AWS Security

Understanding AWS Security

We will now be giving you an understanding of AWS Security with different types of AWS Security.

• AWS enables users to scale in a secure environment.
• Users pay only for services used
• Users have security as per their need but without upfront expenses
• AWS provides security at various levels as
  • Infrastructure Security
  • DDoS Mitigation
  • Data Encryption
  • Inventory and Configuration
  • Monitoring and Logging
  • Identity and Access Control

Infrastructure Security

• AWS services provide increases privacy and control network access
• Create private networks and control access to instances and applications by
  • Network firewalls in Amazon VPC
  • Web application firewall capabilities in AWS WAF
• Customer-controlled encryption in transit with TLS across all services
• Connectivity options for private connections from the on-premises environment
• Automatic encryption of all traffic on AWS global and regional networks between AWS secured facilities

DDos mitigation

• AWS services provide resilience during DDoS attacks.
• Services, to control and absorb traffic, and deflect unwanted requests are
  • Route 53
  • CloudFront
  • Elastic Load Balancing
  • AWS WAF
• AWS Shield, a managed DDoS protection service provides always-on detection and automatic inline mitigations to safeguard web applications running on AWS.

Data Encryption

• AWS can add a security layer to data at rest in AWS
• Encryption services include
• Data encryption capabilities in storage and database services,  of
  • EBS
  • S3
  • Glacier
  • Oracle RDS
  • SQL Server RDS
  • Redshift
• AWS KMS or Key Management Service to have AWS manage encryption keys or user-controlled
• Encrypted message queues for the sensitive data using server-side encryption (SSE) for SQS
• Hardware-based cryptographic key storage using AWS CloudHSM, to satisfy compliance requirements
• AWS APIs integrate encryption and data protection with user services

Inventory and Configuration

• AWS tools ensure complying with user’s organizational standards by
• Amazon Inspector – it assesses security of user account for any vulnerability or security-related deviation from laid best practices.
• Deployment tools to manage the creation and decommissioning of AWS resources as per organizational standards
• AWS Config, identify AWS resources, track and manage changes to those resources over time
• AWS CloudFormation to create the standard, preconfigured environments

Monitoring and Logging

• AWS has tools to log events in the AWS environment and which are
• CloudTrail for who, what, who, and from where API calls were made
• Log aggregation options, streamlining investigations and compliance reporting
• CloudWatch for alert notifications if specific events occur or thresholds are exceeded

Identity and Access Control

• With AWS define, enforce, and manage user access policies across AWS services by
• AWS IAM to define individual user accounts with permissions across AWS resources
• AWS MFA for privileged accounts, having options for hardware-based authenticators
• AWS Directory Service integrates and federates with corporate directories
• API integration for any of the organization’s applications or services.

Get ready to qualify AWS Certified Security – Specialty exam with hundreds of practice tests and expert tutorials. Try Free Practice Test Now!