Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying AWS Security Cookbook
  • Table Of Contents Toc
AWS Security Cookbook

AWS Security Cookbook - Second Edition

By : Kanikathottu
4.5 (4)
Buy this Book
close
close
AWS Security Cookbook

AWS Security Cookbook

4.5 (4)
By: Kanikathottu
Buy this Book

Overview of this book

As a security consultant, implementing policies and best practices to secure your infrastructure is critical. This cookbook discusses practical solutions for safeguarding infrastructure, covering services and features within AWS that help implement security models, such as the CIA triad (confidentiality, integrity, and availability) and the AAA triad (authentication, authorization, and accounting), as well as non-repudiation. This updated second edition starts with the fundamentals of AWS accounts and organizations. The book then guides you through identity and access management, data protection, network security, and encryption. You’ll explore critical topics such as securing EC2 instances, managing keys with KMS and CloudHSM, and implementing endpoint security. Additionally, you’ll learn to monitor your environment using CloudWatch, CloudTrail, and AWS Config, while maintaining compliance with services such as GuardDuty, Macie, and Inspector. Each chapter presents practical recipes for real-world scenarios, allowing you to apply security concepts. By the end of this book, you’ll be well versed in techniques required for securing AWS deployments and be prepared to gain the AWS Certified Security – Specialty certification.
Table of Contents (13 chapters)
close
close
close
Preface
chevron up
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Code in Action
Icon
Conventions used
Icon
Sections
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
Lock Free Chapter
1
Chapter 1: Setting Up AWS Accounts and Organization
Icon
Chapter 1: Setting Up AWS Accounts and Organization
Icon
Technical requirements
Icon
Setting up IAM, account aliases, and billing alerts
Icon
Multi-account management with AWS Organizations
Icon
User management and SSO with IAM Identity Center
2
Chapter 2: Access Management with IAM Policies and Roles
Icon
Chapter 2: Access Management with IAM Policies and Roles
Icon
Technical requirements
Icon
Creating a customer-managed IAM policy
Icon
Using policy variables within IAM policies
Icon
Creating customer-managed policies in IAM Identity Center
Icon
Setting IAM permission boundaries for IAM entities
Icon
Centralizing governance in AWS Organizations with SCPs
Icon
IAM cross-account role switching and identity account architecture
Icon
Cross-service access via IAM roles on EC2 instances
3
Chapter 3: Key Management with KMS and CloudHSM
Icon
Chapter 3: Key Management with KMS and CloudHSM
Icon
Technical requirements
Icon
Creating keys in KMS
Icon
Creating keys with external key material (BYOK)
Icon
Rotating keys in KMS
Icon
Granting permissions programmatically with grants
Icon
Using key policies with conditional keys
Icon
Sharing customer-managed keys across accounts
Icon
Creating, initializing, and activating a CloudHSM cluster
4
Chapter 4: Securing Data on S3 with Policies and Techniques
Icon
Chapter 4: Securing Data on S3 with Policies and Techniques
Icon
Technical requirements
Icon
Creating an S3 bucket policy
Icon
Working with S3 ACLs
Icon
Creating S3 presigned URLs
Icon
Protecting files with S3 versioning and object locking
Icon
Encrypting data on S3
5
Chapter 5: Network and EC2 Security with VPCs
Icon
Chapter 5: Network and EC2 Security with VPCs
Icon
Technical requirements
Icon
Setting up VPC plus VPC resources with minimal effort
Icon
Creating a bare VPC and setting up public and private subnets
Icon
Launching an EC2 instance with a web server using user data
Icon
Creating and configuring security groups
Icon
Working with NACLs
Icon
Using a VPC gateway endpoint to connect to S3
Icon
Configuring and using VPC flow logs
Icon
Setting up and configuring NAT gateways
6
Chapter 6: Web Security Using Certificates, CDNs, and Firewalls
Icon
Chapter 6: Web Security Using Certificates, CDNs, and Firewalls
