CodingBee

A beginners guide to programming and automating stuff

All posts in AWS CSA – Associate

AWS – CloudHSM

CloudHSM (Hardware Security Module): This is essentially the name of a dedicated physical machine that is seperate from all the other AWS hardware, and it is used to store encryption keys. If an outside party gains access to these keys, then your AWS infrastructure is compromised. Hence even AWS employees . . . Read more

AWS – Cloudwatch related security features

Cloudwatch related API requests are signed with HMAC-SHA1signature from the request and the the user’s private key Cloudwatch’s (sdk) API is only accessible via https, not http, i.e. it is encrypted with ssl An IAM user can only access cloudwatch if they are given access via IAM You can configure . . . Read more

AWS – Encryption features Overview

You can encrypt the content of your resources. This basically means that the content can’t be viewable by an AWS employee. The only way to decrypt the content is via logging into the AWS Account that created the encrypted data in the first place, and also you need to login . . . Read more

AWS – Minimizing impact of DDOS attacks

We can limit DDOS attacks in the following ways: identify ip range of ddos attacks and block it at the Network ACL level. Alternatively could do this at the Security Group Level, but it’s quicker at the Network ACL level. Install DDOS prevention software on our EC2 instances that will . . . Read more

AWS – Shared (Security) Responsibility Model

Ensuring that your aws infrastructure is secure is a responsibility that’s shared between you and Amazon. Amazon is responsible for mainly: Ensuring physical hardware that your resources (e.g. EC2 instances are running on). E.g. limit access to who is allowed to walk into AWS’s AZs (data centres) Ensuring that internal . . . Read more

AWS – Route 53 routing policy types

In route53 you have multiple entries with the same url (aka url). In fact you have to create multiple entries with the same name in order to take advantage of the various routing policies. Here are the available routing policies: Simple Weighted Latency Failover Geolocation We have already covered Failover. . . . Read more