[SAA/DVA] KMS Hands On w/ CLI Okay, so let’s play with key management service or Kms. And Kms is a service, as we said, I’ve been using all along. But let’s go ahead and look at first on the left hand side, the AWS managed keys. So some of these keys that we see here are AWS managed keys. And as we can see, we know they are AWS managed because they start with the AWS alias. . So we have one key for SRA, key for ACM, one key…

[SAA/DVA] Encryption 101 So first an overview of encryption mechanism and the first one is going to be encryption in flights. Then why would we want even encryption in flights? Well, we want encryption in flight. Because if I send a very sensitive secret, for example, my credit card to a server to make a payment online, I want to make sure that no one else on the way where my network packet is going to travel can see my credit card number. And so I want to make sure…

Logging in AWS So just to help you for the exam and to make you understand what kind of logging is available in AWS, here’s a short lecture. So basically if you want to have compliance requirements, there is many services that AWS provide logs for. It could be security logs or audit logs. So service logs will include Cloud Trail and here we can trace all the API calls and we’ve done this as a hands on, so we know how that works, config rules where we can track…

[CCP] Penetration testing on AWS Okay, so now let’s talk about penetration testing on the cloud. So, penetration testing is when you’re trying to attack your own infrastructure to test your security. A customer of Alias is welcome to carry out these security assessment and penetration testing against your own infrastructure without prior approval for eight services. So our Amazon is two instances nat Gateway and elastic load balancers, amazon RDS CloudFront aurora, the API gateways, lambda and lambda edge functions, light cell resources and elastic beanstalk environments. The list…

[CCP/SAA] Shared Responsibility Model Welcome to this section on security and compliance. We’re going to start right away with the shared responsibility model. So this is something we’ve seen all along this course, but now it is time for us to formally introduce it. So a list responsibility is the security of the cloud. That means that all the infrastructure that they provide to you, that includes the hardware, the software, facilities, networking, they have to protect it. Because this infrastructure will run all these services that you are using…

[DVA] Cognito User Pools Overview So the first service we will see into Cognito is called Cognito User Pools or cup. And this is a way to create a serverless database for your web and mobile application users. So what is a serverless database? That means that your users can use, for example, a simple login, their username or their email and a password connection, a combination to connect into your application. They can also obviously reset their passwords. We can, thanks to Kunito user pools, do an email and…

Identity Federation with SAML & Cognito Okay, so let’s talk about identity federation. You may have heard identity federation many, many times in AWS, and to be honest, for me it was quite a cryptic topic, it’s really hard to understand. So I’m doing my best here to explain to you how entity federation works, what the SAML incognito, how it is integrated with all these things. So let’s take it step by step and hopefully you’ll have a clearer view of it after this lecture. So federation means that…

[CCP/SAA/DVA] IAM Security Tools We are nearing the end of this section. But first let’s talk about the kind of security tools we have in IAM. So we can create an IAM credentials report and this is at your account level. And this report will contain all your accounts users and the status of their various credentials. We’ll be actually generating it right now and having a look at it. And the second security tool you can use in IAM is called IAM Access Advisor. One is at the user…

[SAA] AWS DataSync So now let’s talk about AWS data sync. It is used to move large amount of data from your onpremises system to AWS and it helps you synchronize data to Amazon S three. And there could be any storage class including Glacier, so s three standard Sree infrequent Access, Glacier and so on to Amazon EFS as well and to Amazon FSX for Windows. And in terms of sources, it can move data from your Nas or your file system via the NFS or the SMB protocol….

AWS Billing Alarms Let’s go through creating a billing alarm. And billing data is going to be stored in only one region. It is us, East One. And this is in Cloud Watch. But the data is going to be for your overall worldwide cost, okay, so not just for that one region, it is only stored in one region, but represents worldwide cost, and it’s actual cost incurred into your account, not for project specific cost. So let’s go ahead and create an alarm alarm together. So for this…