Tohuwabohu excorcism

User Tools

Site Tools

Trace: api git docker k6 azure liquibase auth0 cloudformation bigdata testing_services
cloud:aws

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cloud:aws [2023/12/13 20:09] skipidarcloud:aws [2024/01/30 14:52] (current) skipidar
Line 479: Line 479:
 ===== Shield ===== ===== Shield =====
  
-  * protects against DDoS attacks+ 
 +AWS Shield protects the OSI model’s infrastructure layers (Layer 3 Network, Layer 4 Transport) 
 + 
 +AWS **Shield is a managed Distributed Denial of Service (DDoS) protection service**,  
 +whereas AWS WAF is an application-layer firewall that controls access via Web ACL’s. 
 + 
 +See https://cmakkaya.medium.com/how-to-secure-our-resources-from-doos-attacks-with-aws-waf-shield-5307c85cb476 
 + 
 +{{https://miro.medium.com/v2/resize:fit:720/format:webp/1*t6FzPmxrCszis2rRLtUEyw.png}}
  
 Shield **"Simple"** - AWS reacts on DDoS attacks Shield **"Simple"** - AWS reacts on DDoS attacks
Line 494: Line 502:
 ===== WAF Web Application Firewall ===== ===== WAF Web Application Firewall =====
  
-Concentrates on layer 7+See https://medium.com/@comp87/deep-dive-into-the-aws-web-application-firewall-waf-14148ea0d3d 
 + 
 + 
 +Network firewalls operate at Layer 3 (Network) and only understand the  
 +  * source IP Address,  
 +  * port, and  
 +  * protocol.  
 + 
 +AWS **Security Group**s are a great example of this. 
 +{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/1bUVo0Mme3.png}} 
 + 
 + 
 +WAF works on **OSI layer 7** (Application) 
 + 
 +means it understands higher-level protocols such as an  
 +  * HTTP(S) request, including its  
 +    * headers,  
 +    * body,  
 +    * method, and  
 +    * URL 
  
   * WAF interacts with    * WAF interacts with 
-  * CloudFront distributions,  +    * CloudFront distributions,  
-  * application load balancers,  +    * application load balancers,  
-  * AppSync GraphQL,  +    * AppSync GraphQL,  
-  * APIs and  +    * APIs and  
-  * API Gateway REST APIs. +    * API Gateway REST APIs. 
  
 A WAF can be configured to detect traffic from the following: A WAF can be configured to detect traffic from the following:
Line 513: Line 541:
  
 When incoming traffic matches any of the configured rules, WAF can reject requests, return custom responses or simply create metrics to monitor applicable requests. When incoming traffic matches any of the configured rules, WAF can reject requests, return custom responses or simply create metrics to monitor applicable requests.
 +
 +
 +
  
 ===== AWS API Gateway ===== ===== AWS API Gateway =====
Line 865: Line 896:
  
 {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/V7lfR0RHwg.png}} {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/V7lfR0RHwg.png}}
 +
 +
 +
 +===== Migration =====
 +
 +Prescriptive guideline describes pretty well how to organize it:
 +
 +https://docs.aws.amazon.com/prescriptive-guidance/latest/application-portfolio-assessment-guide/introduction.html
 +
 +{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/BezztUtsuP.png}}
 +
 +
 +===== Domains =====
 +
 +==== Finance and credit card ====
 +
 +Real time credit card fraud evaluation:
 +
 +https://aws.amazon.com/blogs/machine-learning/use-streaming-ingestion-with-amazon-sagemaker-feature-store-and-amazon-msk-to-make-ml-backed-decisions-in-near-real-time/
 +
 +{{https://d2908q01vomqb2.cloudfront.net/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59/2023/08/30/ML-13533-image001-new.jpg}}
 +
 +
 +==== Goldman Sachs ==== 
 +
 +Achieving cross-regional availibility
 +
 +https://developer.gs.com/blog/posts/building-multi-region-resiliency-with-amazon-rds-and-amazon-aurora
 +
  
  
cloud/aws.1702498144.txt.gz · Last modified: by skipidar