My Account Log in

1 option

AWS Security Cookbook : Practical Solutions for Securing AWS Cloud Infrastructure with Essential Services and Best Practices / Heartin Kanikathottu.

O'Reilly Online Learning: Academic/Public Library Edition Available online

View online
Format:
Book
Author/Creator:
Kanikathottu, Heartin, author.
Language:
English
Subjects (All):
Amazon Web Services (Firm).
Cloud computing--Security measures.
Cloud computing.
Computer networks--Security measures.
Computer networks.
Client/server computing--Security measures.
Client/server computing.
Physical Description:
1 online resource (429 pages)
Edition:
Second edition.
Place of Publication:
Birmingham, England : Packt Publishing, [2024]
Biography/History:
Kanikathottu Heartin: Heartin Kanikathottu is an accomplished cloud architect renowned for leading technological transformations in cloud computing and security at prestigious organizations. He is also a prolific author recognized globally, with his book, AWS Security Cookbook, First Edition, being named the eighth best in cloud computing by BookAuthority in 2020. His impressive career includes roles as founder of Trainso and Coding Architect Canada, vice president at Morgan Stanley, principal architect at Societe Generale, and cloud and security architect at VMware. He has also worked at TCS, SAP Ariba, and IG Group. He holds over 15 professional certifications from Microsoft, Amazon, Oracle, Pivotal, and IBM, and dual master's degrees in cloud computing and data analytics. He is also a regular speaker at many technical forums.
Summary:
As a security consultant, implementing policies and best practices to secure your infrastructure is critical. This cookbook discusses practical solutions for safeguarding infrastructure, covering services and features within AWS that help implement security models, such as the CIA triad (confidentiality, integrity, and availability) and the AAA triad (authentication, authorization, and accounting), as well as non-repudiation. This updated second edition starts with the fundamentals of AWS accounts and organizations. The book then guides you through identity and access management, data protection, network security, and encryption. You’ll explore critical topics such as securing EC2 instances, managing keys with KMS and CloudHSM, and implementing endpoint security. Additionally, you’ll learn to monitor your environment using CloudWatch, CloudTrail, and AWS Config, while maintaining compliance with services such as GuardDuty, Macie, and Inspector. Each chapter presents practical recipes for real-world scenarios, allowing you to apply security concepts. By the end of this book, you’ll be well versed in techniques required for securing AWS deployments and be prepared to gain the AWS Certified Security – Specialty certification.
Contents:
Cover
Title Page
Copyright and Credits
Dedications
Contributors
Table of Contents
Preface
Chapter 1: Setting up AWS Accounts and Organization
Technical requirements
Setting up IAM, account aliases, and billing alerts
Getting ready
How to do it...
How it works...
There's more...
See also
Multi-account management with AWS Organizations
User management and SSO with IAM Identity Center
Chapter 2: Access Management with IAM Policies and Roles
Creating a customer-managed IAM policy
Using policy variables within IAM policies
There's more
Creating customer-managed policies in IAM Identity Center
Setting IAM permission boundaries for IAM entities
Centralizing governance in AWS Organizations with SCPs
IAM cross-account role switching and identity account architecture
Cross-service access via IAM roles on EC2 instances
Chapter 3: Key Management with KMS and CloudHSM
Creating keys in KMS
See also.
Creating keys with external key material (BYOK)
Rotating keys in KMS
Granting permissions programmatically with grants
Using key policies with conditional keys
Sharing customer-managed keys across accounts
Creating, initializing, and activating a CloudHSM cluster
Chapter 4: Securing Data on S3 with Policies and Techniques
Creating an S3 bucket policy
Working with S3 ACLs
Creating S3 presigned URLs
Protecting files with S3 versioning and object locking
Encrypting data on S3
Chapter 5: Network and EC2 Security with VPCs
Setting up VPC plus VPC resources with minimal effort
Creating a bare VPC and setting up public and private subnets
Launching an EC2 instance with a web server using user data
Creating and configuring security groups
Working with NACLs
Using a VPC gateway endpoint to connect to S3
Configuring and using VPC flow logs
Setting up and configuring NAT gateways
Chapter 6: Web Security Using Certificates, CDNs, and Firewalls
Enabling HTTPS for a web server on an EC2 instance
Creating an SSL/TLS certificate with ACM
Creating ELB target groups
Using an application load balancer with TLS termination at the ELB
Using a network load balancer with TLS termination at EC2
Securing S3 using CloudFront and TLS
Using a WAF
Chapter 7: Monitoring with CloudWatch, CloudTrail, and Config
Technical requirements.
Creating an SNS topic to send emails
Working with CloudWatch alarms and metrics
Creating a CloudWatch log group
Working with EventBridge (previously CloudWatch Events)
Reading and filtering logs in CloudTrail
Creating a trail in CloudTrail
Using Athena to query CloudTrail logs in S3
Integrating CloudWatch with CloudTrail making use of a CloudFormation template
Setting up and using AWS Config
Chapter 8: Compliance with GuardDuty, Macie, Inspector, and Analyzer
Setting up and using Amazon GuardDuty
Aggregating findings from multiple accounts in GuardDuty
Setting up and using Amazon Macie
Setting up and using Amazon Inspector
Setting up and using AWS Security Hub
Getting ready.
How to do it...
Using IAM Access Analyzer to inspect unused access
Chapter 9: Advanced Identity and Directory Management
Working with Amazon Cognito user pools
Using identity pools to access AWS resources
Using AWS Simple AD for creating a lightweight directory solution
Using Microsoft Entra ID as the identity provider within AWS
Chapter 10: Additional Services and Practices for AWS Security
Setting up and using AWS RAM
Storing sensitive data with the Systems Manager Parameter Store
Using AWS Secrets Manager to manage RDS credentials
Creating an AMI instead of using EC2 user data
Using security products from AWS Marketplace
Getting ready...
Using AWS Trusted Advisor for recommendations
Using AWS Artifact for compliance reports
How it works.
There's more.
Notes:
Description based on publisher supplied metadata and other sources.
Description based on print version record.
ISBN:
9781835086124
1835086128
OCLC:
1455139947

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account