Code  Camp

Code Camp

1599097599

AWS SysOps Administrator Associate 2020 (PASS THE EXAM!)

AWS SysOps Administrator Associate (SO1-C01) is intended for individuals who are pursuing a career in DevOps. This course covers DevOps topics relating to configuration, automation, patching and monitoring cloud services and virtual servers. By the end of this full course taught by an expert trainer, you will be ready to take the AWS SysOps Administrator Associate - and pass!

⭐Course Contents⭐
Check the pinned comment for the course contents with time codes. This course is so massive the full contents won’t fit in this description!

#aws #devops

What is GEEK

Buddha Community

AWS SysOps Administrator Associate 2020 (PASS THE EXAM!)

How Do I Pass the AWS Solutions Architect Associate Exam? Careerera

The AWS solutions architect associate exam is one of the most difficult certification exams in the world. There are many certifications for various things such as the PMP certification and the CISSP certification, but it is the AWS solutions architect associate exam which takes the crown when it comes to difficulty.

How to Qualify an AWS Certified Solutions Architect Associate Exam?

Naturally, given the difficulty of the exam many people wonder, “How Do I Pass the AWS Solutions Architect Associate Exam?” on the first attempt. This is a very valid question and, in this article, we will discuss all the ways in which one can maximize his chances of passing the AWS solutions architect associate exam in the first attempt.

Before starting we must remember one thing – the AWS platform is a beast of a platform and is vast beyond comprehension. So, for a beginner looking to take the AWS solutions architect associate exam it will not be possible to cover all the topics and services related to the AWS platform.

However, one can make one’s best attempt to cover all the core concepts and topics which are most relevant and pertinent to the AWS platform. A candidate for the AWS solutions architect associate exam in particular should keep himself updated on all the most recent advances and developments in the field of AWS.

Which services are tested most frequently on the exam?

  1. Amazon EC2 -

This service is used to create virtual machines which are offsite. It is also used to manage things such as ports, security, and storage because of its many features. It allows the users to utilize AWS’ vast computing capabilities on-demand. With a ‘scale as you grow’ philosophy the user is not trapped into an agreement in which they will have to purchase excessive resources from Amazon.
They only have to make use of as many resources as they need. The Amazon EC2 web interface allows the software developers to configure and resize the compute machines to their heart’s content with minimal friction and absolutely no confusion whatsoever. All decent AWS Solutions Architect Associate Certification courses teach how to make use of this service.

  1. Amazon RDS -

The full form of Amazon RDS is Amazon Relational Database Service. It is an extremely useful service launched by Amazon. It is used by software developers to create a database with all the features of a full-fledged offline database in a matter of minutes.

The main purpose of Amazon RDS is to set up relational databases in the cloud. These databases can be set up, operated, and scaled very easily and very smoothly. Amazon provides a very seamless and slick interface which is ideal for operating the databases thus created.

The databases are very cost-effective and can be resized very easily. They provide all facilities to carry out administrative tasks such as hardware provisioning, database setup, patching and backups. With the help of these databases, one will be able to give their applications fast performance, high availability, security and compatibility.

  1. Amazon S3 -

The full form of Amazon S3 is Amazon Simple Storage Service. It is a service which provides a lot of expediency to software developers in the matter of storage. Software developers can create objects through programming and they can then store those objects which they have coded into the Amazon S3 service.

This service is responsible in a large part for having made AWS the leading cloud services provider in the world. Truly Jeff Bezos must have been inspired by a divine vision when he conceived of this service. This service leads the industry in terms of scalability, data availability, security, and performance.

How difficult is the AWS solutions architect associate exam?

As we have mentioned before, the AWS platform is vast beyond comprehension. It contains multitudes of services and all of them have their own various configuration options and switches. This means that for a candidate who is just starting his journey of becoming a AWS certified solution architect associate it is not possible to master the whole platform immediately.

It will take many years and a lot of practical and hands-on experience before he is able to do so. But the AWS solutions architect associate exam has a very extensive syllabus and is thus prohibitively difficult for the candidates. Its syllabus contains the following domains of knowledge -

• Design Resilient Architectures - 34%
• Define Performant Architecture – 24%
• Specify Secure Applications and Architectures – 24%
• Design Cost-Optimized Architectures – 10%
• Define Operationally Excellent Architectures – 8%

Some tips which will help to clear the exam -

  1. Read as many AWS whitepapers as possible -

The AWS whitepapers explain many core concepts of the AWS platform in very technical, precise, and accurate language. For a candidate preparing for the AWS solutions architect associate exam, it is very beneficial to read the whitepapers as they will illuminate many technical and hard to grasp concepts of the AWS platform in a detailed and scientific way.

