Welcome, Guest
You have to register before you can post on our site.

Username/Email:
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 196
» Latest member: Richard_Amponsem
» Forum threads: 61
» Forum posts: 107

Full Statistics

Online Users
There are currently 16 online users.
» 0 Member(s) | 15 Guest(s)
Google

Latest Threads
Best Practices for Securi...
Forum: Solutions Architecture
Last Post: zachjonesnoel
10-10-2023, 05:28 PM
» Replies: 1
» Views: 2,442
Purchasing Windows Server...
Forum: Solutions Architecture
Last Post: fzs
24-03-2023, 07:27 PM
» Replies: 1
» Views: 2,578
session policy
Forum: Solutions Architecture
Last Post: fzs
05-03-2023, 08:35 PM
» Replies: 1
» Views: 2,319
AWS VPN
Forum: Solutions Architecture
Last Post: fzs
05-03-2023, 08:32 PM
» Replies: 1
» Views: 2,046
Auto-Scaling Group ASG
Forum: Solutions Architecture
Last Post: fzs
05-03-2023, 08:30 PM
» Replies: 3
» Views: 3,278
Target group health check...
Forum: System Administration Help
Last Post: sreekarachanta
24-02-2023, 12:23 PM
» Replies: 2
» Views: 3,384
Working on creating an EL...
Forum: DevOps
Last Post: fzs
29-09-2022, 09:04 PM
» Replies: 1
» Views: 3,707
EC2 key pair
Forum: System Administration Help
Last Post: fzs
29-09-2022, 10:35 AM
» Replies: 1
» Views: 3,055
Working on creating an EL...
Forum: Introductions
Last Post: semajlions
20-09-2022, 06:57 PM
» Replies: 0
» Views: 4,094
AWS CLOUDWATCH LOGS_$cont...
Forum: Developer Help
Last Post: fzs
27-08-2022, 10:49 AM
» Replies: 5
» Views: 7,274

 
  Best Practices for Securing AWS Lambda and API Gateway in a Serverless Architecture?
Posted by: kiroval479 - 10-10-2023, 09:10 AM - Forum: Solutions Architecture - Replies (1)

I've recently started transitioning some of our monolithic applications to a serverless architecture using AWS Lambda and API Gateway. While I am amazed at the scalability and ease-of-use that comes with serverless, I'm also aware that new architectural patterns introduce new security considerations.

Current Setup:

Services: Predominantly AWS Lambda, API Gateway, and DynamoDB.
Architecture: Microservices pattern with each service exposed via API Gateway and business logic handled by Lambda.
Traffic: Our applications receive moderate to high traffic, with expected spikes during product launches and sales.
Concerns and Questions:

How should I handle authentication and authorization efficiently in a serverless pattern, especially considering the stateless nature of Lambda?
Are there specific security best practices or patterns when interfacing API Gateway with Lambda?
How can I ensure secure data transit between services, especially when integrating with other AWS services or external APIs?
What monitoring and alerting mechanisms should I put in place to detect and respond to potential security threats?
Are there any tools or AWS services specifically geared towards enhancing security in a serverless environment?
I've gone through the AWS Well-Architected Framework and have a basic understanding of security pillars. However, real-world experiences and nuanced insights from this community would be invaluable.

Thank you in advance for your guidance and sharing your expertise!

Print this item

  Purchasing Windows Server Reserved Instance
Posted by: rnrstar - 17-03-2023, 06:54 PM - Forum: Solutions Architecture - Replies (1)

I'm looking to plunk down and buy a reserved instance for some Windows Server 2019 standard instances. I just want to make sure I'm selecting the right instance as my options appear to be Windows, Windows with SQL Server Standard, Windows with SQL Server Web, and Windows with SQL Server Enterprise. I don't need SQL server. I'm thinking that the Windows option is the correct one even though it doesn't say server.

