AWS Solution Architect – UseCases Part-1

This article is part of the series which covers use-cases you might encounter as part of your Solution Architect journey both for exam success as well as in real life . I will list down some sample use cases and then the appropriate solution that can be applied to achieve this goal. Without further ado, here we go :

To avoid accidental deletion of data from S3 bucket, what features/services can be enabled. Enable versioning to keep historical versions of an object
Enable Cross-Region Replication of objects.
Enable MFA delete to require multi-factor authentication (MFA) when deleting an object version.

How can I audit deleted or missing objects from my Amazon S3 bucket?

How to provide access to files stored in private S3 bucket temporarily Create a Pre-Signed URL and provide access to your users

Securing AWS S3 uploads using presigned URLs

Restrict direct access to S3 bucket Create a special CloudFront user called an Origin Access Identity (OAI) and associate it with your distribution.

Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users. Make sure that users can’t use a direct URL to the S3 bucket to access a file there.

Restricting access to Amazon S3 content by using an origin access identity (OAI)

Block External Malicious IP addresses from accessing the company’s website (based on security logs review) Configure AWS WAF to add an IP match condition to block the malicious IP address.

How do I configure AWS WAF to protect my resources from common attacks?

On-Premises applications/users need to access data stored in AWS S3 via NFS or SMB Use AWS Storage Gateway – File Mode and create Mount Points ( File Shares)

Cloud Storage in Minutes with AWS Storage Gateway

Amazon S3 File Gateway Overview – On-Premises Backup to the AWS Cloud

You need to protect data at-rest stored in S3 bucket using encryption keys provided by Customer Use Server-Side Encryption with Customer-Provided Keys (SSE-C)

Server-Side Encryption with Customer-Provided Keys (SSE-C)

Automate the creation, retention, and deletion of backups
for the Amazon EBS volumes.
Use the EBS Data Lifecycle Manager (DLM) to manage snapshots of the volumes

Amazon Data Lifecycle Manager

How can you provide your mobile device users to access a gaming app using their existing social media accounts (i.e. Google,Facebook etc.) Use Amazon Cognito Identity Pools

With an identity pool, your users can obtain temporary AWS credentials to access AWS services, such as Amazon S3 and DynamoDB. Identity pools support anonymous guest users, as well as federation through third-party IdPs.

Common Amazon Cognito Scenarios

How can you convert video and audio files from their
source format into versions that will playback on devices like
smartphones, tablets and PCs
Use Elastic Transcoder Service

Amazon Elastic Transcoder FAQs

Tariq Sheikh Administrator

Tariq Sheikh has been working in IT industry for 15 plus years He is a dual CCIEx26141 with Security,Collaboration and Data Center as his specialities as well as 4xAWS Certified . He is based in Dubai,UAE and his areas of expertise include Data Center technologies, Networking, Security and AWS solution architect

Leave a Reply

Your email address will not be published. Required fields are marked *

Close Bitnami banner