Week 3
How should we go about about securing a New AWS Account?
Step 1. Stop using the account root user as soon as possible
Step 2. Enable mfa for all users
Step 3. Use AWS CloudTrail
Step 4. Enable a billing report, such as the AWS Cost and Usage Report
How do we secure encryption of data at rest?
Using AWS KMS to manage encryption keys
What is AWS responsible for?
AWS is responsible for the security of the cloud.
What does AWS Organizations mean?
Assign service control policies to a group of AWS accounts
How do we secure encryption of data in transit?
Transport Layer Security (TLS)
What are the customers responsible for?
What applications?
- Customer data, applications, IAM
- Operating Systems, network, and firewall configurations
Client-side data encryption and data integrity authentication
Server-side encryption (file system or data)
Network traffic protection (encryption, integrity, identity)
What is AWS KMS?
Key management system, it manages encryption keys
What is AWS Config?
A service that enables you to access, audit, and evaluate the configurations of your AWS resources
What are the AWS Services?
For anything ONLY AWS can control, such as Compute, Storage, Database, Networking in the AWS services.
What is Amazon Cognito?
What is AWS Artifact?
Provides on-demand download of AWS security and compliance documents,
And what is the AWS Global Infrastructure?
Regions, Availability Zones and Edge locations for the AWS Global Infrastructure
What is AWS Shield
Protects AWS services against distributed denial of service (DDOS) attacks
What specifications can IAM do?
Can specify which users can access which services (AWS EC2) in which way (AWS management console, one of the three ways to interact with AWS), and of what actions (full access or read only). It is also a feature of an AWS acc, no additional charge