  1. Make use of the process of elimination for multiple correct answers -

On the AWS solutions architect associate exam there will be many questions which will have multiple options. For those questions the candidate should first try to identify and eliminate the incorrect options so that they have to contemplate a fewer number of options while trying to find the correct answer.

  1. Try to spot questions which have hints and details about other questions -

Many times, there will be questions on the exam which will contain hints and details pertinent to other questions on the exam. So, the candidate should keep a weather eye out for such questions and read all questions carefully with this aspect of the exam kept in mind firmly. This trick is taught in many AWS Solutions Architect Associate Certification courses.

  1. Take an AWS solution architect associate course -

The best way to pass the AWS solutions architect associate exam is to take an AWS solution architect associate course. This will help the candidate because they will be studying under the guidance of seasoned and experienced instructors who will be able to bring their world-class teaching skills and subject matter expertise to bear to make the learners fully prepared for the exam.

#how do i pass the aws solutions architect associate exam #how to qualify an aws certified solutions architect associate exam #aws solutions architect associate exam #aws solutions architect associate certification courses #aws certified solution architect associate #aws solution architect associate course

Brain  Crist

Brain Crist

1594753020

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.

The Citrix products (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.

Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.

Attacks on the management interface of the products could result in system compromise by an unauthenticated user on the management network; or system compromise through cross-site scripting (XSS). Attackers could also create a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, could result in the compromise of a local computer.

“Customers who have configured their systems in accordance with Citrix recommendations [i.e., to have this interface separated from the network and protected by a firewall] have significantly reduced their risk from attacks to the management interface,” according to the vendor.

Threat actors could also mount attacks on Virtual IPs (VIPs). VIPs, among other things, are used to provide users with a unique IP address for communicating with network resources for applications that do not allow multiple connections or users from the same IP address.

The VIP attacks include denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user; or remote port scanning of the internal network by an authenticated Citrix Gateway user.

“Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices,” according to the critical Citrix advisory. “Customers who have not enabled either the Gateway or Authentication virtual servers are not at risk from attacks that are applicable to those servers. Other virtual servers e.g. load balancing and content switching virtual servers are not affected by these issues.”

A final vulnerability has been found in Citrix Gateway Plug-in for Linux that would allow a local logged-on user of a Linux system with that plug-in installed to elevate their privileges to an administrator account on that computer, the company said.

#vulnerabilities #adc #citrix #code injection #critical advisory #cve-2020-8187 #cve-2020-8190 #cve-2020-8191 #cve-2020-8193 #cve-2020-8194 #cve-2020-8195 #cve-2020-8196 #cve-2020-8197 #cve-2020-8198 #cve-2020-8199 #denial of service #gateway #information disclosure #patches #security advisory #security bugs

Seamus  Quitzon

Seamus Quitzon

1601341562

AWS Cost Allocation Tags and Cost Reduction

Bob had just arrived in the office for his first day of work as the newly hired chief technical officer when he was called into a conference room by the president, Martha, who immediately introduced him to the head of accounting, Amanda. They exchanged pleasantries, and then Martha got right down to business:

“Bob, we have several teams here developing software applications on Amazon and our bill is very high. We think it’s unnecessarily high, and we’d like you to look into it and bring it under control.”

Martha placed a screenshot of the Amazon Web Services (AWS) billing report on the table and pointed to it.

“This is a problem for us: We don’t know what we’re spending this money on, and we need to see more detail.”

Amanda chimed in, “Bob, look, we have financial dimensions that we use for reporting purposes, and I can provide you with some guidance regarding some information we’d really like to see such that the reports that are ultimately produced mirror these dimensions — if you can do this, it would really help us internally.”

“Bob, we can’t stress how important this is right now. These projects are becoming very expensive for our business,” Martha reiterated.

“How many projects do we have?” Bob inquired.

“We have four projects in total: two in the aviation division and two in the energy division. If it matters, the aviation division has 75 developers and the energy division has 25 developers,” the CEO responded.

