Amazon EC2 Reserved Instances Assignment Sample

AWS Direct Connect - Question 1

The nature of the "elasticity" of the service allows developers to immediately scale to meet the explosion of traffic as well as demand. When computing requirements change unexpectedly (up or down), Amazon EC2 can respond immediately. In other words, developers can control the number of resources used at any point in time. In contrast, traditional hosting services typically provide a certain number of resources within a given time. In other words, users are limited in ability to respond easily when they know that usage changes rapidly, unpredictable, or at different intervals can cause large peaks.

AWS Direct Connect - Question 2

The steps Tom uses to analyze as well as mitigate security problems using the threat model are:

Step 1: Identify your security strategy

Understand security requirements as well as identify possible threats in business flows to achieve objectives. You should also consider whether there are specific compliance or security-related requirements that are part of your business goals. For example, during auditing, sensitive information (SSN number, age, etc.) should not be logged. Also, the log file must be accessible only to a specific set of users.

Step 2: Identify assets as well as external dependencies

This is why unauthorized access to assets such as data, code, as well as system information is a threat. The security architect must identify the list of assets to protect against potential attackers. You also need to identify external dependencies that are not part of the code but may pose a threat to your system. Consider how to access applications in a production environment or a Web server or how database communication is done on a private or public network.

Step 3: Identify the Trust Zone

The architect must identify the trust zone as well as the corresponding entry/exit point. This information should be documented as well as used to develop data flow diagrams with privilege boundaries. This helps you define approaches to user authentication, input data validation, as well as error handling. In the example for the e-commerce website described earlier, the order processing system can be identified as a trust zone that requires a price validation check for the ordered item ID.

Step 4: Identify potential threats as well as vulnerabilities

In addition to performing a broad search of threats under a predefined approach, such as STRIDE, consider the threats that typically affect your system. Examples include SQL injection, authentication corruption, as well as session management vulnerabilities. Identify areas of risk, such as poor input validation, excessive privileged accounts, weak password policies, custom encryption, inappropriate audit or logging, as well as the display of error or exception messages to end users.

Step 5: Document the threat model

Threat modeling is an iterative process, as well as documents form an important aspect of team responsibility. Architects can use documents to create secure designs as well as architectures to reduce architectural security threats. Developers can use documents as security guidelines to reduce security risks, as well as testers can run test cases to detect system vulnerabilities. This helps the tester to create security-related test cases as well as trust zone validation test cases.

Threat modeling must begin in the design phase as well as run in parallel with the architecture design. In addition, it is important to remember that there is no single approach to threat modeling. For best results, adopt a predefined approach, such as STRIDE, DREAD, or combine with the five steps above.

AWS Direct Connect - Question 3

Five steps to ensure governance as well as compliance are:

1. Meet the department leaders to ensure that the policies as well as procedures that are created are available in the individual department.
2. Determine the best policy format for different audience.
3. Make policies as well as procedures easy for employees to access.
4. Set the due date for each policy as well as the steps to be approved.
5. Determine the best way to measure how employees understand policies as well as procedures.

AWS Direct Connect - Question 4

The three differences between S3 as well as EBS services are:

1. Amazon S3 is the cheapest for data storage only. However, S3 has a variety of pricing parameters, including cost per request, S3 Analytics, as well as data transfer from S3 per gigabyte. EBS is the simplest cost structure.
2. Amazon S3 is accessible from anywhere. AWS EBS is available only in certain regions, but you can share files across regions of multiple EBS instances.
3. EBS is faster than Amazon S3, IOPS higher, as well as lower latency.

AWS offers two other storage services:

1. Amazon EC2 Instance Storage
2. The Amazon Glacier

AWS Direct Connect - Question 5

Groups	Members	Permissions
Admins group	All admin	Permission for read and write for the reports.

AWS Direct Connect - Question 6

Three AWS facility as well as data center security measures:

1. The AWS data center is a state-of-the-art technology that utilizes an innovative architecture as well as engineering approach. Amazon has years of experience in designing, building as well as operating large data centers. This experience applies to the AWS platform as well as infrastructure. The AWS Data Center is housed in a facility that is not branded as an AWS facility. Physical access is tightly controlled both at the border as well as at the entrance of the building by a specialized security staff that utilizes video monitoring, intrusion detection systems, as well as other electronic means.
2. Authorized personnel must pass two-factor authentication at least twice to access the data center floor. All visitors must provide their ID. Authorized staff will sign in as well as continue to accompany you.
3. AWS provides access to data centers as well as information, as well as for employees as well as contractors who need such privileges in the course of their business. If an employee loses the business needs of these privileges, even if they are still employees of Amazon or Amazon Web Services, their access is revoked immediately. All physical access to the data center by AWS employees is recorded as well as audited periodically.

AWS Direct Connect - Question 7

Reserved Instances are ideal for your ongoing instances, as well as you can save money by purchasing instances throughout the year.

Amazon EC2 Reserved Instances (RIs) offer a significant discount (up to 75%) over On-Demand rates, as well as capacity reservations when used in a specific Availability Zone.

The steps are:

1. Log in to the AWS Management Console.
2. Select EC2 from the Amazon Web Services menu.
3. In the left navigation pane, select Reserved Instances.
4. Select Purchase Reserved Instances.
5. Select a Reserved Instance Type, Platform, Payment Option, Instance Type, Offering Class, as well as Duration. If necessary, if you want to reserve capacity, Show Capacity Reservation Offers Only selects the check box to select the Availability Zone.
6. Not only can you adjust the number of instances you want to purchase, but you can also be satisfied with the estimated price.

