Menu Close

Chapter 12 – Security on AWS

Shared Responsibility Model

Customer responsible for security in the cloud

AWS responsible for security of the cloud

AWS Compliance Program

AWS Global Infrastructure Security

Physical and Environmental Security

Business Continuity Management

Network Security

Network Monitoring and Protection

AWS Account Security Features

AWS Credentials

  • Passwords
  • Multi-Factor Authentication (MFA)
  • Access Keys
  • Key Pairs
  • X.509 Certificates

AWS Cloud Service-Specific Security

Compute Services

  • Amazon Elastic Compute Cloud (Amazon EC2) Security
  • Multiple Levels of Security
  • The Hypervisor
  • Instance Isolation
  • Host Operating System
  • Guest Operating System
  • Firewall
  • API Access
  • Amazon Elastic Block Storage (Amazon EBS) Security

Networking

  • Elastic Load Balancing Security
  • Amazon Virtual Private Cloud (Amazon VPC) Security
  • API Access
  • Subnets and Route Tables
  • Firewall (Security Groups)
  • Network ACLs
  • Virtual Private Gateway
  • Internet Gateway
  • Dedicated Instances
  • Amazon CloudFront Security

Storage

  • Amazon Simple Storage Service (Amazon S3) Security
  • Data Access
  • IAM Policies
  • ACLs
  • Bucket Policies
  • Query String Authentication
  • Data Transfer
  • Data Storage
  • Access Logs
  • Cross-Origin Resource Sharing (CORS)
  • Amazon Glacier Security
  • Data Transfer
  • Data Retrieval
  • Data Storage
  • Data Access

AWS Storage Gateway Security

  • Data Transfer
  • Data Storage

Database

  • Amazon DynamoDB Security
  • Amazon Relational Database Service (Amazon RDS) Security
  • Access Control
  • Network Isolation
  • Encryption
  • Automated Backups and DB Snapshots
  • DB Instance Replication
  • Automatic Software Patching
  • Amazon Redshift Security
  • Cluster Access
  • Data Backups
  • Data Encryption
  • Database Audit Logging
  • Automatic Software Patching
  • SSL Connections
  • Amazon ElastiCache Security
  • Data Access

Application Services

  • Amazon Simple Queue Service (Amazon SQS) Security
  • Data Access
  • Encryption
  • Amazon Simple Notification Service (Amazon SNS) Security
  • Data Access

Analytics Services

  • Amazon Elastic MapReduce (Amazon EMR) Security
  • Amazon Kinesis Security

Deployment and Management Services

  • AWS Identity and Access Management (IAM) Security
  • Roles
  • Federated (Non-AWS) User Access
  • Security Assertion Markup Language (SAML) 2.0
  • Cross-Account Access
  • Applications Running on EC2 Instances That Need to Access AWS Resources

Mobile Services

  • Amazon Cognito Security

Applications

  • Amazon WorkSpaces Security

Leave a Reply

Your email address will not be published. Required fields are marked *