-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathgeneral-notes
90 lines (66 loc) · 3.69 KB
/
general-notes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#################################
# By Ksanchez #
# Security+ | MGP | Ps. Auditor #
# @ksanchez_cld (Twitter) #
#################################
- Designing an application that can scale horizontally allows you to distribute application components, partition your data, and follow a services-oriented design strategy.
- This approach will help you leverage elasticity of the AWS cloud infrastructure.
- Loosely coupled applications are typically implemented using message-oriented architectures.
- SQS.
- Loosely coupled components can help you differentially scale-out your architecture by deploying more instances of any given component or by provisioning more powerful instances for components that require it.
- you should try to design your components to be stateless as far as possible.
- Implementing asynchronous processing wherever possible in your application can improve scalability.
- Ensure you implement a dead letter queue for queue requests that fail after several retries (usually between 3-5 times).
- You can use the AWS SNS service for notifying components when a message's request processing has been completed.
- create asynchronous pipelines for data flows within your application using AWS Kinesis data streams and AWS SQS queues, where you can route your data to different queues to be processed differently.
- Try to offload as much content as possible to the AWS CloudFront CDN service for distribution to Amazon edge locations.
- Static.
- Dynamic.
- Streaming.
- Interactive content.
- Static content or files include that are stored in Amazon S3 and not on your web server instance.
- This can reduce the load on your web servers.
- Improve the efficiency of maintaining content (by storing at one S3 location).
- Reducing latency for your end users.
- Reducing overall costs (by reducing the size or the number of EC2 instances required for your web servers).
MORE AWS SERVICES
- CloudTrail (records AWS API calls).
- AWS Config (provides you with a resource inventory and current configuration of your AWS resources).
- AWS CloudHSM (helps you meet contractual obligations and/or compliance requirements).
- AWS Key Management (to manage your data encryption keys).
- AWS Elastic Beanstalk (for deploying and scaling web applications).
- AWS OpsWorks (an application management service).
- AWS CloudFormation (for provisioning a set of related AWS resources).
- AWS CodeDeploy (for automating code deployments).
- Amazon EMR (a hosted Hadoop framework).
- Amazon Kinesis (for real time streaming data ingestion and processing).
- Amazon SWF (a workflow service).
- Amazon AppStream (for streaming from the cloud).
- Amazon Elastic Transcoder (for conversion of media files).
- Amazon SES (a bulk e-mail service).
- Amazon CloudSearch (for applications that need a scalable search service functionality).
AWS MONITORING AND PROTECTION
- AWS Monitor for:
- Server and network usage.
- Port scanning activities.
- Application usage.
- Unauthorized intrusion attempts.
- AWS Provides protections against:
- Distributed denial of service attacks - DDOS.
- Man in the middle attacks - MITM.
- IP Spoofing.
- Port Scanning. >> Need to be approved by Amazon.
- Packet Sniffing.
AWS CREDENTIALS
- Password and Multifactor Authentication - MFA.
- AWS Management Console.
- MFA can be configure through IAM Policies.
- MFA support hardware tokens and virtual MFA devices.
- MFA conforms to RFC 6238 Time Based One Time Password - TOTP.
- Access Keys
- Digital signed requests to AWS APIs.
- Signature calculated using the HMAC-SHA256 protocol.
- Key Pairs
- Public/private key pair for signing into EC2 instances via SSH.
- X.509 Certificates
- Mainly for SOAP based requests.