AWS Security Cookbook Practical Solutions for Securing AWS Cloud Infrastructure with Essential Services and Best Practices
As a security consultant, implementing policies and best practices to secure your infrastructure is critical. This cookbook discusses practical solutions for safeguarding infrastructure, covering services and features within AWS that help implement security models, such as the CIA triad (confidentia...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, England :
Packt Publishing
[2024]
|
| Edición: | Second edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009859315706719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright and Credits
- Dedications
- Contributors
- Table of Contents
- Preface
- Chapter 1: Setting up AWS Accounts and Organization
- Technical requirements
- Setting up IAM, account aliases, and billing alerts
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Multi-account management with AWS Organizations
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- User management and SSO with IAM Identity Center
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Chapter 2: Access Management with IAM Policies and Roles
- Technical requirements
- Creating a customer-managed IAM policy
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using policy variables within IAM policies
- Getting ready
- How to do it...
- How it works...
- There's more
- See also
- Creating customer-managed policies in IAM Identity Center
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Setting IAM permission boundaries for IAM entities
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Centralizing governance in AWS Organizations with SCPs
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- IAM cross-account role switching and identity account architecture
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Cross-service access via IAM roles on EC2 instances
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Chapter 3: Key Management with KMS and CloudHSM
- Technical requirements
- Creating keys in KMS
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also.
- Creating keys with external key material (BYOK)
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Rotating keys in KMS
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Granting permissions programmatically with grants
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using key policies with conditional keys
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Sharing customer-managed keys across accounts
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Creating, initializing, and activating a CloudHSM cluster
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Chapter 4: Securing Data on S3 with Policies and Techniques
- Technical requirements
- Creating an S3 bucket policy
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Working with S3 ACLs
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Creating S3 presigned URLs
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Protecting files with S3 versioning and object locking
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Encrypting data on S3
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Chapter 5: Network and EC2 Security with VPCs
- Technical requirements
- Setting up VPC plus VPC resources with minimal effort
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Creating a bare VPC and setting up public and private subnets
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also.
- Launching an EC2 instance with a web server using user data
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Creating and configuring security groups
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Working with NACLs
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using a VPC gateway endpoint to connect to S3
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Configuring and using VPC flow logs
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Setting up and configuring NAT gateways
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Chapter 6: Web Security Using Certificates, CDNs, and Firewalls
- Technical requirements
- Enabling HTTPS for a web server on an EC2 instance
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Creating an SSL/TLS certificate with ACM
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Creating ELB target groups
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using an application load balancer with TLS termination at the ELB
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using a network load balancer with TLS termination at EC2
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Securing S3 using CloudFront and TLS
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using a WAF
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Chapter 7: Monitoring with CloudWatch, CloudTrail, and Config
- Technical requirements.
- Creating an SNS topic to send emails
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Working with CloudWatch alarms and metrics
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Creating a CloudWatch log group
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Working with EventBridge (previously CloudWatch Events)
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Reading and filtering logs in CloudTrail
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Creating a trail in CloudTrail
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using Athena to query CloudTrail logs in S3
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Integrating CloudWatch with CloudTrail making use of a CloudFormation template
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Setting up and using AWS Config
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Chapter 8: Compliance with GuardDuty, Macie, Inspector, and Analyzer
- Technical requirements
- Setting up and using Amazon GuardDuty
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Aggregating findings from multiple accounts in GuardDuty
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Setting up and using Amazon Macie
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Setting up and using Amazon Inspector
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Setting up and using AWS Security Hub
- Getting ready.
- How to do it...
- How it works...
- There's more...
- See also
- Using IAM Access Analyzer to inspect unused access
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Chapter 9: Advanced Identity and Directory Management
- Technical requirements
- Working with Amazon Cognito user pools
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using identity pools to access AWS resources
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using AWS Simple AD for creating a lightweight directory solution
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using Microsoft Entra ID as the identity provider within AWS
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Chapter 10: Additional Services and Practices for AWS Security
- Technical requirements
- Setting up and using AWS RAM
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Storing sensitive data with the Systems Manager Parameter Store
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using AWS Secrets Manager to manage RDS credentials
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Creating an AMI instead of using EC2 user data
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using security products from AWS Marketplace
- Getting ready...
- How to do it...
- How it works...
- There's more...
- See also
- Using AWS Trusted Advisor for recommendations
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using AWS Artifact for compliance reports
- Getting ready
- How to do it...
- How it works.
- There's more.
