Mastering AWS Security

Table of contents

1. Preface
   1. What this book covers
   2. What you need for this book
   3. Who this book is for
   4. Conventions
   5. Readers feedback
   6. Customer support
      1. Downloading the color images of this book
      2. Errata
      3. Piracy
      4. Questions
2. Overview of Security in AWS
   1. Chapter overview
   2. AWS shared security responsibility model
      1. Shared responsibility model for infrastructure services
      2. Shared responsibility model for container services
      3. Shared responsibility model for abstracted services
   3. AWS Security responsibilities
      1. Physical and environmental security 
      2. Storage device decommissioning
      3. Business continuity management
      4. Communication
      5. Network security
         1. Secure network architecture
         2. Secure access points
         3. Transmission protection
      6. Network monitoring and protection
      7. AWS access
      8. Credentials policy 
   4. Customer security responsibilities
   5. AWS account security features 
      1. AWS account 
      2. AWS credentials 
      3. Individual user accounts
      4. Secure HTTPS access points
      5. Security logs
      6. AWS Trusted Advisor security checks 
      7. AWS Config security checks
   6. AWS Security services
      1. AWS Identity and Access Management 
      2. AWS Virtual Private Cloud
      3. AWS Key Management System (KMS)
      4. AWS Shield
      5. AWS Web Application Firewall (WAF)
      6. AWS CloudTrail
      7. AWS CloudWatch
      8. AWS Config
      9. AWS Artifact
      10. Penetration testing
   7. AWS Security resources
      1. AWS documentation 
      2. AWS whitepapers
      3. AWS case studies
      4. AWS YouTube channel
      5. AWS blogs
      6. AWS Partner Network
      7. AWS Marketplace
   8. Summary
3. AWS Identity and Access Management
   1. Chapter overview
   2. IAM features and tools
      1. Security
      2. AWS account shared access
      3. Granular permissions
      4. Identity Federation
      5. Temporary credentials
         1. AWS Management Console
         2. AWS command line tools
         3. AWS SDKs
         4. IAM HTTPS API
   3. IAM Authentication
      1. IAM user
      2. IAM groups
      3. IAM roles
         1. AWS service role
         2. AWS SAML role
         3. Role for cross-account access
         4. Role for Web Identity Provider
      4. Identity Provider and Federation
      5. Delegation
      6. Temporary security credentials
      7. AWS Security Token Service
      8. The account root user
   4. IAM Authorization
      1. Permissions
      2. Policy
         1. Statement
         2. Effect
         3. Principal
         4. Action
         5. Resource
         6. Condition
      3. Creating a new policy
      4. IAM Policy Simulator
      5. IAM Policy Validator
      6. Access Advisor
   5. Passwords Policy
   6. AWS credentials
   7. IAM limitations
   8. IAM best practices
   9. Summary
4. AWS Virtual Private Cloud
   1. Chapter overview
   2. VPC components
      1. Subnets
      2. Elastic Network Interfaces (ENI)
      3. Route tables
      4. Internet Gateway
      5. Elastic IP addresses
      6. VPC endpoints
      7. Network Address Translation (NAT)
      8. VPC peering
   3. VPC features and benefits
      1. Multiple connectivity options
      2. Secure
      3. Simple
   4. VPC use cases
      1. Hosting a public facing website
      2. Hosting multi-tier web application
      3. Creating branch office and business unit networks
      4. Hosting web applications in the AWS Cloud that are connected with your data center
      5. Extending corporate network in AWS Cloud
      6. Disaster recovery
   5. VPC security
      1. Security groups
      2. Network access control list
      3. VPC flow logs
      4. VPC access control
   6. Creating VPC
      1. VPC connectivity options
         1. Connecting user network to AWS VPC
         2. Connecting AWS VPC with other AWS VPC
         3. Connecting internal user with AWS VPC
   7. VPC limits
   8. VPC best practices
      1. Plan your VPC before you create it
      2. Choose the highest CIDR block
      3. Unique IP address range
      4. Leave the default VPC alone
      5. Design for region expansion
      6. Tier your subnets
      7. Follow the least privilege principle
