Hello all, I’m sure you may have noticed the new AWS CSAA badge to your right there. I am happy to say I passed the AWS CSAA C03 exam on my very first attempt and even happier to say it was easier than I thought. I do wish I could’ve posted all that I’ve learned…
Author: admin
Post #205 (AWS) – I’m back!!! Also networking costs in AWS and how to limit.
It has been a long time since I’ve posted here. I recently got promoted at work and that has been eating up a lot of my time, but I am back and ready to learn and share! Enough with the introductions let’s get back into it. So when using AWS you need to keep in…
Post #204 (AWS) – VPC Peering
VPC peering allows you to give your VPCs the ability to communicate with one another. You could have VPCs in different regions or even different accounts that can talk to each other. It is important to note this is not transitive, if VPC A talks to VPC B and VPC B talks to VPC C…
Post #203 (AWS) – NACL and SG
NACL are the wall of defense before your security groups, they are created at the subnet level. Security groups are what is known as “stateful” this means any inbound traffic that is allowed in will automatically allow a return response even if the outbound rules don’t specify the port as being allowed. For example, if…
Post #202 (AWS) – Bastion Hosts
Bastion Hosts in AWS are essentially jump boxes, a machine that you access which then in turn allows you to access resources on a more restricted network. In terms of AWS, you may have resources on a private subnet that you do not want users to be able to access openly. In this case you…
Post #201 (AWS) – Default VPC
When you create an AWS account you will actually have one VPC, virtual private cloud, created by default. This is what gives you the ability to access your EC2 instances when they are created. The VPC is made up of multiple subnets spread across AZ for HA purposes and it also includes a route table…
Post #200 (AWS) – GuardDuty and 200th post!
Amazon GuardDuty is a security service offered by Amazon that takes VPC logs, CloudTrail logs, and DNS logs and then analyzes that data using ML plus third party data to create an Eventbrige event which can then trigger and SNS topic or Lambda function to respond accordingly. GuardDuty can even be used for cryptocurrency based…
Post #199 (AWS) – Certificate Manager
AWS Certificate manager allows you to utilize TLS, sometimes referred to SSL, certificates and utilize in-flight encryption. You can even use the TLS certificate on an ALB. You have the option to request a public certificate from AWS simply select a domain name choose a validation method email or DNS, DNS is better for automation…
Post #198 (AWS) – KMS
The AWS KMS, or Key Management Service, is a way for AWS to manage your encryption and decryption keys. You have two different types to work with symmetric, where the same key is used for encryption and decryption, and asymmetric, where you have a public encryption key and a private decryption key. With symmetric encryption…
Post #197 (AWS) – Control Tower
AWS Control Tower is a service that will simplify your governance and compliance with your AWS accounts. It allows you to create accounts with ease, with automation and pre-built blueprints in just a few clicks. You are able to assign preventive guardrails that set limits on these accounts via the SCP in their respective OU….