AWS provides many services, tools and methods such as access control, firewall, encryption, logging, monitoring, compliance, and so on to secure your journey in cloud. These AWS services supports plethora of use cases and scenarios to take end to end care of all your security, logging, auditing and compliance requirement in cloud environment. There is AWS Identity and Access Management (IAM) service that allows you to control access and actions for your AWS users and resources securely, Virtual Private Cloud (VPC) allows you to secure your infrastructure in AWS cloud by creating a virtual network similar to your own private network in your on premises data center.
Moreover, there are web services such as Key Management Services (KMS) that facilitates key management and encryption for protecting your data at rest and in transit. There is AWS Shield and AWS Web Application Firewall (WAF) to protect your AWS resources and applications from common security threats such as Distributed Denial of Service (DDoS) by configuring firewalls at various levels.
AWS Config along with AWS CloudTrail and AWS CloudWatch supports logging, auditing and configuration management for all your AWS resources. AWS Artifact is a managed self-service that gives you compliance documents on demand for all your compliance requirements from your auditor.
This book aims to explain the preceding mentioned services, tools, and methods to enable you in automating all security controls using services provided by AWS such as AWS Lambda, AWS Simple Notification Service (SNS), and so on. We will learn how compliance is different from security. We will learn about how security can be implemented as a continuous activity instead of a periodic activity and how we can achieve continuous compliance by using AWS services. This chapter will give you an overview of security in Amazon Web Services, popularly known as AWS or AWS cloud. We'll learn about the shared security responsibility model of AWS that lies at the very foundation of AWS Security.
