Skip to content
Menu
Know Citrix
  • About me
  • Miscellaneous
    • SSL certificates
Know Citrix

AWS Important points

Posted on February 20, 2022June 23, 2022
0
(0)
  • Most of the AWS services are region specific.
  • Services like IAM are available global. They are not related to any specific region.
  • In AWS regional services page, you can check the services as per region. AWS Regional Services (amazon.com)
  • AWS Role name can contain alphanumeric characters, or any of the following: _+=,[email protected]
  • Even though admin permissions are given to a user, still he cant access billing dashboard.
  • When creating instance if you create a tag called Name and give it a name, that name will be set as the instance name automatically. You don’t have to set a name to your instance again.
  • When restricting using security groups, you can specify the source ip address or ip address range so that someone who is connecting from that ip address range can connect. Others cannot connect to the instance. If you set source as 0.0.0.0/0 it means you are allowing or denying a port access to the instance on all the networks.
  • A single SG can be attached to multiple instances. You can also attach multiple SG to a single EC2 instance.
  • SGs are restricted to a region or VPC. They are present outside your EC2 instance. So, if something is blocked, your instance might not record anything in the logs.
  • If there is a timeout when accessing the application then it might be a security group issue but if you get a connection refused error, then it might be application issue.
  • All inbound traffic is blocked in SG by default and all outbound traffic is allowed.
  • In the SGs, you can allow or deny ports from different networks and also allow or block ports to other security groups.
  • Using EC2 instance connect, you can connect to linux machines from browser.
  • When you’re using pem file, in linux, use chmod command and change permissions and then use command line directly. In windows, if you are using putty, you have to convert pem to ppk and use it in putty. If you are using powershell and ssh, add yourself as owner in the pem file, remove other permissions if you have any, and launch it with ssh over powershell.
  • If you want to add a volume to an EC2 instance, both instance and volume should be in same availability zone. Similarly, If you want to add an elastic network interface to an EC2 instance, both the network interface and EC2 instance should be in same AZ.
  • Number of network interfaces that you can attach to the instances depends on the instance type. Example, t3 micro allows only 2 network interfaces, t3 micro allows only 3 network interfaces etc…

How should you choose an AWS region while deploying AWS service?

It depends on factors like compliance (some countries does not allow their data to be stored outside their countries infrastructure), latency (deploy close to your end users), regions that have your service and pricing. Pricing varies from region to region.

How many ways can you access AWS ?

Through the console, through AWS CLI, and AWS SDK (Java, phython, php, ruby, javascript, go and more). You can login to AWS through CLI and SDK by using access keys.

IAM best practices:

  • Use root account only when creating your first admin id. From thereon, use the admin id for all the activities.
  • Setup a strong password policy and MFA.
  • Try to use roles for giving permissions to AWS services.
  • Do not share your AWS security keys.
  • Instead of assigning permissions to users, add users to groups and assign policies to those groups.

Rate this article

Categories

  • About Home Lab (2)
  • Ansible (1)
  • Architecture – XA and XD (21)
    • Netscaler Architecture (9)
  • AWS (2)
  • Azure (10)
    • Azure Definitions (7)
  • Best Practices (14)
  • Citrix Cloud (6)
    • Workspace Environment Management WEM (1)
  • Citrix Managed Desktops (1)
  • citrix ports (1)
  • Citrix Provisioning (18)
  • Citrix Provisioning Issues (4)
  • Citrix Tools and Scripts (15)
  • Definitions (9)
  • Downloads (1)
  • General Citrix Information (29)
  • Get Started (19)
  • IMP Posts (15)
  • Legacy Citrix Software (1)
  • My TroubleShooting (62)
  • NetScaler (57)
    • GSLB (2)
  • Other Citrix softwares (1)
  • PowerShell (2)
  • Prerequisites (6)
  • Scripts/Automation (7)
  • Tech Articles (13)
  • Terminology (4)
  • Version Differences (5)
  • Why Prerequisites (1)
  • XenApp 5 (38)
  • XenApp 6 (22)
  • XenApp 6.5 (32)
  • XenApp and XenDesktop 7.X (88)
  • XenApp Installation Scripts (3)
  • XenApp Migration (5)
  • XenApp5 Issues (1)
  • XenDesktop 5.X (27)
  • XenDesktop 7.X Issues and troubleshooting (10)
  • XenMobile (1)
  • XenServer 6 (57)

RSS Updates from Citrix Blogs

  • Overcoming observed challenges when adopting a zero trust architecture January 25, 2023
    Zero trust has become a crucial component in the cybersecurity strategy of organizations everywhere. More and more enterprises are finding themselves turning toward zero trust architecture to keep their data, infrastructure, and other assets safe. As a result, this concept … The post Overcoming observed challenges when adopting a zero trust architecture first appeared on […]
    James Schulman
  • Citrix Endpoint Management now supports IdP enrollment for MAM January 20, 2023
    At the start of every year, many people make resolutions to help them reach personal and professional goals. This year, the Citrix Endpoint Management team is focusing on enhancing our agility and regularly providing new features for our customers. We … The post Citrix Endpoint Management now supports IdP enrollment for MAM first appeared on […]
    Chetan Thakker
©2023 Know Citrix | Powered by WordPress and Superb Themes!