Notes to Self

Alex Sokolsky's Notes on Computers and Programming

Aws Organization

Org should have:

Service Control Policies

SCP does not give permission, only takes it away.

AWS Resource Access Manager

RAM - free service to share resources across accounts in the organization.

Resources can be shared:


RAM vs VPC peering

Same region? -> RAM, otherwise VPC peering

Sharing resources - saves money

Cross Account Role Access

Role assumption is always temporary, which is more secure.

Instead of IAM users use roles.

Inventory Management with AWS Config