In this chapter, we will introduce some key design principles and approaches to achieving security in your applications deployed on the AWS cloud. As an enterprise, or a start-up, you want to ensure your mission critical applications and data are secure while serving your customers. The approaches in this chapter will address security across the layers of your application architecture including security aspects of key infrastructural components. In order to address security requirements, we will use several AWS services, including IAM, CloudTrail, and CloudWatch. Additionally, we will explore AWS Edge services such as CloudFront, Amazon Certificate Manager (ACM), and AWS WAF from a security perspective. 

Finally, we will also show you how to implement security for our sample application. 

In this chapter, we shall learn about:

• Defining security objectives
• Understanding security responsibilities
• Best practices in implementing AWS security
• Implementing Identity Lifecycle Management
• Tracking AWS API activity using CloudTrail
• Logging for security analysis
• Using third-party security solutions
• Reviewing and auditing security configuration
• Setting up security using IAM roles, the Key Management Service, and configuring SSL
• Securing data at rest, Amazon S3 and RDS