💻
Kyle Law's Blog
  • 💻Kyle Law
  • 😀About Me
  • Blogs
    • AWS
      • Card Clash
      • CloudQuest
        • Solution Architect Role
          • CloudQuest - Deploying RESTful APIs
      • Mock Exam
      • DVA-C02
        • TJ demo t
        • Page 4
        • Practice Test 1 (SM)
        • Deployment
        • Deployment with AWS Services
        • Security
        • Troubleshooting and Optimization
        • Stephen Maarek Course study
      • SAP-C02
        • Daily Summary
        • 22 Mar 2024 noon study
        • 22 Mar 2024 night study
        • 23 Mar 2024 Morning study
        • 23 Mar 2024 noon study
        • 25 Mar 2024 morning study
        • 25 Mar 2024 noon study
        • 26 Mar 2024 morning study
        • 27 Mar 2024 noon study
        • 27 Mar 2024 evening study
        • 30 Mar 2024 Morning study
        • 19 Apr 2024 evening study
        • 20 Apr evening study
        • Design for new solutions (29%)
        • Design Solutions for Organizational Complexity (26%)
        • Continuous Improvement for Existing Solutions (25%)
        • Accelerate Workload Migration and Modernization (20%)
      • SAA C03
    • Practice test 1
    • CFA L3
      • Capital Market Expectations
        • Brian O'Reilly Case Scenario
        • Exeter Asset Management Case Scenario
        • Minglu Li Case Scenario
      • CME (Part 2): Forecasting Asset Class Returns
        • Intro
        • Overview of Tools and Approaches
        • Forecasting Fixed Income Ret
        • Risks in Emerging Market Bonds
        • Forecasting Equity Return
        • Forecasting Real Estate Returns
        • Forecasting Exchange Rates
        • Forecasting Volatility
        • Adjusting Global Portfolio
        • SUMMARY
        • Practice Questions
      • Overview of Asset Allocation
        • INTRODUCTION
        • INVESTMENT GOVERNANCE BACKGROUND
        • THE ECONOMIC BALANCE SHEET AND ASSET ALLOCATION
        • APPROACHES TO ASSET ALLOCATION
        • MODELING ASSET CLASS RISK
        • STRATEGIC ASSET ALLOCATION
        • STRATEGIC ASSET ALLOCATION: ASSET ONLY
        • STRATEGIC ASSET ALLOCATION: LIABILITY RELATIVE
        • STRATEGIC ASSET ALLOCATION: GOALS BASED
        • IMPLEMENTATION CHOICES
        • REBALANCING: STRATEGIC CONSIDERATIONS
        • SUMMARY
      • Questions (Asset Allocations)
      • PRINCIPLES OF ASSET ALLOCATION
      • INTRODUCTION
      • ASSET-ONLY ASSET ALLOCATIONS AND MEAN–VARIANCE OPTIMIZATION
      • MONTE CARLO SIMULATION
      • CRITICISMS OF MEAN–VARIANCE OPTIMIZATION
      • ADDRESSING THE CRITICISMS OF MEAN–VARIANCE OPTIMIZATION
      • ADDING CONSTRAINTS BEYOND BUDGET CONSTRAINTS, RESAMPLED MVO AND OTHER NON-NORMAL OPTIMIZATION APPROA
      • ALLOCATING TO LESS LIQUID ASSET CLASSES
      • RISK BUDGETING
      • FACTOR-BASED ASSET ALLOCATION
      • DEVELOPING LIABILITY-RELATIVE ASSET ALLOCATIONS AND CHARACTERIZING THE LIABILITIES
      • APPROACHES TO LIABILITY-RELATIVE ASSET ALLOCATION: SURPLUS OPTIMIZATION
      • Page 1
      • Page 2
      • Page 3
      • DEVELOPING GOALS-BASED ASSET ALLOCATIONS
      • CONSTRUCTING SUB-PORTFOLIOS AND THE OVERALL PORTFOLIO
      • REVISITING THE MODULE PROCESS IN DETAIL
      • ISSUES RELATED TO GOALS-BASED ASSET ALLOCATION
      • HEURISTICS AND OTHER APPROACHES TO ASSET ALLOCATION
      • SUMMARY
      • Questions
      • CFA Study 13 May Night
      • 15 May 2024 - Night Study
      • 16 May 12am study
      • 16 May noon study
      • 16 May midnight study
      • 17 May night study
      • 17 May midnight study
      • 18 May noon study
      • 18 May night study
      • 18 May midnight study (Options)
      • 19 May noon study - volatility
      • 19 May 6pm study - options practices
      • 20 May morning study (swaps, forwards, futures)
      • Practice: Swaps, Forwards, and Futures Strategies
      • Practice - Heights Case Scenario
      • Practice - Tribeca Case Scenario
      • CURRENCY MANAGEMENT: AN INTRODUCTION
      • 30 May evening study
      • 31 May morning study
      • 31 May Morning study - part 2 - Fixed Income Portflio MGT
      • 31 May Noon study -Currency Management Practice Question
      • 3 June - Fixed Income
      • Practice - Fixed Income
      • 5 June - LIABILITY-DRIVEN AND INDEX-BASED STRATEGIES
      • 8 June - skipped parts
      • 8 June - Practice Questions - Liability Driven and Index-based strategies
      • 10 June - Yield Curve Strategies
      • 11 June - YC Strategies skipped
      • 12 June - YC Strategies practices
      • 19 June - FI Active Mgt - Credit Strategies (skippe
      • 19 June - FI Active mgt summary
      • 19 June - FI Active Mgt: Credit Strategies
      • Equity Portfolio MGT (Gist)
      • Equity Portfolio Management (Skipped)
      • Practices
      • Passive Equity Investing (Brief)
      • Passive Equity Investing (Skipped)
      • Page 5
      • Practice (PEI)
      • ACTIVE EQUITY INVESTING: STRATEGIES
      • Actove Equity Investing (Skipped)
      • Active Equity Investing (Practice Questions)
      • ACTIVE EQUITY INVESTING: PORTFOLIO CONSTRUCTION
      • Active Equity Investing - Portfolio Construction (Skipped)
      • AEI - Portfolio Constructions (Practices)
      • Hedge Fund Strategies (brief)
      • HF Strategies
    • Chess
      • Game Analysis
      • Middlegame Plan
      • Endgame
    • Reading
    • Coursera
      • Google Cybersecurity
      • Untitled
    • DesignGurus
      • Grokking System Design Fundamentals
    • Page 6
  • Page
  • Others
    • Piano
      • My Piano Performance collection
      • unravel (Animenz arrangement)
      • ABRSM Grade 8 - Syllabus 2023 - 2024
        • A1 - Prelude and Fugue in B Flat
        • B2 - Étude in D flat
        • C3 - Over the Bars
        • C8 - Caballos Españoles
  • ColdPlay concert 26 Jan 2024
  • Grade 5 Theory
    • Instruments
    • G5 Terms
  • Rinjani
Powered by GitBook
On this page
  1. Blogs
  2. AWS
  3. SAP-C02

