πŸš€ Exciting Day 10 of My AWS DevOps Professional Journey! πŸš€

Nirav RaychuraNirav Raychura
8 min read

Greetings, fellow learners! Today marks another significant milestone in my AWS DevOps certification journey, and I'm eager to share the knowledge gained on Day 10 through StΓ©phane Maarek's Udemy course.

πŸ’‘ Course Progress - Day 10: Unraveling AWS Config, Control Tower, Security Services, and More!

As we delve into AWS Config and a plethora of security-focused services, let's explore the diverse topics covered and gain valuable insights for maintaining robust, secure, and compliant AWS environments.

πŸ” Key Learnings


🌐 What is AWS Config?

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. You can use AWS Config to monitor and record your AWS resource configurations and automate the evaluation of recorded configurations against desired configurations.

πŸ”„ AWS Config Configurations Recorder and Aggregator

AWS Config Configurations Recorder and Aggregator are two features of AWS Config. Configurations Recorder is a feature that enables you to record the configurations of your AWS resources. Configurations Aggregator is a feature that enables you to aggregate the configurations of your AWS resources across multiple accounts and regions.

πŸ” AWS Config Conformance Packs

AWS Config Conformance Packs are a collection of AWS Config rules and remediation actions that help you manage your AWS resources for compliance with industry standards and best practices. You can use AWS Config Conformance Packs to evaluate your AWS resources against predefined rules and remediate non-compliant resources.

πŸ“„ AWS Config Organizational Rules

AWS Config Organizational Rules are a feature of AWS Config that enables you to define rules that apply to all AWS accounts in your organization. You can use AWS Config Organizational Rules to evaluate your AWS resources against predefined rules and remediate non-compliant resources.


🌐 What is AWS Organizations?

AWS Organizations is a service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. You can use AWS Organizations to create groups of AWS accounts and apply policies to those groups.

🌐 SCP (Service Control Policies) in AWS Organization

AWS Organizations Service Control Policies (SCPs) are a feature of AWS Organizations that enables you to create policies that apply to all AWS accounts in your organization. You can use SCPs to restrict the actions that users and roles can perform on AWS resources.


🌐 AWS Control Tower Overview

AWS Control Tower is a service that enables you to set up and govern a secure, compliant multi-account environment on AWS. You can use AWS Control Tower to create and manage AWS accounts, apply policies, and enforce compliance.

🌐 Control Tower Landing Zones

AWS Control Tower Landing Zones are preconfigured templates that enable you to set up and govern a secure, compliant multi-account environment on AWS. You can use Control Tower Landing Zones to create and manage AWS accounts, apply policies, and enforce compliance.

πŸ”„ Account Factories and Migrating Accounts in AWS Control Tower

AWS Control Tower Account Factories are a feature of AWS Control Tower that enables you to create and manage AWS accounts at scale. You can use Account Factories to automate the creation of new AWS accounts and migrate existing AWS accounts to AWS Control Tower.

🌐 Customizations for AWS Control Tower (CfCT)

Customizations for AWS Control Tower (CfCT) are a set of tools and resources that enable you to customize AWS Control Tower to meet your specific needs. You can use CfCT to create custom landing zones, integrate with third-party tools, and automate account creation and management.

🌐 Control Tower Config Integration

AWS Control Tower Config Integration is a feature of AWS Control Tower that enables you to use AWS Config to monitor and record the configurations of your AWS resources. You can use Control Tower Config Integration to automate the evaluation of recorded configurations against desired configurations.

πŸ”„ Account Factory for Terraform in AWS Control Tower

AWS Control Tower Account Factory for Terraform is a feature of AWS Control Tower that enables you to create and manage AWS accounts using Terraform. You can use Account Factory for Terraform to automate the creation of new AWS accounts and manage existing AWS accounts.


🌐 IAM Identity Center Overview

AWS IAM Identity Center is a feature of AWS Identity and Access Management (IAM) that enables you to manage your IAM users, groups, and roles in a single location. You can use IAM Identity Center to create, manage, and delete IAM users, groups, and roles.


πŸ” AWS Web Application Firewall (WAF) Overview

AWS Web Application Firewall (WAF) is a web application firewall that helps protect your web applications from common web exploits. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection and cross-site scripting.

πŸ”„ AWS Firewall Manager and Policies

AWS Firewall Manager is a service that enables you to centrally manage your AWS WAF rules across multiple accounts and resources. You can use AWS Firewall Manager to create and manage AWS WAF policies that apply to your AWS resources.


