Notes on Amazon Web Services 5 - Security, Identity and Compliance

Security

• Artifact - Online protal for access to AWS security and compliance documentation.
• Cerificate Manager - Issues free SSL certificates. Integrates with Route 53 and Cloud Front.
• Cloud Directory - Cloud based directory service that can have hierarchies of data in multiple dimensions.
• Directory Service - Fully managed Microsoft active directory service in AWS cloud
• Could Hardware Security Module (HSM) - Dedicated hardware security module in the AWS cloud.
• Amazon Cognito - Sign in and sign up capabilities for web apps, Oauth2 and SAML2 supported.
• Identity and Access Management (IAM) - Allows you to manage user access to AWS services and resources with permissions.
• AWS Organizations - Provides policy based management for multiple AWS accounts.
• AWS Inspector - Automated security assessment service. Can identify vulnerabilities and areas needing improvement.
• Key Management Service (KMS) - Create and control encryption keys for encrypted data.. uses hardware security module to protect your keys.
• AWS Shield - Provides protection against DDoS. Standard version of Shield implemented automatically on all AWS accounts.
• Web Application Firewall - Sits in front of your website to provide additional protection against common attacks such as SQL injection and XSS.

Usage of IAM

• Login with your email and password .. implies root user with all permissions.
• Make sure your root account is very secure.
  • Signin as root user
  • Goto: Your account -> My security credentials
  • Use a very good password for your root user
  • Use multi factor authentication for root user
• Create IAM users with assigned permissions and use that user.
• Click here for steps to create IAM user

Notes

• After creating IAM user, login url will change from https://aws.amazon.com/console

to https://<your_aws_account_id>.signin.aws.amazon.com/console/

Acronyms

• HSM - Hardware Security Module
• IAM - Identity and Access Management
• KMS -Key Management Service
• WAF - Web Application Firewall

Links

• Notes on AWS - Part 1 - Introduction

• Notes on AWS - Part 2 - Storages, Databases, Compute and Content Delivery

• Notes on AWS - Part 3 - Management Tools, App Integration and Customer Engagement

• Notes on AWS - Part 4 - Analytics and Machine Learning

• Notes on AWS - Part 5 - Security, Identity and Compliance

• Notes on AWS - Part 6 - Developer, Media, Mobile, Migration, Productivity, IoT and Gaming

• Notes on AWS - Part 7 - Elastic Beanstalk

• Notes on AWS - Part 8 - Command Line Interface

References

• Backspace Academy AWS Certification Course

• Amazon Simple Storage Service (S3) - Getting Started Guide

• Amazon Simple Storage Service (S3) - Developer Guide

• Amazon Relational Database Service (RDS) - User Guide

• Amazon Elastic Cloud Compute (EC2) - User Guide for Linux

• Amazon Simple Email Service (SES) - Developer Guide

• Amazon CloudWatch - User Guide

• AWS Elastic Beanstalk - Developer Guide

• AWS Command Line Interface (CLI) - User Guide

• AWS Command Line Interface (CLI) - Reference

• AWS Billing and Cost Management - User Guide Version 2.0