AWS
Global AWS Infrastructure
AWS Core Service Offerings:
Compute
Database
Networking
Storage
AWS Compute Services:
Elastic Compute Cloud (EC2)
EC2 Container Services
Lambda
Elastic Beanstalk
AWS Storage Services:
Simple Storage Service (S3)
EC2 Block Storage (EBS)
Elastic File System (EFS)
Glacier
AWS Database Services:
Relational Database Services (RDS)
DynamoDB
ElastiCache
Redshift
AWS Network Services:
Virtual Private Cloud (VPC)
Route 53 Domain Name System (DNS)
Your Security Responsibilities:
Identity and Access Management
Network, Firewall, and Operating System
Encryption
Your Data
Operating system configuration and patching
Software configuration and patching
S3 access controls
Administrative Identity and Access Management
Application Identity and Access Management
Security Tools in AWS:
Identity and Access Management
Directory Service
Web Application Firewall (WAF)
Certificate Manager
Inspector
Network Security Tools in AWS:
Network Security Tools in AWS
Security Groups
Understanding Separation of Duties:
Requires more than one person for an action
Significantly reduces threat of security compromise
Loved by auditors
Protects your account
AWS Root Credentials:
Email address
Your ReallyLongPassword
All powerful
Potentially dangerous
Email and password do not offer enough protection.
Implementing Separation of Duties:
Acquire physical Multi-Factor Authentication (MFA) device
Identify two teams
- Engineering: root account password stewardship
- Information security: MFA stewardship
Enable MFA
Application Programming Interfaces in AWS
Java
.NET
Ruby
Python
PHP
AWS CLI
AWS Console
Top comments (0)