AWS Internet Gateway and NAT Gateway
The role of Internet Gateway: let the resources in the public subnet connect to the Internet, and also let the Internet connect to the resources in the public subnet
AWS
AWS IAM Basic Concepts
IAM is used to control permissions on AWS resources that can be applied to a group of users as well as to individual users. At the same time, IAM can also be combined with other authentication systems, such as Shibboleth, Microsoft ActiveDirectory. At the same time, you can also audit the access information (using AWS CloudTrail)
Terraform Creates AWS EKS Manager Role
You can associate IAM roles with Kubernetes service accounts. This service account can then provide AWS permissions to containers in any pod that uses the service account. With this feature, you no longer need to provide extended permissions to an Amazon EKS node IAM role so that pods on that node can call AWS APIs
Deep Dive into IAM PassRole
As an AWS security best practice, it's best to have narrow-scoped IAM policies so that users are only authorized to perform actions on the resources they expect. This is even more important when you plan to authorize users to run some code in AWS services (for example, in a lambda function to access other resources). In this case, IAM provides a way to standardize the roles that authorized users can grant to AWS services: IAM PassRole
Terraform aws_iam_access_key + keybase best practice
Keybase aims to make public key cryptography easier for the average person to use. When used properly, public key cryptography can eliminate most of the hacking problems we encounter and unnecessary government surveillance of the internet
