logo-majo-fondasyonmenu

TP0 - Videos AWS

posted in ctf on July 31, 2020,

3 min read
profil

par: fredydev

A security expert & full-stack web developer. Works with technologies including HTML + CSS, JavaScript, React, GraphQL, Node.js, Express, and MongoDB.

  • cloud
  • ec2
  • aws

Overview

High Level Services

For Solutions Architect Exam :

  • Compute

  • Storage

    • Network & Content delivery
    • Security, Identity & Compliance
  • Databases

AWS Global Infrastructure

  • Availability zone (AZ) = Data Center
  • (Availabitliy) Region = Geographical area = several availability zone

AWS Edge Network Location

Endpoint (small location) for AWS whixh are used for caching content. More edge Location than availability region.

  • CloudFront,
  • Amazon Content Delivery Network (CDN)

IAM

Identity Access Management

Services availables

  • centralised control of your account
  • shared access to your account

  • Granular permissions :

    • manage users
    • level permission and roles of AWS users
    • temporary access
    • rotation of keys access
  • give identity federation (AD, Facebook)
  • Multi-factor Authentification (MFA)

Key terms

  • Users : people
  • Group : collection of users (same permissions for all of the user)
  • Policies : document formatted in Jason (js formated object) = permission
  • Roles : write read list ...

S3

Simple Storage Service

Basis

S3 =

  • object base project

    • object = files :
    • **key
    • value (0octect to 5 Tb)
    • version ID
    • metadata

    • subressources**

      • access controler
      • torrent
  • spread data through several
  • Files are stored in Buckets (folder)

  • universal namespace (name shoud be unique globally) -> url address

    • receive an HTTP 200 code if upload successful

Data consistency Model for S3

  • Write then read consistency for PUTS -> View data
  • PUTS + DELETE -> updating (warning)

Guarantees

Availability = 99,9% Durability of your object with S3 = 99,999999999 % (9 * 11)

Features

  • Tiered Storage Available (having physical levels, layers)
  • Lifecylce Management (moving files in tiered according the old of the files)
  • Versionning
  • Encryption
  • MFA protectin for deleting object

  • Secure data with :

    • Access Control List
    • Bucket Policies

S3 Storage Classes

With decreasing cost with an access les and less quick :

  1. S3 Standard (hight availability and durability)
  2. S3 Infrequently Access (IA)
  3. S3 One Zone - IA
  4. S3 Intelligent Tiering (using machine learning and moving file through S3 bucket to minimise cost storage)
  5. S3 Glacier (1h later retrieve data)
  6. S3 Glacier Deep Archive (12h later retrieving data)

résilience : La résilience fait référence à la capacité d’un service informatique à résister à certains types de défaillances, tout en restant entièrement fonctionnelle du point de vue du client. La résilience des données signifie que, quelle que soit la cause des défaillances dans Office 365, les données client critiques restent intactes et non affectées.

Charged

  • Storage
  • Request
  • Storage Management Pricing
  • Data transfer Pricing

  • Transfer acceleration

    • enables transfer of files over long distances between your end users and S3 bucket
    • user upload to the edge location and not the S3 bucket location directly -> speed up users uploading time
  • Cross region replication

Exam Tips

Not suitable to install an operating system on

Ce site est propulsé par:

  • unofficial javascript logo
  • react atom logo
  • gatsbyjs logo
  • markdown logo

©2020 - SDLDonfred Digital