In this recipe, we will create a role that allows an EC2 instance to access S3 APIs and then attach it to an EC2 instance. IAM roles provide temporary permissions for an AWS service or user to access another AWS service. A service or user assume a role, and then they are provided with temporary credentials for that session.
- Title Page
- Copyright and Credits
- Dedication
- About Packt
- Contributors
- Preface
- Managing AWS Accounts with IAM and Organizations
- Securing Data on S3 with Policies and Techniques
- Technical requirements
- Creating S3 access control lists
- Creating an S3 bucket policy
- S3 cross-account access from the CLI
- S3 pre-signed URLs with an expiry time using the CLI and Python
- Encrypting data on S3
- Protecting data with versioning
- Implementing S3 cross-region replication within the same account
- Implementing S3 cross-region replication across accounts
- User Pools and Identity Pools with Cognito
- Key Management with KMS and CloudHSM
- Technical requirements
- Creating keys in KMS
- Using keys with external key material
- Rotating keys in KMS
- Granting permissions programmatically with grants
- Using key policies with conditional keys
- Sharing customer-managed keys across accounts
- Creating a CloudHSM cluster
- Initializing and activating a CloudHSM cluster
- Network Security with VPC
- Working with EC2 Instances
- Technical requirements
- Creating and configuring security groups
- Launching an EC2 instance into a VPC
- Setting up and configuring NAT instances
- Creating and attaching an IAM role to an EC2 instance
- Using our own private and public keys with EC2
- Using EC2 user data to launch an instance with a web server
- Storing sensitive data with the Systems Manager Parameter Store
- Using KMS to encrypt data in EBS
- Web Security Using ELBs, CloudFront, and WAF
- Technical requirements
- Enabling HTTPS on an EC2 instance 
- Creating an SSL/TLS certificate with ACM
- Creating a classic load balancer
- Creating ELB target groups
- Using an application load balancer with TLS termination at the ELB
- Using a network load balancer with TLS termination at EC2
- Securing S3 using CloudFront and TLS
- Configuring and using the AWS web application firewall (WAF)
- Monitoring with CloudWatch, CloudTrail, and Config
- Technical requirements
- Creating an SNS topic to send emails
- Working with CloudWatch alarms and metrics
- Creating a dashboard in CloudWatch
- Creating a CloudWatch log group
- Working with CloudWatch events
- Reading and filtering logs in CloudTrail
- Creating a trail in CloudTrail
- Using Athena to query CloudTrail logs in S3
- Cross-account CloudTrail logging
- Integrating CloudWatch and CloudTrail
- Setting up and using AWS Config
- Compliance with GuardDuty, Macie, and Inspector
- Additional Services and Practices for AWS Security
- Technical requirements
- Setting up and using AWS Security Hub
- Setting up and using AWS SSO
- Setting up and using AWS Resource Access Manager
- Protecting S3 Glacier vaults with Vault Lock
- Using AWS Secrets Manager to manage RDS credentials
- Creating an AMI instead of using EC2 user data
- Using security products from AWS Marketplace
- Using AWS Trusted Advisor for recommendations
- Using AWS Artifact for compliance reports
- Other Books You May Enjoy
Creating and attaching an IAM role to an EC2 instance
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.