Latest Posts
Amazon AWS SysOps – Security and Compliance for SysOps part 1
Section Introduction Welcome to this section around Security and compliance. This section is one of the hardest going into the Sysaps exam because we’re going to learn about new technologies. All of them have a lot of different names such as Inspector Hsm, Waf, Trusted Advisor, Guard Duty, etc. Etc. Now, in this section, I wanted to make things easy, so we’ll go over them one by one, and I will try to include a hands on where possible. Also at the end of this section, I have a whole…
Amazon AWS SysOps – Preparing for the Exam + Practice Exam – AWS Certified SysOps Administrator A…Section 17: Preparing for the Exam + Practice Exam – AWS Certified SysOps Administrator Asso
Exam Preparation – Section Introduction Okay, so congratulations on making it this far. You’ve probably learned a lot of things by now. I just want to take a step back and make sure we have covered everything we need to know for the exam. So let’s look how far we’ve gone on the learning journey. And for this, we’ll explore this AWS link, which describes what the exam is about. So we are on the Certified Sys Ups Administrator Associate web page, and this is where we can just look…
Amazon AWS SysOps – Networking – VPC part 8
Egress Only Internet Gateway Let’s talk about egress only Internet gateway. So egress means outgoing, and outgoing only Internet gateway kind of hints at what it does. But let’s be very, very clear. Egress only Internet gateway works only for Ipv Six. So if you have an Ipv Four instance, that does just not apply to it. So an egress only Internet gateway makes us think of a nut, but Nat is for Ipv Four. So egress only Internet gateway is the same as a Nat, but for Ipv Six,…
Amazon AWS SysOps – Networking – VPC part 7
Bastion Hosts So let’s talk about Bastion Host. So this is the diagram. We have our Bastion Host users. We Ssh into the Bastion Host, which is in a public subnet. And then from the Bastion Host we’re able to Ssh into other Linux instances. So the Bastion Host is used to Ssh into private instances and it sits in the public subnets. And the reason we do this is that’s because the public subnet is connected to all the other private subnets, what we need to do is make…
Amazon AWS SysOps – Networking – VPC part 6
VPC Flow Logs + Athena So now let’s talk about flow logs. Flow logs helps you capture information about the IP traffic that’s going within your interfaces. And you have three kinds of flow logs. You have the Vpc flow log and that applies to everything within your Vpc. You have the subnet flow logs which applies to something just within your subnet. And then you have the Elastic Network Interface flow log just for one network interface. So overall if you define a VPC flow log then it’s going…
Amazon AWS SysOps – Networking – VPC part 5
VPC Peering So now let’s talk about Vpc peering. And Vpc peering allows you to connect to Vpc privately, directly, using Aws’s network and to make them behave as if they were in the same network. For this, you need to have non overlapping Cider. So be very careful when you create your Ciders and your Vpc, make sure there are different, make sure they don’t overlap. So let’s take an example. We have Vpc A and Vpc and we want them to be connected somehow. We have to create…
Amazon AWS SysOps – Networking – VPC part 4
DNS Resolution Options & Route 53 Private Zones Let’s quickly talk about DNS resolution. In a VPC there are two very important settings and the exam may ask you about them. The first one is Enable DNS Support and that is a DNS resolution setting and the default is true and it helps decide if the DNS resolution is supported for the Vpc. That means that if it’s true, there is an 80 s DNS server that will be queried automatically as a primary DNS at. There’s a second setting…
Amazon AWS SysOps – Networking – VPC part 3
NAT Instances We have our instances in our public subnet that have Internet connectivity thanks to the Internet gateway. But for our instances in our private subnet, they cannot access the Internet. If they were to access it through the Internet gateway, they would also be directly accessible from the Internet. So for this, we need a better solution. And that solution is a Nut. Nat stands for Network Address Translation. Now nat comes into flavor. It comes with Nat instances, which is really outdated, not recommended, but still can…
Amazon AWS SysOps – Networking – VPC part 2
Subnet Overview and Hands On So next, here comes the time to add subnets. Now, subnets are going to be tied to specific Availability Zones. In this diagram, I’m just doing one AZ. But in practice, we’ll do two AZ just to have some kind of high availability. And so within each AZ, our goal is to create different subnets. And so we’ll create a public subnet and a private subnet, and we’ll see how to make one public and how to make one private in the future, hands on….
Amazon AWS SysOps – Networking – VPC part 1
Section Introduction For networking. Also, we need to know in and out how to create, operate and manage a VPC. Troubleshooting is also very important. So we’ll look at Amazon Vpc and AWS Direct Connect in this section. Now you may be asking me, oh, I already know how to do Vpc and I say I hope you do. But trust me for to know how to do a VPC you need to look at this diagram and understand everything that goes in there. So have a good look. If…