DEV Community

Alec Dutcher
Alec Dutcher

Posted on

Appendix: Security, Identity, and Compliance Services - AWS Certified Cloud Practitioner Study Guide

AWS Artifact

  • No cost, self-service portal for on-demand access to AWS’ compliance reports
  • Reports include Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals
  • Agreements include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA

AWS Certificate Manager (ACM)

  • Provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources
  • Request and deploy certificates
  • ACM handles renewals
  • Create private certificates for internal resources

AWS CloudHSM

  • Hardware security module (HSM) that enables you to easily generate and use your own encryption keys
  • Export all of your keys to most other commercially-available HSMs, subject to your configurations

Amazon Cognito

  • Lets you add user sign-up, sign-in, and access control to your web and mobile apps
  • Supports multi-factor authentication and encryption of data-at-rest and in-transit

Amazon Detective

  • Analyze and visualize security data to rapidly get to the root cause of potential security issues
  • Automatically collects log data from AWS resources and uses ML, statistical analysis, and graph theory to assist with security investigations

Amazon GuardDuty

  • Threat detection service that continuously monitors AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation

AWS Identity and Access Management (IAM)

  • Fine-grained access control across all of AWS
  • Specify who can access which services and resources, and under which conditions

Amazon Inspector

  • Automated and continual vulnerability management
  • Continually scans AWS workloads for software vulnerabilities and unintended network exposure

AWS License Manager

  • Create customized licensing rules that mirror the terms of licensing agreements
  • Use these rules to help prevent licensing violations
  • Prevent a licensing breach by stopping the instance from launching or by notifying administrators about the infringement

Amazon Macie

  • Fully managed data security and data privacy service
  • Uses machine learning and pattern matching to discover and protect sensitive data
  • Automatically provides an inventory of Amazon S3 buckets including a list of unencrypted buckets, publicly accessible buckets, and buckets shared with AWS accounts outside those you have defined in AWS Organizations
  • Findings can be searched and filtered in the AWS Management Console and sent to Amazon EventBridge

AWS Shield

  • Managed Distributed Denial of Service (DDoS) protection service
  • Provides always-on detection and automatic inline mitigations
  • All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge

AWS WAF

  • Web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources
  • Create security rules that control bot traffic and block common attack patterns, such as SQL injection or cross-site scripting

Top comments (0)