Book Image

Mastering AWS Security

By : Albert Anthony
Book Image

Mastering AWS Security

By: Albert Anthony

Overview of this book

Mastering AWS Security starts with a deep dive into the fundamentals of the shared security responsibility model. This book tells you how you can enable continuous security, continuous auditing, and continuous compliance by automating your security in AWS with the tools, services, and features it provides. Moving on, you will learn about access control in AWS for all resources. You will also learn about the security of your network, servers, data and applications in the AWS cloud using native AWS security services. By the end of this book, you will understand the complete AWS Security landscape, covering all aspects of end - to -end software and hardware security along with logging, auditing, and compliance of your entire IT environment in the AWS cloud. Lastly, the book will wrap up with AWS best practices for security.

Related Content you might be interested in

Current Title:

Small book image
Mastering AWS Security
Albert Anthony
Oct, 2017 | 252 pages
Small book image
AWS Certified Security – Specialty Exam Guide
Stuart Scott
Sep, 2020 | 558 pages
Small book image
Practical AWS Networking
Mitesh Soni
Jan, 2018 | 258 pages
Small book image
AWS Certified Cloud Practitioner Exam Guide
Rajesh Daswani
Jan, 2022 | 630 pages
Table of Contents (10 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Readers feedback
Customer support
Free Chapter
1
Overview of Security in AWS
Overview of Security in AWS
Chapter overview
AWS shared security responsibility model
AWS Security responsibilities
Customer security responsibilities
AWS account security features
AWS Security services
AWS Security resources
Summary
2
AWS Identity and Access Management
AWS Identity and Access Management
Chapter overview
IAM features and tools
IAM Authentication
IAM Authorization
Passwords Policy
AWS credentials
IAM limitations
IAM best practices
Summary
3
AWS Virtual Private Cloud
AWS Virtual Private Cloud
Chapter overview
VPC components
VPC features and benefits
VPC use cases
VPC security
Creating VPC
VPC limits
VPC best practices
Summary
4
Data Security in AWS
Data Security in AWS
Chapter overview
Encryption and decryption fundamentals
Securing data at rest
Securing data in transit
AWS KMS
AWS CloudHSM
Amazon Macie
Summary
5
Securing Servers in AWS
Securing Servers in AWS
EC2 Security best practices
EC2 Security
Amazon Inspector
AWS Shield
Summary
6
Securing Applications in AWS
Securing Applications in AWS
AWS Web Application Firewall (WAF)
Signing AWS API requests
Amazon Cognito
Amazon API Gateway
Summary
7
Monitoring in AWS
Monitoring in AWS
AWS CloudWatch
Monitoring Amazon EC2
Summary
8
Logging and Auditing in AWS
Logging and Auditing in AWS
Logging in AWS
AWS CloudWatch Logs
AWS CloudTrail
Auditing in AWS
AWS Artifact
AWS Config
AWS Trusted Advisor
AWS Service Catalog
AWS Security Audit Checklist
Summary
9
AWS Security Best Practices
AWS Security Best Practices
Shared security responsibility model
IAM security best practices
VPC
Data security
Security of servers
Application security
Monitoring, logging, and auditing
AWS CAF
Summary

Summary

Let us recap what we have learnt in this chapter:

We learnt about the shared security responsibility models of AWS. We found that AWS does the heavy lifting for customers by taking complete ownership of the security of its global infrastructure of regions and availability zones consisting of data centers, and lets customers focus on their business. We got to know that AWS offers multiple services under broad categories and we need to have different security models for various services that AWS offers, such as AWS infrastructure services, AWS container services, and AWS abstract services.

AWS has a different set of security responsibilities for AWS and the customer for the above three categories. We also learnt about physical security of AWS, global infrastructure, network security, platform security, and people and procedures followed at AWS. We looked at ways to protect our AWS account. We went through a couple of AWS services such as AWS Trusted Advisor's and AWS Config and saw how they can help us secure our resources in cloud. We briefly looked at security logs and AWS CloudTrail for finding the root causes for security related incidents. We'll look at logging features in detail in the subsequent chapters later in this book.

In subsequent chapters, we'll go through services that AWS offers to secure your data, applications, network, access, and so on. For all these services, we will provide scenarios and solutions for all the services. As mentioned earlier, the aim of this book is to help you automate security in AWS and help you build security by design for all your AWS resources. We will also look at logging for auditing and identifying security issues within your AWS account. We will go through best practices for each service and we will learn about automating as many solutions as possible.

In the next chapter, AWS Identity and Access Management, we will deep dive into AWS IAM that lets you control your AWS resources securely from a centralized location. IAM serves as an entry point to AWS Security where AWS transfers the security baton to customers for allowing tiered access and authenticating that access for all your AWS resources. We are going to see how we can provide access to multiple users for resources in our AWS account. We will take a look at the various credentials available in detail. We will deep dive into AWS identities such as users, groups and roles along with access controls such as permissions and policies.

Previous Section
End of Chapter 1
Next Chapter