If you see decoupling in exam, think SQS.Build components that do not have tight dependencies so that if 1 component dies/sleeps/is busy, the other components are built so as to continue work as if no failure is happening.By being a pessimist, you think about recovery strategies during design time, which helps you design an overall better system.Assume that you will be overloaded with requests.Assume that hardware will fail & outages will occur.Automation – “Scriptable infrastructure”.Almost 0 upfront infrastructure investment.Motion Picture Association of America (MPAA)Īrchitecting for the Cloud – Best Practices:.Not meant to replace a customer’s own vulnerability scansĬan take credit card information with PCI compliance (software needs to be compliant too).Independent external vulnerability threat assessments are performed regularly by 3 rd party security firms.
Inspects your AWS environment & makes recommendations to save money, improve performance & close security gaps:. Prevent Packet Sniffing by other tenants. You must request a vulnerability scan in advance Prevent Port Scanning – Unauthorized port scans are a violation of T&Es. #Aws solution architect associate certification preparation mac#
Prevent IP Spoofing – the AWS controlled, host-based firewall will not permit an instance to send traffic with a source IP or MAC other than its own. Prevent Man in the middle attacks (MITM). Amazon Corporate Segregation – AWS production network is segregated from the Amazon corporate network by a means of a complex set of network security/segregation devices. For customers who need additional layers of network security, AWS provides VPCs & the ability to use an IPSec VPN between their datacenter & the VPC. Transmission Protection – Use HTTPS using SSL. All decommed magnetic storage devices are degaussed and physically destroyed. Recommended that MFA is implemented, SSL/TLS is used for communication, & API/user activity is logged using CloudTrail Managed services – Amazon is responsible for patching, AV etc… but YOU are responsible for account mgmt. 
Security configuration of it’s managed services (DynamoDB, RDS, Redshift, Elastic MapReduce, WorkSpaces). Infrastructure (hardware, software, networking, facilities). YOU are responsible for anything you put on or connects to the cloud Shared Security Model – AWS is responsible for securing the underlying infrastructure. State of the art electronic surveillance and multi factor access control systems. Stop spending money running & maintaining datacenters. Cloud providers maintain the network-connected hardware while the consumer provisions and use what you need via web applications. What is cloud computing? On demand delivery of IT resources and apps via the Internet w/ pay-as-you-go pricing. Pay based on the minutes that you transcode & the resolution at which you transcode. Don’t need to guess about which settings work best on particular devices. Provides transcoding presets for popular output formats Any component can later retrieve the queued message using SQS API. Eases message management between components. Allows you to decouple the components of an app so that they can run independently. A distributed message queueing service that sits between a “producer” and “consumer” to quickly and reliably cache that message. SQS – most important service going into exam Only one ACL per subnet, but many subnets can have the same ACL. When you create a new ACL, by default everything is DENY. Put down network access lists across the entire subnet. A numbered list of rules (in order, lowest applies first). Set up route on private subnet to route through NAT instance. On a NAT instance, you need to change source/destination check to disabled. allow inbound & outbound on HTTP and HTTPS. Allows your instances that do not have internet access the ability to access the internet via a NAT server instance. Security tool to monitor the traffic that is reaching your instance. Diagnose overly restrictive security group rules. Troubleshoot why specific traffic is not reaching an instance. I’ve decided to consolidate the past 5 articles into 1 large article for ease of searching (and so that I’m not updating 5 separate articles while I continue to study):ĪWS Solutions Architect Associate exam blueprint: ĪWS Quick start reference architectures: 
I bought the “Associate Bundle” so I plan on taking all 3 associate level courses eventually. To do this I’m (a) going through the exam blueprint, (b) writing blogs on my AWS free-tier lab, (c) watching the excellent videos. I’m currently studying to sit the AWS Solutions Architect Associate certification.
0 kommentar(er)
