𝐀𝐖𝐒 𝐎𝐫𝐠𝐚𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧-AWS Organization is the Master account that you create, You can invite other AWS Accounts under this Master or Root Account. You can enable the Master or root account to have full permissions on the child accounts. When you receive an invitation to connect to an AWS Master account, you cannot receive invitation or you wont be able to accept the invitation from the other accounts.
When you create an account in AWS (root or Master account) by default a role gets created named organizationaccountaccessrole... In order for this Master account to have full control over the child accounts, click on this role and choose assign to account, enter the other account's Id. Thus the Master account will have full control over the child accounts. AWS Organization has SCP or Service Control Policies using which you can specify rules such as Tag names format to be used for resources, MFA to enabled compulsory for all IAM users, Using SCP we can restrict certain access to sub accounts or we can restrict the access permissions(for example rename the instance) of the resources that are hosted in sub accounts.
AWS Single Sign on is an option using which we need not sign in to sub accounts that falls under AWS Master Account one by one. Using Single Sign on option we can navigate between different accounts.
AWS Single Sign on is now replaced with IAM Identity Center.
When we make child accounts to fall under the Master or Root Account like a tree structure, we can enable consolidated billing as well.𝐀𝐖𝐒 𝐈𝐧𝐬𝐩𝐞𝐜𝐭𝐨𝐫,A service that helps to assess the vulnerabilities in an EC2 instance. The assessments are Network assessment and host assessment. When you create an AWS Inspector we need to choose the EC2 instances on which the AWS Inspector agent has to be installed. The common vulnerabilities that the AWS Inspector detects are any malicious software present in an EC2, any ports open to the outside world, are the EC2 machines CIS hardened. In AWS Market place we have CIS Hardened images for EC2 instances. The vulnerabilities the AWS Inspector detects are shown under the "findings" tab in AWS Inspector dashboard. We can also export all vulnerability reports and use them for audit purpose.𝐀𝐖𝐒 𝐓𝐫𝐮𝐬𝐭𝐞𝐝 𝐀𝐝𝐯𝐢𝐬𝐨𝐫-When you enable Trusted Advisor in your AWS Account. It helps us to assess Performance, Cost Optimization, Fault Tolerance, Security and Service Quotas. Each AWS account has limitations for Elastic IPs. Using Service Quotas we can analyze those limitations and raise a request with AWS Support to increase the service quotas. Consider you have an EC2 machine with 1Tb volume,If the 1TB volume is less used for long duration of time, Trusted Advisor helps you to recommend shrink the volume to save cost. Similarly with the type of EC2instances,MFAenablement,Open ports in security group, Snapshots not taken for RDS,Snapshots disabled for RDS,Latency issues for your EC2 webservers and to enable Cloudfront #awscommunity
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (0)