πŸ”’ Amazon GuardDuty Overview

Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity. You can use Amazon GuardDuty to detect and respond to threats in real time.

πŸ”„ Integrating GuardDuty with CloudFormation

You can use AWS CloudFormation to create and manage Amazon GuardDuty resources. You can use CloudFormation to create and manage GuardDuty detectors, member accounts, and publishing destinations.


πŸ•΅οΈ Amazon Detective Overview

Amazon Detective is a security service that makes it easy to analyze, investigate, and identify the root cause of security issues in your AWS resources. You can use Amazon Detective to visualize and analyze data from AWS CloudTrail, Amazon VPC Flow Logs, and Amazon GuardDuty.


πŸ•΅οΈ Amazon Inspector Overview

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of your applications deployed on AWS. You can use Amazon Inspector to identify security issues and vulnerabilities in your applications and infrastructure.

πŸ”„ Setting Up Amazon Inspector with EC2

You can use Amazon Inspector to assess the security and compliance of your Amazon EC2 instances. You can use Inspector to identify security issues and vulnerabilities in your EC2 instances and receive detailed reports with remediation steps.

πŸ”„ EC2 Instance Migrations Using AMIs

You can use Amazon Machine Images (AMIs) to migrate your Amazon EC2 instances to different regions or accounts. You can create an AMI of your EC2 instance and then copy the AMI to the destination region or account.


πŸ” AWS Trusted Advisor Overview

AWS Trusted Advisor is an online tool that provides recommendations to help you optimize your AWS resources for performance, security, and cost. You can use Trusted Advisor to identify opportunities to save money, improve system performance, and increase security.

🌐 AWS Trusted Advisor Architectures

AWS Trusted Advisor provides recommendations for optimizing your AWS resources across five categories: cost optimization, performance, security, fault tolerance, and service limits. You can use Trusted Advisor to identify opportunities to reduce costs, improve performance, and increase security across your AWS resources.


πŸ” AWS Secrets Manager Overview

AWS Secrets Manager is a service that enables you to store and retrieve secrets such as database credentials, API keys, and other sensitive data. You can use Secrets Manager to manage secrets for your applications and services.


πŸ” AWS Tag Editor Overview

AWS Tag Editor is a service that enables you to manage tags for your AWS resources. You can use Tag Editor to add, edit, or delete tags for your AWS resources.


πŸ“Š AWS QuickSight Overview

AWS QuickSight is a business intelligence service that enables you to create interactive dashboards and visualizations from your data. You can use QuickSight to analyze data from a variety of sources, including AWS services, third-party applications, and on-premises databases.


πŸ“Š AWS Glue Overview

AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy to move data between data stores. You can use Glue to automate the process of discovering, cataloging, and preparing your data for analysis.


As I bid farewell to this transformative AWS DevOps journey, today marks a significant milestone as I prepare to embark on the certification exam. Each day of learning has brought new challenges and discoveries, deepening my understanding of AWS DevOps principles, thanks to the guidance from StΓ©phane Maarek's Udemy course.

To the community and mentors who have supported and shared in this learning adventure, your insights and engagement have been invaluable. As I face the exam, your good wishes and positive vibes are sincerely appreciated. Here's to showcasing the culmination of dedicated learning and facing the challenge head-on.

In the future, should I emerge triumphant, I'll share my exam experience and the strategies that contributed to my success. Stay tuned for blogs detailing how I navigated the exam process, the resources I found most beneficial, and the approach that worked for me.

While this particular journey may be reaching its conclusion, the spirit of learning remains alive and well. Continuous improvement and staying abreast of the ever-evolving tech landscape will always be at the forefront. As the journey transitions, I invite you to stay connected for future updates. Whether it's new certifications, project implementations, or insights into emerging technologies, the learning adventure continues.

Here's to new horizons and the exciting road ahead! 🌟✨


If you have any doubts or suggestions or any questions let's connect on LinkedIn or Twitter(X).

0
Subscribe to my newsletter

Read articles from Nirav Raychura directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Nirav Raychura
Nirav Raychura

πŸš€ Tech Enthusiast since 2014 | Cloud Maestro with expertise in AWS, Azure, GCP, and Oracle Cloud ☁️ | Navigating the cloud landscape since 2022 | Holder of 8 Cloud Certificates πŸ… | BCA Graduate πŸŽ“ | Proficient in the programming languages of C, C++, GO, VB, and more πŸ–₯️ | Entrepreneur with a focus on servers, NAS, firewalls, networking, and CCTV 🌐 | Architecting the future of tech, one line of code at a time.