Book Image

Mastering AWS Security

By : Albert Anthony
Book Image

Mastering AWS Security

By: Albert Anthony

Overview of this book

Mastering AWS Security starts with a deep dive into the fundamentals of the shared security responsibility model. This book tells you how you can enable continuous security, continuous auditing, and continuous compliance by automating your security in AWS with the tools, services, and features it provides. Moving on, you will learn about access control in AWS for all resources. You will also learn about the security of your network, servers, data and applications in the AWS cloud using native AWS security services. By the end of this book, you will understand the complete AWS Security landscape, covering all aspects of end - to -end software and hardware security along with logging, auditing, and compliance of your entire IT environment in the AWS cloud. Lastly, the book will wrap up with AWS best practices for security.
Table of Contents (10 chapters)

AWS CloudTrail

AWS CloudTrail is a fully managed audit service that captures all API activities in the form of event history in your AWS account for all resources. Simply put, all actions performed by a user, role, or an AWS service are recorded as events by this service. This includes API calls made from the AWS Management Console, CLI tools, SDKs, APIs, and other AWS services. It stores this information in log files. These logs files can be delivered to S3 for durable storage. AWS CloudTrail enables compliance, governance, risk auditing, and operational auditing of your AWS account. This event history is used for security analysis, tracking changes for your resources, analyzing user activity, demonstrating compliance, and various other scenarios that require visibility in your account activities.

AWS CloudTrail is enabled by default for all AWS accounts. It shows seven days...