Scribd
Upload
58 views76 pages

After Mid Unit 3

Uploaded by

pranjal16khare
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
58 views76 pages

After Mid Unit 3

Uploaded by

pranjal16khare
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 76

UNIT -3

Networking & Content Delivery –Route 53, Amazon API Gateway, Amazon VPC, VPC
Subnets, Route Tables, Security Groups, NAT Gateway.
Security Identification and Compline – AWS Identity and Access Management (IAM), AWS
Certificate Manager (ACM) and AWS Key Management Service (KMS).

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 1


19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 2
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 3
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 4
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 5
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 6
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 7
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 8
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 9
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 10
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 11
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 12
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 13
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 14
AWS API
• What is an API?
• APIs are mechanisms that enable two software components to
communicate with each other using a set of definitions and protocols.
• What does API stand for?
• API stands for Application Programming Interface. In the context of APIs,
the word Application refers to any software with a distinct function.
Interface can be thought of as a contract of service between two
applications. This contract defines how the two communicate with each
other using requests and responses. Their API documentation contains
information on how developers are to structure those requests and
responses.

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 15


• How do APIs work?
• API architecture is usually explained in terms of client and server. The
application sending the request is called the client, and the
application sending the response is called the server. (So in the
weather example, the bureau’s weather database is the server, and
the mobile app is the client).
• There are four different ways that APIs can work depending on when
and why they were created.

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 16


• SOAP APIs
• These APIs use Simple Object Access Protocol. Client and server exchange
messages using XML. This is a less flexible API that was more popular in the
past.
• RPC APIs
• These APIs are called Remote Procedure Calls. The client completes a
function (or procedure) on the server, and the server sends the output back to
the client.
• Websocket APIs
• Websocket API is another modern web API development that uses JSON
objects to pass data. A WebSocket API supports two-way communication
between client apps and the server. The server can send callback messages
to connected clients, making it more efficient than REST API.
• REST APIs
• These are the most popular and flexible APIs found on the web today. The
client sends requests to the server as data. The server uses this client input
to start internal functions and returns output data back to the client. Let’s
look at REST APIs in more detail below.

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 17


What are REST APIs?
• REST stands for Representational State Transfer. REST defines a
set of functions like GET, PUT, DELETE, etc. that clients can use to
access server data. Clients and servers exchange data using HTTP.
• The main feature of REST API is statelessness. Statelessness
means that servers do not save client data between requests.
Client requests to the server are similar to URLs you type in your
browser to visit a website. The response from the server is plain
data, without the typical graphical rendering of a web page.

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 18


19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 19
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 20
• API Gateway
• Purpose: AWS API Gateway is used to create, publish, maintain, monitor, and
secure REST, HTTP, and WebSocket APIs at any scale.
• Key Features:
• Integration with various AWS services (e.g., Lambda, DynamoDB, S3)
• Custom domain names and SSL/TLS encryption
• Throttling, request/response transformation, and monitoring
• Versioning and staging of APIs
• API keys and usage plans to manage access
• Integration with AWS WAF (Web Application Firewall) for enhanced security
• Use Cases:
• Backend for mobile and web applications
• Serverless applications using AWS Lambda
• Microservices architecture

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 21


• EC2 (Elastic Compute Cloud) API
• Purpose: EC2 provides scalable computing capacity in the cloud. The EC2
API allows you to control and configure instances, storage, networking, and
security.
• Key Features:
• Launch, describe, terminate, and manage EC2 instances
• Create and manage Amazon Machine Images (AMIs)
• Configure security groups, key pairs, and Elastic IPs
• Manage instance states (start, stop, reboot)
• Auto-scaling and load balancing
• Use Cases:
• Automating infrastructure setup
• Managing virtual machine instances programmatically
• Creating scalable web applications

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 22


• S3 (Simple Storage Service) API
• Purpose: S3 API is used to manage data storage, retrieve data from
anywhere, and manage buckets.
• Key Features:
• Object storage for any amount of data
• Highly durable, with automatic replication across availability zones
• APIs for uploading, downloading, and managing objects (files)
• Support for lifecycle policies, versioning, and data encryption
• Signed URLs for secure, temporary access to objects
• Use Cases:
• Backup and recovery of files
• Data lake for analytics
• Content distribution for websites

