The AWS service that is essential to Security is AWS Identity and Access Management (IAM), which allows you to securely control access to AWS services and resources for your users. The following services and features support the five areas in security:
Identity and Access Management: IAM enables you to securely control accessto AWS services and resources. MFA adds an additional layer of protection on user access. AWS Organizations lets you centrally manage and enforce policies for multiple AWS accounts.
Detective Controls: AWS Cloud Trail records AWS API calls, AWS Config provides a detailed inventory of your AWS resources and configuration. Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior. Amazon CloudWatch is a monitoring service for AWS resources which can trigger CloudWatch Events to automate security responses.
Infrastructure Protection: Amazon Virtual Private Cloud (AmazonVPC) enables you to launch AWS resources into a virtual network that you've defined. Amazon CloudFront is a global content delivery network that securely delivers data, videos, applications, and APIs to your viewers which integrates with AWS Shield for DDoS mitigation. AWS WAF is a web application firewall that is deployed on either Amazon CloudFront or Application Load Balancer to help protect your web applications from common web exploits.
Data Protection: Services such as ELB, Amazon Elastic
Block Store (AmazonEBS), Amazon S3, and Amazon Relational Database Service (Amazon RDS) include encryption capabilities to protect your data in transit and at rest. Amazon Macie automatically discovers, classifies and protects sensitive data, while AWS Key Management Service (AWS KMS) makes it easy for you to create and control keys used for encryption.
SEC 11: How do you respond to an incident?
Preparation is critical to timely investigation and response to security incidents to help
minimize potential disruption to your organization.
Amazon Web Services AWS Well-Architected Framework
IncidentResponse:IAMshouldbeusedtograntappropriateauthorizationto incident response teams and response tools. AWS CloudFormation can be used to create a trusted environment or clean room for conducting investigations. Amazon CloudWatch Events allows you to create rules that trigger automated responses including AWS Lambda.
Upgrade to remove ads
Only ₩37,125/year
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
AWS Well-Architected Framework
Terms in this set (48)
AWS Well-Architected Framework
Helps you understand the pros and cons of decisions you make while building systems on AWS. By using the Framework you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud.
What are the 5 pillars of the AWS Well-Architected Framework?
1- Operational Excellence
2- Security
3- Reliability
4- Performance Efficiency
5- Cost Optimization
AWS Well-Architected Framework terms!
1- component
2- workload
3-
architecture
4- Milestones
5- technology portfolio
component
Is the code, configuration, and AWS Resources that together deliver against a requirement. A component is often the unit of technical ownership, and is decoupled from other components.
workload
is used to identify a set of components that together deliver business value. A workload is usually the level of detail that business and technology leaders communicate about.
architecture
We think about architecture as being how components work together in a workload. How components communicate and interact is often the focus of architecture diagrams.
Milestones
mark key changes in your architecture as it evolves throughout the product lifecycle (design, testing, go live, and in production).
technology portfolio
Within an organization the technology portfolio is the collection of workloads that are required for the business to operate.
The pillars of the AWS Well-Architected Framework?
Well-Architected Framework General Design Principles?
1- Stop guessing your capacity needs
2- Test systems at production scale
3- Automate to make architectural experimentation easier
4- Allow for evolutionary architectures
5- Drive architectures using data
6- Improve through game days
WA Framework pillars
1) Operational Excellence
The ability to support development and run workloads effectively, gain insight into their operations, and to continuously improve supporting processes and procedures to deliver business value.
There are five design principles for operational excellence?
1- Perform operations as code
2- Make frequent, small, reversible changes
3- Annotate documentation
4- Anticipate failure
5- Learn from all operational failures
6- Refine operations
procedures frequently
Perform operations as code?
Infrastructure as code (cloudFormation)
Annotate documentation
Automate the creation of annotated documentation after every build
Make frequent, small, reversible changes
So that in case of any failure, you can reverse it
Refine operations procedures frequently
And ensure that team members are familiar with it
Anticipate failure
Perform "pre-mortem" exercises to identify potential sources of failure so that they can be removed or mitigated. Test your failure scenarios and validate your understanding of their impact. Test your failure scenarios and validate your understanding of their impact.
Learn from all operational failures
Drive improvement through lessons learned from all operational events and failures. Share what is learned across teams and through the entire organization.
There are four best practice areas for operational excellence in the cloud.
1- Organization
2-Prepare
3- Operate
4- Evolve
Organization
Your teams need to have a shared understanding of your entire workload, their role in it, and shared business goals to set the priorities that will enable business success.
Prepare
Design your workload so that it provides the information necessary for you to understand its internal state (for example, metrics, logs, events, and traces) across all components in support of observability and investigating issues.
AWS CloudFormation - AWS Config
Operate
Define expected outcomes, determine how success will be measured, and identify metrics that will be used in those calculations to determine if your workload and operations are
successful.
AWS CloudFormation, AWS Config, AWS CloudTrail, Amazon CloudWatch, AWS X-Ray
Evolve
You must learn, share, and continuously improve to sustain operational excellence. Dedicate work cycles to making continuous incremental improvements.
