Professional Documents
Culture Documents
Lec 2nd
Lec 2nd
A. AWS organizations:-
Introducing AWS Organizations: AWS Organizations offers policy-based
management for multiple AWS accounts. Learn how Organizations helps you
more easily manage policies for groups of accounts and automate account
creation.
How it works: AWS Organizations lets you create new AWS accounts at no
additional charge. With accounts in an organization, you can easily allocate
resources, group accounts, and apply governance policies to accounts or
groups.
Use Cases:
1. Automate AWS account creation
2. Enable proactive protection with a dedicated security group
3. Ensure user access to designated resources
4. Share common resources across accounts
Benefits of IAM:-
1. Set permission guardrails and fine-grained access
2. Manage workload and workforce identities across your AWS accounts
3. Use temporary security credentials and permission sets to access your
AWS resources
4. Analyze access and validate IAM policies as you move toward least
privilege
Use cases:-
1. Apply fine-grained permissions and scale with attribute-based access
control
2. Manage per-account access or scale access across AWS accounts and
applications
3. Establish organization-wide and preventative guardrails on AWS
4. Set, verify, and right-size permissions toward least privilege
D. Amazon Cognito:-
Introduction to Amazon Cognito:- Amazon Cognito processes more than
100 billion authentications per month. The service helps you implement
customer identity and access management (CIAM) into your web and mobile
applications. You can quickly add user authentication and access control to
your applications in minutes.
Use cases:-
1. Engage customers with flexible authentication
2. Managa B2B identities
3. Secure machine-to-machine authentication
4. Get role-based access to AWS resources
Q13. A company wants to migrate to the AWS Cloud. The
company needs the ability to acquire resources when the
resources are necessary. The company also needs the ability
to release those resources when the resources are no longer
necessary. Which architecture concepts of the AWS Cloud
meets these requirements.
A. Elasticity
B. Availability
C. Reliability
D. Durability
A. Elasticity:- The ability to acquire resources as you need them and release
resources when you no longer need them. In the cloud, you want to do this
automatically.
B. Availability:- The percentage of time that a workload is available for use
where “available for use” means that it performs its agreed function when
required. Availability (also known as service availability ) is a commonly
used metric to quantitatively measure reliability
C. Reliability:- The ability of a workload to perform its intended function
correctly and consistently when it’s expected to. This includes the ability to
operate and test the workload through its total lifecycle.
D. Durability:- The ability of a system to remain functional when faced with
the challenges of normal operation over its lifetime.
Use cases:-
1. Mine business and call center analytics
2. Index and search product reviews
3. Legal briefs management
4. Process financial documents
3. Amazon personalize:-
B. AWS key Management Service (AWS KMS):- Create and control keys used
to encrypt or digitally sign your data.
How it works:- AWS Key Management Service (AWS KMS) lets you create,
manage, and control cryptographic keys across your applications and AWS
services.
What is AWS KMS?
Use AWS KMS to encrypt data across your AWS workloads, digitally sign data,
encrypt within your applications using AWS Encryption SDK, and generate and
verify message authentication codes (MACs).
AWS Key Management Service features:-
Overview:- AWS Key Management Service (KMS) gives you centralized control
over the cryptographic keys used to protect your data. The service is integrated
with other AWS services making it easier to encrypt data you store in these
services and control access to the keys that decrypt it. AWS KMS is also
integrated with AWS CloudTrail, which helps you audit who used which keys, on
which resources, and when. AWS KMS helps developers to more easily add
encryption or digital signature functionality to their application code either
directly or by using the AWS SDK. The AWS Encryption SDK supports AWS KMS
as a key provider for developers who need to encrypt/decrypt data locally
within their applications. इसके आगे और भी है website से दे ख लेना gandu
…
Use cases:-
1. Protect your data at rest
2. Encrypt and decrypt data
3. Sign and verify digital signatures
4. Build secure multi-tenant databases
A. AWS shield:-
Maximize application availability and responsiveness with managed
DDoS protection
How it works:- AWS Shield is a managed DDoS protection service that
safeguards applications running on AWS.
Why AWS Shield?
AWS Shield Advanced is a tailored protection program that identifies threats
using exabyte-scale detection to aggregate data across AWS.
Use cases:-
1. Automatically scrub bad traffic at specific layers
2. Minimize application downtime and latency
3. Monitor and protect up to 1,000 resource types
How it works:-
AWS Firewall Manager is a security management service that allows you to
centrally configure and manage firewall rules across your accounts and
applications in AWS Organizations. As new applications are created, Firewall
Manager makes it easier to bring new applications and resources into
compliance by enforcing a common set of security rules.
Use cases:-
1. Protect applications hosted on EC2 instances
2. Deploy tools at scale to protect data
3. Continually audit resources
Use cases:-
1. Detect suspicious activity in your generative AI workload
2. Accelerate investigations and automate remediation
3. Protect against ransomware and other types of malwares
4. Centralize threat detection for AWS container workloads
5. More easily meet compliance requirements, like PCI DSS