Summary – AWS Security Fundamentals – SCS-C02 Study Guide

Summary In this chapter, you reviewed many of the main services used in AWS architecture. These make up the majority of the services that will be part of your day-to-day responsibilities as AWS cloud security engineers and the services that will be referenced in the questions in the exam. Having a baseline knowledge of these […]

CloudFront Design Considerations – Network Design – ANS-C01 Study Guide

CloudFront Design Considerations Design requirements for connecting to AWS CloudFront locations should take geography, technical, and political constraints into consideration. Global Internet connectivity is controlled by the BGP routing protocol that is widely distributed and divided into autonomous systems that are controlled by different entities. This leaves us with little influence on how traffic gets […]

Tape Gateway – Designing Networks for Complex Organizations – SAP-C02 Study Guide

Tape Gateway Tape Gateway offers a virtual tape library (VTL) service backed by storage on Amazon S3 and accessible on-premises through the standard iSCSI protocol. Concretely, Tape Gateway comes either as a preset hardware appliance or as a software appliance that you deploy in your on-premises environment. The software appliance consists of a VM that […]

Important note – AWS Services for Data Storage – MLS-C01 Study Guide

Important note AWS best practices suggest adding another layer of protection through MFA delete. Accidental bucket deletions can be prevented, and the security of the objects in the bucket is ensured. MFA delete can be enabled or disabled via the console and CLI. As documented in AWS docs, MFA delete requires two forms of authentication together: […]

Reviewing Deviations Using Trusted Advisor – AWS Security Fundamentals – SCS-C02 Study Guide

Reviewing Deviations Using Trusted Advisor As you use Trusted Advisor, over time, you will see that the service begins to highlight potential issues within your account. This section will cover how to review these deviations and how to interpret the severity of the issues found. From within the AWS Management Console, select Trusted Advisor from […]

Infrastructure Issues – Troubleshooting and Remediation – SOA-C02 Study Guide

Infrastructure Issues Generally, you should follow AWS best practices and deploy any unmanaged system across two availability zones, as discussed in Chapter 1, “Introduction to AWS.” Anytime you deploy, you expect the infrastructure to just work. If you have a deployment issue, you can easily resolve the issue by trying a redeployment. We call this […]

Volume Gateway – Designing Networks for Complex Organizations – SAP-C02 Study Guide

Volume Gateway Volume Gateway allows you to create storage volumes on S3 that offer a block storage interface accessible from your on-premises environment through the standard Internet Small Computer Systems Interface (iSCSI) protocol. Concretely, Volume Gateway comes either as a preset hardware appliance or as a software appliance that you deploy in your on-premises environment. […]

Applying encryption to buckets – AWS Services for Data Storage – MLS-C01 Study Guide

Applying encryption to buckets You also need to understand how enabling versioning on a bucket would help. There are use cases where a file is updated regularly, and versions will be created for the same file. To simulate this scenario, try the following example: $ echo “Version-1″>version-doc.txt$ aws s3 cp version-doc.txt s3://version-demo-mlpractice$ aws s3 cp […]

API Gateway Caching – Network Design – ANS-C01 Study Guide

API Gateway Caching To reduce the number of calls to the endpoints and improve response times, caching can be configured to locally store frequent requests on the gateway. API Gateway will cache response for the TTL period. API Gateway will then first check the cache for the response before making an endpoint request if there […]

FSx File Gateway – Designing Networks for Complex Organizations – SAP-C02 Study Guide

FSx File Gateway Amazon FSx File Gateway is a recent addition to the AWS Storage Gateway family to provide access to Amazon FSx for Windows File Server file shares on AWS from your on-premises environment. The idea is very similar to S3 File Gateway, which is that you can access the data on AWS through […]