Book Image

Mastering AWS Security

By : Albert Anthony
Book Image

Mastering AWS Security

By: Albert Anthony

Overview of this book

Mastering AWS Security starts with a deep dive into the fundamentals of the shared security responsibility model. This book tells you how you can enable continuous security, continuous auditing, and continuous compliance by automating your security in AWS with the tools, services, and features it provides. Moving on, you will learn about access control in AWS for all resources. You will also learn about the security of your network, servers, data and applications in the AWS cloud using native AWS security services. By the end of this book, you will understand the complete AWS Security landscape, covering all aspects of end - to -end software and hardware security along with logging, auditing, and compliance of your entire IT environment in the AWS cloud. Lastly, the book will wrap up with AWS best practices for security.
Table of Contents (10 chapters)

VPC

VPC is your own virtual, secured, scalable network in the AWS cloud that contains your AWS resources. Let us look at the VPC security best practices:

  • Create custom VPC: It is recommended to create your own VPC and not use the default VPC as it has default settings to allow unrestricted inbound and outbound traffic.
  • Monitor VPC activity: Create VPC flow logs to monitor flow of all IP traffic in your VPC from network resources to identify and restrict any unwanted activity.
  • Use Network Address Translation (NAT): Keep all your resources that do not need access to the internet in a private subnet. Use a NAT device, such as a NAT instance or NAT gateway to allow internet access to resources in a private subnet.
  • Control access: Use IAM to control access to the VPC and resources that are part of the VPC. You can create a fine grained access control using IAM for resources in your...