ingest: CTP Topic 35 AWS Landing Zone Design Refresher (SaaS Labs)
- Source page: fix broken wikilinks, add Contradictions (bidirectional with ctp-topic-1) - Entities: create Cloud-Technology-Design-Forum - Concepts: create Network-Segmentation - index.md: add date+summary to ctp-topic-35, add new Entity+Concept entries - log.md: append ingest record
This commit is contained in:
43
wiki/log.md
43
wiki/log.md
@@ -1,3 +1,13 @@
|
||||
## [2026-05-06] ingest | CTP Topic 35 AWS Landing Zone Design Refresher (SaaS Labs)
|
||||
- Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-35-aws-landing-zone-design-refresher-saas-labs.md
|
||||
- Status: ✅ 成功摄入
|
||||
- Summary: Landing Zone 设计复习——明确 SaaS(生产)与 Labs(开发)的核心定位:SaaS = 生产,Labs = 开发;SaaS LZ 含产品账户、核心账户(AD/DNS/Network)、共享服务账户、Gruntwork 账户;近期变更:网络分段阻断 SaaS 直连、CCOE CloudTrail 替代 Gruntworks CloudTrail、Checkpoint 重新路由入站流量、AWS Backup 强制化、新账户取消 Management VPC;PoC LZ 并入 Labs;Cloud Technology Design Forum 推动标准化。
|
||||
- Concepts created: [[Network-Segmentation]]
|
||||
- Entities created: [[Cloud-Technology-Design-Forum]]
|
||||
- Entities touched: [[Gruntwork]], [[Checkpoint]]
|
||||
- Source page: wiki/sources/ctp-topic-35-aws-landing-zone-design-refresher-saas-labs.md
|
||||
- Notes: 步骤3完成:Source page 修复所有 broken wikilinks(CCOEs-CloudTrail → CloudTrail,AWS-Landing-Zone → Landing-Zone-Architecture,删除 Shared-Services-Account 等不必要独立 Concept),补全 Contradictions 与 [[ctp-topic-1-gruntwork-landing-zone-architecture]] 视角互补说明,更新 last_updated: 2026-05-06;步骤4完成:index.md 条目补全日期前缀和一行摘要;步骤5完成:overview.md 已有该来源摘要(line 301),内容一致无需修订;步骤6-7完成:新建 [[Cloud-Technology-Design-Forum]] Entity 和 [[Network-Segmentation]] Concept 并加入 index.md;步骤8完成:Contradictions 已从无记录更新为视角互补说明;步骤9完成:log.md 补录本次摄入
|
||||
|
||||
## [2026-05-06] ingest | CTP Topic 1 Gruntwork Landing Zone Architecture
|
||||
- Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-1-gruntwork-landing-zone-architecture.md
|
||||
- Status: ✅ 成功摄入
|
||||
@@ -5739,4 +5749,35 @@
|
||||
- Concepts created: [[Purpose-Built-Databases]], [[DBA-Role-Evolution]], [[Multi-Database-Architecture]]
|
||||
- Entities created: [[Amazon-DynamoDB]], [[Amazon-Aurora]], [[Amazon-RDS]], [[Amazon-ElastiCache]], [[Amazon-Neptune]], [[Amazon-Timestream]], [[Amazon-Keyspaces]], [[Amazon-DocumentDB]], [[Duolingo]], [[Netflix]], [[Peloton]]
|
||||
- Source page: wiki/sources/ctp-topic-51-architecting-with-aws-purpose-built-databases.md
|
||||
- Notes: 步骤3完成:Source page 已存在无需更新;步骤4完成:index.md 条目补全日期+摘要;步骤5完成:overview.md 内容一致无需修订;步骤6完成:11 个 Entity 页面全部新建;步骤7完成:3 个 Concept 页面全部新建;步骤8完成:无冲突(与 ctp-topic-66 互补)
|
||||
- Notes: 步骤3完成:Source page 已存在无需更新;步骤4完成:index.md 条目补全日期+摘要;步骤5完成:overview.md 内容一致无需修订;步骤6完成:11 个 Entity 页面全部新建;步骤7完成:3 个 Concept 页面全部新建;步骤8完成:无实质冲突(属数据库品类技术域,与 RDS vs Aurora 视角互补)
|
||||
|
||||
## [2026-04-28] ingest | CTP Topic 72 Implementing an Enterprise DR Strategy Using AWS Backup
|
||||
- Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup.md
|
||||
- Status: ✅ 成功摄入
|
||||
- Summary: Sabith(AWS)主讲企业级灾备策略与 AWS Backup 架构——核心内容:HA 与 DR 区别(RTO/RPO 核心指标)、AWS Backup 备份计划/保管库/跨账户复制/Vault Lock 四项核心能力、四级 DR 架构模式(Backup & Restore → Pilot Light → Warm Standby → Active-Active)、增量备份节省成本、Forensic Account 定期验证恢复点。
|
||||
- Concepts touched: [[RTO]](已存在,已更新引用)、[[RPO]](已存在,已更新引用)、[[High Availability]](已存在,已更新引用)
|
