[AWS] EC2 – Storage Options

  • Every EC2 instance must have a root volume, which may or may not be EBS (Elastic Block Store).
  • By default, an EBS root volume will be deleted when the instance is terminated. You can change the setting to make EBS volumes persistent.
  • You can attach additional EBS volumes to instances, and they are not deleted when the instance is terminated.
Continue reading “[AWS] EC2 – Storage Options”

[AWS] AWS WAF (Web Application Firewall)

WAF (Web Application Firewall) is a firewall service to protect web applications from common web exploit attacks.

  • It is an OSI Layer 7 firewall.
  • It monitors HTTP or HTTPS requests to ELB, CloudFront, or API Gateway.
  • Blocked traffic returns HTTP 403 (Forbidden) error status.
Continue reading “[AWS] AWS WAF (Web Application Firewall)”

[AWS] Key Management Service (KMS)

Key Management Service (KMS) is a regional secure key management service (FIPS 140-2 level 2 validated) that provides encryption and decryption. KMS is integrated with most of other AWS services.

  • KMS is a regional service, not a global one.
  • KMS is NOT an ideal place to save database passwords and API keys. They are stored in Systems Manager Parameter Store.
  • You are charged per API call.
  • KMS has the audit capability using CloudTrail to provide encryption key usage logs, which are saved in S3.
Continue reading “[AWS] Key Management Service (KMS)”