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 23


• Lambda API
• Purpose: AWS Lambda enables you to run code in response to events
without managing servers.
• Key Features:
• Automatically scales your application by running code in response to triggers
• Integrated with other AWS services like S3, DynamoDB, API Gateway, and
Kinesis
• Custom event sources for external events (HTTP, API calls, etc.)
• Supports various programming languages (Node.js, Python, Java, Go, Ruby, etc.)
• Use Cases:
• Real-time file processing (e.g., image resizing, data validation)
• Event-driven applications (e.g., notifications, workflow automation)
• Backend for IoT applications

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 24


• IAM (Identity and Access Management) API
• Purpose: IAM API manages access to AWS services and resources
securely.
• Key Features:
• Control who can use AWS resources (users, groups, and roles)
• Manage policies and permissions
• Support for Multi-Factor Authentication (MFA)
• Temporary security credentials with AWS Security Token Service (STS)
• Auditing and compliance tracking through CloudTrail integration
• Use Cases:
• Role-based access control for teams and applications
• Securing AWS resources by least privilege access
• Federating user access with other identity providers

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 25


• Service APIs
• These are the most common types of AWS APIs, allowing users to interact
directly with specific AWS services like EC2, S3, Lambda, and RDS.
• Characteristics:
• Allow users to programmatically manage resources (e.g., launching EC2 instances,
storing data in S3, creating RDS databases).
• Provide RESTful interfaces, usually following HTTP methods (GET, POST, PUT, DELETE).
• Can be accessed via the AWS SDK, AWS CLI, or HTTP requests.
• Examples:
• EC2 API: Control virtual machine instances, manage security groups, key pairs, and
Elastic IPs.
• S3 API: Store, retrieve, and manage data in object storage using PUT, GET, and DELETE
operations.
• DynamoDB API: Query and manage data in a NoSQL database, supporting high
scalability and performance.

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 26


Management APIs
•These APIs are designed for management and automation of AWS
infrastructure and services. They are used to provision, manage, and monitor AWS
resources.
•Characteristics:
•Focus on resource management (e.g., creating stacks, managing infrastructure).
•Used for automating tasks like deployment, configuration, monitoring, and security.
•Provide mechanisms for automating DevOps practices, continuous integration, and delivery
(CI/CD).
•Examples:
•CloudFormation API: Automate the provisioning of AWS infrastructure using templates. It
supports actions like CreateStack, UpdateStack, and DeleteStack.
•CloudWatch API: Monitor resources and set alarms for cloud applications. Common operations
include PutMetricData, GetMetricStatistics, and DescribeAlarms.

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 27


Authentication and Security APIs
•These APIs handle security-related tasks like access control, identity
management, and encryption.
•Characteristics:
•Used to authenticate and authorize users or services.
•Support Multi-Factor Authentication (MFA), encryption key management, and secure data
handling.
•Often work with AWS Identity and Access Management (IAM) and Key Management Service
(KMS).
•Examples:
•IAM API: Manage users, groups, roles, and policies for controlling access to AWS resources.
Common operations include CreateUser, AttachUserPolicy, and AssumeRole.
•AWS KMS API: Create and manage encryption keys for data encryption and digital signatures.
Example operations include Encrypt, Decrypt, and GenerateDataKey.

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 28


Amazon VPC

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 29


19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 30
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 31
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 32
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 33
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 34
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 35
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 36
VPC Networking

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 37


19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 38
Internet gateway

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 39


19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 40
NAT Gateway

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 41


19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 42
VPC Sharing

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 43


19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 44
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 45
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 46
AWS Direct Connect

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 47


19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 48
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 49
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 50
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 51
AWS Identity and
Access Management (IAM)

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 52


19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 53
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 54
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 55
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 56
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 57
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 58
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 59
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 60
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 61
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 62
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 63
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 64
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 65
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 66
AWS Certificate Manager (ACM)
• ACM (AWS Certificate Manager) plays a significant role in managing SSL/TLS
certificates for securing websites and applications on AWS. To understand
the role of ACM in the theory of public and private CAs and SSL/TLS
certificates.
• SSL and TLS are cryptographic protocols designed to provide secure
communication over a computer network, such as the internet.
1.SSL (Secure Sockets Layer)
1. Developed in the 1990s by Netscape.
2. SSL 3.0 was the final version, after which it was replaced by TLS due to security
vulnerabilities.
2.TLS(Transport Layer Security)
1. Successor to SSL, offering stronger encryption and improved security.
2. TLS 1.0, 1.1, 1.2, and 1.3 are versions of the protocol, with TLS 1.3 being the latest and
most secure (as of 2024).

