| AWS Web Application Firewall | Protect your web applications from common exploits |
| AWS Web Application Firewall properties | Protects against:
SQL Injection
Cross site scripting |
| AWS Shield | managed DDos protection service
network flow monitoring |
| Amazon Macie | discovers and protects sensitive data in S3 |
| PII | Personally Identifiable Information |
| AWS Shield - services it protects | CloudFront
Route 53
Elastic Load Balancing
AWS Global Accelerator |
| AWS Config | Identify changes to your resources over time
Assess, audit, and evaluate configurations of your resources
hybrid |
| Amazon GuardDuty | identified malicious or unauthorised activities in your AWS account |
| Amazon Inspector | discovers workloads and scans for software vulnerabilities and unintended network exposure |
| AWS Artifact | compliance reports |
| Amazon Cognito | Control access to mobile and web applications |
| Amazon Inspector - services it can manage | EC2
Lambda
Elastic container registry |
| AWS Key Management Service | generate and store encryption keys
AWS Manages |
| AWS CloudHSM | generate encryption keys
customer manages keys |
| HSM | Hardware Security Model |
| AWS Secrets Manager | manage and retrieve secrets |
| Secrets manager - integrated services | RDS
Redshift
DocumentDB |
| IAM Credential Report | Lists all users in your account and the status of their credentials |
| IAM Best Practices | Enable MFA for privileged users
Strong password policies
Do not use root user for daily tasks
Use roles for EC2 instances, not access keys |
| IAM Policy | Json format
manage permissions
users groups and roles |
| Role | Defines access permissions
temporarily assumed by an IAM user |
| Principle of least privilege | minimum access required to get the job done |
| IAM Group | collection of IAM users
common access can be applied to all members
firewall for EC2 |
| IAM Entity | represents a person or application needing access to your AWS resources |
| What can only an IAM root user do? | Close your account
Change email address
Activate IAM billing and cost management console
Enable MFA on an s3 |
| AWS IAM Identity Centre | control access to your AWS services and resources |
| IAM | Identity and Access Management |
| IAM Policy Simulator | test and troubleshoot:
identity policies
IAM permissions
SCPs
resource policies |
| Network Access Control List | extra layer of security for VPC
controls traffic at subnet level |
| AWS Shield Advanced | enhanced protections
24/7 expert support |
| Federated User | link users identity across multiple seperate identity management systems |
| AWS Security Hub | automated continuous security best practice checks agains your AWS resources |
