Book Image

Mastering AWS Security

By : Albert Anthony
Book Image

Mastering AWS Security

By: Albert Anthony

Overview of this book

Mastering AWS Security starts with a deep dive into the fundamentals of the shared security responsibility model. This book tells you how you can enable continuous security, continuous auditing, and continuous compliance by automating your security in AWS with the tools, services, and features it provides. Moving on, you will learn about access control in AWS for all resources. You will also learn about the security of your network, servers, data and applications in the AWS cloud using native AWS security services. By the end of this book, you will understand the complete AWS Security landscape, covering all aspects of end - to -end software and hardware security along with logging, auditing, and compliance of your entire IT environment in the AWS cloud. Lastly, the book will wrap up with AWS best practices for security.
Table of Contents (10 chapters)

Overview of Security in AWS

AWS provides many services, tools and methods such as access control, firewall, encryption, logging, monitoring, compliance, and so on to secure your journey in cloud. These AWS services supports plethora of use cases and scenarios to take end to end care of all your security, logging, auditing and compliance requirement in cloud environment. There is AWS Identity and Access Management (IAM) service that allows you to control access and actions for your AWS users and resources securely, Virtual Private Cloud (VPC) allows you to secure your infrastructure in AWS cloud by creating a virtual network similar to your own private network in your on premises data center.

Moreover, there are web services such as Key Management Services (KMS) that facilitates key management and encryption for protecting your data at rest and in transit. There is AWS Shield and AWS Web Application Firewall (WAF) to protect your AWS resources and applications from common security threats such as Distributed Denial of Service (DDoS) by configuring firewalls at various levels.

AWS Config along with AWS CloudTrail and AWS CloudWatch supports logging, auditing and configuration management for all your AWS resources. AWS Artifact is a managed self-service that gives you compliance documents on demand for all your compliance requirements from your auditor.

This book aims to explain the preceding mentioned services, tools, and methods to enable you in automating all security controls using services provided by AWS such as AWS Lambda, AWS Simple Notification Service (SNS), and so on. We will learn how compliance is different from security. We will learn about how security can be implemented as a continuous activity instead of a periodic activity and how we can achieve continuous compliance by using AWS services. This chapter will give you an overview of security in Amazon Web Services, popularly known as AWS or AWS cloud. We'll learn about the shared security responsibility model of AWS that lies at the very foundation of AWS Security.