Cloud

Write an awesome doc for cloud and how to deploy our apps using technologies like AWS, GitHub actions, CI/CD and Docker. Also a very comprehensive documentation around AWS.

View on GitHub

[!NOTE]

AWS Acceptable use policy dictates for what type of work you can use AWS service for.

Security

Who is responsible for what?

AWS	Customers of AWS
Protecting infrastructure.	Protecting your EC2 instances Update your OS. Control IAM roles and permissions. Configure network and firewalls properly. Install security patches for libs/softwares.
Protecting manged services such as S3.	Encrypt app data.

DDoS

DDoS attack overall mechanism and inner parts infographic

Stands for Distributed Denial of Service.

Protect your app against DDoS with:

Option	Cost	Protect apps
Shield standard	Free	Against common, most frequently occurring network and transport layer DDoS attacks.
Shield advanced	Paid service	Against DDoS attacks, volumetric bots, and vulnerability exploitation attempts.
WAF & Shield	Paid service	Against common attack patterns (e.g. SQL injection or cross-site scripting (XSS)).

Common attacks:
- SYN/UDP floods.
- Reflection attack.
- And other layer 3 and layer 4 attacks.
Shield standard is activated by default.
Shield advanced costs something like $3,000 per month per organization.
DDoS response team for supporting AWS customers.

Tags in AWS

Can help you with security/lifecycle tasks.
E.g. in S3 you can grant permissions (for instance: allow a specific user with a specific tag to read some objects).