Book Image

AWS Security Cookbook

By : Heartin Kanikathottu
Book Image

AWS Security Cookbook

By: Heartin Kanikathottu

Overview of this book

As a security consultant, securing your infrastructure by implementing policies and following best practices is critical. This cookbook discusses practical solutions to the most common problems related to safeguarding infrastructure, covering services and features within AWS that can help you implement security models such as the CIA triad (confidentiality, integrity, and availability), and the AAA triad (authentication, authorization, and availability), along with non-repudiation. The book begins with IAM and S3 policies and later gets you up to speed with data security, application security, monitoring, and compliance. This includes everything from using firewalls and load balancers to secure endpoints, to leveraging Cognito for managing users and authentication. Over the course of this book, you'll learn to use AWS security services such as Config for monitoring, as well as maintain compliance with GuardDuty, Macie, and Inspector. Finally, the book covers cloud security best practices and demonstrates how you can integrate additional security services such as Glacier Vault Lock and Security Hub to further strengthen your infrastructure. By the end of this book, you'll be well versed in the techniques required for securing AWS deployments, along with having the knowledge to prepare for the AWS Certified Security – Specialty certification.
Table of Contents (12 chapters)

Additional Services and Practices for AWS Security

We looked into many security-related concepts and services throughout this book. There are still more security services and practices that can help us make our AWS infrastructure secure. In this chapter, we will look into some of these additional services and practices that are worth paying attention to. Unlike other chapters, we will not go very deep into these services. You can refer to the documentation of the respective services and check the links provided in the See also section for further learning. We will first learn about using AWS Security Hub to work with multiple security services we learned about in previous chapters. We will learn about some security-related managed services not covered before, such as AWS Single Sign-On (SSO), AWS Resource Access Manager, AWS Secrets Manager, AWS Trusted Advisor, and AWS Artifact...