Trusted Advisor AWS Trusted Advisor is a tool that performs checks on five different categories: Cost optimization Performance Security Fault tolerance Service limits For security and compliance, you should focus on the Security checks. When you go to the Trusted Advisor, you can click the Refresh All Checks button to see whether the Trusted Advisor has […]

Multifactor Authentication (MFA) Multifactor authentication is a method of authenticating a user that requires more than one way of verifying the identity of that user. For example, a regular authentication method would be to have the user provide a username and a password. With MFA, the user would also be required to provide another item […]

Identity Providers The Identity Providers section of IAM allows you to establish a trust connection between your AWS account and another identity provider (often referred to as an ID). Two standards are currently available: SAML: SAML stands for Security Assertion Markup Language. Identity providers (IDPs) that use SAML include Active Directory and Okta.  OpenID Connect: […]

IAM User Groups You will often find that multiple IAM users have the same permissions. Instead of individually assigning each user specific permissions, you can create a user group, assign the appropriate permissions, and then assign users to the group. When you’re creating group accounts, the Add Group Wizard prompts you to provide information about […]

This chapter covers the following official AWS Certified SysOps Administrator – Associate (SOA-C02) exam domain: Domain 4: Security and Compliance (For more information on the official AWS Certified SysOps Administrator – Associate [SOA-C02] exam topics, see the Introduction.) Managing the security of your AWS account is critical to avoiding a compromised environment. In this chapter, […]

Rollbacks A rollback is a method of undoing the steps taken during a patch. In some cases, a patch may not permit a rollback. In these situations, you want to make sure you test the patch in a testing environment and make sure you back up all related data before patching a live system. You […]

Storage Components A storage component is the underlying device where the data is stored. This can include a magnetic hard drive, a solid-state drive, or a tape device. In terms of patching, the devices themselves may require occasional firmware updates (see the next section on firmware). Additionally, the software used by an operating system to […]

Rollups A rollup is a collection of hot fixes. In some cases, the rollup might contain more than just security updates, but the main focus is to address a collection of security or critical issues with a single update. Patching Cloud Components Although many patches are designed to fix an issue with a product, some […]

Patching This section covers the following official AWS Certified SysOps Administrator – Associate (SOA-C02) exam topic for Domain 3: Deployment, Provisioning, and Automation: 3.1 Provision and maintain cloud resources 3.2 Automate manual or repeatable processes CramSaver If you can correctly answer these questions before going through this section, save time by skimming the Exam Alerts […]

Deprecations or End of Life Most products will eventually reach a point when they no longer serve a useful purpose or no longer align with the organization’s business needs. Typically, an organization takes one of two approaches: Specify an end of life for the product: This involves indicating when the product will no longer be […]