Account An AWS account (an account, in short) is a virtual environment where you access AWS services and deploy and use AWS resources. The resources you deploy in one account are isolated from the resources deployed in any other account unless you explicitly provide cross-account access (for more on cross-account access, see Chapter 1, Determining […]

Amazon DynamoDB for NoSQL Database-as-a-Service Amazon DynamoDB is a NoSQL database-as-a-service product within AWS. It’s a fully managed key/value and document database. Accessing DynamoDB is easy via its endpoint. The input and output throughputs can be managed or scaled manually or automatically. It also supports data backup, point-in-time recovery, and data encryption. One example where […]

DNS Hierarchy DNS is a highly distributed database that contains a hierarchy that flows from very general information at the top of the stack to specific host information at the bottom, as shown in Figure 2.2. Distributed root servers are at the top of the DNS hierarchy and are used to direct queries to the top-level […]

Further Reading You can check out the following links for more information about the topics that were covered in this chapter: . Chapter 3 Designing a Multi-Account AWS Environment for Complex Organizations Determining a strategy to deploy your resources across multiple Amazon Web Services (AWS) accounts is essential for governance purposes. This can bring benefits not […]

Vulnerable AWS Credentials Another significant vulnerability for identity and access management is access credentials (specifically, an access key and secret access key) that are not rotated in a programmatic manner. These credentials are tied to a specific user and any capabilities or access that that user has been granted. Mitigation of Vulnerable AWS Credentials Create […]

Scaling in the Cloud This section covers the following official AWS Certified SysOps Administrator – Associate (SOA-C02) exam domains: Domain 2: Reliability and Business Continuity Domain 3: Deployment, Provisioning, and Automation CramSaver If you can correctly answer these questions before going through this section, save time by skimming the Exam Alerts in this section and […]

Writing to Amazon Aurora with multi-master capabilities Amazon Aurora is the most reliable relational database engine developed by Amazon to deliver speed in a simple and cost-effective manner. Aurora uses a cluster of single primary instances and zero or more replicas. Aurora’s replicas can give you the advantage of both read replicas and Multi-AZ instances […]

DNS Overview DNS is a distributed service that operates globally in all IP-based networks. DNS clients run on networking devices such as smartphones, tablets, laptops, all the way to huge server clusters running in AWS. DNS services the client requests for information to connect to devices given a domain name and returning an IP address. […]

Routing with AWS Transit Gateway AWS Transit Gateway supports both dynamic and static routing. By default, the network elements (VPCs; VPN or DX connections; peered TGWs) attached to a TGW are associated with its default route table, unless otherwise specified. You naturally have the choice to organize routing as you please by creating additional routing […]

Mitigation for a Lack of Identity Federation Implementing a modern identity service or platform helps mitigate the risk of password compromise with multiple identities. AWS’s native IAM Identity Center allows you to connect with your existing SAML identity provider or create and manage your users and groups directly from the IAM service itself. This helps […]