AWS Direct Connect - Question 8

The following is a configuration step:

1. Open Amazon EC2 Console
2. From the console dashboard, select Launch Instance.
3. Select Amazon Machine Image (AMI) The page displays a list of basic configurations called Amazon Machine Images (AMIs) that act as templates for the instance. Select the HVM version of Amazon Linux
4. Select Instance Typepage, you can select the hardware configuration for the instance. Select the t2. Micro type that is selected by default. Note that this instance type is eligible for free tier.
5. Confirm as well as Launch Choose to allow the wizard to complete other configuration settings.
6. Confirm Instance Start upon the page, under Security Groups, you can see that a wizard has been created as well as that the security group has been selected. You can use this security group or use the following procedure to select the security group that you created during Setup.
7. Edit Security Group Select.
8. Configure Security Group son the page, confirm that you want to select an existing security group.
9. Select a security group from the list of existing security groups as well as click Confirm as well as Launch Select.
10. Confirm Instance Start upon the page, click Launch. Select.
11. When prompted for a key pair, select an existing key pair Select as well as then select the key pair that you created during Setup.
12. Alternatively, you can create a new key pair. Create New Key Pair Choose, enter a name for the key pair, as well as then select Download Key Pair. This is the only chance to save the private key file, so be sure to download it. Save the private key file to a secure location. When you start an instance, you must provide the name of the key pair as well as the corresponding private key each time you connect to the instance.

AWS Direct Connect - Question 10

The guidelines are:

1. Use Amazon S3 to block public access. By blocking public access by Amazon S3, account administrators as well as bucket owners can easily set up centralized management to restrict public access to Amazon S3 resources that are applied regardless of how they are created. For more information, see Use Amazon S3 to block public access.
2. Identify an Amazon S3 bucket policy that allows wildcard IDs, such as the principal "*" (which means "anyone" in effect), or allows wildcard action "*" (which allows users to perform any action in the Amazon S3 bucket).
3. Similarly, note the Amazon S3 bucket access control list (ACL) that provides read, write, or full access to "Everyone" or "Any authentication AWS user".
4. Use ListBuckets API to scan all Amazon S3 buckets. Then, use GetBucketAcl, GetBucketWebsite, as well as GetBucketPolicy to determine if there is access control as well as configuration that is bucket-compliant.
5. Use AWS Trusted Advisor to inspect the Amazon S3 implementation.
6. Consider implementing continuous discovery control using the s3-bucket-public-read-prohibited as well as s3-bucket-public-write-prohibited managed AWS Config rules.

AWS Direct Connect - Question 11

By default, all requests to the Amazon S3 bucket require AWS account credentials. If you enable versioning with MFA Delete in your Amazon S3 bucket, you must have two forms of authentication: AWS account credentials, a valid six-digit code, as well as a serial number from your authentication device to permanently delete the object version.

AWS Direct Connect - Question 12

Key concerns include:

Different data retention policies compare legal as well as privacy issues as well as economics, as well as weigh retention times; archiving rules, data formats, as well as issues you need to know to determine the storage, access, as well as encryption methods that are acceptable. .

Failure to properly data destruction in used IT assets can result in serious data protection violations, privacy policies, compliance issues, as well as additional costs. There are three main options for data corruption:1) Override, 2) degaussing as well as 3) Physical destruction.

AWS Direct Connect - Question 13

AWS Direct Connect enables you to establish a dedicated network connection between the data center and one of the AWS Direct Connect locations. This connection allows you to create a virtual interface directly to your AWS environment, allowing you to make a private connection that is not over the Internet. AWS Direct Connect improves network throughput and reduces the time required to migrate data. It also reduces network costs and facilitates connections that are much more stable than connections from the data center over the Internet.

AWS Direct Connect - Question 14

When a new media file is uploaded to the Amazon Simple Storage Service (Amazon S3) media analysis bucket, the AWS Lambda function calls the AWS Step Functions state machine. Metadata is extracted by Amazon Rekognition, Amazon Transcribe, and Amazon Comprehend. When an audiofile is uploaded, AWS Elemental MediaConvert extracts audio for Amazon Transcribe and Amazon Comprehend analysis. Another Lambda function retrieves and processes the results and stores them in Amazon S3 buckets and Amazon Elasticsearch clusters. The resulting metadata can be authenticated, securely searched, and retrieved using Amazon Cognito and Amazon API Gateway RESTful API.

The solution also introduces a static Amazon S3 web interface that allows customers to quickly upload, analyze, and operate small media files. Amazon CloudFront is used to restrict access to the solution's website bucket content.

AWS Direct Connect - Question 15

Multi-tenancy refers to resource sharing in cloud computing where any resource object can be reused in the cloud infrastructure. Reusable objects must be carefully controlled and managed to create serious vulnerabilities and to compromise confidentiality through potential data breaches. Data breaches in this context can be caused by unisolated cloud computing hardware. Cloud computing has a level of separation between the application and virtual layers, but the hardware layer is not sufficient..

AWS Direct Connect - Question 16

• The policy is to start or stop that instance
• Affecting AWS EC2
• You have permission to access or deny the instance.

AWS Direct Connect - Question 17

• There will be 7 subnets.
• We will create a VPN to access the reports
• Reserved Instances service

AWS Direct Connect - Question 18

This is a Ramsomware attack. Unlike other cyber threats known to users, backdoors are known to be inconspicuous. Backdoors exist for a specific group of people who are familiar with the system or application for easy access.

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help