Tohuwabohu excorcism

User Tools

Site Tools

Trace: ldap putty git
cloud:aws

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cloud:aws [2024/01/01 06:39] – [WAF Web Application Firewall] skipidarcloud:aws [2024/01/30 14:52] (current) skipidar
Line 479: Line 479:
 ===== Shield ===== ===== Shield =====
  
-  * protects against DDoS attacks+ 
 +AWS Shield protects the OSI model’s infrastructure layers (Layer 3 Network, Layer 4 Transport) 
 + 
 +AWS **Shield is a managed Distributed Denial of Service (DDoS) protection service**,  
 +whereas AWS WAF is an application-layer firewall that controls access via Web ACL’s. 
 + 
 +See https://cmakkaya.medium.com/how-to-secure-our-resources-from-doos-attacks-with-aws-waf-shield-5307c85cb476 
 + 
 +{{https://miro.medium.com/v2/resize:fit:720/format:webp/1*t6FzPmxrCszis2rRLtUEyw.png}}
  
 Shield **"Simple"** - AWS reacts on DDoS attacks Shield **"Simple"** - AWS reacts on DDoS attacks
Line 496: Line 504:
 See https://medium.com/@comp87/deep-dive-into-the-aws-web-application-firewall-waf-14148ea0d3d See https://medium.com/@comp87/deep-dive-into-the-aws-web-application-firewall-waf-14148ea0d3d
  
-Concentrates on OSI layer 7+ 
 +Network firewalls operate at Layer 3 (Network) and only understand the  
 +  * source IP Address,  
 +  * port, and  
 +  * protocol.  
 + 
 +AWS **Security Group**s are a great example of this. 
 +{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/1bUVo0Mme3.png}} 
 + 
 + 
 +WAF works on **OSI layer 7** (Application)
  
 means it understands higher-level protocols such as an  means it understands higher-level protocols such as an 
Line 523: Line 541:
  
 When incoming traffic matches any of the configured rules, WAF can reject requests, return custom responses or simply create metrics to monitor applicable requests. When incoming traffic matches any of the configured rules, WAF can reject requests, return custom responses or simply create metrics to monitor applicable requests.
- 
  
  
Line 889: Line 906:
  
 {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/BezztUtsuP.png}} {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/BezztUtsuP.png}}
 +
 +
 +===== Domains =====
 +
 +==== Finance and credit card ====
 +
 +Real time credit card fraud evaluation:
 +
 +https://aws.amazon.com/blogs/machine-learning/use-streaming-ingestion-with-amazon-sagemaker-feature-store-and-amazon-msk-to-make-ml-backed-decisions-in-near-real-time/
 +
 +{{https://d2908q01vomqb2.cloudfront.net/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59/2023/08/30/ML-13533-image001-new.jpg}}
 +
 +
 +==== Goldman Sachs ==== 
 +
 +Achieving cross-regional availibility
 +
 +https://developer.gs.com/blog/posts/building-multi-region-resiliency-with-amazon-rds-and-amazon-aurora
 +
 +
  
cloud/aws.1704091140.txt.gz · Last modified: by skipidar