AWS CloudFormation, AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, AWS CodePipeline
WA Framework pillars
2)Security
Includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies
Security Design Principles
1- Implement a strong identity foundation
2- Apply security at all layers
3- Automate security best practices
4- Protect data in transit and at rest
5- Keep people away from
data
6- Prepare for security events
Implement a strong identity foundation
Centralize privilege management and reduce (or even eliminate) reliance on long-term credentials - Principle of least privilege - IAM
IAM, AWS-STS, MFA token, AWS Organizations
Enable traceability
Integrate logs and metrics with systems to
automatically respond and take action
AWS Config, AWS CloudTrail, Amazon CloudWatch
Apply security at all layers
Like edge network, VPC, subnet, load balancer, every instance, operating system, and application
Prepare for security events
Run incident response simulations and use tools with automation to increase your speed for detection, investigation, and recovery
WA Framework pillars
3) Reliability
Ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues
Reliability Design Principles:
1-
Test recovery procedures
2- Automatically recover from failure
3- Scale horizontally to increase aggregate system availability
4- Stop guessing capacity
5- Manage change in automation
Reliability AWS Services:
A) Foundations:
1- IAM
2- Amazon VPC
3- Service Limits
4- AWS Trusted Advisor
Reliability AWS Services:
B) Change Management
1- AWS Auto Scaling
2- Amazon CloudWatch
3- AWS CloudTrail
4- AWS Config
...
c) Failure Management
1- Backups AWS
2- Amazon S3
3- Amazon S3 Glacier
4- Amazon Route 53
5- CloudFormation
WA Framework pillars
4) Performance Efficiency
Includes the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve
Performance Efficiency Design Principles
1-Democratize advanced technologies - Advance technologies become services and hence you can focus more on product development
2- Go global in minutes - Easy deployment in multiple regions
3- Use serverless architectures - Avoid
burden of managing servers
4- • Experiment more often - Easy to carry out comparative testing
5- Mechanical sympathy - Be aware of all AWS services
Performance Efficiency AWS Services:
1- Selection: AWS Auto Scaling, Amazon Elastic Block Store (EBS), Amazon Simple Storage Service (S3), AWS Lambda Amazon RDS
2- Review: AWS CloudFormation, AWS News Blog
3- Monitoring: Amazon CloudWatch,AWS Lambda
4-
Tradeoffs: Amazon RDS, Amazon ElastiCache, AWS Snowball, Amazon CloudFront
WA Framework pillars
5) Cost Optimization
1- Adopt a consumption mode - Pay only for what you use
2- Measure overall efficiency - Use CloudWatch
3- Stop spending money on data center operations
4- Analyze and attribute expenditure - Accurate identification of system usage and costs, helps measure return on investment (ROI) -
Make sure to use tags
5- Use managed and application level services to reduce cost of ownership
Cost Optimization AWS Services:
Expenditure Awareness:
1- AWS Budgets
2- AWS Cost and Usage Report
3- AWS Cost Explorer
4- Reserved Instance Reporting
Cost Optimization AWS Services:
Cost-Effective Resources
1-
Spot instance
2- Reserved instance
3- Amazon S3 Glacier
Cost Optimization AWS Services:
Matching supply and demand
AWS Auto Scaling
AWS Lambda
Cost Optimization AWS Services:
Optimizing Over Time:
AWS Trusted Advisor
AWS Cost and Usage Report
AWS News Blog
AWS Professional Services & Partner Network:
The AWS Professional Services organization is a global team of experts, tThey work alongside your team and a chosen member of the APN (AWS Partner Network)
APN Technology Partners:
providing hardware, connectivity, and software
APN Consulting Partners:
professional services firm to help build on AWS
APN Training Partners:
find who can help you learn AWS
• AWS Competency Program:
AWS Competencies are granted to APN Partners who have demonstrated technical proficiency and proven customer success in specialized solution areas.
AWS Navigate Program:
help Partners become better Partners
Students also viewedAWS Well Architected Framework
17 terms
michelleshowus
AWS #2
88 terms
speraka
Udemy AWS CCP Practice Exam 2
32 terms
gdeluzuriaga
AWS Academy Cloud Architecting [2606] - Module 7 K…
10 terms
Daniel_Blackfed
Sets found in the same folderAWS RDS
145 terms
AdrianBinDC
Korean Alphabet
69 terms
rachhanil
AWS IAM SET
37 terms
Mr_OertnerPlus
Quiz Questions
18 terms
Frank_Wang7
Verified questionscomputer science
What conclusions can be drawn about the evolution of operating systems? What causes some operating systems to gain in popularity and others to fade?
Verified answer
computer science
The ______ block contains code that directly or indirectly might cause an exception to be thrown.
Verified answer
computer science
Why would it be a bad idea for gateways to pass broadcast packets between networks? What would be the advantages of doing so?
Verified answer
computer science
The largest element in a heap resides in which node? a. the root, b. the leftmost leaf in the tree, c. the rightmost leaf on the bottom level, d. any leaf, e. any node in the tree.
Verified answer
Recommended textbook solutionsFundamentals of Database Systems
7th EditionRamez Elmasri, Shamkant B. Navathe
687 solutions
Information Technology Project Management: Providing Measurable Organizational Value
5th EditionJack T. Marchewka
346 solutions
Starting Out with Python
4th EditionTony Gaddis
629 solutions
Service Management: Operations, Strategy, and Information Technology
7th EditionJames Fitzsimmons, Mona Fitzsimmons
103 solutions
Other Quizlet setsNSB Anatomy: Intracranial/neck blood supply/draina…
33 terms
mariajevic2019
CPR Review
44 terms
Nathan1211123
Proteinmetabolisme (Kapitel 18)
23 terms
jens_holt_keldorff
Intro to JavaScript - Lessons 1 - 3
66 terms
Colleen_MoranTeacher