Exam1-Part4 Flashcards
AWS Resource Manager
AWS Resource Manager (AWS RAM) is a service provided by Amazon Web Services (AWS) that enables you to centrally manage and share AWS resources across multiple AWS accounts within an organization
A startup is using Amazon RDS to store data from a web application. Most of the time, the application has low user activity but it receives bursts of traffic within seconds whenever there is a new product announcement. The Solutions Architect needs to create a solution that will allow users around the globe to access the data using an API.
Lambda can scale faster than the regular Auto Scaling feature of Amazon EC2, Amazon Elastic Beanstalk, or Amazon ECS
Create an API using Amazon API Gateway and use AWS Lambda to handle the bursts of traffic.
AWS Firewall Manager
AWS Firewall Manager is a service provided by Amazon Web Services (AWS) that simplifies the management of firewall rules and security policies across multiple AWS accounts. It allows you to centrally configure and enforce firewall rules, security group rules, and other security policies to ensure consistent protection and compliance across your organization’s AWS infrastructure.
AWS Firewall Manager integrates with AWS Web Application Firewall (WAF) and AWS Shield to provide advanced protection against web-based attacks and Distributed Denial of Service (DDoS) attacks. You can centrally manage WAF rules and Shield protections for your accounts.
AWS Shield Advanced
AWS Shield Advanced also gives you 24x7 access to the AWS DDoS Response Team (DRT) and protection against DDoS related spikes in your Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing(ELB), Amazon CloudFront, and Amazon Route 53 charges.
securing Redis
Using Redis AUTH command can improve data security by requiring the user to enter a password before they are granted permission to execute Redis commands on a password-protected Redis server.
Authenticate the users using Redis AUTH by creating a new Redis Cluster with both the –transit-encryption-enabled and –auth-token parameters enabled.
Remember that Amazon EFS only supports Linux workloads.
Amazon EFS only supports Linux workloads
AWS Artifact
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).
S3 Access Point
An S3 Access Point is a feature of Amazon Simple Storage Service (S3) that simplifies managing access to your S3 buckets and data. It provides a unique hostname that you can use to access specific portions of your S3 buckets using predefined access permissions.
S3 Access Points can be configured to be network isolated, meaning they can only be accessed from within your Amazon Virtual Private Cloud (VPC). This adds an additional layer of security and control by limiting access to specific VPCs.
how to apply worm on S3
- Enable S3 Object Lock
- Set Bucket Versioning
- Set Object Lock Configuration
- Apply Object Lock to Objects
in general, setting versioning and setting object lock helps maintaining WORM
standard reserved instances
unsed reserved instances can be sold at the reserved instance marketplace
