Book Image

AWS Administration - The Definitive Guide - Second Edition

By : Yohan Wadia
Book Image

AWS Administration - The Definitive Guide - Second Edition

By: Yohan Wadia

Overview of this book

Many businesses are moving from traditional data centers to AWS because of its reliability, vast service offerings, lower costs, and high rate of innovation. AWS can be used to accomplish a variety of both simple and tedious tasks. Whether you are a seasoned system admin or a rookie, this book will help you to learn all the skills you need to work with the AWS cloud. This book guides you through some of the most popular AWS services, such as EC2, Elastic Beanstalk, EFS, CloudTrail, Redshift, EMR, Data Pipeline, and IoT using a simple, real-world, application-hosting example. This book will also enhance your application delivery skills with the latest AWS services, such as CodeCommit, CodeDeploy, and CodePipeline, to provide continuous delivery and deployment, while also securing and monitoring your environment's workflow. Each chapter is designed to provide you with maximal information about each AWS service, coupled with easy to follow, hands-on steps, best practices, tips, and recommendations. By the end of the book, you will be able to create a highly secure, fault-tolerant, and scalable environment for your applications to run on.
Table of Contents (17 chapters)
Title Page
Packt Upsell
Contributors
Preface
Index

Tips and best practices


Here's a list of a few essential tips and best practices that you ought to keep in mind when working with AWS CloudTrail, AWS Config, and security in general:

  • Analyze and audit security configurations periodically: Although AWS provides a variety of services for safeguarding your cloud environment, it is the organization's mandate to ensure that the security rules are enforced and periodically verified against any potential misconfigurations.
  • Complete audit trail for all users: Ensure that all resource creation, modifications, and terminations are tracked minutely for each user, including root, IAM, and federated users.
  • Enable CloudTrail globally: By enabling logging at a global level, CloudTrail can essentially capture logs for all AWS services, including the global ones such as IAM, CloudFront, and so on.
  • Enable CloudTrail Log file validation: An optional setting, however it is always recommended to enable CloudTrail Log file validations for an added layer of integrity...