Mastering AWS Security Strengthen Your Cloud Environment Using AWS Security Features Coupled with Proven Strategies
If you’re trying to navigate the complex world of AWS security and fortify your organizational cloud environment, then this book is for you. Written by an accomplished cybersecurity and AWS cloud consultant, Mastering AWS Security will help you understand and master the complexities of AWS security....
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, England :
Packt Publishing Ltd
[2024]
|
| Edición: | Second edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009816679906719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright and Credits
- Contributors
- Table of Contents
- Preface
- Part 1: Foundations of AWS Security
- Chapter 1: Introduction to AWS Security Concepts and Shared Responsibility Model
- Cloud security overview - its importance and challenges
- The significance of cloud security
- Cloud security challenges
- AWS shared responsibility model
- Security "of" the cloud
- Security "in" the cloud
- IaaS, PaaS, SaaS - different levels of responsibility
- Shared responsibility in practice - a closer look at AWS compute
- The importance of understanding the shared responsibility model
- AWS global infrastructure and security
- Regions
- AZs
- Edge locations
- AWS security best practices - general guidelines
- Understand the shared responsibility model
- Use AWS security services and features
- Implement a strong identity and access management strategy
- Protect your data
- Ensure network security
- Integrate security into your development life cycle
- Monitor and audit your environment
- Continuously improve your security posture
- Summary
- Questions
- Answers
- Further reading
- Chapter 2: Infrastructure Security - Keeping Your VPC secure
- Designing secure VPCs
- Understanding VPCs and their importance
- Key components of a VPC
- Best practices for designing secure VPCs
- Implementing security groups, NACLs, and AWS Network Firewall
- Overview
- Using security groups
- Using NACLs
- Using AWS Network Firewall
- Configuring AWS Shield and AWS WAF for advanced protection
- Enabling AWS Shield for DDoS protection
- Configuring AWS WAF for web application protection
- Summary
- Questions
- Answers
- Further reading
- Chapter 3: Identity and Access Management - Securing Users, Roles, and Policies
- Access control models
- Access control models overview
- Understanding RBAC.
- Understanding ABAC
- Other access control models for multi-account environments
- Choosing the right access control model
- Managing IAM identities
- Managing both human and non-human identities
- Types of credentials and their use cases
- IAM users, groups, and roles
- External identities and federation in AWS
- Comparing IAM identity types
- Managing IAM policies
- Understanding IAM policies
- Creating and managing IAM policies
- Advanced IAM policy use cases
- IAM in multi-account deployments
- Challenges with managing large-scale IAM deployments
- Centralized IAM management
- Cross-account access
- Sharing resources at scale
- Automating IAM implementation in a DevOps world
- Best practices for multi-account IAM
- Summary
- Questions
- Answers
- Further reading
- Chapter 4: Data Protection - Encryption, Key Management, and Data Storage Best Practices
- AWS encryption mechanisms and services
- AWS approach to encryption
- Types of encryption supported by AWS
- The AWS Encryption SDK
- Key features
- Managing cryptographic keys
- Key management services in AWS
- KMS in-depth overview
- CloudHSM integration and use cases
- Compliance in AWS key management
- Data protection in key AWS services
- S3 buckets
- EBS volumes
- EFS filesystems
- RDS databases
- DynamoDB tables
- Data protection in other AWS services
- Unified data protection strategy
- Summary
- Questions
- Answers
- Further reading
- Chapter 5: Introduction to AWS Security Services
- Unpacking threat and vulnerability detection
- GuardDuty-your AWS security sentinel
- Detective-your AWS security analyst
- Inspector-your AWS security auditor
- CloudTrail Lake and Security Lake-your AWS analytics powerhouses
- Best practices for threat and vulnerability detection
- Managing security governance and compliance.
- Security Hub-your AWS security dashboard
- Config-your AWS compliance watchdog
- Organizations-your AWS multi-account manager
- Control Tower-your AWS governance blueprint
- Best practices for security governance and compliance
- Handling secrets securely
- SSM Parameter Store versus Secrets Manager
- Best practices for secrets management
- Identifying and protecting sensitive data
- Macie-your AWS data custodian
- Best practices for managing sensitive and private data
- Orchestrating AWS security services
- Building an integrated security architecture
- Cost and efficiency considerations
- Aligning compliance and governance
- Alerting and incident response
- Orchestrating AWS Security in practice
- Summary
- Questions
- Answers
- Further readings
- Part 2: Architecting and Deploying Secure AWS Environments
- Chapter 6: Designing Secure Microservices Architectures in AWS
- Why choose microservices today?
