Summary

  • Shared Responsibility on AWS

  • Shield: Automatic DDoS Protection + 24/7 support for advanced

  • WAF: Firewall to filter incoming requests based on rules

  • KMS: Encryption keys managed by AWS

  • CloudHSM: Hardware encryption, we manage encryption keys

  • AWS Certificate Manager: provision, manage, and deploy SSL/TLS Certificates

  • Artifact: Get access to compliance reports such as PCI, ISO, etc...

  • GuardDuty: Find malicious behavior with VPC, DNS & CloudTrail Logs

  • Inspector: find software vulnerabilities in EC2, ECR Images, and Lambda functions

  • Network Firewall: ProtectVPC against network attacks

  • Config: Track config changes and compliance against rules

  • Macie: Find sensitive data (ex: PII data) in Amazon S3 buckets

  • CloudTrail: Track API calls made by users within account

  • AWS Security Hub: gather security findings from multiple AWS accounts

  • Amazon Detective: find the root cause of security issues or suspicious activities

  • AWS Abuse: Report AWS resources used for abusive or illegal purposes

  • Root user privileges:

    • Change account settings

    • Close your AWS account

    • Change or cancel your AWS Support plan

    • Register as a seller in the Reserved Instance Marketplace

  • IAM Access Analyzer : identify which resources are shared externally

PreviousIAM Access AnalyzerNextAdvanced Identity

Last updated