Service Control Policies AWS gives you a tool in the IAM space to manage the permissions of that organization along with any child OUs when grouping your accounts into organizations and OUs. That tool is Service Control Policies or SCPs. SCPs allow you to provide a baseline of governance across the accounts they are applied […]

This chapter covers the following official AWS Certified SysOps Administrator – Associate (SOA-C02) exam domains: Domain 1: Monitoring, Logging, and Remediation Domain 2: Reliability and Business Continuity Domain 3: Deployment, Provisioning, and Automation Domain 4: Security and Compliance Domain 5: Networking and Content Delivery Domain 6: Cost and Performance Optimization (For more information on the […]

Diving into Identity and Access Management AWS Identity and Access Management (IAM) is used to define and control who can access which resources in an AWS environment. IAM concepts and how they provide security controls are a key part of the exam. Here are some key concepts: Every new AWS account comes with a root […]

Examining ML ML is a sub-area of AI that aims to create systems and machines that can learn from experience, without being explicitly programmed. As the name suggests, the system can observe its underlying environment, learn, and adapt itself without human intervention. Algorithms behind ML systems usually extract and improve knowledge from the data and […]

Categories of Behavior The controls provided by AWS Control Tower are broken down into three distinct categories: preventative, detective, and proactive. These are called categories of behavior: Categories of Guidance There are also three different levels of controls: mandatory, strongly recommended, and elective controls. These are called categories of guidance: Security Considerations for Control Tower […]

Invalidations Cache invalidations are configured for all edge locations at the distribution level. A cache invalidation will expire all objects in the edge cache even if there are TTL values that have not expired. It is a forced deletion of the object from cache. Invalidation can define a specific file or be expanded using wildcards. […]

This chapter introduces the first objective of this book, that is, determining an authentication and access control strategy to address the requirements of complex organizations. To pass your Amazon Web Services (AWS) Solutions Architect Professional certification, you will start by revisiting the key concepts and mechanisms supporting Identity and Access Management (IAM) on AWS. You […]

Making the Most Out of this Book – Your Certification and Beyond This book and its accompanying online resources are designed to be a complete preparation tool for your MLS-C01 Exam. The book is written in a way that you can apply everything you’ve learned here even after your certification. The online practice resources that […]

Fundamental AWS Services Now that you understand the shared responsibility model, it’s time to look at some essential services that are used throughout the environments and accounts in which you will be working. These essential services are compute services such as Elastic Cloud Compute (EC2), the global Domain Name System (DNS) service of Route 53, […]

Auditors and the Shared Responsibility Model Many industries require you to show compliance in your cloud environment as it relates to industrial controls. Using and understanding the shared security model will help you and your auditors understand which controls you, as the customer, are responsible for and which ones are the responsibility of AWS, the […]