RSS

Monthly Archives: July 2017

Amazon Messaging Services

Episode 79

As promised in the last episode, today we are going to look into the messaging category of AWS services group. Messaging is sometimes considered a part of application services group, however in the console they make up separate list, so let’s treat them the same here. Since the last article about security was quite long, this one will be shorter (also, it’s summer, the birds are shining, the sun is chirping, the water is wet, so…).

Raven_1x10.jpg

AWS messaging currently consist of Simple Queue Service, Simple Notification Service and Simple Email Service. Everything looks simple, so let’s dive in.

Simple Queue Service

AWS SQS was the first web service ever introduced by Amazon. The year was 2004 and cloud computing was no quite yet there. SQS is a Message Queuing Service which is a Message Oriented Middleware (MOM), but in the cloud, instead of on premises. SQS allows to decouple system actors working in Read the rest of this entry »

 
Leave a comment

Posted by on July 20, 2017 in AWS, Cloud, Technology

 

Tags: , , , , ,

Amazon Security Services, Part Two

Episode 78

Last week we started with AWS security by introducing Identity and Access Management in details. Today we will look at what’s else in the security services group and talk about how not to get hacked in the cloud in general.

wallhaven-204460.jpg

Remaining named services we are interested in are Inspector, Certificate Manager, Directory Service, Web Application Firewall, Shield, Key Management Service, CloudHSM and Organizations. We will also look at Shared Responsibility Model.

Inspector

AWS Inspector is an automated auditing service. It uses a low-level agent deployed on EC2 instances to monitor system state, processes, network communication, installed software and other parameters in order to benchmark, spot security vulnerabilities and deviations from best practices. First we need to define an assessment template, which governs what targets should be tested, as well as subset of rules. There is plenty of Read the rest of this entry »

 
1 Comment

Posted by on July 13, 2017 in AWS, Cloud, Technology

 

Tags: , , , , , , ,

Amazon Security Services, Part One: IAM

Episode 77

As promised in the last episode, we will start with Amazon Web Services security today. As this is large topic, I’ve decided to split it into two articles in a similar way I did with AWS networking. In the first part, we will cover the fundamental service from the security group: Identity and Access Management and all concepts related to it. In the second part, we will look into other security services and AWS security in general.

d535fd18fc4a69c71fbbdc4017569216.jpg

Identity and Access Management is a service that let us control how people and machines access and operate on AWS resources. It’s used to facilitate authentication and authorization of different types of principals, organize them in groups and assign polices that allow flexible and fine grained regulation over who can do what and when. Not surprisingly, IAM can be controlled via AWS console, CLI or SDK.

Principals

First important concept in IAM is the Principal. It’s an entity that is allowed to interact with AWS resources, that may be permanent or temporary and it might be human being or an application. Principal related concepts include: Read the rest of this entry »

 
2 Comments

Posted by on July 6, 2017 in AWS, Cloud, Technology

 

Tags: , , ,