Service Definitions 3 Flashcards
- Stateless, subnet rules for inbound and outbound
- Firewall which controls traffic from and to subnet
- Can have ALLOW and Deny rules
- Attached at subnet level
NACL (Network ACL)
- Stateful, operate at the EC2 instance level or ENI
- Firewall that controls traffic to and from an ENI/EC2
instance - Can have ONLY allow rules
- Rules include IP addys and other __________
Security Groups (SGs)
Connect two VPC with non overlapping IP ranges, nontransitive
VPC Peering
- Provide private access to AWS Services within VPC
- Endpoints allow you to connect to AWS services using a
Private network instead of public network - Give enhanced security and lower latency
VPC Endpoints
Connect thousands of VPC and on-premises networks together
Transit Gateway
VPN over public internet between on-premises Datacenter and AWS.
- On prem use Customer Gateway (CGW)
- AWS use Virtual Private Gateway (VPW)
Site to Site VPN
protects against DDOS attack for your website and applications,
for all customers at no additional costs
AWS Shield and shield Advanced for 24/7 premium protection
Filter specific requests based on rules
- Layer 7 Http level
- Deploy on Application Load Balancer, API Gateway, Cloudfront
AWS Web Application Firewall (WAF)
- Anytime you hear “encryption” for an AWS service, it’s most likely _____
- AWS manages the encryption keys for us
AWS KMS (Key Mgmt Service)
- Let you easily provision, manage, deploy SSL/TLS Certificates
AWS Certificate Manager (ACM)
- Intelligent Threat (ML) discovery to protect AWS Account
- find in VPC, DNS, CloudTrail logs
Amazon GuardDuty
- analyzes, investigates and quickly identifies THE ROOT CAUSE OF SECURITY ISSUES (using ML and graphs)
Amazon Detective
- Find objects, people, text, scenes, in images or videos using ML
- Facial analysis/searching
Amazon Rekognition
- Central security tool to manage security across several AWS accounts and automate security checks
AWS Security Hub
- auditing and recording compliance of your AWS resources
- Track record configurations and compliance changes over time
AWS Config
- Convert speech to text, speech recognition
- subtitles
Amazon Transcribe
- Turn text to speech
Amazon Polly
- Natural and accurate language translation
AWS Translate
_________: same tech as Alexa, conversational Bots, chatbots
________: virtual/cloud contact center, receive calls and create contact flows
Amazon Lex & Connect
- Natural Language Processing – NLP
- ML to gain insights and relationships in text
Amazon Comprehend
- Fully managed service for developers/ data scientists, build ML models
Sagemaker
- fully managed service, use ML to deliver accurate forecasts
Amazon Forecast
- fully managed document search service, using ML
- Extract info from document, search engine
Amazon Kendra
- ML service, to build apps with real time personalized recommendations
- same tech used by Amazon.com
Amazon Personalize
- Global Service
- Manage multiple AWS accounts in one place
- Consolidated billing across accounts
- Restrict account privileges using service control policies (SCP)
AWS Organizations
- Whitelist/blacklist IAM actions
- Applied at OU or Account level
- SCP applied to all users and roles of account, including root
- SCP must have explicit Allow
Service Control Policies (SCP)
- easy way setup and govern a secure and compliant multi-account AWS environment
- Runs on top of AWS Organizations
AWS Compute Optimizer: - reduce costs and improve performance
- uses ML to see resource configurations and utilization CloudWatch metrics
AWS Control Tower
Analyze your AWS accounts and provide recommendations for 5 categories:
- cost optimization
- performance
- security
- fault tolerance
- service limits
AWS Trusted Advisor