      8. Keep most resources in the private subnet
      9. Creating VPCs for different use cases
      10. Favor security groups over NACLs
      11. IAM your VPC
      12. Using VPC peering
      13. Using Elastic IP instead of public IP
      14. Tagging in VPC
      15. Monitoring a VPC
   9. Summary
5. Data Security in AWS
   1. Chapter overview
   2. Encryption and decryption fundamentals
      1. Envelope encryption
   3. Securing data at rest
      1. Amazon S3
         1. Permissions
         2. Versioning
         3. Replication
         4. Server-Side encryption
         5. Client-Side encryption
      2. Amazon EBS
         1. Replication
         2. Backup
         3. Encryption
      3. Amazon RDS
      4. Amazon Glacier
      5. Amazon DynamoDB
      6. Amazon EMR
   4. Securing data in transit
      1. Amazon S3
      2. Amazon RDS
      3. Amazon DynamoDB
      4. Amazon EMR
   5. AWS KMS
      1. KMS benefits
         1. Fully managed
         2. Centralized Key Management
         3. Integration with AWS services
         4. Secure and compliant
      2. KMS components
         1. Customer master key (CMK)
         2. Data keys
         3. Key policies
         4. Auditing CMK usage
         5. Key Management Infrastructure (KMI)
   6. AWS CloudHSM
      1. CloudHSM features
         1. Generate and use encryption keys using HSMs
         2. Pay as you go model
         3. Easy To manage
      2. AWS CloudHSM use cases
         1. Offload SSL/TLS processing for web servers
         2. Protect private keys for an issuing certificate authority
         3. Enable transparent data encryption for Oracle databases
   7. Amazon Macie
      1. Data discovery and classification
      2. Data security
   8. Summary
6. Securing Servers in AWS
   1. EC2 Security best practices
   2. EC2 Security
      1. IAM roles for EC2 instances
      2. Managing OS-level access to Amazon EC2 instances
      3. Protecting your instance from malware
      4. Secure your infrastructure
      5. Intrusion Detection and Prevention Systems
      6. Elastic Load Balancing Security
      7. Building Threat Protection Layers
      8. Testing security
   3. Amazon Inspector
      1. Amazon Inspector features and benefits
      2. Amazon Inspector components
   4. AWS Shield
      1. AWS Shield benefits
      2. AWS Shield features
         1. AWS Shield Standard
         2. AWS Shield Advanced
   5. Summary
7. Securing Applications in AWS
   1. AWS Web Application Firewall (WAF)
      1. Benefits of AWS WAF
      2. Working with AWS WAF
   2. Signing AWS API requests
   3. Amazon Cognito
   4. Amazon API Gateway
   5. Summary
8. Monitoring in AWS
   1. AWS CloudWatch
      1. Features and benefits
      2. AWS CloudWatch components
         1. Metrics
         2. Dashboards
         3. Events
         4. Alarms
         5. Log Monitoring
   2. Monitoring Amazon EC2
      1. Automated monitoring tools
      2. Manual monitoring tools
      3. Best practices for monitoring EC2 instances
   3. Summary
9. Logging and Auditing in AWS
   1. Logging in AWS
      1. AWS native security logging capabilities
         1. Best practices
         2. AWS CloudTrail
         3. AWS Config
         4. AWS detailed billing reports
         5. Amazon S3 Access Logs
         6. ELB Logs
         7. Amazon CloudFront Access Logs
         8. Amazon RDS Logs
         9. Amazon VPC Flow Logs
   2. AWS CloudWatch Logs
      1. CloudWatch Logs concepts
      2. CloudWatch Logs limits
      3. Lifecycle of CloudWatch Logs
   3. AWS CloudTrail
      1. AWS CloudTrail concepts
      2. AWS CloudTrail benefits
      3. AWS CloudTrail use cases
      4. Security at Scale with AWS Logging
      5. AWS CloudTrail best practices
   4. Auditing in AWS
   5. AWS Artifact
   6. AWS Config
      1. AWS Config use cases
   7. AWS Trusted Advisor
   8. AWS Service Catalog
   9. AWS Security Audit Checklist
   10. Summary
10. AWS Security Best Practices
    1. Shared security responsibility model
    2. IAM security best practices
    3. VPC
    4. Data security
    5. Security of servers
    6. Application security
    7. Monitoring, logging, and auditing
    8. AWS CAF
       1. Security perspective
          1. Directive component
          2. Preventive component
          3. Detective component
          4. Responsive component 
    9. Summary