Icon
Technical requirements
Icon
Enabling HTTPS for a web server on an EC2 instance
Icon
Creating an SSL/TLS certificate with ACM
Icon
Creating ELB target groups
Icon
Using an application load balancer with TLS termination at the ELB
Icon
Using a network load balancer with TLS termination at EC2
Icon
Securing S3 using CloudFront and TLS
Icon
Using a WAF
7
Chapter 7: Monitoring with CloudWatch, CloudTrail, and Config
Icon
Chapter 7: Monitoring with CloudWatch, CloudTrail, and Config
Icon
Technical requirements
Icon
Creating an SNS topic to send emails
Icon
Working with CloudWatch alarms and metrics
Icon
Creating a CloudWatch log group
Icon
Working with EventBridge (previously CloudWatch Events)
Icon
Reading and filtering logs in CloudTrail
Icon
Creating a trail in CloudTrail
Icon
Using Athena to query CloudTrail logs in S3
Icon
Integrating CloudWatch with CloudTrail making use of a CloudFormation template
Icon
Setting up and using AWS Config
8
Chapter 8: Compliance with GuardDuty, Macie, Inspector, and Analyzer
Icon
Chapter 8: Compliance with GuardDuty, Macie, Inspector, and Analyzer
Icon
Technical requirements
Icon
Setting up and using Amazon GuardDuty
Icon
Aggregating findings from multiple accounts in GuardDuty
Icon
Setting up and using Amazon Macie
Icon
Setting up and using Amazon Inspector
Icon
Setting up and using AWS Security Hub
Icon
Using IAM Access Analyzer to inspect unused access
9
Chapter 9: Advanced Identity and Directory Management
Icon
Chapter 9: Advanced Identity and Directory Management
Icon
Technical requirements
Icon
Working with Amazon Cognito user pools
Icon
Using identity pools to access AWS resources
Icon
Using AWS Simple AD for creating a lightweight directory solution
Icon
Using Microsoft Entra ID as the identity provider within AWS
10
Chapter 10: Additional Services and Practices for AWS Security
Icon
Chapter 10: Additional Services and Practices for AWS Security
Icon
Technical requirements
Icon
Setting up and using AWS RAM
Icon
Storing sensitive data with the Systems Manager Parameter Store
Icon
Using AWS Secrets Manager to manage RDS credentials
Icon
Creating an AMI instead of using EC2 user data
Icon
Using security products from AWS Marketplace
Icon
Using AWS Trusted Advisor for recommendations
Icon
Using AWS Artifact for compliance reports
11
Index
Icon
Index
Icon
Why subscribe?
12
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

Preface

The second edition of AWS Security Cookbook discusses practical solutions to the most common problems faced by security consultants while securing their infrastructure. This book explores various AWS services and features that help implement security models and concepts such as the Confidentiality, Integrity, and Availability (CIA) triad, the Authentication, Authorization, and Accounting (AAA) triad, and non-repudiation. The book begins by getting you familiar with essential AWS security features such as Identity and Access Management (IAM), account aliases, and billing alerts, then delves deeper into access management, key management, data security, network security, web security, monitoring, compliance, advanced identity management, and additional security services and practices. Throughout the book, you will come across AWS Security services such as IAM, AWS Organizations, IAM Identity Center, Key Management Service (KMS), CloudHSM, S3, Virtual Private Cloud (VPC), CloudWatch, CloudTrail, Config, GuardDuty, Macie, Inspector, Security Hub, Cognito, Resource Access Manager, Systems Manager Parameter Store, Secrets Manager, Trusted Advisor, and AWS Artifact. Each chapter focuses on essential security areas and progresses toward cloud security best practices and integrating additional security services. By the end of this book, you will be adept with all of the techniques pertaining to securing AWS deployments along with having help to prepare for the AWS Certified Security – Specialty certification.

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
AWS Security Cookbook
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon