Lambda

• Setup one role per Lambda function; don't reuse roles
• Use a function via an API gateway
• Don't store passwords - use AWS secrets manager

Route 53

• Most important features
  • Registration
  • DNS Service
  • Health Checks

Domain vs Hosted Zone

• Domain is a construct of DNS servers that associates a name with a resource
• Domains have zone files
  • Zone files are a text mapping of different resources.

Route 53 health checks

• Allows the checking of application health.
• Can be used to reroute traffic if a resource is unhealthy

Cheking Health of an endpoint

• Create a check from Route 53
• Checks can be done on an IP address or domain name
  • • Can also be a URL that contains data from services
    • These can mirror the actions a user would normally perform

• Calculated health checks act as a root health check
  • • Monitor other health checks
    • Can fail before the origin is considered unhealthy
    • This will fail if any of it's alarms go off.

Route 53 Security Considerations

• Use Route 53 health checks with CloudWatch to monitor services
• Make sure DNS Entries have auto-renew enabled
  • | Famous forgotten DNS names
• Enable DNS query logging

RDS Servicess

• Removes the overhead of having a DBA on staff.
• Read replicas are easy to provision with RDS.
  • These are read-only and will not allow writes.
• An instance can be made HA replicating to another region or AZ.
  • A replicated primary cannot serve any other function.
    • It cannot work as a read replica.
• Read replicas can be promoted to a standalone database
  • If promoted, they will no longer stay in sync with the master.

RDS Security Considerations

• Don't use the AWS root user to create and manage resources.
• Using security groups to control what IPs and services can connect to RDS services
  • Remember Least privilege