1. Content

1. Content

1. Application that will have the functionality to upload thumbnail images, transcode videos, index files, validate contents, and aggregate data in real-time.

2. Solution: Host a static web application using Amazon S3, upload images to Amazon S3, use S3 event notification to trigger a Lambda function when media files are uploaded, coordinate other media files processing Lambdas using Step functions, and store the aggregated data in DynamoDB.

1. n premises data > Amazon S3 > AWS Glue >> Amazon Athena > Amazon Quicksight

1. For batch processing jobs such as the one mentioned in this scenario, you can use multiple t2 instances - which support the concept of CPU bursts - are ideal for situations where there are bursts of CPU during certain periods of time only.

1. Problem: Users will upload pictures from their mobile devices directly to Amazon S3 and will be able to view and download their own pictures directly from Amazon S3.

2. Solution: Record the user’s Information in DynamoDB and create a role in IAM with appropriate permissions (once-off setup). When the user uses their mobile app create temporary credentials using the AWS Security Token Service ‘AssumeRole’ function, store these credentials in the mobile app’s memory and use them to access Amazon S3. Generate new credentials the next time the user runs the mobile app.

3. Always think about using functions such as "AssumeRole", "AssumeRoleWithSAML", and "AssumeRoleWithWebIdentity"

4. You can let users sign in using a well-known third-party identity provider such as log in with Amazon, Facebook, Google, or any OpenID Connect (OIDC) 2.0 compatible provider.

5. You can exchange the credentials from that provider for temporary permissions to use resources in your AWS account. This is known as the web identity federation approach to temporary access.

6. When you use web identity federation for your mobile or web application, you don't need to create custom sign-in code or manage your own user identities.

7. Using web identity federation helps you keep your AWS account secure because you don't have to distribute long-term security credentials, such as IAM user access keys, with your application.

1. Building the architecture using the AWS services and offerings that can protect the application from such attacks. e.g. CloudFront, WAF, Autoscaling, Route53, VPC, etc.

2. Defending the infrastructure layer by over-provisioning capacity and deploying DDoS mitigation systems.

3. Defending the application layer by using WAF and operating at scale by using autoscale so that the application can withstand the attack by scaling and absorbing the traffic.

4. Minimizing the surface area of attack

5. Obfuscating the AWS resources

6. 
   

1. Setting up an identity provider for federated access

2. Authenticating users using corporate data store or active directory-user-attributes.

3. Getting temporary access tokens/credentials using AWS STS

4. Creating the IAM Role that has access to the needed AWS Resources

5. 
   

1. Implement third party volume encryption tools

2. Encrypt data inside your applications before storing it on EBS

3. Encrypt data using native data encryption drivers at the file system level.

1. Option 1) The application authenticates against LDAP and retrieves the name of an IAM role associated with the user. The application then calls the AWS Security Token Service (STS) to assume that IAM role ( including the ARN ). The application then uses the temporary credentials to access the appropriate service.

2. Develop an identity broker that authenticates against LDAP and then calls AWS Security Token Service (STS) to get IAM federated user credentials. The application then uses the temporary credentials to access the appropriate service.

3. 
   

1. A Kinesis video stream for sending streaming video to Amazon Rekognition Video. This can be done by using Kinesis “PutMedia” API in Java SDK. The PutMedia operation writes video data fragments into a Kinesis video stream that Amazon Rekognition Video consumes.

2. An Amazon Rekognition Video stream processor to manage the analysis of the streaming video. It can be used to start, stop, and manage stream processors according to needs.

3. A Kinesis data stream consumer to read the analysis results that Amazon Rekognition Video sends to the Kinesis data stream. It can be an Amazon EC2 instance by adding to one of Amazon Machine Images (AMIs). The consumer can be autoscaled by running it on multiple Amazon EC2 instances under an Auto Scaling group.

"Output": {

"KinesisDataStream": {

"Arn": "arn:aws:kinesis:us-east-1:nnnnnnnnnnnn:stream/outputData"

}

1. Amazon Web Services (AWS) provides two over-the-top (OTT) live video streaming solutions to cost-effectively deliver media content to a global audience in the AWS Cloud.

2. Both solutions build a highly available architecture that delivers a reliable real-time viewing experience.

3. Live Streaming on AWS

4. AWS provides a live streaming solution that combines AWS Elemental MediaLive and AWS Elemental MediaPackage with Amazon CloudFront to build a highly resilient and scalable architecture that delivers your live content worldwide.

5. Use AWS Elemental MediaLive and AWS Elemental MediaPackage with Amazon CloudFront.

6. AWS Elemental MediaStore is a video origination and storage service that offers the high performance and immediate consistency required for live and on-demand media.

7. You can use AWS Elemental MediaStore to store assets that MediaLive retrieves and uses when transcoding, and as a destination for output from MediaLive.

8. You can replace MediaPackage with AWS Elemental MediaStore for live stream origination.

9. MediaPackage provides the following features:

   1. Provides multiple output formats for playback support on different players and clients

   2. Leverages MediaPackage to customize your workflow in a number of ways

   3. Adds support for content protection using DRM

   4. Enables DVR-like features such as live rewind and restart

   5. Builds Live-to-VOD workflows

10. MediaStore provides the following features:

    1. Provides a simple solution with fewer customization options

    2. Leverages MediaLive, using a single-pipeline channel, so only one input is required, and outputs are HTTP Live Streaming (HLS) only

    3. Supports using an AWS Elemental Link device as the input

11. GetHLSStreamingSessionURL API is called to retrieve the HLS streaming session URL .

12. In the mobile application, use HLS to display the video stream by using the HLS streaming session URL.

13. The diagram below presents the live streaming video architecture you can automatically deploy using the solution's implementation guide and accompanying AWS CloudFormation template.

14. 
    

1. Problem: The application is designed for users who must be able to connect to it from their hotel rooms, cafes, public Wi-Fi hotspots, and elsewhere on the Internet. But you do not want to publish the application on the Internet.

2. Solution: Configure an SSL VPN solution in a public subnet of your VPC, then install and configure SSL VPN client software on all user computers. Create a private subnet in your VPC and place your application servers in it.

3. Conclusion: Configuring the SSL VPN solution is cost-effective and allows access only to the users. Since the application servers are in a private subnet, the application is not accessible via the internet.

1. Content