Tips and tricks AWS Solutions Architect Associate #1
I’m starting a series of posts sharing key things to know, tips and tricks to help you succeed in the AWS Solutions Architect Associate certification.
The first thing is to learn and practice. For me, it started with a course by by Stephane Marek.
Then I trained regularly and took notes. I did some hands-on labs, and in my day-to-day work, I kept trying to improve and discover new things about AWS..
Training can be tedious, but it’s a bit like sports — the more you practice, the faster you get.
You start spotting your weaknesses, the areas you need to clarify, and you steadily improve.
My notes were mostly useful to build reflexes — if a certain word appears in the question, it should immediately trigger a specific idea in my mind.
- Security
- Keys
- 2 kinds of key : Symetric (AES 256) and Asymetric (RSA, ECC).
-
There are two types of keys: a Customer Master Key (CMK), which manages key generation, and Data Keys, which are used to encrypt data.
SSE: Server-Side Encryption
CMK: Customer Master Key (now referred to as KMS Key)Types to know:
-
SSE-C: Customer provides the data key; AWS uses it to encrypt/decrypt the data but does not store it.
-
SSE-S3: AWS manages both the encryption keys and the encryption process. Each object is encrypted with a unique key, and AWS rotates the master key regularly.
-
SSE-KMS: AWS KMS manages the keys. Each object is encrypted with a unique data key encrypted by a CMK. Supports auditing, key policies, and can be multi-region.
-
CSE: Client-Side Encryption. The customer handles key management and encryption locally before sending data to AWS.
-
- HSM : device to encrypt
- Security Group: Stateful network traffic control, inbound and outbound
- Inspector: Vulnerabilities, CVE for EC2 , not for Cost
- Guarduty: Threat detection (logs, VPN,DNS, cloudtrail)
- Trusted Advisor: Provides recommendations and optimizations
- Cloudtrail : Log all user action
- Keys