Book Overview & Buying
Table Of Contents
Feedback & Rating

AWS Security Cookbook

By : Heartin Kanikathottu, Kanikathottu

4.8 (8)

Buy this Book

AWS Security Cookbook

4.8 (8)

By: Heartin Kanikathottu, Kanikathottu

Buy this Book

Overview of this book

As a security consultant, securing your infrastructure by implementing policies and following best practices is critical. This cookbook discusses practical solutions to the most common problems related to safeguarding infrastructure, covering services and features within AWS that can help you implement security models such as the CIA triad (confidentiality, integrity, and availability), and the AAA triad (authentication, authorization, and availability), along with non-repudiation. The book begins with IAM and S3 policies and later gets you up to speed with data security, application security, monitoring, and compliance. This includes everything from using firewalls and load balancers to secure endpoints, to leveraging Cognito for managing users and authentication. Over the course of this book, you'll learn to use AWS security services such as Config for monitoring, as well as maintain compliance with GuardDuty, Macie, and Inspector. Finally, the book covers cloud security best practices and demonstrates how you can integrate additional security services such as Glacier Vault Lock and Security Hub to further strengthen your infrastructure. By the end of this book, you'll be well versed in the techniques required for securing AWS deployments, along with having the knowledge to prepare for the AWS Certified Security – Specialty certification.

Preface

Who this book is for

What this book covers

To get the most out of this book

Sections

Get in touch

Managing AWS Accounts with IAM and Organizations

Technical requirements

Configuring IAM for a new account

Creating IAM policies

Creating a master account for AWS Organizations

Creating a new account under an AWS Organization

Switching roles with AWS Organizations

Free Chapter

Securing Data on S3 with Policies and Techniques

Technical requirements

Creating S3 access control lists

Creating an S3 bucket policy

S3 cross-account access from the CLI

S3 pre-signed URLs with an expiry time using the CLI and Python

Encrypting data on S3

Protecting data with versioning

Implementing S3 cross-region replication within the same account

Implementing S3 cross-region replication across accounts

User Pools and Identity Pools with Cognito

Technical requirements

Creating Amazon Cognito user pools

Creating an Amazon Cognito app client

User creation and user signups

Implementing an admin authentication flow

Implementing a client-side authentication flow

Working with Cognito groups

Federated identity with Cognito user pools

Key Management with KMS and CloudHSM

Technical requirements

Creating keys in KMS

Using keys with external key material

Rotating keys in KMS

Granting permissions programmatically with grants

Using key policies with conditional keys

Sharing customer-managed keys across accounts

Creating a CloudHSM cluster

Initializing and activating a CloudHSM cluster

Network Security with VPC

Technical requirements

Creating a VPC in AWS

Creating subnets in a VPC

Configuring an internet gateway and a route table for internet access

Setting up and configuring NAT gateways

Working with NACLs

Using a VPC gateway endpoint to connect to S3

Configuring and using VPC flow logs

Working with EC2 Instances

Technical requirements

Creating and configuring security groups

Launching an EC2 instance into a VPC

Setting up and configuring NAT instances

Creating and attaching an IAM role to an EC2 instance

Using our own private and public keys with EC2

Using EC2 user data to launch an instance with a web server

Storing sensitive data with the Systems Manager Parameter Store

Using KMS to encrypt data in EBS

Web Security Using ELBs, CloudFront, and WAF

Technical requirements

Enabling HTTPS on an EC2 instance

Creating an SSL/TLS certificate with ACM

Creating a classic load balancer

Creating ELB target groups

Using an application load balancer with TLS termination at the ELB

Using a network load balancer with TLS termination at EC2

Securing S3 using CloudFront and TLS

Configuring and using the AWS web application firewall (WAF)

Monitoring with CloudWatch, CloudTrail, and Config

Technical requirements

Creating an SNS topic to send emails

Working with CloudWatch alarms and metrics

Creating a dashboard in CloudWatch

Creating a CloudWatch log group

Working with CloudWatch events

Reading and filtering logs in CloudTrail

Creating a trail in CloudTrail

Using Athena to query CloudTrail logs in S3

Cross-account CloudTrail logging

Integrating CloudWatch and CloudTrail

Setting up and using AWS Config

Compliance with GuardDuty, Macie, and Inspector

Technical requirements

Setting up and using Amazon GuardDuty

Aggregating findings from multiple accounts in GuardDuty

Setting up and using Amazon Macie

Setting up and using Amazon Inspector

Creating a custom Inspector template

Additional Services and Practices for AWS Security

Technical requirements

Setting up and using AWS Security Hub

Setting up and using AWS SSO

Setting up and using AWS Resource Access Manager

Protecting S3 Glacier vaults with Vault Lock

Using AWS Secrets Manager to manage RDS credentials

Creating an AMI instead of using EC2 user data

Using security products from AWS Marketplace

Using AWS Trusted Advisor for recommendations

Using AWS Artifact for compliance reports

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

4.8 (8)

5 star

87.5%

4 star

3 star

12.5%

2 star

1 star

Web Security Using ELBs, CloudFront, and WAF

Load balancers distribute the load across different systems. They help us handle loads effectively to achieve reliability and high availability. Load balancers can terminate TLS at the load balancer level and provide us with a single place to manage the X.509 certificates that are required. They can also perform TCP passthrough for the TLS traffic and let TLS terminate at the instance level. Firewalls are important security mechanisms that protect networks and systems by monitoring and controlling incoming and outgoing traffic. In this chapter, we will learn about various ways in which we can implement load balancers and firewalls within AWS.

This chapter will cover the following recipes: