Following are some of the recommendations available under security for the basic plan: Security Groups - Specific Ports Unrestricted (Alert), Amazon EBS Public Snapshots, Amazon RDS Public Snapshots, Amazon S3 Bucket Permissions, IAM Use, MFA on Root Account etc.
The CIS benchmark controls available under Identity and Access Management ensure the following:
Avoid the use of the root account.
Multi-Factor authentication (MFA) is enabled for all IAM users that have a console password.
Credentials are unused for 90 days or greater are disabled.
Access keys are rotated every 90 days or less.
Let us also quickly go through some core security concepts needed to user identity.
Authentication and Authorization - Authentication is the process of verifying a person's identity and granting him access to the application. Authorization is the process of granting him access to specific features of our application based on his permissions.
This is a running note where I add any tips or tricks that may help AWS Beginners.
You can pin any commonly used services using the pin icon on the task bar in Management Console.
AWS Total Cost of Ownership (TCO) Calculators allow you to estimate the cost savings when using AWS and provide a detailed set of reports that can be used in executive presentations. Read more here.
An inverted index is a data structure that consists of a list of all unique words and list of the documents in which it appears. New documents are analyzed and then stored as inverted indexes, to allow very fast full-text searches.
Analysis is the process of converting the text into tokens and normalizing tockens before adding them into an inverted index. When we do a full text search, we search the inverted index rather than on the actual documents. So both the indexed text and the query string must be analyzed.
Mapping defines the types, formats etc. for different fields in an Elasticsearch document. Mapping also defines various ways in which fields / types behave in different situations (e.g. dynamic mapping allows creation of types dynamically). Mpping may also denote how a document’s metadata associated (e.g. _index, _type, _id, and _source ) is treated.
Mappings are defined for each type and with ES 6.2 there can be only one type per index. Therefore mappings are defined per index.
There are different ways to install, configure and use elasticsearch. Working with a real Elasticsearch cluster is essential for following all notes in this section.
Elastic Cloud (from Elastic.co)
Elastic Cloud is the hosted version of Elasticsearch and Kibana from Elastic.co. You can get started with Elastic Cloud here.
I will add sample usages for various libraries in GitHub in following repositories. You can follow the readmes to get started with them easily.
Continuous Integration (CI) is a development practice that requires developers to integrate code early and often. Code is integrated into a shared repository several times a day. Each check-in is then verified by an automated build, thus providing fast and automated feedback on the correctness of your application every time there is a change of code.
ZooKeeper is an application library that allows distributed processes to coordinate with each other through a shared hierarchical name space of data registers; these data registers are called as znodes.
ZooKeeper was designed to store coordination data such as status information, configuration, location information, and so on.
ZooKeeper was a sub-project of Hadoop but is now a top-level project in its own right.