From 5583b7b03573eeac0c4dec1f87313f5eeacb968b Mon Sep 17 00:00:00 2001 From: first Date: Mon, 7 Jul 2025 04:10:31 +0000 Subject: [PATCH] Add Core Concepts --- Core-Concepts.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 Core-Concepts.md diff --git a/Core-Concepts.md b/Core-Concepts.md new file mode 100644 index 0000000..856da33 --- /dev/null +++ b/Core-Concepts.md @@ -0,0 +1,8 @@ +Before deployment, it's important to understand the two primary security patterns for granting the server permissions. The pattern you choose depends on where your server is hosted. + +- **Pattern A: IAM Roles for EC2 (Recommended)** + This is the standard, most secure method for workloads running within AWS. An IAM Role is attached to the EC2 instance, which then automatically receives short-lived, temporary credentials from the EC2 metadata service. This completely avoids the need to store static access keys on the server. + +- **Pattern B: IAM Users for External Servers** + For servers running outside of AWS (e.g., on-premises, other clouds), an IAM Role cannot be used. This pattern involves creating a dedicated IAM User with a narrowly scoped policy and long-lived static access keys (`AccessKeyId` and `SecretAccessKey`). This requires careful manual credential management. +