Bag of words The first one you will learn is known as bag of words (BoW). This is a very common and simple technique, applied to text data, that creates matrix representations to describe the number of words within the text. BoW consists of two main steps: creating a vocabulary and creating a representation of […]

CloudWatch Logging CloudWatch is the primary AWS monitoring application and is rather extensive in its capabilities and feature sets. In the following sections, the various options available in CloudWatch for Route 53 metrics are explained. DNS Query Logging Query logging will provide you with detailed information on resolver queries to Route 53, which includes the […]

Backup and Restore The simplest option is backup and restore. All stateful AWS services support some sort of backup. Backup and restore can be a great strategy when the RPO and RTO are long (typically hours) because the approach is very low cost and also very easy to implement. The cheapest backup and restore approach […]

Real-Life Example of Using Automated Remediations Suppose you are part of a company that has developed an organization-wide policy that no EBS volume can be created without encryption. This would be the perfect opportunity for automatic remediation. First, you would create a rule to check whether a volume was encrypted and would be triggered when […]

When to Use AWS CloudHSM You may now be thinking: CloudHSM sounds like the cherry-pick for cryptography, so why would I want to use anything else? First, you need to consider whether you have an actual use case for AWS CloudHSM. For instance, does your corporate security require that you store your keys on HSMs […]

Important note The testing set cannot be under/oversampled: only the training set should pass through these resampling techniques. You can also oversample the training set by applying synthetic sampling techniques. Random oversample does not add any new information to the training set: it just duplicates the existing ones. By creating synthetic samples, you are deriving […]

Outbound Endpoints Outbound endpoints allow DNS resolutions originating inside of your VPC to your on-premise DNS deployment or to another VPC. As with all DNS endpoint architectures, a direct connection is required and can be either the DX, Direct Connect, service or by using a VPN connection. Outbound DNS queries require forwarding rules to define […]

RPO and RTO Whenever you are choosing any backup strategy, you need to also define the recovery-point objective (RPO) and the recovery-time objective (RTO). The RPO is used to define how much data can be lost during an event that requires you to restore data, and the RTO defines the time allowed to recover the […]

Evaluating Config Rules Once the rules have been configured in the account and the specified triggers have been set, the AWS Config service will flag the resources that do not comply with those rules. As you initially set your rules, especially in the case of custom rules, you may have to review the items that […]

Protecting Data at Rest The first task is to protect the data at rest, that is, where it is stored. AWS best practices recommend that you encrypt the data—no exception. Your data must be encrypted, whether you decide to use object storage, file storage, block storage, databases, or anything else. Many AWS services (storage, compute, […]