• ALB is not a regional service
  • NLB
  • does not support custom security policy
  • consists of Protocols and ciphers
  • Terminate TLS connection in NLB
    • Require one certificate for each TLS connection to encrypt traffic between client and NLB
    • AWS Certificate manager can be used, since it it automatically renew on expiry
  • CLB (Classic load balancer)
  • Supports the ASG
  • AWS well architect framework includes
  • Monitoring and alerts using Cloudtrail and Cloudwatch
  • Spread EC2 Instances across multiple AZ
  • When web distribution falls under PCI distribution
  • Enable Cloudfront Logs
  • Capture request, sent to the Cloudfront API
  • AWS Public Dataset like satellite imagery, geospatial, genomic is free, need no charge
  • RDP aka Remote Desktop Protocol use port 3389