||||
- Concepts created: [[AWS-Backup-Concepts]](新建:Vault Lock / 增量备份 / 跨账户备份 / Backup Plan / Backup Vault)
|
||||
- Entities touched: [[AWS]](已存在,已更新引用)、[[SRE-Team]](已存在,已更新引用)
|
||||
- Entities created: [[AWS-Backup]](新建:AWS 原生备份服务 Entity,整合 Topic 72/73/44 三个来源)
|
||||
- Source page: wiki/sources/ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup.md
|
||||
- Notes: 步骤3完成:Source page 新建完成;步骤4完成:index.md 条目补全日期+摘要(line 294);步骤5完成:overview.md 已有该来源摘要(line 413),内容一致无需修订;步骤6完成:1 个 Entity 新建,2 个 Entity 更新;步骤7完成:1 个 Concept 新建,3 个 Concept 更新;步骤8完成:与 [[ctp-topic-44-aws-backup-in-micro-focus]] 视角差异已记录于 source page Contradictions 节
|
||||
|
||||
## [2026-04-28] ingest | CTP Topic 73 AWS Backup Implementation of the Cloud Transformation Programme
|
||||
- Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program.md
|
||||
- Status: ✅ 成功摄入
|
||||
- Summary: AWS Backup 在 CTP(云转型计划)中的具体落地实施——SRE Core/Product/Architecture 协作设计 SRE 备份模型,使产品团队能在 DRA 账户内独立管理备份;AWS Backup 被选为战略工具(原生托管、多资源、跨账户/跨区域、不可变性、Audit Manager);初始备份在源账户完成,复制到专属 DR 账户实现即时恢复;SRE 模型自动化 Backup Plans/Vaults/KMS/SNS/Audit 配置;Backup Audit Manager 提供合规框架和控制项评估。
|
||||
- Concepts touched: [[DisasterRecovery]]/[[ImmutableBackup]]/[[LifecyclePolicy]]/[[PointInTimeRecovery]]/[[MultiAccountArchitecture]](均仅出现 1 次,保留于 Source Page 内嵌引用)
|
||||
- Entities touched: [[AWS-Backup]](已存在,已更新 sources 字段)、[[SRE-Team]](已存在,已确认引用)、[[AWS-Backup-Audit-Manager]](本次新建,整合 Topic 72/73 两个来源)
|
||||
- Entities created: [[DRA-Account]](新建:CTP 中每个生产工作负载的专属灾备账户)、[[Databunker]](新建:备份集中账户降级方案)、[[AWS-Backup-Audit-Manager]](新建:合规审计框架 Entity)
|
||||
- Source page: wiki/sources/ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program.md
|
||||
- Notes: 步骤3完成:Source page 新建完成;步骤4完成:index.md 已有该条目(line 296),无需添加;步骤5完成:overview.md 已新增该条目(line 415),内容关联 Topic 72/44 构成完整体系;步骤6完成:3 个 Entity 新建(DRA-Account/Databunker/AWS-Backup-Audit-Manager);步骤7完成:相关 Concept 均仅出现 1 次,保留于 Source Page 内嵌引用;步骤8完成:与 [[ctp-topic-72-enterprise-dr-strategy-aws-backup]](Topic 72)互补而非冲突——Topic 72 聚焦理论架构,Topic 73 聚焦落地实施。
|
||||
|
||||
|
||||
## [2026-05-06] ingest | CTP Topic 10 AWS Landing Zone (LZ) Data Collection, Tagging Related Security
|
||||
- Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md
|
||||
- Status: ✅ 成功摄入
|
||||
- Summary: Steve Jarman 和 Pradeep 主讲 AWS Landing Zone 部署流程、数据收集策略与基于标签的云原生安全架构。核心:①Landing Zone 部署前需了解 BU 资产清单/IP 地址空间/数据敏感性;②DNS/Transit Gateway 等基础服务已通过 SRE 高度自动化;③基于标签的安全控制——用 AWS 标签替代传统 IP 防火墙规则;④SCP 强制执行标签规范——通过"显式拒绝"防止篡改标签绕过审计;⑤Checkpoint 防火墙有序层——按优先级执行地理屏蔽 → BU 隔离 → 产品隔离 → 环境隔离。
|
||||
- Concepts touched: [[AWS-Landing-Zones]](已存在)、[[Tagging-Methodology]](已存在)、[[SCP-Service-Control-Policies]](已存在)、[[OU-Organizational-Unit]](已存在)、[[Checkpoint-Firewall-Ordered-Layer]](已存在)、[[Transit-Gateway]](已存在)、[[SRE-Automation]](已存在)
|
||||
- Entities touched: [[Steve-Jarman]](已存在)、[[Pradeep]](已存在)、[[Checkpoint]](已存在)、[[AWS-Organizations]](已存在)
|
||||
- Source page: wiki/sources/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md
|
||||
- Notes: 步骤3完成:Source page 新建完成;步骤4完成:index.md 已有该条目(line 233 和 306),无需添加;步骤5完成:overview.md 已有该来源详细摘要(line 319),内容一致无需修订;步骤6-7完成:所有相关 Entity/Concept 页面均已存在,无需新建;步骤8完成:无冲突(与 [[ctp-topic-55-aws-firewall-manager]] 互补而非冲突——Checkpoint 作为网络边界防火墙,Firewall Manager 覆盖实例级别安全策略)
|
||||
|
||||
Reference in New Issue
Block a user