Tohuwabohu excorcism

User Tools

Site Tools

Trace: git auth0
cloud:aws

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cloud:aws [2023/12/06 08:53] – [Lambdas] skipidarcloud:aws [2024/01/30 14:52] (current) skipidar
Line 1: Line 1:
 ===== AWS ===== ===== AWS =====
 +
 +== Service catalogue ==
  
 Human friendly overview of all services Human friendly overview of all services
Line 7: Line 9:
 {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/J6ES5jwMpO.png}} {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/J6ES5jwMpO.png}}
  
 +
 +
 +== Prescriptive-guidance ==
 +
 +Prescriptive Guidance provides time-tested strategies, guides, and patterns to help accelerate your cloud migration, modernization, and optimization projects. 
 +
 +https://aws.amazon.com/de/prescriptive-guidance/
 +
 +{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/qrsyAETPou.png}}
  
 == Library == == Library ==
Line 354: Line 365:
 |Programming model|http://docs.aws.amazon.com/lambda/latest/dg/programming-model-v2.html| |Programming model|http://docs.aws.amazon.com/lambda/latest/dg/programming-model-v2.html|
 ||| |||
 +
 +Configuring functions:
 +https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html
  
 == Python == == Python ==
Line 373: Line 387:
  
  
 +
 +==== SCP ====
 +
 +THe policies are applied on an organizational level.
 +
 +This is an example, how all services, but sts, s3, iam are denied
 +
 +<sxh>
 +{
 +  "Version": "2012-10-17",
 +  "Statement": [
 +    {
 +      "Sid": "AllowSTS",
 +      "Effect": "Deny",
 +      "NotAction": [
 +        "sts:*",
 +        "s3:*",
 +        "iam:*"
 +      ],
 +      "Resource": "*"
 +    }
 +  ]
 +}
 +</sxh>
 +
 +This is how policies are evaluated.
 +https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
 +
 +{{https://docs.aws.amazon.com/images/IAM/latest/UserGuide/images/PolicyEvaluationHorizontal111621.png}}
 ===== CloudFormation ===== ===== CloudFormation =====
  
Line 436: Line 479:
 ===== Shield ===== ===== Shield =====
  
-  * protects against DDoS attacks+ 
 +AWS Shield protects the OSI model’s infrastructure layers (Layer 3 Network, Layer 4 Transport) 
 + 
 +AWS **Shield is a managed Distributed Denial of Service (DDoS) protection service**,  
 +whereas AWS WAF is an application-layer firewall that controls access via Web ACL’s. 
 + 
 +See https://cmakkaya.medium.com/how-to-secure-our-resources-from-doos-attacks-with-aws-waf-shield-5307c85cb476 
 + 
 +{{https://miro.medium.com/v2/resize:fit:720/format:webp/1*t6FzPmxrCszis2rRLtUEyw.png}}
  
 Shield **"Simple"** - AWS reacts on DDoS attacks Shield **"Simple"** - AWS reacts on DDoS attacks
Line 451: Line 502:
 ===== WAF Web Application Firewall ===== ===== WAF Web Application Firewall =====
  
-Concentrates on layer 7+See https://medium.com/@comp87/deep-dive-into-the-aws-web-application-firewall-waf-14148ea0d3d 
 + 
 + 
 +Network firewalls operate at Layer 3 (Network) and only understand the  
 +  * source IP Address,  
 +  * port, and  
 +  * protocol.  
 + 
 +AWS **Security Group**s are a great example of this. 
 +{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/1bUVo0Mme3.png}} 
 + 
 + 
 +WAF works on **OSI layer 7** (Application) 
 + 
 +means it understands higher-level protocols such as an  
 +  * HTTP(S) request, including its  
 +    * headers,  
 +    * body,  
 +    * method, and  
 +    * URL 
  
   * WAF interacts with    * WAF interacts with 
-  * CloudFront distributions,  +    * CloudFront distributions,  
-  * application load balancers,  +    * application load balancers,  
-  * AppSync GraphQL,  +    * AppSync GraphQL,  
-  * APIs and  +    * APIs and  
-  * API Gateway REST APIs. +    * API Gateway REST APIs. 
  
 A WAF can be configured to detect traffic from the following: A WAF can be configured to detect traffic from the following:
Line 470: Line 541:
  
 When incoming traffic matches any of the configured rules, WAF can reject requests, return custom responses or simply create metrics to monitor applicable requests. When incoming traffic matches any of the configured rules, WAF can reject requests, return custom responses or simply create metrics to monitor applicable requests.
 +
 +
 +
  
 ===== AWS API Gateway ===== ===== AWS API Gateway =====
Line 822: Line 896:
  
 {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/V7lfR0RHwg.png}} {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/V7lfR0RHwg.png}}
 +
 +
 +
 +===== Migration =====
 +
 +Prescriptive guideline describes pretty well how to organize it:
 +
 +https://docs.aws.amazon.com/prescriptive-guidance/latest/application-portfolio-assessment-guide/introduction.html
 +
 +{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/BezztUtsuP.png}}
 +
 +
 +===== Domains =====
 +
 +==== Finance and credit card ====
 +
 +Real time credit card fraud evaluation:
 +
 +https://aws.amazon.com/blogs/machine-learning/use-streaming-ingestion-with-amazon-sagemaker-feature-store-and-amazon-msk-to-make-ml-backed-decisions-in-near-real-time/
 +
 +{{https://d2908q01vomqb2.cloudfront.net/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59/2023/08/30/ML-13533-image001-new.jpg}}
 +
 +
 +==== Goldman Sachs ==== 
 +
 +Achieving cross-regional availibility
 +
 +https://developer.gs.com/blog/posts/building-multi-region-resiliency-with-amazon-rds-and-amazon-aurora
 +
  
  
cloud/aws.1701852805.txt.gz · Last modified: by skipidar