O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

AWS: Security Best Practices on AWS

Book Description

Delve deep into various security aspects of AWS to build and maintain a secured environment

About This Book

  • Learn to secure your network, infrastructure, data, and applications in AWS cloud
  • Use AWS managed security services to automate security
  • Dive deep into various aspects such as the security model, compliance, access management and much more to build and maintain a secured environment
  • Explore Cloud Adoption Framework (CAF) and its components
  • Embedded with assessments that will help you revise the concepts you have learned in this book

Who This Book Is For

This book is for all IT professionals, system administrators, security analysts, solution architects, and chief information security officers who are responsible for securing workloads in AWS for their organizations.

What You Will Learn

  • Get familiar with VPC components, features, and benefits
  • Learn to create and secure your private network in AWS
  • Explore encryption and decryption fundamentals
  • Understand monitoring, logging, and auditing in AWS
  • Ensure data security in AWS
  • Secure your web and mobile applications in AWS
  • Learn security best practices for IAM, VPC, shared security responsibility model, and so on

In Detail

With organizations moving their workloads, applications, and infrastructure to the cloud at an unprecedented pace, security of all these resources has been a paradigm shift for all those who are responsible for security; experts, novices, and apprentices alike.

This book focuses on using native AWS security features and managed AWS services to help you achieve continuous security. Starting with an introduction to Virtual Private Cloud (VPC) to secure your AWS VPC, you will quickly explore various components that make up VPC such as subnets, security groups, various gateways, and many more.

You will also learn to protect data in the AWS platform for various AWS services by encrypting and decrypting data in AWS. You will also learn to secure web and mobile applications in AWS cloud.

This book is ideal for all IT professionals, system administrators, security analysts, solution architects, and chief information security officers who are responsible for securing workloads in AWS for their organizations.

This book is embedded with useful assessments that will help you revise the concepts you have learned in this book.

Style and approach

This book follows a practical approach delving into different aspects of AWS security. It focuses on using native AWS security features and managed AWS services to help you achieve continuous security.

Note: This book is a blend of text and quizzes, all packaged up keeping your journey in mind. It includes content from the following Packt product:

  • Mastering AWS Security by Albert Anthony

Table of Contents

  1. AWS: Security Best Practices on AWS
    1. AWS: Security Best Practices on AWS
    2. Credits
      1. Meet Your Expert
    3. Preface
      1. What's in It for Me?
      2. What Will I Get from This Book?
      3. Prerequisites
    4. 1. AWS Virtual Private Cloud
      1. Introduction
      2. VPC Components
        1. Subnets
        2. Elastic Network Interfaces (ENI)
        3. Route Tables
        4. Internet Gateway
        5. Elastic IP Addresses
        6. VPC Endpoints
        7. Network Address Translation (NAT)
        8. VPC Peering
      3. VPC Features and Benefits
        1. Multiple Connectivity Options
        2. Secure
        3. Simple
      4. VPC Use Cases
        1. Hosting a Public Facing Website
        2. Hosting Multi-Tier Web Application
        3. Creating Branch Office and Business Unit Networks
        4. Hosting Web Applications in the AWS Cloud That Are Connected with Your Data Center
        5. Extending Corporate Network in AWS Cloud
        6. Disaster Recovery
      5. VPC Security
        1. Security Groups
        2. Network Access Control List
        3. VPC Flow Logs
        4. VPC Access Control
      6. Creating VPC
        1. VPC Connectivity Options
          1. Connecting User Network to AWS VPC
          2. Connecting AWS VPC with Other AWS VPC
          3. Connecting Internal User with AWS VPC
      7. VPC Limits
      8. VPC Best Practices
        1. Plan Your VPC before You Create It
        2. Choose the Highest CIDR Block
        3. Unique IP Address Range
        4. Leave the Default VPC Alone
        5. Design for Region Expansion
        6. Tier Your Subnets
        7. Follow the Least Privilege Principle
        8. Keep Most Resources in the Private Subnet
        9. Creating VPCs for Different Use Cases
        10. Favor Security Groups over NACLs
        11. IAM Your VPC
        12. Using VPC Peering
        13. Using Elastic IP Instead of Public IP
        14. Tagging in VPC
        15. Monitoring a VPC
      9. Summary
      10. Assessments
    5. 2. Data Security in AWS
      1. Introduction
      2. Encryption and Decryption Fundamentals
        1. Envelope Encryption
      3. Securing Data at Rest
        1. Amazon S3
          1. Permissions
          2. Versioning
          3. Replication
          4. Server-Side Encryption
          5. Client-Side Encryption
        2. Amazon EBS
          1. Replication
          2. Backup
          3. Encryption
        3. Amazon RDS
        4. Amazon Glacier
        5. Amazon DynamoDB
        6. Amazon EMR
      4. Securing Data in Transit
        1. Amazon S3
        2. Amazon RDS
        3. Amazon DynamoDB
        4. Amazon EMR
      5. AWS KMS
        1. KMS Benefits
          1. Fully Managed
          2. Centralized Key Management
          3. Integration with AWS Services
          4. Secure and Compliant
        2. KMS Components
          1. Customer Master Key (CMK)
          2. Data Keys
          3. Key Policies
          4. Auditing CMK Usage
          5. Key Management Infrastructure (KMI)
      6. AWS CloudHSM
        1. CloudHSM Features
          1. Generate and Use Encryption Keys Using HSMs
          2. Pay as You Go Model
          3. Easy to Manage
        2. AWS CloudHSM Use Cases
          1. Offload SSL/TLS Processing for Web Servers
          2. Protect Private Keys for an Issuing Certificate Authority
          3. Enable Transparent Data Encryption for Oracle Databases
      7. Amazon Macie
        1. Data Discovery and Classification
        2. Data Security
      8. Summary
      9. Assessments
    6. 3. Securing Servers in AWS
      1. EC2 Security Best Practices
      2. EC2 Security
        1. IAM Roles for EC2 Instances
        2. Managing OS-Level Access to Amazon EC2 Instances
        3. Protecting Your Instance from Malware
        4. Secure Your Infrastructure
        5. Intrusion Detection and Prevention Systems
        6. Elastic Load Balancing Security
        7. Building Threat Protection Layers
        8. Testing Security
      3. Amazon Inspector
        1. Amazon Inspector Features and Benefits
        2. Amazon Inspector Components
      4. AWS Shield
        1. AWS Shield Benefits
        2. AWS Shield Features
      5. Summary
      6. Assessments
    7. 4. Securing Applications in AWS
      1. AWS Web Application Firewall
        1. Benefits of AWS Web Application Firewall
        2. Working with AWS Web Application Firewall
      2. Signing AWS API Requests
      3. Amazon Cognito
      4. Amazon API Gateway
      5. Summary
      6. Assessments
    8. 5. AWS Security Best Practices
      1. Shared Security Responsibility Model
        1. IAM Security Best Practices
      2. VPC
      3. Data Security
      4. Security of Servers
      5. Application Security
      6. Monitoring, Logging, and Auditing
      7. AWS CAF
        1. Security Perspective
          1. Directive Component
          2. Preventive Component
          3. Detective Component
          4. Responsive Component
      8. Summary
      9. Assessments
    9. A. Assessment Answers
      1. Lesson 1: AWS Virtual Private Cloud
      2. Lesson 2: Data Security in AWS
      3. Lesson 3: Securing Servers in AWS
      4. Lesson 4: Securing Applications in AWS
      5. Lesson 5: AWS Security Best Practices