Bob understood the problem and responded, “I’ll see what I can do and have some ideas. I might not be able to give you retrospective insight, but going forward, we should be able to get a better idea of what’s going on and start to bring the cost down.”

The meeting ended with Bob heading to find his desk. Cost allocation tags should help us, he thought to himself as he looked for someone who might know where his office is.

#aws #aws cloud #node js #cost optimization #aws cli #well architected framework #aws cost report #cost control #aws cost #aws tags

Hire AWS Developer

Looking to Hire Professional AWS Developers?

The technology inventions have demanded all businesses to use and manage cloud-based computing services and Amazon is dominating the cloud computing services provider in the world.

Hire AWS Developer from HourlyDeveloper.io & Get the best amazon web services development. Take your business to excellence with our best AWS developer that will serve you the benefit of different cloud computing tools.

Consult with experts: https://bit.ly/2CWJgHyAWS Development services

#hire aws developer #aws developers #aws development company #aws development services #aws development #aws

Christa  Stehr

Christa Stehr

1598408880

How To Unite AWS KMS with Serverless Application Model (SAM)

The Basics

AWS KMS is a Key Management Service that let you create Cryptographic keys that you can use to encrypt and decrypt data and also other keys. You can read more about it here.

Important points about Keys

Please note that the customer master keys(CMK) generated can only be used to encrypt small amount of data like passwords, RSA key. You can use AWS KMS CMKs to generate, encrypt, and decrypt data keys. However, AWS KMS does not store, manage, or track your data keys, or perform cryptographic operations with data keys.

You must use and manage data keys outside of AWS KMS. KMS API uses AWS KMS CMK in the encryption operations and they cannot accept more than 4 KB (4096 bytes) of data. To encrypt application data, use the server-side encryption features of an AWS service, or a client-side encryption library, such as the AWS Encryption SDK or the Amazon S3 encryption client.

Scenario

We want to create signup and login forms for a website.

Passwords should be encrypted and stored in DynamoDB database.

What do we need?

  1. KMS key to encrypt and decrypt data
  2. DynamoDB table to store password.
  3. Lambda functions & APIs to process Login and Sign up forms.
  4. Sign up/ Login forms in HTML.

Lets Implement it as Serverless Application Model (SAM)!

Lets first create the Key that we will use to encrypt and decrypt password.

KmsKey:
    Type: AWS::KMS::Key
    Properties: 
      Description: CMK for encrypting and decrypting
      KeyPolicy:
        Version: '2012-10-17'
        Id: key-default-1
        Statement:
        - Sid: Enable IAM User Permissions
          Effect: Allow
          Principal:
            AWS: !Sub arn:aws:iam::${AWS::AccountId}:root
          Action: kms:*
          Resource: '*'
        - Sid: Allow administration of the key
          Effect: Allow
          Principal:
            AWS: !Sub arn:aws:iam::${AWS::AccountId}:user/${KeyAdmin}
          Action:
          - kms:Create*
          - kms:Describe*
          - kms:Enable*
          - kms:List*
          - kms:Put*
          - kms:Update*
          - kms:Revoke*
          - kms:Disable*
          - kms:Get*
          - kms:Delete*
          - kms:ScheduleKeyDeletion
          - kms:CancelKeyDeletion
          Resource: '*'
        - Sid: Allow use of the key
          Effect: Allow
          Principal:
            AWS: !Sub arn:aws:iam::${AWS::AccountId}:user/${KeyUser}
          Action:
          - kms:DescribeKey
          - kms:Encrypt
          - kms:Decrypt
          - kms:ReEncrypt*
          - kms:GenerateDataKey
          - kms:GenerateDataKeyWithoutPlaintext
          Resource: '*'

The important thing in above snippet is the KeyPolicy. KMS requires a Key Administrator and Key User. As a best practice your Key Administrator and Key User should be 2 separate user in your Organisation. We are allowing all permissions to the root users.

So if your key Administrator leaves the organisation, the root user will be able to delete this key. As you can see **KeyAdmin **can manage the key but not use it and KeyUser can only use the key. ${KeyAdmin} and **${KeyUser} **are parameters in the SAM template.

You would be asked to provide values for these parameters during SAM Deploy.

#aws #serverless #aws-sam #aws-key-management-service #aws-certification #aws-api-gateway #tutorial-for-beginners #aws-blogs