Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying AWS Security Cookbook
  • Table Of Contents Toc
AWS Security Cookbook

AWS Security Cookbook

By : Heartin Kanikathottu
4.8 (8)
Buy this Book
close
close
AWS Security Cookbook

AWS Security Cookbook

4.8 (8)
By: Heartin Kanikathottu
Buy this Book

Overview of this book

As a security consultant, securing your infrastructure by implementing policies and following best practices is critical. This cookbook discusses practical solutions to the most common problems related to safeguarding infrastructure, covering services and features within AWS that can help you implement security models such as the CIA triad (confidentiality, integrity, and availability), and the AAA triad (authentication, authorization, and availability), along with non-repudiation. The book begins with IAM and S3 policies and later gets you up to speed with data security, application security, monitoring, and compliance. This includes everything from using firewalls and load balancers to secure endpoints, to leveraging Cognito for managing users and authentication. Over the course of this book, you'll learn to use AWS security services such as Config for monitoring, as well as maintain compliance with GuardDuty, Macie, and Inspector. Finally, the book covers cloud security best practices and demonstrates how you can integrate additional security services such as Glacier Vault Lock and Security Hub to further strengthen your infrastructure. By the end of this book, you'll be well versed in the techniques required for securing AWS deployments, along with having the knowledge to prepare for the AWS Certified Security – Specialty certification.
Table of Contents (12 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Sections
Icon
Get in touch
1
Managing AWS Accounts with IAM and Organizations
Icon
Managing AWS Accounts with IAM and Organizations
Icon
Technical requirements
Icon
Configuring IAM for a new account
Icon
Creating IAM policies
Icon
Creating a master account for AWS Organizations
Icon
Creating a new account under an AWS Organization
Icon
Switching roles with AWS Organizations
Lock Free Chapter
2
Securing Data on S3 with Policies and Techniques
Icon
Securing Data on S3 with Policies and Techniques
Icon
Technical requirements
Icon
Creating S3 access control lists
Icon
Creating an S3 bucket policy
Icon
S3 cross-account access from the CLI
Icon
S3 pre-signed URLs with an expiry time using the CLI and Python
Icon
Encrypting data on S3
Icon
Protecting data with versioning
Icon
Implementing S3 cross-region replication within the same account
Icon
Implementing S3 cross-region replication across accounts
3
User Pools and Identity Pools with Cognito
Icon
User Pools and Identity Pools with Cognito
Icon
Technical requirements
Icon
Creating Amazon Cognito user pools
Icon
Creating an Amazon Cognito app client
Icon
User creation and user signups
Icon
Implementing an admin authentication flow
Icon
Implementing a client-side authentication flow
Icon
Working with Cognito groups
Icon
Federated identity with Cognito user pools
4
Key Management with KMS and CloudHSM
Icon
Key Management with KMS and CloudHSM
Icon
Technical requirements
Icon
Creating keys in KMS
Icon
Using keys with external key material
Icon
Rotating keys in KMS
Icon
Granting permissions programmatically with grants
Icon
Using key policies with conditional keys
Icon
Sharing customer-managed keys across accounts
Icon
Creating a CloudHSM cluster
Icon
Initializing and activating a CloudHSM cluster
5
Network Security with VPC
Icon
Network Security with VPC
Icon
Technical requirements
Icon
Creating a VPC in AWS
Icon
Creating subnets in a VPC
Icon
Configuring an internet gateway and a route table for internet access
Icon
Setting up and configuring NAT gateways
Icon
Working with NACLs
Icon
Using a VPC gateway endpoint to connect to S3
Icon
Configuring and using VPC flow logs
6
Working with EC2 Instances
Icon
Working with EC2 Instances
Icon
Technical requirements
Icon
Creating and configuring security groups
Icon
Launching an EC2 instance into a VPC
Icon
Setting up and configuring NAT instances
Icon
Creating and attaching an IAM role to an EC2 instance
Icon
Using our own private and public keys with EC2
Icon
Using EC2 user data to launch an instance with a web server
Icon
Storing sensitive data with the Systems Manager Parameter Store
Icon
Using KMS to encrypt data in EBS
7
Web Security Using ELBs, CloudFront, and WAF
chevron up
Icon
Web Security Using ELBs, CloudFront, and WAF
Icon
Technical requirements
Icon
Enabling HTTPS on an EC2 instance
Icon
Creating an SSL/TLS certificate with ACM
Icon
Creating a classic load balancer
Icon
Creating ELB target groups
Icon
Using an application load balancer with TLS termination at the ELB
Icon
Using a network load balancer with TLS termination at EC2
Icon
Securing S3 using CloudFront and TLS
Icon
Configuring and using the AWS web application firewall (WAF)
8
Monitoring with CloudWatch, CloudTrail, and Config
Icon
Monitoring with CloudWatch, CloudTrail, and Config
Icon
Technical requirements
Icon
Creating an SNS topic to send emails
Icon
Working with CloudWatch alarms and metrics
Icon
Creating a dashboard in CloudWatch
Icon
Creating a CloudWatch log group
Icon
Working with CloudWatch events
Icon
Reading and filtering logs in CloudTrail
Icon
Creating a trail in CloudTrail
Icon
Using Athena to query CloudTrail logs in S3
Icon
Cross-account CloudTrail logging
Icon
Integrating CloudWatch and CloudTrail
Icon
Setting up and using AWS Config
9
Compliance with GuardDuty, Macie, and Inspector
Icon
Compliance with GuardDuty, Macie, and Inspector
Icon
Technical requirements
Icon
Setting up and using Amazon GuardDuty
Icon
Aggregating findings from multiple accounts in GuardDuty
Icon
Setting up and using Amazon Macie
Icon
Setting up and using Amazon Inspector
Icon
Creating a custom Inspector template
10
Additional Services and Practices for AWS Security
Icon
Additional Services and Practices for AWS Security
Icon
Technical requirements
Icon
Setting up and using AWS Security Hub
Icon
Setting up and using AWS SSO
Icon
Setting up and using AWS Resource Access Manager
Icon
Protecting S3 Glacier vaults with Vault Lock
Icon
Using AWS Secrets Manager to manage RDS credentials
Icon
Creating an AMI instead of using EC2 user data
Icon
Using security products from AWS Marketplace
Icon
Using AWS Trusted Advisor for recommendations
Icon
Using AWS Artifact for compliance reports
11
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Web Security Using ELBs, CloudFront, and WAF

Load balancers distribute the load across different systems. They help us handle loads effectively to achieve reliability and high availability. Load balancers can terminate TLS at the load balancer level and provide us with a single place to manage the X.509 certificates that are required. They can also perform TCP passthrough for the TLS traffic and let TLS terminate at the instance level. Firewalls are important security mechanisms that protect networks and systems by monitoring and controlling incoming and outgoing traffic. In this chapter, we will learn about various ways in which we can implement load balancers and firewalls within AWS.

This chapter will cover the following recipes:

  • Enabling HTTPS on an EC2 instance
  • Creating an SSL/TLS certificate with ACM
  • Creating a classic load balancer
  • Creating ELB target groups
  • Using an application...
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
AWS Security Cookbook
End of Section 7
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon