Book Image

Mastering AWS Security

By : Albert Anthony
Book Image

Mastering AWS Security

By: Albert Anthony

Overview of this book

Mastering AWS Security starts with a deep dive into the fundamentals of the shared security responsibility model. This book tells you how you can enable continuous security, continuous auditing, and continuous compliance by automating your security in AWS with the tools, services, and features it provides. Moving on, you will learn about access control in AWS for all resources. You will also learn about the security of your network, servers, data and applications in the AWS cloud using native AWS security services. By the end of this book, you will understand the complete AWS Security landscape, covering all aspects of end - to -end software and hardware security along with logging, auditing, and compliance of your entire IT environment in the AWS cloud. Lastly, the book will wrap up with AWS best practices for security.
Table of Contents (10 chapters)

IAM security best practices

IAM provides secure access control in your AWS environment to interact with AWS resources in a controlled manner:

  • Delete your root access keys: A root account is one that has unrestricted access to all AWS resources in your account. It is recommended that you delete access keys, access key IDs, and the secret access key for the root account so that they cannot be misused. Instead, create a user with the desired permissions and carry on tasks with this user.
  • Enforce MFA: Add an additional layer of security by enforcing MFA for all privileged users having access to critical or sensitive resources and APIs having a high blast radius.
  • Use roles instead of users: Roles are managed by AWS; they are preferred over IAM users, as credentials for roles are managed by AWS. These credentials are rotated multiple times in a day and not stored locally on your AWS...