AWS- certificated cloud practitioner cheat sheet(知识总结)

IaaS, PaaS, SaaS:

  • IaaS
provide network, computer, data storage
high flexibility
  • PaaS
remove the need for your application and manage the underlying infrastructure
focus on development and management on application
  • SaaS
the complete product that is run and managed by the service provider

Difference between IaaS > PaaS > SaaS?

Like doing pizza
IaaS provide oven, kitchen, gas
PaaS provide oven, kitchen, gas and pizza Dough, what you need to do is make toppings on it.
SaaS provide oven, kitchen, gas and pizza Dough and toppings, also cook pizza for you, you only need to sell it.

Free services include:

  • Amazon VPC.
  • Elastic Beanstalk (but not the resources created).
  • CloudFormation (but not the resources created).
  • Identity Access Management (IAM).
  • Auto Scaling (but not the resources created).
  • OpsWorks.
  • Consolidated Billing.


Fundamentally charges include:

  • Compute.
  • Storage.
  • Data out


The 6 advantages of cloud are:

  • Trade capital expense for variable expense
  • Benefit from massive economies of scale
  • Stop guessing about capacity
  • Increase speed and agility
  • Stop spending money running and maintaining data centers
  • Go global in minutes

Storage gateway

  • File gateway : store as object in S3. Store via NFS at local.
  • Volume gateway: store as volume like a disk. Include stored volume and cached volume.
  • Tape gateway: backup and store tape. It always stores for a long time in Glacier. need third-party software.

Well-architected framework

  • Scalability: vertical and horizontal
  • Disposal resources: should be disposal & easily configured. Need backup.
  • Automation: serverless, IaaS, auto-scaling
  • loose coupling
  • services not server

AWS Organizations and Consolidated Billing

Available in two feature sets:
Consolidated Billing.
All features.
Paying Account – independent and cannot access resources of other accounts.
Linked Accounts – all linked accounts are independent.


Best practices:
Always enable multi-factor authentication (MFA) on the root account.
Always use a strong and complex password on the root account.
The Paying account should be used for billing purposes only. Do not deploy resources into the Paying account.


AWS Cost Calculators and Tools

  • AWS Cost Explorer – enables you to visualize your usage patterns over time and to identify your underlying cost drivers.
  • AWS Simple Monthly calculator – shows you how much you would pay in AWS if you move your resources.
  • Total Cost of Ownership (TCO) calculator – used to compare the cost of running your applications in an on-premise or colocation environment against AWS.

Types of cloud

On-promises(private cloud):
Also called private cloud, it deploys cloud techies on user's machine.
So that they own their structures and hardware products.

Public cloud
A cloud-based application is fully deployed in the cloud and all parts of the application run in the cloud.

Hybrid cloud: 
A hybrid deployment is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud.

Serverless service

  • AWS Lambda
  • Amazon API Gateway
  • Amazon DynamoDB
  • Amazon S3
  • Amazon Kinesis
  • Amazon Aurora
  • AWS Fargate
  • Amazon SNS
  • Amazon SQS
  • Amazon EFS
  • Amazon Athena, query data from S3, result back to S3
  • Amazon EventBridge
  • AWS Glue (Extract, Transform, Load data)

Reservations apply to various services, including:


  • Amazon EC2 Reserved Instances.
  • Amazon DynamoDB Reserved Capacity.
  • Amazon ElastiCache Reserved Nodes.
  • Amazon RDS Reserved Instances.
  • Amazon RedShift Reserved Instances.

Encrypted storage:

S3 glacier(AES-256 encryption)
Storage gateway(between on-demand and cloud, so use SSL)



ECS VS Fargate ECR:

Both can run container.
ECS need provision by yourself, like instances.
Fargate is serverless, don't need to worry about the resource provision.

ECR: store container images. cannot run container.



Cloudformation:

infrastructure as code
repeat an architecture
Don't need to provision resource manually, upload the template file to provision resources.

Elastic Beanstalk:

only focus on application code
PaaS

codedeploy:

Hybrid service
work with EC2 instances
work with on-promises server


SSM: 

Hybird service: both on-promises server and AWS
do automatic patch fleet
run command on all servers

TCO:

estimate the cost from on-promises server to cloud

simple monthly calculator:

need to provide the server
cost of service

cost explorer:

provide current usage and forecast the usage


Cognito:

IAM is for company staff, so for hundreds of thousands of customer, use it.


SSO: 

For login to multiple account include third-party account, use one single account.








Reference : https://digitalcloud.training/

Popular posts from this blog

Phonebook - Hack the box Write up -- Web LDAP injection

Image
 0x00 Problem  0x01 Check the vulnerability When we see the login form on the website, it might be command injection, SQL injection, LDAP injection.  We can see that this need us to login with workstation username, it might be LDAP injection. 0x02 LDAP injection payload Here is the basic LDAP injection payload. We can check the vulnerability. user=*)(& password=*)(& --> (&(user=*)(&)(password=*)(&))  After we type it, we found the response shows successful, and return a page has search box. Then we type a character in the search box, and it returns some user phonebook information. I tried 'flag', 'HTB', it doesn't find any results. Then we try to find user 'Reese', but the information doesn't look like flag.   0x03 Locate the flag  Then we change our payload to check if the password is the flag. user=Reese password=HTB*)(& --> (&(user=Reese)(password=HTB*)(&  It can also return to the search page which means it...
Read more

wafwaf -- Hack The Box -- Web SQL injection

Image
0x00 Problem 0x01 Check the Source Code We open the website and only see the source code on the website. As we can see, there is a WAF will filter some characters and words, that means the normal injection will not work. However, we can see, there is a json_decode() function will decode JSON data, that means the data can be accepted should be JSON format.  The example JSON format data is like: /u0074, /u0075. In addition, there is a "php://input",  accesses the read-only stream of the requested raw data, executing the data in the post request as PHP code. 0x02 Local Test We can launch an Apache server to test it. I copy the source code and make a little change to test this. This file is in /var/www/html. We will construct the data first. This time I use 'select' as an example. The word transfer to ASCII, then to hex, then replace the '\0x' as '\u00'. This can be test in the browser console. At the end, we can test it with curl . As we can see, the SQL...
Read more

Cheat sheet for security+

Image
Malware virus: need people action to execute and spread. Hoax: trick the victim to infect, like game. worms: spread and execute without humman  trojans: can get remote control. RAT(remote access Trojan) ransomware: take control of your computer system, pay for unlock, most time will not unlock if you pay spyware: audit the callender, website history and other actions. rootkit: a type of backdoor, software design to administrative level control or root priviledge without detection. use DLL injection. malicious code inserted into a running process or kernel-mode device drvier. intercept calls and redirect to the malicous code. spam: CAN-Spam Act law to stop relaying send out email through other's mail server. Spim(instant message) like chat, text message.
Read more