Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

AWS Security

  1. Home
  3. AWS Certified Security Specialty
  5. AWS Security

Understanding AWS Security

We will now be giving you an understanding of AWS Security with different types of AWS Security.

  • AWS enables users to scale in a secure environment.
  • Users pay only for services used
  • Users have security as per their need but without upfront expenses
  • AWS provides security at various levels as
    • Infrastructure Security
    • DDoS Mitigation
    • Data Encryption
    • Inventory and Configuration
    • Monitoring and Logging
    • Identity and Access Control
AWS Security Epics

AWS Security Epics

Infrastructure Security

  • AWS services provide increases privacy and control network access
  • Create private networks and control access to instances and applications by
    • Network firewalls in Amazon VPC
    • Web application firewall capabilities in AWS WAF
  • Customer-controlled encryption in transit with TLS across all services
  • Connectivity options for private connections from the on-premises environment
  • Automatic encryption of all traffic on AWS global and regional networks between AWS secured facilities

DDos mitigation

  • AWS services provide resilience during DDoS attacks.
  • Services, to control and absorb traffic, and deflect unwanted requests are
    • Route 53
    • CloudFront
    • Elastic Load Balancing
    • AWS WAF
  • AWS Shield, a managed DDoS protection service provides always-on detection and automatic inline mitigations to safeguard web applications running on AWS.

Data Encryption

  • AWS can add a security layer to data at rest in AWS
  • Encryption services include
  • Data encryption capabilities in storage and database services,  of
    • EBS
    • S3
    • Glacier
    • Oracle RDS
    • SQL Server RDS
    • Redshift
  • AWS KMS or Key Management Service to have AWS manage encryption keys or user-controlled
  • Encrypted message queues for the sensitive data using server-side encryption (SSE) for SQS
  • Hardware-based cryptographic key storage using AWS CloudHSM, to satisfy compliance requirements
  • AWS APIs integrate encryption and data protection with user services

Inventory and Configuration

  • AWS tools ensure complying with user’s organizational standards by
  • Amazon Inspector – it assesses security of user account for any vulnerability or security-related deviation from laid best practices.
  • Deployment tools to manage the creation and decommissioning of AWS resources as per organizational standards
  • AWS Config, identify AWS resources, track and manage changes to those resources over time
  • AWS CloudFormation to create the standard, preconfigured environments

Monitoring and Logging

  • AWS has tools to log events in the AWS environment and which are
  • CloudTrail for who, what, who, and from where API calls were made
  • Log aggregation options, streamlining investigations and compliance reporting
  • CloudWatch for alert notifications if specific events occur or thresholds are exceeded

Identity and Access Control

  • With AWS define, enforce, and manage user access policies across AWS services by
  • AWS IAM to define individual user accounts with permissions across AWS resources
  • AWS MFA for privileged accounts, having options for hardware-based authenticators
  • AWS Directory Service integrates and federates with corporate directories
  • API integration for any of the organization’s applications or services.

Get ready to qualify AWS Certified Security – Specialty exam with hundreds of practice tests and expert tutorials. Try Free Practice Test Now!

Menu