Sunday, December 10, 2017

AWS Shared Responsibility

While AWS is great for quickly provisioning servers and networks without worrying about the back end hardware, there are a few caveats to be aware of. A big one is who's responsible for what in Amazon's Cloud environment? Not really meant to be loaded question, it's important to understand that Amazon can not be held liable for your everything in your custom cloud architecture.

Below are some items you are responsible for within their infrastructure:


  • Network access to and from your AWS instances
  • Logging
  • Patching
  • Backups
  • Virus Protection of instances

Amazon is responsible for items such as:

  • Physical security
  • Physical servers, storage, and networking components
  • Disk destruction
  • Security audites
  • DDOS protection (Free Kindle AWS White Paper Below


Neither list above is comprehensive but does give you an idea on what you the customer will need to protect on your own. Even something such as login access to your instances is your responsibility. If you happen to loose your private key to an instance, there's not much Amazon can do for you as an example (easy to resolve that problem I know). For the most part if it's anything that's physical or layer 2, you can probably bet that Amazon handles that portion of the cloud.

Hopes this helps, anything else I should add to the list above? Let me know in the comment section below!
Posted by at No comments:

Friday, December 8, 2017

Initial Strides with Amazon Web Services (AWS)

I've finished my work provided LMS video series last week and now I'm powering through CBT Nuggets at a fairly fast clip. I estimate that within two weeks I'll be complete with the Nuggets training as well. What's great about learning Cloud is how quick you can ramp up a lab environment as mentioned in my last post. It's really supercharging the time it usually takes to pick up a new technical skill.


To be honest, I'm most excited about the Udemy course as I hear it's very hands on and closely relates to the exam itself. That's also the main reason that I'm saving that piece for last. But using books on Safari always allows me to deep dive into the technology at hand which is why it's included in my study plan.

This is all perfect timing as I'm getting thrown into a few interesting AWS projects. One is how to get around some of the AWS networking limitations. We're needing to communicate between potentially dozens if not hundreds of VPC's due to our engineering testing. How do we accomplish this at scale? How do we limit the time for deployment? How can we make it simple to implement along with using our own proprietary instances? There's a lot of questions to be solved for and this isn't including business aspect of things such as cost (of course) and personnel resource requirements.

VPC Example:



I would love to hear other opinions on rather you think the "Cloud" is hear to stay? If you think so, what are you doing to prepare for it? Talk to you all soon
Posted by at No comments:
Subscribe to: Posts (Atom)