Book Image

AWS: Security Best Practices on AWS

By : Albert Anthony
Book Image

AWS: Security Best Practices on AWS

By: Albert Anthony

Overview of this book

With organizations moving their workloads, applications, and infrastructure to the cloud at an unprecedented pace, security of all these resources has been a paradigm shift for all those who are responsible for security; experts, novices, and apprentices alike. This book focuses on using native AWS security features and managed AWS services to help you achieve continuous security. Starting with an introduction to Virtual Private Cloud (VPC) to secure your AWS VPC, you will quickly explore various components that make up VPC such as subnets, security groups, various gateways, and many more. You will also learn to protect data in the AWS platform for various AWS services by encrypting and decrypting data in AWS. You will also learn to secure web and mobile applications in AWS cloud. This book is ideal for all IT professionals, system administrators, security analysts, solution architects, and chief information security officers who are responsible for securing workloads in AWS for their organizations. This book is embedded with useful assessments that will help you revise the concepts you have learned in this book. This book is repurposed for this specific learning experience from material from Packt's Mastering AWS Security, written by Albert Anthony.
Table of Contents (9 chapters)

AWS CloudHSM Use Cases


A CloudHSM cluster can store up to 3,500 keys of any type or size. It integrates with AWS CloudTrail so all activities related to CloudHSM are logged and you can get a history of all AWS API calls made to CloudHSM.

With so many features and benefits, AWS CloudHSM has many use cases when it comes to securing your data. Let us look at some of the most popular use cases for this service.

Offload SSL/TLS Processing for Web Servers

Web servers and web browsers often use SSL or TLS for a secure connection to transfer data over the internet. This connection requires the web server to use a public-private key pair along with a public key certificate in order to establish an HTTPS session with each client. This activity acts as an overhead for the web server in terms of additional computation. CloudHSM can help you offload this overhead by storing the web server's private key in HSM as it is designed for this purpose. This process is often known as SSL acceleration.

Protect Private...