Read Replicas This section covers the following official AWS Certified SysOps Administrator – Associate (SOA-C02) exam domain: Domain 2: Reliability and Business Continuity CramSaver If you can correctly answer these questions before going through this section, save time by skimming the Exam Alerts in this section and then completing the Cram Quiz at the end […]

A Common Approach to an Infrastructure Security Incident The following quickly highlights a common response approach to an infrastructure-related security incident involving an EC2 instance: You will not be expected to know the commands to carry out the preceding steps via the AWS CLI, but should you wish to do this, please review the steps […]

Leveraging Control Tower Control Tower is an AWS service that addresses all the aspects covered earlier in this chapter in a prescriptive way. It is an opinionated service that allows you to automate the setup of your baseline environment—in other words, your landing zone. Control Tower does this by following a set of best practices […]

Snowball, Snowball Edge, and Snowmobile These belong to the same product category or family for the physical transfer of data between business operating locations and AWS. To move a large amount of data into and out of AWS, you can use any of the three: AWS DataSync AWS DataSync is designed to move data from […]

Weighted Routing Weighted routing is based on the round-robin policy but adds a weighted feature to affect how the load gets distributed. Multiple hosts with different IP addresses all serve the same content. Each host will then have a weight assigned to it between 0 and 255. If they are all set to the value of […]

CloudFront Security CloudFront is also inherently secure against distributed denial-of-service (DDoS) attacks because the content is distributed to more than 200 locations around the globe. An attacker would need to have a massive, globally distributed botnet to be able to attack your application. On top of the benefit of the distributed architecture, CloudFront is also […]

Using SCPs as Deny Lists AWS Organizations, by default, attaches a managed SCP named FullAWSAccess to every root and OU structure upon creation. It is up to you to define additional SCPs at each level to limit the permissions as needed, by adding deny statements in the policies of these SCPs. For example, the following […]

AWS Storage Gateway Storage Gateway is a hybrid storage virtual appliance. It can run in three different modes – File Gateway, Tape Gateway, and Volume Gateway. It can be used for the extension, migration, and backups of an on-premises data center to AWS:

Redis The other engine supported by ElastiCache is Redis, a fully-fledged in-memory database. Redis supports much more complex datasets such as tables, lists, hashes, and geospatial data. Redis also has a built-in push messaging feature that can be used for high-performance messaging between services and chat. Redis also has three operational modes that give you […]

Forensic AWS Account A separate AWS account for forensic investigations is ideal to help you diagnose and isolate the affected resources. By utilizing a separate account, you can architect the environment to be more securely appropriate to its forensic use. You could even use AWS Control Tower to provision the account quickly, using the account […]