AWS Solutions Architect – Professional

AWS Certified Solutions Architect – Professional

Permissions, Identity and Federation
Networking and Hybrid
Storage Services
Compute, Scaling and Load Balancing
Monitoring, Logging and Cost Management
Databases
Data Analytics
App Services, Containers and Serverless
Caching, Delivery and Edge
- CloudFront
- ElastiCache
Migrations and Extensions
Security and Configuration Management
Disaster Recovery and Business Continuity in AWS
- DR/BC Architecture
Infrastructure as Code
- CloudFormation
Deployment and Management
Everything Else

AWS Shield and Web Application Firewall (WAF)

AWS Shield

Provides protection against DDoS attacks
Provides a custom designed set of protection against DDoS attacks
Comes in 2 versions:
- Shield Standard:
  - Offers protection against all known infrastructure Layer 3 and Layer 4 DDoS attacks
  - It is free of charge
  - If offers comprehensive L3 and L4 protection when used with Route53 and CloudFront
- Shield Advanced:
  - Costs $3000 per month per organization
  - Expands the range of products which can be protected: EC2, ELB, CloudFront, Global Accelerator and Route53
  - Shield Advanced provides access to 24/7 advanced response team
  - Provides financial insurance for any increase of payments in case of DDoS attacks

WAF - Web Application Firewall

It is Layer 7 Firewall (understands HTTP/S)
Normally firewall operate at Layer 3, 4, 5
WAF protects against complex Layer 7 attacks/exploits such as SQL Injection, Cross-Site Scripting
It can filter based on location (Geo Blocks), and provides rate awareness
Web Access Control List (WEBACL) integrated with ALB, API Gateway and CloudFront
WEBACL has rules and they are evaluated when traffic arrives