In this lesson, you learned about various features and services available in AWS to secure your servers, most notably, EC2 instances. We went through best practices to follow for EC2 security.

Alongside, we dove deep into various measures to follow for all use cases for securing your EC2 instances. These measures range from using IAM roles for all applications running on EC2 instances to managing operating system access to building threat protection layers in your multi-layered architectures and testing security for your EC2 instances with prior permission from AWS support.

You learned about Amazon Inspector, an automated security assessment managed service that integrates security assessment, identification, and remediation with development. This results in faster deployment and better agility for your development process. You learned about the various components of Amazon Inspector, such as agents, assessment template, findings, and so on, to help use this service for EC2 instances.

Lastly, we went through AWS Shield, a managed DDoS protection service, along with its features and benefits. You learned about the AWS Shield tiers, Standard and Advanced, and how they can protect AWS resources from the most common, as well as the most advanced and sophisticated, attacks. In this section, you learned about AWS DRT, a team available 24/7 to help us mitigate attacks and respond to incidents that can also write code for us if required.

In the next lesson, Securing Applications in AWS, you are going to learn about various AWS services provided to AWS customers for securing applications running on AWS. These could be a monolithic application, a web or a mobile application, a serverless application, or a microservices-based application. These applications could run entirely on AWS, or they could run in a hybrid mode, that is, partially in AWS and partially outside of AWS.

These applications might run on various AWS resources and interact with various AWS resources, such as applications running on EC2 instances that store data on AWS S3. This scenario opens up the possibility of attacks from various channels. AWS has a whole suite of services and features to thwart all such attacks, including application-level firewalls, managed services for user authentication, managed services for securing APIs, and so on.