{"id":2798,"date":"2019-08-30T06:06:10","date_gmt":"2019-08-30T06:06:10","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=2798"},"modified":"2020-05-01T12:32:34","modified_gmt":"2020-05-01T12:32:34","slug":"amazon-web-services-global-infrastructure-security","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/","title":{"rendered":"Amazon Web Services Global Infrastructure Security"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Network firewalls built into Amazon VPC.<\/li><li>TLS encryption in transit across all services.<\/li><li>Private or dedicated connections into your data\ncentre <\/li><\/ul>\n\n\n\n<p><strong>Amazon VPC<\/strong><\/p>\n\n\n\n<p><strong>Amazon Virtual Private Cloud (Amazon VPC) <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>enables you to launch AWS resources into a\nvirtual network that you&#8217;ve defined. <\/li><li>It resembles a traditional network in data\ncenters<\/li><li>Benefits of using the scalable infrastructure of\nAWS.<\/li><li>Logically isolated from other virtual networks\nin the AWS Cloud. <\/li><li>Launch AWS resources, like EC2 instances, into\nVPC. <\/li><li>Use a public subnet for resources that must be\nconnected to the internet<\/li><li>Use a&nbsp; private\nsubnet for resources that won&#8217;t be connected to the internet.<\/li><li>You can specify <ul><li>an IP address range<\/li><\/ul><ul><li>add subnets<\/li><\/ul><ul><li>&nbsp;associate\nsecurity groups<\/li><\/ul><ul><li>configure route tables.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p><strong>Accessing the Internet <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Default VPC includes an internet gateway, and\neach default subnet is a public subnet. <\/li><li>Each instance that you launch into a default\nsubnet has a private IPv4 address and a public IPv4 address. <\/li><li>These instances can communicate with the\ninternet through the internet gateway. <\/li><li>An internet gateway connect to the internet through\nthe Amazon EC2 network edge.<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"476\" height=\"400\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-269-476x400.png\" alt=\"\" class=\"wp-image-2806\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-269-476x400.png 476w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-269.png 574w\" sizes=\"auto, (max-width: 476px) 100vw, 476px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>By default, each instance launched into a\nnondefault subnet has a private IPv4 address, but no public IPv4 address,\nunless assigned or modify the subnet&#8217;s public IP address attribute. <\/li><li>These instances can communicate with each other,\nbut can&#8217;t access the internet.<\/li><li>Can enable internet access for an a nondefault\nsubnet by attaching an internet gateway to its VPC and associating an Elastic\nIP address with the instance.<\/li><li>Amazon VPC provides a web-based user interface,\nthe Amazon VPC console. <\/li><li>Access the Amazon VPC console by signing into\nthe AWS Management Console and choosing VPC.<\/li><\/ul>\n\n\n\n<p><strong>Infrastructure Resilience<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Technologies built from the ground up for\nresilience in the face of DDoS attacks.<\/li><li>Services can be used in combination to\nautomatically scale for traffic load.<\/li><li>Autoscaling, CloudFront, Route 53 can be used to\nprevent DDoS. <\/li><\/ul>\n\n\n\n<p><strong>AWS Shield <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It is a managed DDoS protection service <\/li><li>Available in two tiers: Standard and Advanced. <\/li><li>AWS Shield Standard applies always-on detection\nand inline mitigation techniques like deterministic packet filtering and\npriority-based traffic shaping. It is included automatically and transparently\nto Elastic Load Balancing load balancers, Amazon CloudFront distributions, and\nAmazon Route 53 resources at no additional cost. <\/li><li>AWS Shield Advanced includes access to near\nreal-time metrics and reports, for extensive visibility into infrastructure\nlayer and application layer DDoS attacks. <\/li><\/ul>\n\n\n\n<p><strong>AWS WAF <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It is a web application firewall to protect web\napplications from common web exploits. <\/li><li>It defines customizable web security rules to\ncontrol which traffic accesses web applications. <\/li><li>Rules use conditions to target specific requests\nand trigger an action, <\/li><li>It helps you to identify and block common DDoS\nrequest patterns and effectively mitigate a DDoS attack. <\/li><\/ul>\n\n\n\n<p><strong>Amazon Route 53 <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It is a highly available and scalable DNS\nservice <\/li><li>Designed to route end users to infrastructure\nrunning inside or outside of AWS.<\/li><li>It can manage traffic globally through a variety\nof routing types, and provides out-of-the-box shuffle sharding and Anycast\nrouting capabilities to protect domain names from DNS-based DDoS attacks.<\/li><\/ul>\n\n\n\n<p><strong>Amazon CloudFront <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Distributes traffic across multiple edge\nlocations <\/li><li>Filters requests to ensure that only valid\nHTTP(S) requests will be forwarded to backend hosts. <\/li><li>Supports geoblocking, to prevent requests from\nparticular geographic locations.<\/li><\/ul>\n\n\n\n<p><strong>Elastic Load Balancing <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Distributes incoming application traffic across\nmultiple targets like , such as Amazon Elastic Compute Cloud (Amazon EC2)\ninstances, containers, and IP addresses, and multiple Availability Zones, to\nminimizes overloading a single resource. <\/li><li>Elastic Load Balancing, like CloudFront, only\nsupports valid TCP requests, so DDoS attacks such as UDP and SYN floods are not\nable to reach EC2 instances. <\/li><li>It is a single point of management <\/li><li>It can serve as a line of defense between the\ninternet and private EC2 instances. <\/li><li>It includes the Application Load Balancer, for\nload balancing of HTTP and HTTPS traffic and also directly supports AWS WAF.<\/li><\/ul>\n\n\n\n<p><strong>VPCs and Security Groups <\/strong><\/p>\n\n\n\n<p>Security groups or origin access identity (OAI), require\nattackers to make requests through AWS WAF and CloudFront instead from the\nwebsite origin and minimizes the attack surface of <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>backend load balancers<\/li><li>EC2 instances<\/li><li>Amazon Simple Storage Service (Amazon S3)\nbuckets <\/li><\/ul>\n\n\n\n<p>Amazon Virtual Private Cloud (Amazon VPC) allows to\nconfigure <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>subnet routes<\/li><li>public IP addresses<\/li><li>security groups<\/li><li>network access control lists <\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"225\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-270.png\" alt=\"\" class=\"wp-image-2807\"\/><\/figure>\n\n\n\n<p>Above, uses Route 53, AWS WAF, CloudFront, and Elastic Load\nBalancing to control and distribute traffic. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Network firewalls built into Amazon VPC. TLS encryption in transit across all services. Private or dedicated connections into your data centre Amazon VPC Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you&#8217;ve defined. It resembles a traditional network in data centers Benefits of using the scalable&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":53,"menu_order":32,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-2798","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Amazon Web Services Global Infrastructure Security - Testprep Training Tutorials<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Amazon Web Services Global Infrastructure Security - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"Network firewalls built into Amazon VPC. TLS encryption in transit across all services. Private or dedicated connections into your data centre Amazon VPC Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you&#8217;ve defined. It resembles a traditional network in data centers Benefits of using the scalable...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-01T12:32:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-269-476x400.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/\",\"name\":\"Amazon Web Services Global Infrastructure Security - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-30T06:06:10+00:00\",\"dateModified\":\"2020-05-01T12:32:34+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Solutions Architect Associate (SAA-C03)\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Amazon Web Services Global Infrastructure Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Amazon Web Services Global Infrastructure Security - Testprep Training Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/","og_locale":"en_US","og_type":"article","og_title":"Amazon Web Services Global Infrastructure Security - Testprep Training Tutorials","og_description":"Network firewalls built into Amazon VPC. TLS encryption in transit across all services. Private or dedicated connections into your data centre Amazon VPC Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you&#8217;ve defined. It resembles a traditional network in data centers Benefits of using the scalable...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-01T12:32:34+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-269-476x400.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/","name":"Amazon Web Services Global Infrastructure Security - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-30T06:06:10+00:00","dateModified":"2020-05-01T12:32:34+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-global-infrastructure-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Solutions Architect Associate (SAA-C03)","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/"},{"@type":"ListItem","position":3,"name":"Amazon Web Services Global Infrastructure Security"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=2798"}],"version-history":[{"count":3,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2798\/revisions"}],"predecessor-version":[{"id":5178,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2798\/revisions\/5178"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/53"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=2798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=2798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=2798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}