coverpage
Title Page
Copyright
Mastering AWS Security
Credits
About the Author
About the Reviewers
www.PacktPub.com
why subscribe
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Readers feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
Overview of Security in AWS
Chapter overview
AWS shared security responsibility model
Shared responsibility model for infrastructure services
Shared responsibility model for container services
Shared responsibility model for abstracted services
AWS Security responsibilities
Physical and environmental security
Storage device decommissioning
Business continuity management
Communication
Network security
Secure network architecture
Secure access points
Transmission protection
Network monitoring and protection
AWS access
Credentials policy
Customer security responsibilities
AWS account security features
AWS account
AWS credentials
Individual user accounts
Secure HTTPS access points
Security logs
AWS Trusted Advisor security checks
AWS Config security checks
AWS Security services
AWS Identity and Access Management
AWS Virtual Private Cloud
AWS Key Management System (KMS)
AWS Shield
AWS Web Application Firewall (WAF)
AWS CloudTrail
AWS CloudWatch
AWS Config
AWS Artifact
Penetration testing
AWS Security resources
AWS documentation
AWS whitepapers
AWS case studies
AWS YouTube channel
AWS blogs
AWS Partner Network
AWS Marketplace
Summary
AWS Identity and Access Management
Chapter overview
IAM features and tools
Security
AWS account shared access
Granular permissions
Identity Federation
Temporary credentials
AWS Management Console
AWS command line tools
AWS SDKs
IAM HTTPS API
IAM Authentication
IAM user
IAM groups
IAM roles
AWS service role
AWS SAML role
Role for cross-account access
Role for Web Identity Provider
Identity Provider and Federation
Delegation
Temporary security credentials
AWS Security Token Service
The account root user
IAM Authorization
Permissions
Policy
Statement
Effect
Principal
Action
Resource
Condition
Creating a new policy
IAM Policy Simulator
IAM Policy Validator
Access Advisor
Passwords Policy
AWS credentials
IAM limitations
IAM best practices
Summary
AWS Virtual Private Cloud
Chapter overview
VPC components
Subnets
Elastic Network Interfaces (ENI)
Route tables
Internet Gateway
Elastic IP addresses
VPC endpoints
Network Address Translation (NAT)
VPC peering
VPC features and benefits
Multiple connectivity options
Secure
Simple
VPC use cases
Hosting a public facing website
Hosting multi-tier web application
Creating branch office and business unit networks
Hosting web applications in the AWS Cloud that are connected with your data center
Extending corporate network in AWS Cloud
Disaster recovery
VPC security
Security groups
Network access control list
VPC flow logs
VPC access control
Creating VPC
VPC connectivity options
Connecting user network to AWS VPC
Connecting AWS VPC with other AWS VPC
Connecting internal user with AWS VPC
VPC limits
VPC best practices
Plan your VPC before you create it
Choose the highest CIDR block
Unique IP address range
Leave the default VPC alone
Design for region expansion
Tier your subnets
Follow the least privilege principle
Keep most resources in the private subnet
Creating VPCs for different use cases
Favor security groups over NACLs
IAM your VPC
Using VPC peering
Using Elastic IP instead of public IP
Tagging in VPC
Monitoring a VPC
Summary
Data Security in AWS
Chapter overview
Encryption and decryption fundamentals
Envelope encryption
Securing data at rest
Amazon S3
Permissions
Versioning
Replication
Server-Side encryption
Client-Side encryption
Amazon EBS
Replication
Backup
Encryption
Amazon RDS
Amazon Glacier
Amazon DynamoDB
Amazon EMR
Securing data in transit
Amazon S3
Amazon RDS
Amazon DynamoDB
Amazon EMR
AWS KMS
KMS benefits
Fully managed
Centralized Key Management
Integration with AWS services
Secure and compliant
KMS components
Customer master key (CMK)
Data keys
Key policies
Auditing CMK usage
Key Management Infrastructure (KMI)
AWS CloudHSM
CloudHSM features
Generate and use encryption keys using HSMs
Pay as you go model
Easy To manage
AWS CloudHSM use cases
Offload SSL/TLS processing for web servers
Protect private keys for an issuing certificate authority
Enable transparent data encryption for Oracle databases
Amazon Macie
Data discovery and classification
Data security
Summary
Securing Servers in AWS
EC2 Security best practices
EC2 Security
IAM roles for EC2 instances
Managing OS-level access to Amazon EC2 instances
Protecting your instance from malware
Secure your infrastructure
Intrusion Detection and Prevention Systems
Elastic Load Balancing Security
Building Threat Protection Layers
Testing security
Amazon Inspector
Amazon Inspector features and benefits
Amazon Inspector components
AWS Shield
AWS Shield benefits
AWS Shield features
AWS Shield Standard
AWS Shield Advanced
Summary
Securing Applications in AWS
AWS Web Application Firewall (WAF)
Benefits of AWS WAF
Working with AWS WAF
Signing AWS API requests
Amazon Cognito
Amazon API Gateway
Summary
Monitoring in AWS
AWS CloudWatch
Features and benefits
AWS CloudWatch components
Metrics
Dashboards
Events
Alarms
Log Monitoring
Monitoring Amazon EC2
Automated monitoring tools
Manual monitoring tools
Best practices for monitoring EC2 instances
Summary
Logging and Auditing in AWS
Logging in AWS
AWS native security logging capabilities
Best practices
AWS CloudTrail
AWS Config
AWS detailed billing reports
Amazon S3 Access Logs
ELB Logs
Amazon CloudFront Access Logs
Amazon RDS Logs
Amazon VPC Flow Logs
AWS CloudWatch Logs
CloudWatch Logs concepts
CloudWatch Logs limits
Lifecycle of CloudWatch Logs
AWS CloudTrail
AWS CloudTrail concepts
AWS CloudTrail benefits
AWS CloudTrail use cases
Security at Scale with AWS Logging
AWS CloudTrail best practices
Auditing in AWS
AWS Artifact
AWS Config
AWS Config use cases
AWS Trusted Advisor
AWS Service Catalog
AWS Security Audit Checklist
Summary
AWS Security Best Practices
Shared security responsibility model
IAM security best practices
VPC
Data security
Security of servers
Application security
Monitoring logging and auditing
AWS CAF
Security perspective
Directive component
Preventive component
Detective component
Responsive component
Summary
更新时间:2021-07-02 15:44:54
完结共297章
倒序