Hafiz Syed

Yeah. Hi. Myself, I have done an engineering degree in computer science and also have around nine years of experience in cloud and DevOps. I have worked with very big clients like Google PSO. I work with Al Jazeera Media Network, Lloyds Banking Group, and a lot of Health Corporation of America and other projects. So in my oral tenure, I worked with AWS, Google Cloud primarily, and a bit of Azure. I have looked into projects related to migration of applications from on-premise to cloud, from data center to cloud. I worked on projects where migrating databases and the Teradata warehouse to Google Cloud BigQuery. I also worked on projects creating CICD pipelines, automating, and implementing DevOps pipelines for data projects. So I have good hands-on experience of around six plus years in cloud and DevOps, and my overall experience is nine years. So, yeah, that's all I want to say.

So the data we have in AWS, for example, if you're storing the data on an S3 bucket, we have the option of enabling encryption, and we can use customer-managed keys or AWS-provided keys for that particular data. We can either use AWS Key Management Service keys or create our own KMS keys within AWS, or we can upload our own keys to manage that particular data.

What strategy would you use to monitor music? We can enable CloudTrail on the AWS account, so that we can monitor the logs and see which user has used what kind of activities they have done on a particular database account.

What is it to securely manage secrets and sensitive information? In order to create this, we can use something called a secret manager, where we can, let's say, for example, we have a database and we want to store the username and password or any other credentials, which are sensitive data. For that, we can use something called a secret manager to mask that particular username and password and make use of that API calls to read that particular information without exposing the actual content.

We can. I haven't worked much on AWS config though, but CloudTrails, whatever CloudTrail logs are generated, we can keep those logs on an S3 bucket and based upon that, we can store that information on an S3 bucket, and we can analyze that log data using different analytics tools available?

When we set up a VPN, we can establish a site-to-site VPN with two different tunnels, which work as an active and passive setup. To ensure that there is connectivity between the on-premise services servers even if one of the tunnels goes down, we can set up an active-passive or active-active setup with two tunnels. And let's say if we're dealing with, for example, a database server, we can set up an application like a master-slave setup to ensure high availability. In case of any event, we can switch any of the servers to primary.

Do we need to add a term on board, what change would you recommend to ensure that daily load days in instance is not unintentionally distracting to We need to add a parameter called termination protection so that if it will prevent any resource from accidental deletions. Termination protection.

Given the save it was not a function snippet written in Python, can you any of the error it might throw during execution? Explain why. Definite and prevent, we'll have an even context. Go to 3.23. Probably we get an error at response, get object. I'm not sure that s 3 client has the permissions to do to read the bucket we need to. In order to get object, we need certain permissions. Probably we need to use credentials like secret access here, access key or access ID in order to access that particular bucket and get the data.

When scaling an application using Auto Scaling in EC2 instances, I would optimize cost by setting up after scaling groups with certain policies. When creating an after scaling group in EC2, there are certain policies we can set up saying that if the load on the application server goes above 80% or 90%, it should scale more VMs. And whenever there is a drop in traffic or load on the application, it should scale down the application. Scale down the VM count to a minimum of 2 or 3.

In which scenario would you choose AWS Target for over Amazon EC2? That's all for running containers. Let's say, for example, AWS Target is a container management service. Let's say you want to avoid bothering about building the whole cluster or a Docker server to deploy the containers. And you don't want to deal with more than like maintaining a cluster or administration. Then in that case, you simply go ahead and use AWS Fargate instead of using the EC2 instances where you can just deploy the Docker image and pass some parameters to access the particular Docker container, like port numbers and all.

AWS EKS offers a lot of flexibilities in order to maintain security. 1 of the things is we can create a VPC native EKS cluster so that we can control the external access to that particular cluster and isolate services, create different services. Also, we can install STO as a sidecar container on the Kubernetes cluster so that traffic can be reached through a host, through a service, through a host network using a Service Mesh service.