Ensuring that your aws infrastructure is secure is a responsibility that’s shared between you and Amazon. Amazon is responsible for mainly: Ensuring physical hardware that your resources (e.g. EC2 instances are running on). E.g. limit access to who is allowed to walk into AWS’s AZs (data centres) Ensuring that internal […]

AWS offers a bunch of natively security features that we can use to enhance security: AWS API access security – via api keys buitin vpc firewalls – private and public subnets. Encourages us to use private subnets whenever possible IAM – only authenticated users and apps are granted access privileges […]

In route53 you have multiple entries with the same url (aka url). In fact you have to create multiple entries with the same name in order to take advantage of the various routing policies. Here are the available routing policies: Simple Weighted Latency Failover Geolocation We have already covered Failover. […]

Some Internet Service Providers can connect your on premise devices directly to aws AZ without being rerouted via the rest of the internet. this results in faster connection more stable connection reduced latency No need to go via the public internet better security No need to have any special hardware […]

Cloudfront is a (Content Delivery Network) CDN that delivers content to Edge Locations around the world. Origin: This term means the location where the content can originate from. There are a few places: EC2 ELB, with ec2 instances behind it S3 bucket route53 – e.g. if actual source is an […]

You can set up active and passive entries for the same url in route 53. So when route 53 discovers that the active (primary) source has become unhealthy it will failover to the passive (secondary) entry. For example, we have a static website running on an EC2 instance. This EC2 […]

For security reasons you should not have your aws resources (e.g. ec2 instances) directly accessible via the internet unless it is necessary, i.e. keep your aws resources internal. However you still want to be able to access your VPCs, there’s a few ways to achieve this: Setup bastion hosts setup […]

Launch Configurations – let’s you specify a template for automatically create new instance, based on this presets. Therefore when creating a Launch Configuration resource you specify things like: – AMI id – Instance type – Which vpc to build instances in – IAM role – default storage requirements. E.g. number […]

Note: AMIs created in one region cannot be used to create instances in another region. However you can get round this by copying the AMI to another region first.   You can also modify access permissions of the AMI, in the following ways: Make the AMI public, so anyone can […]

A VPN is essentially a subnet where it’s members are a combination of AWS resources and on premise devices. I.e. a a VPN is a subnet that extends to an on premise site. There are 2 ways to set up VPN: Hardware based VPN Tunnelling (OpenVPN)   Hardware based VPN […]