1/18
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
AWS WAF
Blocks SQLi and XSS attacks. Attaches to ALB/CloudFront. Uses Web ACLs.
AWS Shield Standard
Free automatic DDoS protection for all AWS customers. Always on.
AWS Shield Advanced
Paid DDoS protection. Layer 7 coverage + 24/7 response team + cost protection.
Amazon GuardDuty
Threat DETECTION. ML analyses CloudTrail/Flow Logs. No agents needed.
Amazon Detective
Threat INVESTIGATION. Traces how attack happened after GuardDuty finds it.
Amazon Inspector
Scans EC2/Lambda/containers for known vulnerabilities (CVEs). Severity scores.
Amazon Macie
Finds PII and sensitive data in S3 using ML. Triggers EventBridge alerts.
AWS Artifact
On-demand portal for AWS compliance reports and audit agreements. Free.
Cognito User Pools
App user sign-up/login + MFA + social login (Google/Facebook).
Cognito Identity Pools
Gives authenticated users temporary AWS credentials to access services directly.
IAM Identity Center
Employee SSO across multiple AWS accounts. Integrates with Active Directory.
Parameter Store
Centralised config and secrets storage. Versioning. No auto-rotation. Cheap.
Secrets Manager
Stores secrets with automatic rotation. Native RDS integration. Costs more.
SCPs
Org-wide permission limits. Overrides IAM. Applies even to root. Never grants.
ACM (Certificate Manager)
Free SSL certificates for ALB/CloudFront. Auto-renews. Managed by AWS.
GuardDuty vs Detective
GuardDuty = finds threat. Detective = investigates it. Used together.
Secrets Manager vs Parameter Store
Same but Secrets Manager auto-rotates. Rotation mentioned = Secrets Manager.
WAF vs Shield
WAF = app attacks (SQLi/XSS). Shield = DDoS network attacks.
SCPs vs IAM
IAM grants permissions. SCPs cap them org-wide. SCP deny always wins.