Secure your Amazon Web Services (AWS) infrastructure with permission policies, key management, and network security, while following cloud security best practices

Key Features

• Explore useful recipes for implementing robust cloud security solutions on AWS
• Monitor your AWS infrastructure and workloads using CloudWatch, CloudTrail, Config, GuardDuty, and Macie
• Prepare for the AWS Certified Security – Specialty exam by exploring various security models and compliance offerings
• Purchase of the print or Kindle book includes a free PDF eBook

Book Description

As a security consultant, implementing policies and best practices to secure your infrastructure is critical. This cookbook discusses practical solutions for safeguarding infrastructure, covering services and features within AWS that help implement security models, such as the CIA triad (confidentiality, integrity, and availability) and the AAA triad (authentication, authorization, and accounting), as well as non-repudiation.

This updated second edition starts with the fundamentals of AWS accounts and organizations. The book then guides you through identity and access management, data protection, network security, and encryption. You’ll explore critical topics such as securing EC2 instances, managing keys with KMS and CloudHSM, and implementing endpoint security. Additionally, you’ll learn to monitor your environment using CloudWatch, CloudTrail, and AWS Config, while maintaining compliance with services such as GuardDuty, Macie, and Inspector. Each chapter presents practical recipes for real-world scenarios, allowing you to apply security concepts.

By the end of this book, you’ll be well versed in techniques required for securing AWS deployments and be prepared to gain the AWS Certified Security – Specialty certification.

What you will learn

• Manage AWS accounts and users with AWS Organizations and IAM Identity Center
• Secure data and infrastructure with IAM policies, RBAC, and encryption
• Enhance web security with TLS, load balancers, and firewalls
• Use AWS services for logging, monitoring, and auditing
• Ensure compliance with machine-learning-powered AWS services
• Explore identity management with Cognito, AWS directory services, and external providers such as Entra ID
• Follow best practices to securely share data across accounts

Who this book is for

If you’re an IT security professional, cloud security architect, or a cloud application developer working on security-related roles and are interested in using AWS infrastructure for secure application deployments, then this Amazon Web Services book is for you. You’ll also find this book useful if you’re looking to achieve AWS certification. Prior knowledge of AWS and cloud computing is required to get the most out of this book.

Table of Contents

1. Setting Up AWS Accounts and Organization
2. Access Management with IAM Policies and Roles
3. Key Management with KMS and CloudHSM
4. Securing Data on S3 with Policies and Techniques
5. Network and EC2 Security with VPCs
6. Web Security Using Certificates, CDNs, and Firewalls
7. Monitoring with CloudWatch, CloudTrail, and Config
8. Compliance with GuardDuty, Macie, Inspector, and Analyzer
9. Advanced Identity and Directory Management
10. Additional Services and Practices for AWS Security