Summary - This a H2 heading
[! note] This is a sample summary of the page. This page provides an easy to start with template which can be used to record information and additional tags and attributes which link this info with other notes
1.1 AWS Organization
Management account - first account you create to create an organization (organization root) - most important account - has admin priv over all member account - not the same as root user
[! warning] Never run any service using the Management account (root account)
Organizational units (OU)- Essentially act as folders under an organization - made to organize recourses and permissions
Member accounts / Children account - can run allowed aws services
Management account
Deals with org wise privileges or any level below it
- Can create and organize, delete OUs, accounts
- Can delete the entire org
- Billing of all the accounts
Anyone from management has access to other child accounts with admin privs by default The OrganizationAccountAccessRole is created for management accounts The management account will require to have permissions to assume role to access recourses from child account
Service Control Policies are impt to restrict access to resources
**Service Control Policies
- They limit services and actions that can be used by users and roles in the accounts that the policy is in effect
- Even Root users in the children account will be affected by SCP
- Only restricts principals in the account. Other users wont be affected
ARN
AWS resource Name - unique name for every resource
1.2 AWS Principals
Add the actual content. Explain what is it. Explain process, techniques and ideas as simple as possible
[! tip] You can add tips using this
[! warning] Common pitfalls to look for or warnings can be added using this
[! danger] Severe warnings can be added with this
echo "This is a sample codeblock. You can copy the code directly from the note as well" > file.txtReferences (optional ) - This is a H6 heading
- http://attacker.com - this is a link where the link is visible
- this is also a link - link not visible