VPC Security by Default In every AWS account, a default VPC is automatically created in every region. This default VPC makes experimentation and initial tasks easy. But beware because the default VPC has very permissive security settings. By default, public access to and from the Internet is not blocked by the network ACLs associated with […]

Cram Quiz Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can. 1. You are examining a route table in your VPC and find the following route entry: “Destination : 10.0.0.0/24 and Target : Local”. What type of route is this? A. […]

VPC Connectivity This section covers the following objective of Domain 5 (Networking and Content Delivery) from the official AWS Certified SysOps Administrator – Associate (SOA-C02) exam guide: 5.1 Implement networking features and connectivity CramSaver If you can correctly answer these questions before going through this section, save time by skimming the Exam Alerts in this […]

Elastic Network Interfaces An Elastic Network Interface (ENI) is a virtual network interface in a VPC. When EC2 instances are created in a VPC, they automatically get a default network interface (eth0). This interface cannot be detached from this instance. You can choose to have a public IP address automatically assigned to this interface. However, […]

Cram Quiz Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can. 1. Which of the following AWS services does not make use of ACM certificates? A. Elastic Load Balancing B. Amazon API Gateway C. AWS CloudFormation D. AWS CodeCommit 2. Which of […]

Amazon GuardDuty Amazon GuardDuty is a tool that performs threat detection functions in your AWS infrastructure. This optional service is not turned on in your AWS account by default. When GuardDuty is enabled, it actively monitors the following: AWS CloudTrail management events AWS CloudTrail S3 data events VPC flow logs DNS logs ExamAlert A feature […]

AWS Certificate Manager The AWS Certificate Manager (ACM) allows you to manage certificates. This service provided by AWS allows you to perform the following primary tasks: Request a certificate: This option allows you to request a public certificate from Amazon. If you have configured your AWS account with your organization’s CA, you can also request […]

Certificate Management Consider a situation in which you want to log in to your bank’s website and transfer some money. You open a web browser, type in the URL of your bank (or use a browser bookmark), and then log in to the bank. But how do you know that it is really your bank? […]

AWS Key Management Service The Key Management Service (KMS) allows you to create encryption keys and control their access. Both symmetric and asymmetric keys can be created, as you can see in Figure 10.1. FIGURE 10.1 KMS Key features of AWS KMS include The ability to create, view, and edit keys Use policies to control […]

This chapter covers the following official AWS Certified SysOps Administrator – Associate (SOA-C02) exam domain: Domain 4: Security and Compliance (For more information on the official AWS Certified SysOps Administrator – Associate [SOA-C02] exam topics, see the Introduction.) In this chapter, you learn how to use AWS features to protect data at rest or in […]