- The monolithic way
- The microservices way
- Monolithic versus microservices
- Security considerations in microservices architectures
- Complexity paradigm
- Responsibility domain shift
- Lightweight components
- Securing communication between services
- Zero trust principle
- Types of communication
- Data in transit encryption
- Service mesh
- Application programming interfaces (APIs)
- Implementing fine-grained access control
- IAM as the backbone
- Secure end-user authentication
- Decoupling authorizations
- Summary
- Questions
- Answers
- Further reading
- Chapter 7: Implementing Security for Serverless Deployments
- Introduction to serverless security
- What is serverless?
- Function-based design
- Event-driven communication
- Security considerations
- Event-driven security
- Event sources
- Event schema validation
- Event data encryption
- Access control
- Monitoring.
- Dead-letter queues (DLQs)
- Event sourcing
- Command query responsibility segregation (CQRS)
- Securing Lambda functions
- Code integrity
- Secure environment variables
- Runtime protection
- Lambda function versioning and aliases
- Access control
- Networking
- Execution limits
- Monitoring and logging
- Summary
- Questions
- Answers
- Further reading
- Chapter 8: Secure Design Patterns for Multi-tenancy in Shared Environments
- Understanding multi-tenancy concepts and challenges
- Definition and importance of multi-tenancy
- Challenges in multi-tenancy
- Multi-tenancy design patterns
- The silo model
- The pool model
- The bridge model
- Choosing the right design pattern
- Implementing secure data isolation techniques
- Network-level isolation
- Database-level Isolation
- Compute-level Isolation
- Application-level isolation
- Encryption-level isolation
- Managing access control for tenants
- Tenant authentication
- Implementing access control
- Tenant-managed access control
- Summary
- Questions
- Answers
- Further readings
- Chapter 9: Automate-Everything to Build Immutable and Ephemeral Resources
- From manual to programmatic management
- Manual and programmatic management defined
- Risks of manual resource management
- Shift to programmatic management
- Snowflake versus Phoenix systems
- IaC frameworks
- Benefits of adopting IaC
- Automated security testing
- Treating infrastructure as software
- Security testing in IaC pipelines
- Tools for automated security scanning
- Security best practices for IaC
- Apply least privileges
- Handle secrets securely
- Ensure compliance
- The Automate-Everything approach
- Summary
- Questions
- Answers
- Further reading
- Part 3: Monitoring, Automation and Continuous Improvement
- Chapter 10: Advanced Logging, Auditing, and Monitoring in AWS.
- Strengthening security through logging and monitoring
- Importance in cloud security
- Evolution of AWS services for logging and monitoring
- Integrated approach
- Key considerations for unified logging and monitoring
- Beyond basic auditing with CloudTrail
- Best practices for configuring CloudTrail trails
- Anomaly detection with CloudTrail Insights
- Advanced data analysis with CloudTrail Lake
- Advanced security monitoring with CloudWatch
- Enhancing application security monitoring with CloudWatch
- Building security dashboards in CloudWatch
- Integration with diverse log sources for comprehensive monitoring
- Developer best practices for security monitoring
- Practical use cases
- Empowering security logs integration and analytics
- Understanding Security Lake
- Leveraging Athena for log analytics
- Best practices for integrating Security Lake and Athena
- Summary
- Questions
- Answers
- Further reading
- Chapter 11: Security Compliance with AWS Config, AWS Security Hub, and Automated Remediation
- Continuous compliance monitoring and assessment
- Overview of compliance with Config
- Setting up Config
- Monitoring compliance
- Managing multi-account compliance
- Best practices for Config
- Automated remediation
- Understanding automated remediation
- Designing automated remediation strategies
- Tools for automation
- Tips for effective automated remediation
- Case study - automated remediation scenario
- Centralized compliance management and integration
- Integrating Config with Security Hub
- Utilizing Security Hub for compliance benchmarking
- Managing security standards
- Creating custom insights
- Summary
- Questions
- Answers
- Further reading
- Chapter 12: DevSecOps - Integrating Security into CI/CD Pipelines
- DevSecOps in the modern software supply chain
- Understanding DevSecOps.
- Evolution from traditional to agile methods.
