Chapter 12: Security on AWS (Part 5)


An "identity pool" (painting by Waterhouse)? see below.

Amazon ElastiCache


The next puzzling comment was:

Amazon ElastiCache for Redis provides backup and restore functionality.

I thought ElastiCache was a cache service? Why would you need to back it up? Surely this messes up the cache refresh mechanisms? I.e. if you save a cache and back it up later on it will be out of sync with the underlying data store???

Redis actually looks like it can function not just as a cache, but as as a in-memory database. Redis persistence explained here.

It can also work with durability!

So I guess that backup and restores only work if you are using Redis as the database with no backing data store...?

More AWS docs.

So now I'm confused again. Redis is just another AWS database option?  How does it compare with open source NoSQL like Cassandra? DynamoDB etc?

A blog comparing Redis with Cassandra:

Following is point by point comparison of Cassandra and Redis. There are some great benefits of using Cassandra as it is an Apache product and has support for HiveQL (SQL like syntax). Cassandra is columner/tabular oriented database (goes well with the historical RDBMS) and is AP in the CAP analysis. As is mentioned in the following table, when you are writing more than you read, Cassandra is great. It is good for banking and financial industry where you are writing more than you are reading (not necessary for transaction data but other details).

Redis is really fast compared to Cassandra as it has disk-backed in memory database. Unlike Cassandra where all the nodes are similar, it has master slave architecture (in line with Hadoop architecture). It is CP in the CAP theorem and is a key-value based database system. It is great to use when you have the rapid changing data and have approx. data size estimate (which can fit in memory). It is good for analytics and real-time data communication. 


My simple summary, Cassandra is good for lots of writes, but Redis is better for lots of reads and writes.

And on the magic CAP triangle:




And a comparison of Redis, Cassandra and DynamoDB.

Amazon EMR


If you do encrypt the data before it is uploaded you then need to add a decryption step when Amazon EMR fetches the data from S3.

Sounds tricky, where is this documented? Not sure but maybe here (nothing mentions a decryption step!)

The Amazon Kinesis API is only accessible via an SSL-encrypted endpoint (kinesis.us-east-
1.amazonaws.com) to help ensure secure transmission of your data to AWS. You must
connect to that endpoint to access Kinesis, but you can then use the API to direct AWS Kinesis
to create a stream in any AWS Region

Again this seems "odd" and is not mentioned in the AWS Kinesis documentation anywhere that a search can discover.

Amazon Cognito


To use Amazon Cognito Federated Identities in your app, you'll need to create an identity pool. An identity pool is a store of user identity data specific to your account. Using Amazon Cognito Sync, you can retrieve the data across client platforms, devices, and operating systems, so that if a user starts using your app on a phone and later switches to a tablet, the persisted app information is still available for that user.

A bit like Narcissus? 


Comments

  1. Natural gas23 May 2018 at 06:52

    Every business require cloud DR solution to secure their data. AWS disaster recovery architecture provide complete solution to protect data. Thanks

    ReplyDelete
  2. Rekha Roy22 November 2021 at 07:08

    Want to change your career in Selenium? Red Prism Group is one of the best training coaching for Selenium in Noida. Now start your career for Selenium Automation with Red Prism Group. Join training institute for selenium in noida.

    ReplyDelete

Post a Comment

Popular posts from this blog

Which Amazon Web Services are Interoperable?

Image
Which Amazon Web Services are Interoperable? This is a question I asked when I started studying for AWS certification, asked a few AWS certified architects at Sydney Summit 201 (the answer typically was "all of them as they all use REST APIs", really?), and have attempted to answer from the documentation. They only way I could think to answer this so far is go through the documentation for the 3500 services (according to April AWS service update) and create a dependencies graph (which services interoperate with which other services).  I've also noticed that some of the certification questions ask which for AWS X, which other AWS services interoperate with it? So obviously it's important. Obviously AWS could answer this by monitoring (E.g. with X-Ray) which services call or are called with services and create a interoperability graph and frequency of calls. I've since come up with another approach to answer this.  I've used the 16 aws reference architecture
Read more

AWS Certification glossary quiz: IAM

Image
I also keep getting stuck on IAM and key related questions so here's a quiz on IAM. Qn1  One of two possible outcomes (the other is  deny ) when an  IAM  access  policy  is evaluated. When a user makes a request to AWS, AWS evaluates the request based on all permissions that apply to the user and then returns either deny or this one. alarm permit true allo w Qn2  A web service that enables  Amazon Web Services  (AWS)  customers to manage users and user permissions within AWS. AWS user service (AUS) AWS customer service (ACS) AWS access management (AAM) AWS Identity and Access Management  (IAM) Qn3:  An  IAM   managed policy  that is created and managed by AWS. AWS management AWS policy AWS IAM policy AWS managed policy Qn4:  A web service for requesting temporary, limited-privilege credentials for  AWS Identity and Access Management  (IAM)  users or for users that you authenticate ( federated users ). AWS credential service (AWS ACS) AWS token service
Read more

AWS SWF vs Lambda + step functions? Simple answer is use Lambda for all new applications.

Image
I do like my Lamb (daaaa)! What's the difference between SWF and Lambda + step functions? Well, for a start they can be used together. Benefits and Limitations of using Lambda Tasks There are a number of benefits of using Lambda tasks in place of a traditional Amazon SWF activity: Lambda tasks don’t need to be registered or versioned like Amazon SWF activity types. You can use any existing Lambda functions that you've already defined in your workflows. Lambda functions are called directly by Amazon SWF; there is no need for you to implement a worker program to execute them as you must do with traditional activities. Lambda provides you with metrics and logs for tracking and analyzing your function executions. There are also a number of limitations regarding Lambda tasks that you should be aware of: Lambda tasks can only be run in AWS regions that provide support for Lambda. See  Lambda Regions and Endpoints  in the  Amazon Web Services General
Read more