AWS Cloud Practitioner/Security

Security

Objectives and Skills
Objectives and skills for the security portion of AWS Cloud Practitioner certification include:
 * Define the AWS Shared Responsibility model
 * Define AWS Cloud security and compliance concepts
 * Identify AWS access management capabilities
 * Identify resources for security support

Readings

 * 1) AWS: Overview of Security Processes
 * 2) AWS: Security Pillar - AWS Well-Architected Framework

Multimedia

 * 1) YouTube: AWS Certified Cloud Practitioner Training
 * 2) YouTube: Practice Questions Walkthrough for the AWS Certified Cloud Practitioner (2/4)

Activities

 * 1) Complete AWS: Cloud Practitioner Essentials Modules 6 - 7.

Define the AWS Shared Responsibility model

 * AWS is responsible for securing the underlying infrastructure that supports the cloud, and you’re responsible for anything you put on the cloud or connect to the cloud.

Define AWS Cloud security and compliance concepts

 * AWS cloud security and compliance concepts include:
 * AWS Compliance Program
 * Physical and Environmental Security
 * Business Continuity Management
 * Network Security
 * AWS Access
 * Secure Design Principles
 * Change Management
 * AWS Account Security Features
 * Individual User Accounts
 * Secure HTTPS Access Points
 * Security Logs
 * AWS Trusted Advisor Security Checks
 * AWS Config Security Checks
 * AWS Compliance enables customers to understand the robust controls in place at AWS to maintain security and data protection in the cloud.

Identify AWS access management capabilities

 * AWS Identity and Access Management (IAM) allows you to create multiple users and manage the permissions for each of these users within your AWS Account.
 * A user is an identity (within an AWS Account) with unique security credentials that can be used to access AWS Services.
 * IAM enables you to implement security best practices, such as least privilege, by granting unique credentials to every user within your AWS Account and only granting permission to access the AWS services and resources required for the users to perform their jobs.
 * IAM is secure by default; new users have no access to AWS until permissions are explicitly granted.
 * An IAM role uses temporary security credentials to allow you to delegate access to users or services that normally don't have access to your AWS resources.
 * A role is a set of permissions to access specific AWS resources, but these permissions are not tied to a specific IAM user or group.
 * An authorized entity (e.g.,mobile user, EC2 instance) assumes a role and receives temporary security credentials for authenticating to the resources defined in the role.
 * Temporary security credentials provide enhanced security due to their short life- span (the default expiration is 12 hours) and the fact that they cannot be reused after they expire.

Identify resources for security support
Security in the cloud is composed of five areas:
 * Identity and access management
 * Detection
 * Infrastructure protection
 * Data protection
 * Incident response

AWS security services include:
 * Identity and Access Management(IAM)
 * Web Application Firewall (WAF)
 * Shield
 * Inspector
 * Trusted Advisor
 * GuardDuty
 * CloudTrail