Adjustments; notes for amazon data lifecycle manager; new content for…

… Machie.

02-configuration-management-and-iac/eb.md

@@ -72,7 +72,6 @@
 
 ![EB Deployment Summary](images/deployment-summary.png)
 
-
 ## Elastic Beanstalk Lifecycle Policy
 
 - Elastic Beanstalk can store at most 1000 application versions
@@ -145,7 +144,7 @@
 
 ## Elastic Beanstalk and HTTPS
 
-- SSL certificate can be loaded from the console (EB console, load balancer configuration) or from the config .ebextensions/securelistener-alb.config
+- SSL certificate can be loaded from the console (EB console, load balancer configuration) or from the `config .ebextensions`/`securelistener-alb.config`
 - SSL certificates can be provisioned using  ACM (AWS Certificate Manager) or CLI
 - Must configure SG with allowing port 443
 - Redirect HTTP to HTTPS:

03-resilient-cloud-solutions/amazon-data-lifecycle-manager.md

@@ -0,0 +1,21 @@
+# Amazon Data Lifecycle Manager
+
+- We can use Amazon Data Lifecycle Manager to automate the creation, retention, and deletion of EBS snapshots and EBS-backed AMIs
+- When we automate snapshot and AMI management, it helps us to:
+    - Protect valuable data by enforcing a regular backup schedule
+    - Create standardized AMIs that can be refreshed at regular intervals
+    - Retain backups as required by auditors or internal compliance
+    - Reduce storage costs by deleting outdated backups.
+    - Create disaster recovery backup policies that back up data to isolated Regions or accounts
+
+## Policies
+
+- With Amazon Data Lifecycle Manager, we create policies to define your backup creation and retention requirements
+- These policies typically specify the following:
+    - Policy type — Defines the type of backup resources that the policy manages (snapshots or EBS-backed AMIs)
+    - Target resources — Defines the type of resources that are targeted by the policy (instances or EBS volumes)
+    - Creation frequency — Defines how often the policy runs and creates snapshots or AMIs
+    - Retention threshold — Defines how long the policy retains snapshots or AMIs after creation
+    - Additional actions — Defines additional actions that the policy should perform, such as cross-Region copying, archiving, or resource tagging
+- Default policies: back up all volumes and instances in a Region that do not have recent backups
+- Custom policies: target specific resources based on their assigned tags and support advanced features, such as fast snapshot restore, snapshot archiving, cross-account copying, and pre and post scripts

03-resilient-cloud-solutions/asg.md

@@ -184,7 +184,7 @@
 - Solution for this issue:
     - Redeploy the application
     - Suspend Launch process during deployment
-Reference: [https://docs.aws.amazon.com/codedeploy/latest/userguide/integrations-aws-auto-scaling.html](https://docs.aws.amazon.com/codedeploy/latest/userguide/integrations-aws-auto-scaling.html)
+- Reference: [https://docs.aws.amazon.com/codedeploy/latest/userguide/integrations-aws-auto-scaling.html](https://docs.aws.amazon.com/codedeploy/latest/userguide/integrations-aws-auto-scaling.html)
 
 ## ASG Deployment Strategies
 

03-resilient-cloud-solutions/dynamodb.md

@@ -368,7 +368,7 @@
 
 ## DynamoDB Global Tables
 
-- Enable cross-region replication of a DynamoDB table
+- Enable cross-region replication of a DynamoDB table (has to be done manually on an already existing table)
 - Require DynamoDB Streams to be enabled in order to work
 - Multi-region replication is **Active-Active** => applications can READ and WRITE in any region to the table
 - Data replication is eventually consistent

03-resilient-cloud-solutions/s3.md

@@ -516,8 +516,8 @@
         - *Cached volumes*:
             - We store our data in S3 and retain a copy of frequently accessed data subsets locally
         - *Stored volumes*:
-            - If we need low-latency access to your entire dataset, first we configure our on-premises gateway to store all our data locally
-            - Then we asynchronously back up point-in-time snapshots of this data to Amazon S3 - This configuration provides durable and inexpensive offsite backups that we can recover to our local data center or Amazon EC2
+            - If we need low-latency access to our entire dataset, first we configure our on-premises gateway to store all our data locally
+            - Then we asynchronously back up point-in-time snapshots of this data to Amazon S3 - this configuration provides durable and inexpensive offsite backups that we can recover to our local data center or Amazon EC2
 - **Tape Gateway**:
     - Provides backup processes similar to the ones using physical tapes
     - It is a Virtual Tape Library (VTL) backed by S3 and Glacier

05-incident-and-event-response/eventbridge.md

@@ -24,7 +24,9 @@
     - Start Step Function
     - Send a message to SNS, SQS, Kinesis Data Streams
     - Start an SSM Automation
+    - EC2 API Call (Reboot, Stop, Terminate)
     - etc.
+    - **Note: S3 bucket cannot be a destination!**
 
 ## Event Buses
 

06-security-and-compliance/macie.md

@@ -1,7 +1,27 @@
 # Amazon Macie
 
-- Macie is a data visibility security service which helps classify and protect sensitive and business-critical content
-- It has 1Gb free tier for analyzing data
-- Provides a dashboard with results group by severity
-- Provides alerts for findings and additional information about it
-- Provides integration with multiple accounts
+- A security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS
+- Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property
+- Amazon Macie allows you to achieve the following:
+    - Identify and protect various data types, including PII, PHI, regulatory documents, API keys, and secret keys
+    - Verify compliance with automated logs that allow for instant auditing
+    - Identify changes to policies and access control lists
+    - Receive notifications when data and account credentials leave protected zones
+    - Detect when large quantities of business-critical documents are shared internally and externally
+
+## Concepts
+
+- Data source is the origin or location of a set of data:
+    - AWS CloudTrail event logs and errors, including Amazon S3 object-level API activity
+    - Amazon S3 objects: we can integrate Macie with our S3 buckets and/or specify S3 prefixes
+- User, in the context of Macie, a user is the AWS Identity and Access Management (IAM) identity that makes the request
+- There are certain file formats that Macie does not support, such as wav files
+- Once Macie begins monitoring your data, it uses several automatic content classification methods to identify and prioritize your sensitive and critical data and to accurately assign business value to our data
+- Each classification has a designated risk level between 1 and 10, with 10 being the highest risk and 1 being the lowest
+- Classification methods:
+    - Content Type Classification
+    - File Extension Classification
+    - Theme Classification
+    - Regex Classification
+    - PII Classification
+    - Support Vector Machine–Based Classifier

README.md

@@ -44,6 +44,7 @@
     - [NAT Gateways](03-resilient-cloud-solutions/nat.md)
     - [Resilient Architectures](03-resilient-cloud-solutions/resilient-architectures.md)
     - [Disaster Recovery](03-resilient-cloud-solutions/disaster-recovery.md)
+    - [Amazon Data Lifecycle Manager](03-resilient-cloud-solutions/amazon-data-lifecycle-manager.md)
 4. Monitoring and Logging
     - [CloudWatch](04-monitoring-and-logging/cloudwatch.md)
     - [Amazon Lookout for Metrics](04-monitoring-and-logging/lookout.md)