2021-11-12T10:51:36Z"
}Credentials Provider Chain
- Default =>
DefaultAWSCredentialsProviderChain(AWS 官方推薦) - Credentials 可以是:
- Root Account Credentials
- IAM User Credentials
- Credentials From AWS STS Service
DefaultAWSCredentialsProviderChain
EnvironmentVariableCredentialsProvider
從 OS 環境變數讀取 Credentials 訊息,若 Token 過期,需自己主動對 Environment 值進行更新:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_SESSION_TOKEN
SystemPropertiesCredentialsProvider
從 Java 系統屬性中讀取 Credentials 訊息。
ProfileCredentialsProvider
從 ~/.aws/credentials 文件中讀取 Credentials 訊息。
EC2ContainerCredentialsProviderWrapper
如果設置了 AWS_CONTAINER_CREDENTIALS_RELATIVE_URI 或 AWS_CONTAINER_CREDENTIALS_FULL_URI 環境變量,就使用 Amazon EC2 container service 分發給 EC2 的 Credentials。
Container Credentials 可以通過在 EC2 上向以下地址發送請求讀取到:
http://169.254.170.2/${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}${AWS_CONTAINER_CREDENTIALS_FULL_URI}
或使用 Amazon EC2 Metadata Service 分發的 Instance Profile Credentials:
http://169.254.169.254/latest/meta-data/iam/security-credentials/${ec2_role}
Summary
EC2
| 項目 | 說明 |
|---|---|
| EC2 Instance | AMI(OS) + Instance Size(CPU+RAM) + Storage + Security Groups + EC2 User Data |
| Security Groups | Firewall attached to the EC2 instance |
| EC2 User Data | Script launched at the first start of an instance |
| EC2 Instance Role | Link to IAM Roles |
| AMI | Create ready-to-use EC2 instances with our customizations |
| EC2 Image Builder | Automatically build, test and distribute AMIs |
| EC2 Instance Store | High performance hardware disk attached to EC2 instance. Lost if instance is stopped/terminated |
EBS
| 項目 | 說明 |
|---|---|
| EBS volumes | Network drives attached to one EC2 instance at a time. Mapped to an AZ. Can use EBS Snapshots for backups/transferring across AZ |
EFS
| 項目 | 說明 |
|---|---|
| EFS | Network file system, can be attached to 100s of instances in a region |
| EFS-IA | Cost-optimized storage class for infrequent accessed files |
FSx
| 項目 | 說明 |
|---|---|
| FSx for Windows | Network File System for Windows Servers |
| FSx for Lustre | High Performance Computing Linux file system |