Weighted Routing Weighted routing is based on the round-robin policy but adds a weighted feature to affect how the load gets distributed. Multiple hosts with different IP addresses all serve the same content. Each host will then have a weight assigned to it between 0 and 255. If they are all set to the value of […]

CloudFront Security CloudFront is also inherently secure against distributed denial-of-service (DDoS) attacks because the content is distributed to more than 200 locations around the globe. An attacker would need to have a massive, globally distributed botnet to be able to attack your application. On top of the benefit of the distributed architecture, CloudFront is also […]

Using SCPs as Deny Lists AWS Organizations, by default, attaches a managed SCP named FullAWSAccess to every root and OU structure upon creation. It is up to you to define additional SCPs at each level to limit the permissions as needed, by adding deny statements in the policies of these SCPs. For example, the following […]

AWS Storage Gateway Storage Gateway is a hybrid storage virtual appliance. It can run in three different modes – File Gateway, Tape Gateway, and Volume Gateway. It can be used for the extension, migration, and backups of an on-premises data center to AWS:

Redis The other engine supported by ElastiCache is Redis, a fully-fledged in-memory database. Redis supports much more complex datasets such as tables, lists, hashes, and geospatial data. Redis also has a built-in push messaging feature that can be used for high-performance messaging between services and chat. Redis also has three operational modes that give you […]

Forensic AWS Account A separate AWS account for forensic investigations is ideal to help you diagnose and isolate the affected resources. By utilizing a separate account, you can architect the environment to be more securely appropriate to its forensic use. You could even use AWS Control Tower to provision the account quickly, using the account […]

Setting up SCPs As mentioned earlier, the intention behind SCPs is similar to that of IAM permissions boundaries, that is, to limit the perimeter of what is allowed to be done at an account level, an OU level, or an organization level. SCPs offer central control over that maximum set of permissions that accounts in […]

Latency-Based Routing To enhance response times, a latency-based routing policy can be used. Route 53 will test the response times in the background of all the configured endpoints for a domain name. Route 53 determines the quickest response time between the origin and destination. This is the best destination value that is returned in the DNS […]

Storing and transforming real-time data using Kinesis Data Firehose There are a lot of use cases that require data to be streamed and stored for future analytics purposes. To overcome such problems, you can write a Kinesis consumer to read the Kinesis stream and store the data in S3. This solution needs an instance or […]

The AWS WAF Security Pillars For constructing or reviewing AWS accounts that are secure, highly available, and efficient, AWS has developed a framework that incorporates foundational best practices with regard to six pillars—the WAF. The pillars of the WAF consist of the following items: This framework helps you transition and migrate solutions into the AWS […]