What is VPC?

A VPC is an isolated segment of the AWS infrastructure allowing you to provision your cloud resources.

What is Subnet?

A subnet or subnetwork is a logical subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting. AWS provides two types of subnetting one is public which allows the internet to access the machine and another is private is hidden from the internet.

VPC Subnet high availability

What is Network Access Control List(NACLs)?

It is an essentially virtual network-level firewall that is associated with each and every subnet. …


Server-Side Encryption with S3 managed keys(SSE-S3)

  • Requires minimal configuration
  • Management of encryption keys managed by AWS
  • All you need to do is to upload your data and S3 will handle all other aspects

Server-Side Encryption with KMS managed keys(SSE-KMS)

  • Allow S3 to use the Key Management Service to generate data encryption keys
  • Gives greater flexibility of key management: disable, rotate, and apply access controls to the CMK

Server-Side Encryption with Customer provider keys(SSE-C)

  • Gives you the opportunity to provide your own Master keys
  • Your customer provided key would be sent with your data to S3, where S3 would then perform…

HSM(Hardware Security Module)

— A physical tamper-resistant hardware appliance that is used to protect and safeguard cryptographic material and encryption keys

— Provide Federal Information Processing Standard(FIPS) 140–2 Level 3

— CloudHSM is a physical device

— NOT a multi-tenant device

CloudHSM — used for secure encryption key management and storage

Key Management Service

  • Stores and generates encryption keys
  • Can be used by AWS to encrypt your data
  • Uses HSMs that are managed by AWS
  • Less management control than CloudHSM
Nadtakan Futhome — Serverless Cloud Developer

Customer Master Keys(CMK)

This is the main key type within KMS

  • This key can encrypt data up to 4KB in size
  • It is typically used in relation to your DEKs
  • The CMK can generate, encrypt and decrypt this DEK

There are 2 types of CMKs:

AWS managed CMKs

  • These are used by other AWS services that interact with KMS to encrypt data
  • They can only be used the service that created them within a particular region
  • They are created on the first time you implement encryption using that service

Customer managed CMKs

  • These provide the ability to implement greater flexibility
  • You can perform…

AWS KMS uses Symmetric Cryptography

KMS is a managed service used to store and generate encryption keys that used by other AWS services and applications

  • S3 may use the KMS to enable S3 to offer and perform server-side encryption using SSE-KMS
  • KMS contains the keys to decrypt your private data
  • Administrators at AWS don’t have access to your keys witin KMS
  • All administrative actions require dual authenticatin by two Amazon adminstrators
  • It’s our responsibility to administer our own encryption keys
  • The KMS service is for encryption at rest
  • To encrypt data while in transit you would need to use a…

Relational Database Service(RDS)

RDS allows you to set up a relational database using PostgreSQL, MySQL, MariaDB, Oracle, MS SQL Server, and Amazon Aurora.

  • During the creation of your RDS database, you may enable encryption at the Configure Advanced Settings screen
  • Keys can be issued by KMS using AES-256
  • It’s not possible to set encryption after your database being created. It has to be done during a creation.

Encryption an exiting database

To encrypt an unencrypted database after it has been created:

  • Create a snapshot of your unencrypted database
  • Create an encrypted copy of the snapshot
  • Use the encrypted snapshot to create a new database
  • Finally, your database…

EMR is a managed service, comprised of a cluster of highly scalable EC2 instances to process and run big data frameworks

  • You can encrypt at rest or in transit or both
  • They exist as a separate entity within EMR
  • By default, the instances within a cluster don’t encrypt data at rest
  • The instances within EMR are created from pre-configured AMIs (Amazon Machine Images)
  • You must use EMR version 5.7.0 or later to use custom AMIs and encrypt the root device volume for specific compliance reasons.

EMR encryption with EBS

If you decide to use EBS as persistence storage, there are a number of options…


  • Unencrypted data can be read by anyone who has access to it whether this data is stored at rest or sit in between two locations in transit. It knows as plaintext or clear text data.
  • The data is plain to see and can be seen and understood by any recipient. There is no problem with that as long as the data is not sensitive in any way and doesn’t need to be restricted.
  • However, on the other hand, if you do have data that sensitive and you need to ensure the contents of this data are only viewable by a…

SQS

  • Pull service — message stays in the queue until it gets pulled
  • Standard Queues — Ordering is not guaranteed
  • FIFO Queues — get a message in the right order but might not be a good fit for high throughput

SNS

  • Push service — 1:M
  • Pub/Sub service
  • SMS — but not support two-way messages and MMS
  • HTTP
  • SMTP
  • Mobile push
  • Time-sensitive update
  • Only support integration with Standard Queue NOT FIFO
  • Support CloudTrail, CloudWatch
  • Common use case: Autoscaling sends another SNS to another application layer or another consumer
  • Notification monitoring
  • Workflow system
  • Publishing many consumers
  • Support high throughput

EVENT BRIDGE

  • M:M — sending messages to…

Hi there, if you are running into this issue, you are at the right place to fix this and I hope I can help you.

With DynamoDB v3 is a bit different when it comes to defining your params object.

Error message:

Dynamodb v3 updateItem error

Solutions:

  1. Make sure your key format is correct by including the type of your key. For example: PK: { S: `USER#1234` }
  2. Make sure ExpressionAttributeValues is also including the type of your key. For example: “:title”: { S: body.title }

Example:

dynamoDB-v3-updateItem

Please let me know if you still have an issue via Twitter or LinkedIn

Nadtakan Futhoem

Founder of Nadtakan.com & Serverless Cloud developer. Follow me on Twitter https://twitter.com/NadtakanF

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store