AWS Services Flashcards
AWS CloudTrail
Where- Source IP Address
When- EventTime
Who- User, UserAgent
What- Region, Resource, Action
Detect devloper misconfigurations, malicious actors, automate responses.
Logs all API calls (SDK, CLI) between AWS Services. E.g: who created the bucket? Who deployed that EC2 instance?
With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides Event History (for last 90 days) of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
For more than 90 days -> create a Trail
enables governance, compliance, operational auditing, and risk auditing.
AWS Config
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.
Amazon Inspector
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.
Amazon Inspector security assessments help you check for unintended network accessibility of your Amazon EC2 instances and for vulnerabilities on those EC2 instances. Amazon Inspector assessments are offered to you as pre-defined rules packages mapped to common security best practices and vulnerability definitions. Examples of built-in rules include checking for access to your EC2 instances from the internet, remote root login being enabled, or vulnerable software versions installed. These rules are regularly updated by AWS security researchers.
AWS Trusted Advisor
AWS Trusted Advisor is an online tool that provides you with real-time guidance to help you provision your resources following AWS best practices.
Cost optimization, Performance, Security, Fault Tolerance, Service Quotas.
Amazon CloudWatch
It is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), IT managers, and product owners. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, and optimize resource utilization. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events. You get a unified view of operational health and gain complete visibility of your AWS resources, applications, and services running on AWS and on-premises. You can use CloudWatch to detect anomalous behaviour in your environments, set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly.
- collect and store application logs and server operation system logs.
- use CloudTrail to capture API activities and send them to CloudWatch Logs.
- log Route 53 DNS queries into CloudWatch Logs.
- use CloudWatch Logs to retain and archive log data in S3.
- use CloudWatch Logs Insights to interactively search and analyze your log data.
Amazon GuardDuty
Amazon GuardDuty is an automated threat detection service that continuously monitors for malicious or unauthorized behaviour to help you protect your AWS accounts and resources.
Uses ML to analyze CloudTrail, VPC Flow & DNS Logs. Uses anomaly detection and integrated threat intelligence to identify and prioritize potential threats.
GuardDuty: LOW severity level 3.9 - 1.0
A low severity level indicates suspicious
or malicious activity that was blocked
before it compromised your resource.
No immediate recommended action, but it is worth making note of this information as it may indicate someone is looking for weak points in your network.
GuarDuty: MEDIUM severity level 6.9 - 4.0
A medium severity level indicates suspicious activity that deviates from normally observed behavior and, depending on your use case, may be indicative of a resource compromise.
GuardDuty: HIGH severity level 8.9 - 7.0
A high severity level indicates that the resource
in question is compromised and is being actively used for unauthorized purposes.
AWS CloudFront
Content Delivery Network (CDN).
It is a web service that speeds up the distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations.
When a user requests content that you’re serving with CloudFront, the request is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.
AWS S3 Transfer Acceleration
allows you to generate a URL that can be used by end users to upload files to a nearby edge location.
Now the file can move much faster through the AWS Global Network to the S3 bucket.
AWS Global Accelerator
AWS Global Accelerator is a networking service that improves the performance of your users’ traffic by up to 60% using Amazon Web Services’ global network infrastructure. When the internet is congested, AWS Global Accelerator optimizes the path to your application to keep packet loss, jitter, and latency consistently low. It can find the optimal path from the end user to your web servers.
It is deployed within Edge Locations so you send user traffic directly to an Edge Location instead of directly to your web application.
AWS ECS Fargate [Computing: Containers]
serverless orchestration container service.
AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances. With Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers. This removes the need to choose server types, decide when to scale your clusters, or optimize cluster packing.
compatible with both Amazon ECS and Amazon EKS.
Amazon ECR [Computing]
ECR is a fully managed container registry offering high-performance hosting, so you can reliably deploy application images and artifacts anywhere.
Amazon ECR supports private repositories with resource-based permissions using AWS IAM.
ECS [Computing: ]
container orchestration service that supports Docker containers. Launches a cluster of servers of EC2 instances w/ Docker installed.
EKS - Elastic Kubernetes Service [Computing: Containers]
a fully managed Kubernetes (K8) service. K8 is an open-source orchestration software that was created by Google and is generally the standard for managing microservices.
Amazon Lightsail [Computing: Virtual Machines]
is the managed virtual server service. (friendly version of EC2)
lt offers easy-to-use virtual private server (VPS) instances, containers, storage, databases, and more at a cost-effective monthly price.
AWS Lambda [Computing]
serverless function service. Can run code without provisioning or managing servers.
AWS Outposts
physical rack of servers that can be put in your data center. Allows using AWS API & services such as EC2 right in your data center.
