CloudFront Security – Implementing Scalability and Elasticity – SOA-C02 Study Guide

CloudFront Security CloudFront is also inherently secure against distributed denial-of-service (DDoS) attacks because the content is distributed to more than 200 locations around the globe. An attacker would need to have a massive, globally distributed botnet to be able to attack your application. On top of the benefit of the distributed architecture, CloudFront is also […]

Using SCPs as Deny Lists – Designing a Multi-Account AWS Environment for Complex Organizations – SAP-C02 Study Guide

Using SCPs as Deny Lists AWS Organizations, by default, attaches a managed SCP named FullAWSAccess to every root and OU structure upon creation. It is up to you to define additional SCPs at each level to limit the permissions as needed, by adding deny statements in the policies of these SCPs. For example, the following […]

AWS Storage Gateway – AWS Services for Data Migration and Processing – MLS-C01 Study Guide

AWS Storage Gateway Storage Gateway is a hybrid storage virtual appliance. It can run in three different modes – File Gateway, Tape Gateway, and Volume Gateway. It can be used for the extension, migration, and backups of an on-premises data center to AWS:

Redis – Implementing Scalability and Elasticity – SOA-C02 Study Guide

Redis The other engine supported by ElastiCache is Redis, a fully-fledged in-memory database. Redis supports much more complex datasets such as tables, lists, hashes, and geospatial data. Redis also has a built-in push messaging feature that can be used for high-performance messaging between services and chat. Redis also has three operational modes that give you […]

Forensic AWS Account – Incident Response – SCS-C02 Study Guide

Forensic AWS Account A separate AWS account for forensic investigations is ideal to help you diagnose and isolate the affected resources. By utilizing a separate account, you can architect the environment to be more securely appropriate to its forensic use. You could even use AWS Control Tower to provision the account quickly, using the account […]

Setting up SCPs – Designing a Multi-Account AWS Environment for Complex Organizations – SAP-C02 Study Guide

Setting up SCPs As mentioned earlier, the intention behind SCPs is similar to that of IAM permissions boundaries, that is, to limit the perimeter of what is allowed to be done at an account level, an OU level, or an organization level. SCPs offer central control over that maximum set of permissions that accounts in […]

Latency-Based Routing – Domain Name Services – ANS-C01 Study Guide

Latency-Based Routing To enhance response times, a latency-based routing policy can be used. Route 53 will test the response times in the background of all the configured endpoints for a domain name. Route 53 determines the quickest response time between the origin and destination. This is the best destination value that is returned in the DNS […]

Storing and transforming real-time data using Kinesis Data Firehose – AWS Services for Data Migration and Processing – MLS-C01 Study Guide

Storing and transforming real-time data using Kinesis Data Firehose There are a lot of use cases that require data to be streamed and stored for future analytics purposes. To overcome such problems, you can write a Kinesis consumer to read the Kinesis stream and store the data in S3. This solution needs an instance or […]

The AWS WAF Security Pillars – Incident Response – SCS-C02 Study Guide

The AWS WAF Security Pillars For constructing or reviewing AWS accounts that are secure, highly available, and efficient, AWS has developed a framework that incorporates foundational best practices with regard to six pillars—the WAF. The pillars of the WAF consist of the following items: This framework helps you transition and migrate solutions into the AWS […]

ExamAlert – Implementing Scalability and Elasticity – SOA-C02 Study Guide

ExamAlert When choosing a caching strategy, always consider the rate of data change and choose the correct time-to-live (TTL) of the data in the cache, to match the rate of change of the data. Data on an e-commerce site such as item descriptions, reviews, and images are unlikely to change frequently, but data such as […]