Mastering AWS Security : Strengthen Your Cloud Environment Using AWS Security Features Coupled with Proven Strategies / Laurent Mathieu.

Format:

Book

Author/Creator:

Mathieu, Laurent, author.

Language:

English

Subjects (All):

Amazon Web Services (Firm).

Cloud computing.

Web services.

Application program interfaces (Computer software).

Web applications.

Physical Description:

1 online resource (370 pages)

Edition:

Second edition.

Place of Publication:

Birmingham, England : Packt Publishing Ltd., [2024]

Biography/History:

Mathieu Laurent: Laurent Mathieu is a seasoned Cybersecurity & AWS Cloud Consultant and Instructor with a rich history spanning two decades in cybersecurity across various domains and regions. He holds several professional qualifications, including ISC2 CISSP, ISACA CISM, CSA CCSK, as well as 6 AWS certifications. Over the past decade, he has developed a keen interest in cloud computing, particularly AWS cloud security. As an active member of the AWS Community Builder program since 2020, Laurent is at the forefront of AWS developments. He has developed various training materials and led multiple webinars and bootcamps on AWS and security. Besides his instructional work, Laurent provides AWS consulting services to various startups and SaaS providers.

Summary:

If you’re trying to navigate the complex world of AWS security and fortify your organizational cloud environment, then this book is for you. Written by an accomplished cybersecurity and AWS cloud consultant, Mastering AWS Security will help you understand and master the complexities of AWS security. This book offers an in-depth and practical exploration of AWS security concepts, features, and services, focusing on how they apply to modern cloud-based application environments. As you progress, you’ll gain a thorough introduction to the art of security automation and DevSecOps. You’ll learn how to automate security tasks, integrate security into your development process, and maintain a high level of security as your applications evolve and scale. Emphasizing continuous monitoring and improvement, this book will teach you how to set up monitoring systems, interpret security data, and make informed decisions to enhance your security over time. Through real-world case studies, you’ll learn how to tackle the challenges and find solutions for securing AWS environments. By the end of this book, you’ll confidently secure your AWS environments, and stay up to date with the latest security trends and updates in the AWS ecosystem.

Contents:

Cover

Title Page

Copyright and Credits

Contributors

Table of Contents

Preface

Part 1: Foundations of AWS Security

Chapter 1: Introduction to AWS Security Concepts and Shared Responsibility Model

Cloud security overview - its importance and challenges

The significance of cloud security

Cloud security challenges

AWS shared responsibility model

Security "of" the cloud

Security "in" the cloud

IaaS, PaaS, SaaS - different levels of responsibility

Shared responsibility in practice - a closer look at AWS compute

The importance of understanding the shared responsibility model

AWS global infrastructure and security

Regions

AZs

Edge locations

AWS security best practices - general guidelines

Understand the shared responsibility model

Use AWS security services and features

Implement a strong identity and access management strategy

Protect your data

Ensure network security

Integrate security into your development life cycle

Monitor and audit your environment

Continuously improve your security posture

Summary

Questions

Answers

Further reading

Chapter 2: Infrastructure Security - Keeping Your VPC secure

Designing secure VPCs

Understanding VPCs and their importance

Key components of a VPC

Best practices for designing secure VPCs

Implementing security groups, NACLs, and AWS Network Firewall

Overview

Using security groups

Using NACLs

Using AWS Network Firewall

Configuring AWS Shield and AWS WAF for advanced protection

Enabling AWS Shield for DDoS protection

Configuring AWS WAF for web application protection

Chapter 3: Identity and Access Management - Securing Users, Roles, and Policies

Access control models

Access control models overview

Understanding RBAC.

Understanding ABAC

Other access control models for multi-account environments

Choosing the right access control model

Managing IAM identities

Managing both human and non-human identities

Types of credentials and their use cases

IAM users, groups, and roles

External identities and federation in AWS

Comparing IAM identity types

Managing IAM policies

Understanding IAM policies

Creating and managing IAM policies

Advanced IAM policy use cases

IAM in multi-account deployments

Challenges with managing large-scale IAM deployments

Centralized IAM management

Cross-account access

Sharing resources at scale

Automating IAM implementation in a DevOps world

Best practices for multi-account IAM

Chapter 4: Data Protection - Encryption, Key Management, and Data Storage Best Practices

AWS encryption mechanisms and services

AWS approach to encryption

Types of encryption supported by AWS

The AWS Encryption SDK

Key features

Managing cryptographic keys

Key management services in AWS

KMS in-depth overview

CloudHSM integration and use cases

Compliance in AWS key management

Data protection in key AWS services

S3 buckets

EBS volumes

EFS filesystems

RDS databases

DynamoDB tables

Data protection in other AWS services

Unified data protection strategy

Chapter 5: Introduction to AWS Security Services

Unpacking threat and vulnerability detection

GuardDuty-your AWS security sentinel

Detective-your AWS security analyst

Inspector-your AWS security auditor

CloudTrail Lake and Security Lake-your AWS analytics powerhouses

Best practices for threat and vulnerability detection

Managing security governance and compliance.

