Patching & Updates
This urgent type of update is released outside normal QA to fix bugs instantly on live systems.
What is a hotfix?
This AWS service uses ML and anomaly detection to identify account compromise or reconnaissance.
What is Amazon GuardDuty?
This AWS service records event history of API calls and console actions.
What is AWS CloudTrail?
This AWS service provides automatic protection against common network/transport layer DDoS attacks.
What is AWS Shield Standard?
This DNS service provides health checks and automatic failover.
What is Amazon Route 53?
Hotfixes differ from these scheduled updates, which bundle multiple fixes together.
What are patches?
GuardDuty findings often highlight this type of misconfigured resource.
What are IAM roles/policies or exposed EC2 instances?
This service provides compliance evaluations and a history of resource configurations.
What is AWS Config?
AWS Shield Standard is integrated with these two services for no extra cost.
What are Elastic Load Balancing and CloudFront?
Route 53 health checks verify endpoint health by monitoring these three elements.
What are HTTP/HTTPS responses, TCP connections, and CloudWatch alarms?
A rollback is used instead of a hotfix when this action is necessary.
What is reverting to a previous stable version?
This automated AWS service checks workloads for vulnerabilities and best practice deviations.
What is Amazon Inspector?
AWS Config continuously evaluates configurations against these internal or external baselines.
What are compliance rules/policies?
For advanced protection and SLAs, organizations upgrade to this.
What is AWS Shield Advanced?
Failover routing in Route 53 typically points to this type of backup system.
What is a secondary (or disaster recovery) site?
Applying a hotfix directly to production systems bypasses this step in the SDLC.
What is quality assurance/testing?
Scanning Infrastructure-as-Code templates helps prevent breaches caused by this.
What are misconfigurations?
AWS Config findings can be integrated with this service for centralized visibility.
What is AWS Security Hub?
DDoS attacks targeting the application layer are also known as these.
What are Layer 7 attacks?
Route 53 routing policies include geolocation, latency-based, and this one for balancing traffic.
What is weighted routing?
The main risk of deploying hotfixes without testing is introducing these.
What are new vulnerabilities or instabilities?
GuardDuty integrates with this notification service to automate alerting.
What is Amazon SNS?
CloudTrail focuses on activity logs, while Config focuses on this.
What is resource state/configuration history?
AWS Shield works best when combined with this service for distributing content closer to users.
What is Amazon CloudFront?
By combining health checks with DNS failover, organizations can achieve this business objective.
What is high availability?