AWS Cognito, POLICY Generator, Policy Simulator, IAM Policy Visual Editor

 AWS Identities :

1) Users

2) Usergroups

3) Roles

4) Temporary security credentials

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html

https://wellarchitectedlabs.com/reliability/300_labs/300_testing_for_resiliency_of_ec2_rds_and_s3/documentation/aws_credentials/

API Gateway 

https://www.youtube.com/watch?v=0dVL70Ayq5I

https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html   API Gateway + Lambda

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken

IAM > Identity providers >  Create Identity Provider

OpenId()   vs SAML (ADFS Active Directory Federation Service)

Role can be assigned to

AWS service

EC2, Lambda and others

Another AWS account

Belonging to you or 3rd party

Web identity

Cognito or any OpenID provider

SAML 2.0 federation

Your corporate directory

Choose an API type

HTTP API

Build low-latency and cost-effective REST APIs with built-in features such as OIDC and OAuth2, and native CORS support.

Works with the following:

Lambda, HTTP backends

WebSocket API

Build a WebSocket API using persistent connections for real-time use cases such as chat applications or dashboards.

Roles and users are both AWS identities with permissions policies.

Roles can be used by the following:

An IAM user in the same AWS account as the role

A web service offered by AWS such as Amazon Elastic Compute Cloud (Amazon EC2)

An external user authenticated by an external identity provider (IdP) service that is compatible with SAML 2.0 or OpenID Connect.

Applications running on that instance can retrieve temporary security credentials and perform actions that the role allows

 https://sts.amazonaws.com

You can use AWS Security Token Service (AWS STS) to create and provide trusted users with temporary security credentials that can control access to your AWS resources. For more information about AWS STS, see Temporary security credentials in IAM. AWS STS is a global service that has a default endpoint at https://sts.amazonaws.com

EC2 is a Service

Load balancers (EC2 feature)

https://awspolicygen.s3.amazonaws.com/policygen.html

https://policysim.aws.amazon.com/home/index.jsp?#

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_billing.html?icmpid=docs_iam_console#tutorial-billing-step2

IAM -> Policies -> Visual Editor

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_billing.html?icmpid=docs_iam_console#tutorial-billing-step2

IAM > Identity providers > Create Identity Provider

https://console.aws.amazon.com/iamv2/home?#/identity_providers

Route 53 > Hosted zones > Domain.com > Record Type A /CNAME etc

Identity Pool  + Role ????????????

AWS Cognito (User Pool)  ? ??? How to get Token using postman????????

API Gateway + Cognito ?????????????

API Gateway + AWS Cognito ??????????? + EKS

 Elastic Container Registry  - Docker Image Repo