Security Hub-your AWS security dashboard

Config-your AWS compliance watchdog

Organizations-your AWS multi-account manager

Control Tower-your AWS governance blueprint

Best practices for security governance and compliance

Handling secrets securely

SSM Parameter Store versus Secrets Manager

Best practices for secrets management

Identifying and protecting sensitive data

Macie-your AWS data custodian

Best practices for managing sensitive and private data

Orchestrating AWS security services

Building an integrated security architecture

Cost and efficiency considerations

Aligning compliance and governance

Alerting and incident response

Orchestrating AWS Security in practice

Further readings

Part 2: Architecting and Deploying Secure AWS Environments

Chapter 6: Designing Secure Microservices Architectures in AWS

Why choose microservices today?

The monolithic way

The microservices way

Monolithic versus microservices

Security considerations in microservices architectures

Complexity paradigm

Responsibility domain shift

Lightweight components

Securing communication between services

Zero trust principle

Types of communication

Data in transit encryption

Service mesh

Application programming interfaces (APIs)

Implementing fine-grained access control

IAM as the backbone

Secure end-user authentication

Decoupling authorizations

Chapter 7: Implementing Security for Serverless Deployments

Introduction to serverless security

What is serverless?

Function-based design

Event-driven communication

Security considerations

Event-driven security

Event sources

Event schema validation

Event data encryption

Access control

Monitoring.

Dead-letter queues (DLQs)

Event sourcing

Command query responsibility segregation (CQRS)

Securing Lambda functions

Code integrity

Secure environment variables

Runtime protection

Lambda function versioning and aliases

Networking

Execution limits

Monitoring and logging

Chapter 8: Secure Design Patterns for Multi-tenancy in Shared Environments

Understanding multi-tenancy concepts and challenges

Definition and importance of multi-tenancy

Challenges in multi-tenancy

Multi-tenancy design patterns

The silo model

The pool model

The bridge model

Choosing the right design pattern

Implementing secure data isolation techniques

Network-level isolation

Database-level Isolation

Compute-level Isolation

Application-level isolation

Encryption-level isolation

Managing access control for tenants

Tenant authentication

Implementing access control

Tenant-managed access control

Chapter 9: Automate-Everything to Build Immutable and Ephemeral Resources

From manual to programmatic management

Manual and programmatic management defined

Risks of manual resource management

Shift to programmatic management

Snowflake versus Phoenix systems

IaC frameworks

Benefits of adopting IaC

Automated security testing

Treating infrastructure as software

Security testing in IaC pipelines

Tools for automated security scanning

Security best practices for IaC

Apply least privileges

Handle secrets securely

Ensure compliance

The Automate-Everything approach

Part 3: Monitoring, Automation and Continuous Improvement

Chapter 10: Advanced Logging, Auditing, and Monitoring in AWS.

Strengthening security through logging and monitoring

Importance in cloud security

Evolution of AWS services for logging and monitoring

Integrated approach

Key considerations for unified logging and monitoring

Beyond basic auditing with CloudTrail

Best practices for configuring CloudTrail trails

Anomaly detection with CloudTrail Insights

Advanced data analysis with CloudTrail Lake

Advanced security monitoring with CloudWatch

Enhancing application security monitoring with CloudWatch

Building security dashboards in CloudWatch

Integration with diverse log sources for comprehensive monitoring

Developer best practices for security monitoring

Practical use cases

Empowering security logs integration and analytics

Understanding Security Lake

Leveraging Athena for log analytics

Best practices for integrating Security Lake and Athena

Chapter 11: Security Compliance with AWS Config, AWS Security Hub, and Automated Remediation

Continuous compliance monitoring and assessment

Overview of compliance with Config

Setting up Config

Monitoring compliance

Managing multi-account compliance

Best practices for Config

Automated remediation

Understanding automated remediation

Designing automated remediation strategies

Tools for automation

Tips for effective automated remediation

Case study - automated remediation scenario

Centralized compliance management and integration

Integrating Config with Security Hub

Utilizing Security Hub for compliance benchmarking

Managing security standards

Creating custom insights

Chapter 12: DevSecOps - Integrating Security into CI/CD Pipelines

DevSecOps in the modern software supply chain

Understanding DevSecOps.

Evolution from traditional to agile methods.

Notes:

Includes index.

Description based on publisher supplied metadata and other sources.

Description based on print version record.

ISBN:

9781805121718

1805121715

OCLC:

1432733800