Entra ID Licences The feature can only be used with security groups (only), and Microsoft 365 groups that have securityEnabled=TRUE. Can delete all users whether a license is assigned directly or via inheritance from a group membership Groups with active license assignments cannot be deleted Users Azure (RBAC) and Azure AD roles are independent. AD roles do not grant access to resources and Azure roles do not grant access to Azure AD.

Panic vs recover To handle panics and recover from them in Go, the built-in panic() and recover() functions can be used. When an error occurs, panic() is called and the program execution stops. You can use the defer statement to call recover(), which stops the panic and resumes execution from the point of the nearest enclosing function call, after all deferred functions have been run. Defer The defer statement in Golang is used to postpone the execution of a function until the surrounding function completes.

Queue What RabbitMQ employs a push model and prevents overwhelming users via the consumer configured prefetch limit. This model is an ideal approach for low-latency messaging. It also functions well with the RabbitMQ queue-based architecture. Think of RabbitMQ as a post office, which receives, stores, and delivers mail, whereas RabbitMQ accepts, stores, and transmits binary data messages. Kafka employs a “pull-based” approach, letting users request message batches from specific offsets. Users can leverage message batching for higher throughput and effective message delivery.

Architecture Overview Master Node: - Responsible for managing the K8s cluster, storing information about the nodes, containers, ... ETCD: - Database that stores informations in key-value format Scheduler - Identifies the right node to place a container based on the containers resource requirements, worker policies, constraints, ... - Controllers: - Types: - Node Controller: Responsible for onboarding new nodes to the cluster, handling situations where nodes are unavailable or get destroyed, - Replication Controller: ensures that the desired number of containers are running at all times in a replication group + - Workflows: - Monitoring status from the nodes and taking some actions to keep applications running.

DDOS Type Application Layer: HTTP flood Protocol Attack: SYN Flood Volumetric: DNS Amplification Identify and Federation Policy Priorty Explicit DENY -> SCP -> Resource Policy -> Permissions Boundaries -> Session Policies -> Identity Policies Directory Service AD Connector: Only redirects no local identity data in AWS Simple AD: AD compatible managed on AWS AWS Managed MS AD: Establish trust connection with your on-premise AD Support AD Native schema extensions which required by some AD applications Large userS Integrates with radius/MFA IAM: Explicit DENY has precedence over ALOW NotAction: explicit allow a FEW THING in there Access Advisor: See permissions granted and when last accessed Access analyzer: Analyze resources that are shared with external entity Access Key: Can have two access keys Can be created, deleted, made inactivate or activate STS When you assume a role, you give up your permissions and take the permissions assigned to the role and vice versa Temporary credentials can’t be cancelled Changing the trust policy has no impact on existing credentials Revoking the leaked credentials: Denying access to credentials created by AssumeRole, AssumeRoleWithSAML, or AssumeRoleWithWebIdentity Delete role, change permisisons impact all assumers you must have the PutRolePolicy to attach the AWSRevokeOlderSessions inline policy Denying access to credentials created by GetFederationToken or GetSessionToken edit or delete the policies that are attached to the IAM user Note: You cannot change the permissions for an AWS account root user so we recommend that you do not call GetFederationToken or GetSessionToken as a root user.

Introduce about yourself I graduated with a major in software engineering from the Military Technical Academy in 2021. I have been working for about 6 years, during which the first 2 years I worked for an outsourcing company mainly dealing with JavaScript. After that, I switched to a product company in the e-commerce field where I started working with Golang and AWS cloud services. The next company I worked for was a crypto exchange platform called Attlas.