Overview: How AWS works

This page provides a high-level understanding of how AWS is used in this project, before diving into specific concepts such as IAM identities, APIs, services, and resources.

High-level workflow

We use AWS credentials derived from an IAM identity (either an assumed IAM role via Single Sign-On (SSO) or an IAM user with attached permission policies) to call AWS service APIs.

Examples of AWS service APIs include:

• EC2

• FSx

• S3

• CloudFormation

These API calls create, modify, and manage AWS resources, such as:

• VPCs and subnets

• EC2 instances

• FSx file systems

• Amazon Machine Images (AMIs)

On AWS, all infrastructure provisioning and management operations are ultimately performed via AWS APIs, regardless of whether the interaction happens through the AWS Management Console, AWS CLI, or SDKs.

What this means in practice

From a practical perspective:

• Your credentials determine who you are

• IAM policies and roles determine what APIs you are allowed to call

• AWS resources are the objects those APIs act on

Tools such as the AWS Console, AWS CLI, and ParallelCluster are simply different interfaces for issuing the same underlying API calls.

How this documentation is organized

This documentation is organized to follow the mental model above:

• IAM identity

  Explains where credentials come from and how identities are defined

• AWS APIs

  Explains how permissions are evaluated and how to reason about allowed actions

• AWS services and resources

  Explains what services exist and what concrete resources they manage

The operational tutorials then build on this foundation to show how these concepts are applied in practice.