This is Part 2 of digesting complex concepts for sake of reviewing AWS CCP exam. So let's get going.
In the last article, we talked about the difference between:
- CAPEX vs OPEX
- CloudWatch vs CloudTrial
- CloudFront vs Global Accelerator
In this article, we will proceed with the following concepts:
- SSO ( Single Sign On ) vs Cognito
- Config vs System Manager
- GaurdDuty vs Macie
1. SSO ( Single Sign On ) vs Cognito
Simply put, Cognito is for authenticating users while AWS SSO is for authenticating employees. Both services are used to allow/deny access for users in general to the AWS Resources. However, the main difference is the type of users; that is what decides here which one to use.
As an example, if you want to give some users of other departments temporarily access on only specific resources to use without the need to create user accounts for them, go with SSO, Single Sign On. Whereas, if you want to give access for users, that are out of your organization and are considered end users in general, to some web applications hosted on AWS, but you don't want them to access the resources or become part of the user account, go with Cognito.
Does it sound better now?
2. Config vs Systems Manager
The AWS Config Management Tool is a powerful tool that allows you to manage and automate the configuration of your Amazon Web Services (AWS) resources. It can be considered as the hub of config and configuration history over all resources used. All configurations can be saved in one place. In this case, you can track the config changes along the way and maybe it can be helpful in defining some failure issues as well.
But, Can it be used to automate some processes based on given configuration? The answer is No, but AWS Systems Manager (SSM) can.
AWS Systems Manager is a management tools that provides a unified interface which you can view operational resources and monitor the ongoing changes. Its super power is that you can automate many tasks and make sure it meets the security and compliance needed.
The point here, don't confuse between config that aids as a store for almost all configuration used in resources, and between the systems manager that can be used to automate the infrastructure of many resources ( such as EC2, S3, etc .. ) and still keep record of the ongoing tasks.
Enough of that, now let's discover one of the most interesting security tools in AWS!
3. GaurdDuty vs Macie
Gaurd duty is an effective threat detection service that is continuously looking for malicious attacks and delivering detailed findings to keep the remediation and security compliance always monitored.
Macie, on the other hand, is also an effective threat detection services but it's specialized in sensitive data threat detection and not generalized for all malicious attacks.
So, whenever you see in the exam sensitive data threat detection, consider Macie!
Let me know what do you think in the comments!
Thanks for reading! I hope you found this post helpful in your journey to becoming an Amazon Web Services Cloud Practitioner.
Feel free to reach me out on the following:
Top comments (0)