Daily Summary

[SSL/TLS] you can change the Viewer Protocol Policy setting for one or more cache behaviors to require HTTPS communication by setting it as either Redirect HTTP to HTTPS or HTTPS Only. In that configuration, CloudFront provides its default SSL/TLS certificate.

There is no default SSL certificate in ELB, unlike what we have in CloudFront

you don't need to add an SSL certificate if you only require HTTPS for communication between the viewers and CloudFront. You should only do this if you require HTTPS between your origin and CloudFront.

you can't use a self-signed certificate in this scenario even though it is stored in a private S3 bucket. You need to use either a certificate from ACM or a third-party certificate.

[CI/CD] CodeBuild compiles your source code, runs unit tests, and produces artifacts that are ready to deploy. CodeBuild eliminates the need to provision, manage, and scale your own build servers. It provides prepackaged build environments

AWS Systems Manager Patch Manager can automate the process of patching managed instances, including both security-related updates and other types of updates.

Patching -> System Manager Patch Manager

CVE -> Amazon Inspector

[Access Private web app for specific employees via public internet] - SSL VPN solution in which the employees can connect first and once they are authenticated, they will be granted access to the online portal. In this way, you can launch the web servers in the private subnet and still access it over the Internet via the VPN.

SignIn via IdP - STS token, AssumeRoleWithWebIdentity -> IAM role to allow access...

Using the user data scripts to retrieve the database password may expose the password to the environment of the operating system of the EC2 instance.

Secrets Manager makes it easier to rotate, manage, and retrieve database credentials, API keys, and other secrets

RDS is not a suitable database for the mobile app because it is not as scalable enough when processing data from various users around the globe,

(SSE-S3) uses strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it rotates regularly. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.

the temporary security credentials should be retrieved from the instance metadata and not from the user data.

private VIF on AWS Direct Connect: on-prem -> AWS

EC2 Fleet with ASG : Pull from on-prem

Kinesis Producer Library: Send data into Kinesis Data Stream

Lambda: Process Kinesis data stream

WebSocket API in API Gateway: Invoke the function;

@connections command for the API: send callback messages to connected clients

PreviousSAP-C02Next22 Mar 2024 noon study

Last updated 1 year ago