Home Page Icon
Home Page
Table of Contents for
AWS: Security Best Practices on AWS
Close
AWS: Security Best Practices on AWS
by Albert Anthony
AWS: Security Best Practices on AWS
AWS: Security Best Practices on AWS
AWS: Security Best Practices on AWS
Credits
Meet Your Expert
Preface
What's in It for Me?
What Will I Get from This Book?
Prerequisites
1. AWS Virtual Private Cloud
Introduction
VPC Components
Subnets
Elastic Network Interfaces (ENI)
Route Tables
Internet Gateway
Elastic IP Addresses
VPC Endpoints
Network Address Translation (NAT)
VPC Peering
VPC Features and Benefits
Multiple Connectivity Options
Secure
Simple
VPC Use Cases
Hosting a Public Facing Website
Hosting Multi-Tier Web Application
Creating Branch Office and Business Unit Networks
Hosting Web Applications in the AWS Cloud That Are Connected with Your Data Center
Extending Corporate Network in AWS Cloud
Disaster Recovery
VPC Security
Security Groups
Network Access Control List
VPC Flow Logs
VPC Access Control
Creating VPC
VPC Connectivity Options
Connecting User Network to AWS VPC
Connecting AWS VPC with Other AWS VPC
Connecting Internal User with AWS VPC
VPC Limits
VPC Best Practices
Plan Your VPC before You Create It
Choose the Highest CIDR Block
Unique IP Address Range
Leave the Default VPC Alone
Design for Region Expansion
Tier Your Subnets
Follow the Least Privilege Principle
Keep Most Resources in the Private Subnet
Creating VPCs for Different Use Cases
Favor Security Groups over NACLs
IAM Your VPC
Using VPC Peering
Using Elastic IP Instead of Public IP
Tagging in VPC
Monitoring a VPC
Summary
Assessments
2. Data Security in AWS
Introduction
Encryption and Decryption Fundamentals
Envelope Encryption
Securing Data at Rest
Amazon S3
Permissions
Versioning
Replication
Server-Side Encryption
Client-Side Encryption
Amazon EBS
Replication
Backup
Encryption
Amazon RDS
Amazon Glacier
Amazon DynamoDB
Amazon EMR
Securing Data in Transit
Amazon S3
Amazon RDS
Amazon DynamoDB
Amazon EMR
AWS KMS
KMS Benefits
Fully Managed
Centralized Key Management
Integration with AWS Services
Secure and Compliant
KMS Components
Customer Master Key (CMK)
Data Keys
Key Policies
Auditing CMK Usage
Key Management Infrastructure (KMI)
AWS CloudHSM
CloudHSM Features
CloudHSM Features
Generate and Use Encryption Keys Using HSMs
Pay as You Go Model
Easy to Manage
AWS CloudHSM Use Cases
Offload SSL/TLS Processing for Web Servers
Protect Private Keys for an Issuing Certificate Authority
Enable Transparent Data Encryption for Oracle Databases
Amazon Macie
Data Discovery and Classification
Data Security
Summary
Assessments
3. Securing Servers in AWS
EC2 Security Best Practices
EC2 Security
IAM Roles for EC2 Instances
Managing OS-Level Access to Amazon EC2 Instances
Protecting Your Instance from Malware
Secure Your Infrastructure
Intrusion Detection and Prevention Systems
Elastic Load Balancing Security
Building Threat Protection Layers
Testing Security
Amazon Inspector
Amazon Inspector Features and Benefits
Amazon Inspector Components
AWS Shield
AWS Shield Benefits
AWS Shield Features
Summary
Assessments
4. Securing Applications in AWS
AWS Web Application Firewall
Benefits of AWS Web Application Firewall
Working with AWS Web Application Firewall
Signing AWS API Requests
Amazon Cognito
Amazon API Gateway
Summary
Assessments
5. AWS Security Best Practices
Shared Security Responsibility Model
IAM Security Best Practices
VPC
Data Security
Security of Servers
Application Security
Monitoring, Logging, and Auditing
AWS CAF
Security Perspective
Directive Component
Preventive Component
Detective Component
Responsive Component
Summary
Assessments
A. Assessment Answers
Lesson 1: AWS Virtual Private Cloud
Lesson 2: Data Security in AWS
Lesson 3: Securing Servers in AWS
Lesson 4: Securing Applications in AWS
Lesson 5: AWS Security Best Practices
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Table of Contents
Next
Next Chapter
AWS: Security Best Practices on AWS
AWS: Security Best Practices on AWS
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset