AWS Audit & Compliance and Content Delivery Services
This blog provides extensive information about the different Audit & Compliance and Content Delivery services developed by AWS.
AWS Audit & Compliance Services
These services can audit user’s resources to see who created which services like AWS Cloud Trail, AWS Artifact and AWS Security Hub.
- AWS Cloud Trail: This service is used for IT audits which tracks user activity and API usage.
> This services stores audit log data in S3 bucket.
> Service enables risk auditing by continuously monitoring user actions for AWS Management Console, AWS SDK, AWS API and AWS CLI.
> There are two types of data that can be logged in AWS Cloud Trail.
2. AWS Artifact: This service provides on demand AWS Security and Compliance reports and finds compliance related information.
3. AWS Security Hub: Provides centralized view of security posture.
> Also helps user to comply with company’s security standards.
> This service works like a hub that collects security alerts , findings from multiple AWS services as — Amazon Guard Duty, Amazon Inspector, Amazon Macie, AWS IAM Access Analyzer, AWS Firewall Manager.
AWS Network and Content Delivery Services
Service helps to integrate on-prem data center to AWS Cloud infra.
- Amazon Virtual Private Cloud (VPC): The logical private network within AWS cloud.
> Allows users to launch EC2 instances and other resources in virtual network and user has complete control over virtual network environment.
> VPC can communicate to external network using gateways.
> Virtual Privacy Gateway allows VPC to connect to on-premises or external network.
> VPC peering connecting VPC’s together. - Elastic Load Balancing (ELB): Automatically distributes incoming traffic across multiple targets.
> This service distributes traffic to underlying resources or servers.
> This service provides high availability to web application.
> Routes traffic across multiple Available Zones within single AWS Region like Application Load Balancer, Network Load Balancer, Gateway Load Balancer, Classic Load Balancer. - Route 53: DNS that routes traffic to various targets and routes domain name to particular IP address.
> Route policy which allows user to customize how the traffic is routed to the specific domain. - AWS Global Accelerator: This network service that provides set of static IP address that served as single fixed entry points.
> Using Global Accelerator, user can connect multiple AWS resources which are running in one or more AWS Regions using single endpoint. - Amazon Cloudfront: Is a CDN service that delivers static content to the clients;
> CDN is globally distributed network of services spread across the globe that stores or caches files.
> Reduces latency by shortening time to deliver data.
6. AWS Private Link: Allows private connectivity to various AWS services does not pass through public internet.
> Data does not pass through public internet, data stays within Amazon Network.
7. AWS Virtual Private Network (VPN): This service is used to connect the on-prem network to AWS.
> The encrypted connection that passes through public internet uses IPSec protocol to authenticate and encrypt data.
> Comprises of 2 services
8. AWS Direct Connect: This service allows dedicated network connection from on-premise to AWS and has more consistent network experience.
> It can use public virtual interface to connect to S3 and other public resources and the traffic does not pass through public internet.
9. AWS Transit Gateway: Connects cloud network to single gateway.
> It is recommended for large organization with many VPCs and site to site and reduces complexity which makes scaling easier.
10. Amazon API Gateway: Fully managed service that allows users to publish, maintain, monitor and secure RESTful APIs.
> It supports web sockets for real time message connection.
> This service acts as front door to backend services like EC2, ECS, Fargate, Lambda, AWS EBS and also works as proxy-similar to APIGEE, Mulesoft.
11. AWS AppMesh: Handles communication between microservices and provides application level network for different type of containerized application in AWS.
> Allows services to communicate with each other.
> This service uses an open source service mesh proxy called Envoy.
12. AWS Cloud Map: This is Cloud resource discovery service. It is commonly used in containing microservices that have dynamically changing resources.
