CodingBee

A beginners guide to programming and automating stuff

AWS – Minimizing impact of DDOS attacks

We can limit DDOS attacks in the following ways: identify ip range of ddos attacks and block it at the Network ACL level. Alternatively could do this at the Security Group Level, but it’s quicker at the Network ACL level. Install DDOS prevention software on our EC2 instances that will . . . Read more

AWS – Shared (Security) Responsibility Model

Ensuring that your aws infrastructure is secure is a responsibility that’s shared between you and Amazon. Amazon is responsible for mainly: Ensuring physical hardware that your resources (e.g. EC2 instances are running on). E.g. limit access to who is allowed to walk into AWS’s AZs (data centres) Ensuring that internal . . . Read more

AWS – Route 53 routing policy types

In route53 you have multiple entries with the same url (aka url). In fact you have to create multiple entries with the same name in order to take advantage of the various routing policies. Here are the available routing policies: Simple Weighted Latency Failover Geolocation We have already covered Failover. . . . Read more

AWS – Bastion hosts

For security reasons you should not have your aws resources (e.g. ec2 instances) directly accessible via the internet unless it is necessary, i.e. keep your aws resources internal. However you still want to be able to access your VPCs, there’s a few ways to achieve this: Setup bastion hosts setup . . . Read more

AWS – Setting up DNS failover in Route 53

You can set up active and passive entries for the same url in route 53. So when route 53 discovers that the active (primary) source has become unhealthy it will failover to the passive (secondary) entry. For example, we have a static website running on an EC2 instance. This EC2 . . . Read more

AWS – Cloudfront

Cloudfront is a (Content Delivery Network) CDN that delivers content to Edge Locations around the world. Origin: This term means the location where the content can originate from. There are a few places: EC2 ELB, with ec2 instances behind it S3 bucket route53 – e.g. if actual source is an . . . Read more

AWS – Direct Connect

Some Internet Service Providers can connect your on premise devices directly to aws AZ without being rerouted via the rest of the internet. this results in faster connection more stable connection reduced latency No need to go via the public internet better security No need to have any special hardware . . . Read more

AWS – Launch Configurations, Autoscaling Groups, and ELBs

Launch Configurations – let’s you specify a template for automatically create new instance, based on this presets. Therefore when creating a Launch Configuration resource you specify things like: – AMI id – Instance type – Which vpc to build instances in – IAM role – default storage requirements. E.g. number . . . Read more