Print this item

  AWS VPN
Posted by: Tucix - 04-03-2023, 10:27 AM - Forum: Solutions Architecture - Replies (1)

Hello,
 
I totally disagree with the following sentence, because by definition a VPN provides a private connection based on FAI requirements (private IP addresses) :

"
a VPG is the AWS-side of an AWS VPN. A VPN does not provide a private connection and is not reliable as you can never guarantee the latency over the internet
"
 Is there something wrong in my reasoning ?

Thanks,

Print this item

  session policy
Posted by: Tucix - 04-03-2023, 09:04 AM - Forum: Solutions Architecture - Replies (1)

Hello,

What is a session policy in the context of the IAM ?
 I know what Resource-based policy and Identity-based policy are, but not session policy.

Regards,

Print this item

  Auto-Scaling Group ASG
Posted by: Tucix - 02-03-2023, 07:30 PM - Forum: Solutions Architecture - Replies (3)

Hello,

Based on my knowledge, there are two types of scaling : the up/down scaling and the out/in scaling.

I'm a bit surprised to see that in AWS Courses (so as in AWS Solution Architects Exam Preparation Book) I missed the up/down scaling !

Indeed, I always found that typical example :

- in the "Increase Group Size" Window in the "Take the action" item the CAPACITY UNIT is activated (that is to say, this represents the instance number).

In case of a up/down scaling, we are supposed to modify the CPU and/or the RAM.

But I never see such information in the "Take action" item, is that normal ?

Regards,

Print this item

  Target group health check failed
Posted by: sreekarachanta - 24-02-2023, 10:54 AM - Forum: System Administration Help - Replies (2)

Folks we are facing the below issue , can anyone help me here? 

Issue: Target group health check failing .

We configured blue green ecs deployment . When we have a single ec2 instance in the cluster and when we create ECS service with desired task count as 1 - the task will place a container on port 8080. 

Next time when we do a deployment - the service fails since the port 8080 is already in use in the container instance . So we decided to use the dynamic port mapping in task definition but in that case the target group health check is failing with the settings like in the image.



Attached Files Thumbnail(s)
   
Print this item

  EC2 key pair
Posted by: fborges5555 - 29-09-2022, 12:33 AM - Forum: System Administration Help - Replies (1)

Hi gurus.

I have an ec2 instance already with a Key-pair, is there a way I can have a second Key-pair for a user to use SSH tunnel to this ec2 that already exists?

Thanks gurus

Print this item

  Working on creating an ELK Stack
Posted by: semajlions - 20-09-2022, 07:53 PM - Forum: DevOps - Replies (1)

Any ideas as to what may cause this Logstash error?

Error occurs after running this command


Code:
# /usr/share/logstash/bin/logstash -f /etc/logstash --config.test_and_exit

[2022-09-20T19:41:49,063][FATAL][logstash.runner          ] The given configuration is invalid. Reasod one of [ \t\r\n], "#", "input", "filter", "output" at line 6, column 1 (byte 132) after

[2022-09-20T19:41:49,066][FATAL][org.logstash.Logstash    ] Logstash stopped processing because of anystemExit) exit


I've modified line 6 numerous times and even eliminated the filter, same error.

Print this item

  Working on creating an ELK Stack
Posted by: semajlions - 20-09-2022, 06:57 PM - Forum: Introductions - No Replies

Hello, my name is James, and I am studying to become an Associate Solution Architect, at work my manager has tasked me to create an ELK Stack. I've run into some issues and hoping to get some assistance in this forum.

Print this item

  AWS CLOUDWATCH LOGS_$context.requestOverride.header.*
Posted by: Jyotheesh_K - 24-08-2022, 10:33 AM - Forum: Developer Help - Replies (5)

Trying to fetch header values from request using Access logging Variables($context.requestOverride.header.*) provided by AWS for an API Gateway. This Particular value is not Logging in CloudWatch.Please find attached document.

Please let me know if I need to do anything further.


Thanks & Regards
Jyotheesh K



Attached Files
.docx   AWS CLoudWatchLogs-requestheader.docx (Size: 33.37 KB / Downloads: 319)
Print this item