10_AWS Security Services

Additional AWS Security Services

This section introduces additional security services in AWS for defense in-depth strategies.

Key Concepts

• Defense in-Depth: Applying security at all layers.
• AWS Well-Architected Security Pillar: A key principle involving multi-layered security.
• Security Services: AWS offers various security services to reduce the burden of writing custom security code.

Three Components of Defense in-Depth

1. Defending Your Borders: Controlling access points.
2. Adding Additional Data Protections: Implementing measures to safeguard data.
3. Detecting and Responding to Threats: Identifying and addressing security incidents.

AWS Security Services Examples

AWS WAF (Web Application Firewall)

• Monitors HTTP and HTTPS requests.
• Protects web application resources.
• Includes AWS Shield for DDoS protection.
• Use Case: Detecting malicious attempts to create accounts.

Amazon Macie

• Uses machine learning to discover, classify, and protect sensitive data in Amazon S3.
• Use Case: Identifying sensitive data being migrated to Amazon S3, notifying administrators to review, and allowing or disallowing storage of questionable objects.

Amazon Inspector

• Vulnerability management service.
• Scans AWS workloads for software vulnerabilities and unintended network exposure.
• Scans EC2 instances, container images, and Lambda functions
• Use Case: Scanning an Amazon EC2 instance with a specific Amazon Machine Image (AMI) to find vulnerabilities before the AMI is used to deploy more EC2 instances.

Amazon Detective

• Automatically collects log data from AWS resources.
• Generates visualizations for efficient security investigations.
• Use Case: Triaging potential issues by finding all activity related to a specific AWS Identity and Access Management (IAM) entity.

AWS Security Hub

• Monitors security via automated, continuous checks against AWS resources.
• Aggregates security alerts in a standardized format.
• Use Case: Prioritizing response and remediation efforts.

AWS Trusted Advisor

• Provides security recommendations as part of its data.
• Helps follow AWS best practices.
• Security controls and findings can be viewed in the Trusted Advisor console if Security Hub is enabled.

Additional Notes

• The student guide provides use cases for each service.