When we refer to an application environment we’re grouping together our hardware, software, files and processes.
To make these environments durable & highly available, we need to find a way to ensure that our application can failover automatically & continue to run and that all our configuration files are backed up for additional resilience.
In a traditional LAMP stack application, were talking about: Linux; Apache; MySQL; PHP; Apache config files; firewall configuration, PHP config; MySQL tables & data; MySQL config files; static HTML, CSS and JS resources; PHP scripts; Cron Jobs and domain name configuration to name a few.What can we do to ensure [...]
Grappling with the various concepts surrounding AWS can be a tough task. There is some documentation around each service that’s available to you but nothing that shows how everything hangs together. Additionally, with the speed at which AWS update their environment, many of the books are already out dated.
AWS Zero to Hero provides you with a detailed understanding of the core AWS services & features. While it’s not going to be a silver bullet to passing the exam, it does provide you with the core concepts that you need which, once augmented with some hands-on experience in AWS, will put you in a good position to become a solutions architect for AWS [...]
Cloud HSM is a dedicated hardware security module (HSM) which is used to securely (to levels accepted by government organizations) generate, secure and manage cryptographic keys for data encryption.
CloudHSM can be deployed in a cluster of up to 32 individual HSM, spread across multiple availability zones. Keys are automatically synchronised & load balanced between each node in the cluster.
The cloud HSM must be part of a VPC in order to benefit from the additional layer of isolation and security. Within the VPC, you can configure a client on your EC2 instances that allows applications to use the HSM cluster over a secure, authenticated network [...]
AWS has a shared security model, meaning they commit to looking after part of the environment while you must look after the rest. We can generalize & say that AWS look after all of the bits of the environment that they can touch.
AWS are responsible for the physical security in their own facilities. This includes controlling the movements of individuals, restricting access to only those people that absolutely require access and keeping exact AWS data centre locations a closely guarded secret.
They’re responsible for the physical security of the underlying hardware and host operating system of EC2 and non-managed database instances. They [...]