Cloud Implant

What is a proper definition of an IAM role? An IAM entity that defines a set of permissions for making request to AWS services, and will be used by an AWS service. Which IAM security tool list all the AWS accounts information? IAM credential report list all our AWS account’s IAM users and the status of their various credentials. What are IAM Policies? IAM policies are Json documents That define a set of permissions for making request to AWS services, and can be used by IAM users, user groups and IAM roles. Which principal should you apply regarding IAM permissions? Grant least privilege How can we increase our route account security? Enable multi factor authentication(MFA) When we enable MFA, this adds another layer of security. Even if our password is stolen, lost, or hacked, our account is not compromised. IAM policy consist of one or more statements. A statement in an IAM policy does not consist of following A statement in an IAM policy consist of SID, Effect , Principal, Resource ,...

Storage patterns available with lambda Ephemeral Storage Patterns Persistent Storage Patterns Lambda is stateless Functions are stateless, meaning that you can’t permanently store any data in the function(Example, session data, customer data, etc). Lambda is Ephemeral Not used for applications that need to run for longer than 15 minutes(Example, a database application or a web server That needs to stay up and running). Persisting data To persist data, The function must interact with a data store(Example save it to S3, EFS, Or Dynamo DB).

Permissions are permanent and role is temporary. Admin creates “updateDataBucket” role Which allows access to read/write in data bucket in S3. Admin grants members of the group permissions to assume the “updateDataBucket” role.

No action allows us to provide granular level control over resources operations. For example, if we use effect, deny For all actions in IAM An, then we use effect allow over some actions in IAM then deniable supersede allow. The way to overcome above issue is to use NoAction on all IAM operations And action on Allowed IAM operations. Example { "Version" : "2012-10-17" , "Statement" : [ { "Effect" : "Allow" , "NotAction" : [ "iam:*" , "organizations:*" , "account:*" ], "Resource" : "*" }, { "Effect" : "Allow" , "Action" : [ "iam:CreateServiceLinkedRole" , "iam:DeleteServiceLinkedRole" , "iam:ListRoles" , "organizations:DescribeOrganization" , "account:ListRegions" , ...

Services Required to create CICD Code Build Build code and deploy image in jfrog Code Pipeline Has (Continuous Integration Continuous Deployment)CICD flow Cloud Formation To deploy and create infrastructure we use yml files. S3 Store our data packages and yml files which are used by CFT. ECS To deploy our application on fargate servers We can also create our manual EC2 instances from pipeline. Secrets Manager Manages all the secrets. ELB/ALB Elastic/Application Load Balancer To map context paths of different services GitHub Stores our code Jfrog Used to store all the docker images Dockerfile Used to create a customised docker image Scanning for Vulnerabilities free code Sonarcube Checkmarx Twistlock Cloudwatch Used to store logs We create log group for each of instances Lambda Functions Used for serverless technologies. Creating a new Environment Create the YML images of the different resources required in the environment. The CFT templates are stored in S3 or can be uploaded from syst...

High Level Diagram for Building a Serverless application using Step Functions, API Gateway, Lambda, and S3 in AWS HLD for Building and Troubleshooting a Serverless Web