Amazon AWS IAM (Identity and Access Management) User
Amazon AWS IAM (Identity and Access Management)
Using credential of AWS account is not recommended to access services in Amazon AWS .
Using Amazon AWS IAM is recommended.
Amazon EC2 Key Pairs
Key pairs can’t be shared between regions.
A key pair must be specified when launching instance.
To log in to instance, the private key of the key pair used when launching instance has to be provided.
Linux/Unix instances have no password.
Amazon EC2 stores the public key only, and you store the private key.
The keys that Amazon EC2 uses are 1024-bit SSH-2 RSA keys.
Five thousand key pairs are allow to have per region.
Amazon EC2 doesn’t keep a copy of your private key; therefore, if private key is lost, there is no way to recover it. If the private key is lost for an instance store-backed instance, the instance is not able to be accessible. The only why is terminating the instance and launching another instance using a new key pair. If the private key is lost for an EBS-backed instance, it is still possible to regain access to the instance. [ Connecting to Your Instance if You Lose Your Private Key ]
Create Key Pair ( Enter a name for the new key pair in the Key pair name field of the Create Key Pair dialog box, and then click Create )
The private key file is automatically downloaded by your browser. ( This is the only chance for you to save the private key file. )
Amazon EC2 Security Groups
A security group acts as a virtual firewall that controls the traffic for one or more instances.
When an instance is launched, one or more security groups can be associated with the instance.
Rules for a security group can be modified at any time; the new rules are automatically applied to all instances that are associated with the security group.
Security Groups for EC2-Classic
Security groups created specifically for EC2-Classic must be used.
Security groups created specifically for EC2-VPC cannot be used to launch an instance in EC2-Classic
An instance can be associated with up to 500 security groups and 100 rules can be added into a security group.
After launching an instance with security groups, the list of associated security groups cannot be modified. ( relaunching is only option ) . However, rules in security groups can be updated and will be applied automatically.
Security Groups for EC2-VPC
Security groups created specifically for EC2-VPC must be used.
Security groups created specifically for EC2-Classic cannot be used to launch an instance in EC2-VPC
After launching an instance in a VPC, the list of associated security groups can be updated. And, of cource rules in security groups can be updated and will be applied automatically.
In EC2-VPC, a network interface ( subnet ) can be associated with up to 5 security groups and add up to 50 rules to a security group.
Security groups for EC2-VPC have additional capabilities that aren’t supported by security groups for EC2-Classic. For more information about security groups for EC2-VPC, see Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.