Amazon Web Services (AWS) provides highly-available technology infrastructure services with multiple locations worldwide. These locations are composed of regions and Availability Zones. AWS provides networks and network features spanning edge locations, Virtual Private Clouds (VPCs), and hybrid networks. AWS operates a global network connecting these locations.
Amazon VPC provides complete control over a virtual networking environment, enabling secure and easy access to resources and applications.
Amazon Elastic Compute Cloud
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It allows organisations to obtain and configure virtual servers in Amazon’s data centers and to harness those resources to build and host software systems.
Organisations can select from a variety of operating systems and resource configurations (for example, memory, CPU, and storage) that are optimal for the application profile of each workload.
Amazon EC2 presents a true virtual computing environment, allowing organisations to launch compute resources with a variety of operating systems, load them with custom applications, and manage network access permissions while maintaining complete control.
Amazon Virtual Private Cloud
Amazon Virtual Private Cloud (Amazon VPC) lets organisations provision a logically- isolated section of the AWS Cloud where they can launch AWS resources in a virtual network that they define. Organisations have complete control over the virtual environment, including selection of the IP address range, creation of subnets, and configuration of route tables and network gateways.
In addition, organisations can extend their corporate data centre networks to AWS by using hardware or software Virtual Private Network (VPN) connections or dedicated circuits by using AWS Direct Connect.
AWS Direct Connect
AWS Direct Connect allows organisations to establish a dedicated network connection from their data center to AWS. Using AWS Direct Connect, organisations can establish private connectivity between AWS and their data center, office, or colocation (AWS) environment, which in many cases can reduce network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based VPN connections.
Elastic Load Balancing
Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances in the cloud. It enables organizations to achieve greater levels of fault tolerance in their applications, seamlessly providing the required amount of load balancing capacity needed to distribute application traffic.
Amazon Route 53
Amazon Route 53 is a highly available and scalable DNS service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating human-readable names, such as www.example.com, into the numeric IP addresses, such as 192.0.2.1, which computers use to connect to each other.
Amazon Route 53 also serves as a domain registrar, allowing customers to purchase and manage domains directly from AWS.
Amazon CloudFront is a global Content Delivery Network (CDN) service that securely delivers data, videos, applications, and Application Programming Interfaces (APIs) to an organization’s viewers with low latency and high transfer speeds. Amazon CloudFront is integrated with AWS, both with physical locations that are directly connected to the AWS global infrastructure and software that works seamlessly with other AWS Cloud services. These include AWS Shield for Distributed Denial of Service (DDoS) mitigation, Amazon S3, Elastic Load Balancing, or Amazon EC2 as origins for applications, as well as AWS Lambda to run custom code close to the content viewers.
GuardDuty is a continuous security monitoring, threat detection solution that gives customers visibility into malicious or unauthorized activity across their AWS accounts and the applications and services running within them. GuardDuty is capable of detecting threats such as reconnaissance by attackers (for example, port probes, port scans, and attempts to obtain account credentials), Amazon EC2 instances that have been compromised (such as instances serving malware, bitcoin mining, and outbound DDoS attacks), and compromised accounts (for example, unauthorized infrastructure deployments, AWS CloudTrail tampering, and unusual API calls).
When a threat is detected, the solution delivers a security finding. Each finding includes a severity level, detailed evidence for the finding, and recommended actions.
AWS WAF helps protect web applications from common attacks and exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives organizations control over which traffic to allow or block to their web applications by defining customizable web security rules.
AWS Shield is a managed DDoS protection service that safeguards web applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimise application downtime and latency.
There are two tiers of AWS Shield: Standard and Advanced. All AWS customers benefit from the automatic protections of AWS Shield Standard at no additional charge. AWS Shield Standard defends against the most common, frequently occurring network and transport layer DDoS attacks that target websites or applications.
Published on Tue 20 November 2018 by Matt Wright in Networking with tag(s): aws