In this section, you will learn how to design and implement a level of security that surrounds your EC2 instances via different techniques. You'll do this by applying vulnerability scans, using key pairs, and isolating your instance for forensic analysis. You'll also learn how to use AWS Systems Manager to administer your EC2 instances.
You will then master how to secure a multi-subnet virtual private cloud through a variety of infrastructure security controls, including route tables, network access control lists, NAT gateways, security groups, and more!
Using a variety of different AWS services specifically designed to secure your applications, we'll look at how to both implement and manage the security configuration of many of them to ensure your applications remain protected.
Unfortunately, there will always be malicious attackers who have a sole aim to harm and hinder your infrastructure. As a result, we'll learn how to implement a number of different features so that you can protect your environment from a distributed denial-of-service attack, as well as some of the best practices that you can implement to reduce the negative effects of such an attack.
Recovering from a security incident takes a lot more than restoring a service, so we will be dedicating a chapter to learning how to respond to an incident and the different steps and recommendations on what to do and when. This will help you identify, isolate, and remediate security incidents across your infrastructure.
Finally, we'll look at how to implement secure connectivity options from your on-premise data center to your AWS infrastructure through the use of a virtual private network and a Direct Connect connection, as well as the components involved to implement such a solution.
By the end of this section, you will have a solid understanding of how security can be implemented across a variety of different layers within your AWS architecture, as well as how each layer plays its own important and effective role.
This section comprises the following chapters:
- Chapter 6, Securing EC2 Instances
- Chapter 7, Configuring Infrastructure Security
- Chapter 8, Implementing Application Security
- Chapter 9, DDoS Protection
- Chapter 10, Incident Response
- Chapter 11, Securing Connections to Your AWS Environment