Tag Archives: amazon web service

AWS Service Catalog

service catalog

A service of AWS that fails to get a ton of attention is Service Catalog. This service seeks to enable organizations to create and manage catalogs of IT services that are approved for use on AWS. It permits organizations to centrally manage their commonly deployed IT services and can help maintain appropriate governance and compliance.

The idea is your end users (IT staff) can quickly deploy the IT services they need that you have approved and that they will do so following the constraints that you have set.

Benefits include:

  • Standardization – you can place restrictions on the types and configurations of AWS resources launched
  • Self-service discovery and launch – permit users to browse listings of services and applications available to them, and to launch them as provisioned products
  • Fine-grained access control – IAM users and groups form the basis of permissions for the resources listed in the catalogs
  • Extensibility and version control – products can be added to various portfolios from a single copy, and versioning updates all copies

AWS Service Catalog terminology:

  • Products – an IT service that you want to make available for deployment on AWS. It can consist of AWS resources such as EC2 instances, storage volumes, databases, monitoring configurations, and networking components. You create products through the import of CloudFormation templates.
  • Portfolios – a collection of products along with configuration information.
  • Versioning – Service Catalog allows you to manage multiple versions of products in your catalog.
  • Constraints – Template and Launch constraints allow you to carefully control deployments.
  • Stack – as mentioned above, the building block for the Products are CloudFormation stacks.

AWS Certified Security – Specialty Beta Exam Ended Today!

S3

Great news for those of us interested in this new certification from Amazon! The last delivery of the Beta was today – 3/2/2018.

This means we can expect the gold code of the exam to be available to us in a month or so.

I am certainly looking forward to this new specialty certification and I am sure you are as well.

Here is what we can expect to be tested on.

Domain 1: Incident Response

1.1 Given an AWS abuse notice, evaluate the suspected compromised instance or exposed access keys.
1.2 Verify that the Incident Response plan includes relevant AWS services.
1.3 Evaluate the configuration of automated alerting and execute possible remediation of security-related incidents and emerging issues.

Domain 2: Logging and Monitoring

2.1 Design and implement security monitoring and alerting.
2.2 Troubleshoot security monitoring and alerting.
2.3 Design and implement a logging solution.
2.4 Troubleshoot logging solutions.

Domain 3: Infrastructure Security

3.1 Design edge security on AWS.
3.2 Design and implement a secure network infrastructure.
3.3 Troubleshoot a secure network infrastructure.
3.4 Design and implement host-based security.

Domain 4: Identity and Access Management

4.1 Design and implement a scalable authorization and authentication system to access AWS resources.
4.2 Troubleshoot an authorization and authentication system to access AWS resources.

Domain 5: Data Protection

5.1 Design and implement key management and use.
5.2 Troubleshoot key management.
5.3 Design and implement a data encryption solution for data at rest and data in transit.