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 67


•Certificate Issuance:
•ACM provides public certificates (trusted by browsers and devices) for
internet-facing applications.
•ACM integrates with AWS Private CA to issue private certificates for
internal systems.
•Certificate Management:
•Handles the full lifecycle of certificates, including:
•Provisioning
•Validation
•Renewal
•Removes the need for manual certificate management.
•Automatic Certificate Renewal:
•Automatically renews certificates to prevent downtime caused by
expired certificates..
19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 68
•Integration with AWS Services:
•Works seamlessly with services like:
•Elastic Load Balancer (ELB)
•Amazon CloudFront (Content Delivery Network)
•API Gateway
•AWS Elastic Beanstalk
•Reduces complexity in deploying and managing secure connections

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 69


• Supported Certificate Types
• Public SSL/TLS Certificates:
• Domain-validated certificates issued by AWS-integrated public
CAs.
• Private SSL/TLS Certificates:
• Issued using AWS Private CA for internal use cases.

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 70


• AWS Certificate Manager (ACM) supports two types of certificates: Public
Certificates and Private Certificates. Each type is suited for different use
cases, depending on whether the communication needs to be secured over
the internet (public-facing) or within private/internal networks.
• 1. Public Certificates
• Public Certificates in ACM are issued by trusted public Certificate
Authorities (CAs) integrated with AWS. These certificates are designed for
securing internet-facing applications and are trusted by web browsers and
operating systems.
• 2. Private Certificates
• Private Certificates are issued by AWS Private Certificate Authority
(Private CA), a service integrated with ACM. These certificates are
designed for internal or private network communication.

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 71


AWS Key Management Service (AWS KMS)
• AWS Key Management Service (KMS) is a fully managed service
provided by Amazon Web Services to create, manage, and control
cryptographic keys used to secure data. It integrates seamlessly
with other AWS services and enables users to meet security and
compliance requirements with minimal operational overhead.

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 72


1. Key Management:
•Symmetric Keys: Use the same key for encryption and decryption.
•Asymmetric Keys: Use a key pair (public/private) for encryption,
decryption, or signing operations.
•Supports customer-managed keys (CMKs) and AWS-managed keys.
2. Secure Key Storage:
•KMS keys are stored in FIPS 140-2 compliant hardware security
modules (HSMs) to ensure a high level of security.
3. Access Control:
•Integrated with AWS Identity and Access Management (IAM) for fine-
grained control over who can manage or use the keys.
•Allows granular policies for encryption and decryption.

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 73


4. Encryption and Decryption:
•Provides APIs to encrypt, decrypt, sign, and verify data directly
or manage the keys used for these operations.
5. Integration with AWS Services:
•Works seamlessly with services like S3, EBS, RDS, DynamoDB,
Lambda, CloudTrail, and more to provide data encryption.
•Manages default encryption for many AWS services.
6. Custom Key Stores:
•Offers integration with AWS CloudHSM, allowing you to manage
keys in a dedicated HSM cluster.

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 74


Types of Keys in AWS KMS

1.AWS-Managed Keys:
1. Automatically created and managed by AWS for encryption in AWS services.
2. Simplifies encryption management but offers limited customization.
2.Customer-Managed Keys (CMKs):
1. Created and managed by the customer.
2. Provide full control over key policies, lifecycle, and permissions.
3.AWS-Owned Keys:
1. Fully managed by AWS and not visible to customers.
2. Used for encryption across various AWS services.
4.Custom Key Stores:
1. Use your own HSM (via AWS CloudHSM) to generate and store KMS keys.

19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 75


19-12-2024 Dr. C. P. Koushik, Assistant Professor, VIT Bhopal University 76

You might also like