Adrian Cantrill’s SAA-C02 course, https://learn.cantrill.io/, 90 minutes: ‘[Theory] and [Demo] EBS encryption’, ‘Network Interfaces, Instance IPs, and DNS’, and ‘Manual Install of ECS’ parts one and two.
Reviewing how KMS interacts with the EC2 instance to encrypt data at rest and how from the operating system perspective there is no encryption; going through the demo really helped reinforce this concept.
The discussion of the ENI and how the ENI interacts with network traffic on behalf of the EC2 instance was really interesting, also regards to security groups and how they interface directly with ENI. Seeing the use of DNS to create a DNS name that is both publicly and privately resolveable further reinforces the impression created by my first go around with VPC and how the internet gateway funnels public and private ip traffic in such a way that the public ip address never penetrates deeply into the VPC environment.
It is obvious from all of this that much thought has been given to how to make AWS environments very secure by implementing technologies that create a wall of separation between public and private network traffic.
Rounding this off with the manual installation of WordPress was really fascinating. Yes, the procedure was really tedious, but it was great to review some Linux commands and take a little time to study the process.