Setting up SCPs As mentioned earlier, the intention behind SCPs is similar to that of IAM permissions boundaries, that is, to limit the perimeter of what is allowed to be done at an account level, an OU level, or an organization level. SCPs offer central control over that maximum set of permissions that accounts in […]

Latency-Based Routing To enhance response times, a latency-based routing policy can be used. Route 53 will test the response times in the background of all the configured endpoints for a domain name. Route 53 determines the quickest response time between the origin and destination. This is the best destination value that is returned in the DNS […]

Storing and transforming real-time data using Kinesis Data Firehose There are a lot of use cases that require data to be streamed and stored for future analytics purposes. To overcome such problems, you can write a Kinesis consumer to read the Kinesis stream and store the data in S3. This solution needs an instance or […]

The AWS WAF Security Pillars For constructing or reviewing AWS accounts that are secure, highly available, and efficient, AWS has developed a framework that incorporates foundational best practices with regard to six pillars—the WAF. The pillars of the WAF consist of the following items: This framework helps you transition and migrate solutions into the AWS […]

ExamAlert When choosing a caching strategy, always consider the rate of data change and choose the correct time-to-live (TTL) of the data in the cache, to match the rate of change of the data. Data on an e-commerce site such as item descriptions, reviews, and images are unlikely to change frequently, but data such as […]

Organizing Accounts into OUs AWS Organizations also offers the possibility to organize your AWS accounts in a logical and hierarchical structure that best reflects your own internal organizational structure. This can be done by creating OUs that follow the structural model of your choice. Consider the following examples of different structures. In Figure 3.3, the […]

Traffic Routing Policies Routing policies are a Route 53 extension to DNS that allows you to customize query responses to affect how your content gets delivered. Routing policies shape the traffic based on our requirements in a number of different use cases. We can send all traffic to a single site, give multiple responses to […]

Processing real-time data using Kinesis Data Streams Kinesis is Amazon’s streaming service and can be scaled based on requirements. It has a level of persistence that retains data for 24 hours by default or optionally up to 365 days. Kinesis Data Streams is used for large-scale data ingestion, analytics, and monitoring: Note Amazon Kinesis shouldn’t […]

With a grasp on what you are responsible for from an AWS customer perspective, you can now turn to the pillars that will be tested in the exam. The first pillar is incident response (IR). Knowing how to prepare and then react, in both a manual and an automated fashion, when something occurs in one […]

Tag Policies Tag policies provide a means to centrally decide which tags are attached to the AWS resources across your organization. A tag policy consists of rules that define for each tag the tag key, including the capitalization preference (for example, costcenter or CostCenter), tag values that are valid (this is optional), and whether non-compliant […]