Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering AWS Security

You're reading from   Mastering AWS Security Create and maintain a secure cloud ecosystem

Arrow left icon
Product type Paperback
Published in Oct 2017
Publisher Packt
ISBN-13 9781788293723
Length 252 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Albert Anthony Albert Anthony
Author Profile Icon Albert Anthony
Albert Anthony
Arrow right icon
View More author details
Toc

Table of Contents (10) Chapters Close

Preface 1. Overview of Security in AWS FREE CHAPTER 2. AWS Identity and Access Management 3. AWS Virtual Private Cloud 4. Data Security in AWS 5. Securing Servers in AWS 6. Securing Applications in AWS 7. Monitoring in AWS 8. Logging and Auditing in AWS 9. AWS Security Best Practices

AWS Security services

Now, let us look at AWS Security services. These are AWS services that primarily provide ways to secure your resources in AWS. We'll briefly go over these services in this section as all of these services are discussed in detail in the subsequent chapters.

AWS Identity and Access Management 

AWS IAM enables customers to control access securely for their AWS resources and AWS users. In a nutshell, IAM provides authentication and authorization for accessing AWS resources. It supports accessing AWS resources through a web-based management console, CLI, or programmatically through API and SDK. It has basic features for access control such as users, groups, roles, and permissions as well as advanced features such as Identity Federation for integrating with the customer's existing user database, which could be a Microsoft Active Directory or Facebook, or Google. You can define granular permissions for all your resources as well as use temporary security credentials for providing access to external users outside of your AWS account.

AWS Virtual Private Cloud

AWS VPC is an IaaS that allows you to create your own VPN in the cloud. You can provision your resources in this logically isolated network in AWS. This network can be configured to connect to your on-premise data center securely. You can configure firewalls for all your resources in your VPC at instance level and/or subnet level to control traffic passing in and out of your VPC. VPC has a VPC flow log feature that enables you to collect information regarding IP traffic of your VPC.

AWS Key Management System (KMS)

AWS KMS is a service that helps you manage keys used for encryption. There are multiple options for KMS that include bringing your own keys and having them managed by KMS along with those generated by AWS. This is a fully managed service and integrates with other AWS Services such as AWS CloudTrail to log all activities for your KMS services. This service plays an important role in securing the data stored by your applications by encrypting them.

AWS Shield

AWS shield protects your web applications running on AWS from managed Distributed Denial of Service (DDoS) attacks. It is a fully managed service and has two variants, standard and advanced. AWS shield standard is offered to all customers free of charge and provides protection from most common attacks that target your applications or websites on AWS. AWS shield advanced gives you higher levels of protection, integration with other services such as web application firewalls, and access to the AWS DDoS response team.

AWS Web Application Firewall (WAF)

AWS WAF is a configurable firewall for your web applications, allowing you to filter traffic that you want to receive for your web applications. It is a managed service and can be configured either from the management console or through AWS WAF API, so you can have security checkpoints at various levels in your application by multiple actors such as developer, DevOps engineer, security analysts, and so on.

AWS CloudTrail

This is a logging service that logs all API requests in and out of your AWS account. It helps with compliance, auditing, and governance. It delivers a log of API calls to an S3 bucket periodically. This log can be analyzed by using log analysis tools for tracing the history of events. This service plays a very important part in Security Automation and Security Analysis.

AWS CloudWatch

This is a monitoring service that provides metrics, alarms and dashboards for all AWS Services available in your account. It integrates with other AWS services such as AutoScaling, Elastic Load Balancer, AWS SNS, and AWS Lambda for automating response for a metric crossing threshold. It can also collect and monitor logs. AWS CloudWatch can also be used to collect and monitor custom metrics for your AWS resources or applications.

AWS Config

AWS Config is a service that lets you audit and evaluates the configuration of your AWS resources. You can visit the historical configuration of your AWS resources to audit any incident. It helps you with compliance auditing, operational troubleshooting, and so on. You will use this service to make sure your AWS resources stay compliant and configured as per your baseline configuration. This service enables continuous monitoring and continuous assessment of configuration of your AWS resources.

AWS Artifact

This service gives you all compliance related documents at the click of a button. AWS Artificat is a self service, on-demand portal dedicated to compliance and audit related information along with select agreements such as business addendum and non disclosure agreement, and so on.

Penetration testing

AWS allows you to conduct penetration testing for your own EC2 and Relational Database Service (RDS) instances; however, you have to first submit a request to AWS. Once AWS approves this request, you can conduct penetration testing and vulnerability scans for EC2 and RDS instances in your AWS account. We'll take a detailed look at penetration testing in subsequent chapters.

You have been reading a chapter from
Mastering AWS Security
Published in: Oct 2017
Publisher: Packt
ISBN-13: 9781788293723
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image