1 option
AWS Security Cookbook : Practical Solutions for Securing AWS Cloud Infrastructure with Essential Services and Best Practices / Heartin Kanikathottu.
- Format:
- Book
- Author/Creator:
- Kanikathottu, Heartin, author.
- Language:
- English
- Subjects (All):
- Amazon Web Services (Firm).
- Cloud computing--Security measures.
- Cloud computing.
- Computer networks--Security measures.
- Computer networks.
- Client/server computing--Security measures.
- Client/server computing.
- Physical Description:
- 1 online resource (429 pages)
- Edition:
- Second edition.
- Place of Publication:
- Birmingham, England : Packt Publishing, [2024]
- Biography/History:
- Kanikathottu Heartin: Heartin Kanikathottu is an accomplished cloud architect renowned for leading technological transformations in cloud computing and security at prestigious organizations. He is also a prolific author recognized globally, with his book, AWS Security Cookbook, First Edition, being named the eighth best in cloud computing by BookAuthority in 2020. His impressive career includes roles as founder of Trainso and Coding Architect Canada, vice president at Morgan Stanley, principal architect at Societe Generale, and cloud and security architect at VMware. He has also worked at TCS, SAP Ariba, and IG Group. He holds over 15 professional certifications from Microsoft, Amazon, Oracle, Pivotal, and IBM, and dual master's degrees in cloud computing and data analytics. He is also a regular speaker at many technical forums.
- Summary:
- As a security consultant, implementing policies and best practices to secure your infrastructure is critical. This cookbook discusses practical solutions for safeguarding infrastructure, covering services and features within AWS that help implement security models, such as the CIA triad (confidentiality, integrity, and availability) and the AAA triad (authentication, authorization, and accounting), as well as non-repudiation. This updated second edition starts with the fundamentals of AWS accounts and organizations. The book then guides you through identity and access management, data protection, network security, and encryption. You’ll explore critical topics such as securing EC2 instances, managing keys with KMS and CloudHSM, and implementing endpoint security. Additionally, you’ll learn to monitor your environment using CloudWatch, CloudTrail, and AWS Config, while maintaining compliance with services such as GuardDuty, Macie, and Inspector. Each chapter presents practical recipes for real-world scenarios, allowing you to apply security concepts. By the end of this book, you’ll be well versed in techniques required for securing AWS deployments and be prepared to gain the AWS Certified Security – Specialty certification.
- Contents:
- Cover
- Title Page
- Copyright and Credits
- Dedications
- Contributors
- Table of Contents
- Preface
- Chapter 1: Setting up AWS Accounts and Organization
- Technical requirements
- Setting up IAM, account aliases, and billing alerts
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Multi-account management with AWS Organizations
- User management and SSO with IAM Identity Center
- Chapter 2: Access Management with IAM Policies and Roles
- Creating a customer-managed IAM policy
- Using policy variables within IAM policies
- There's more
- Creating customer-managed policies in IAM Identity Center
- Setting IAM permission boundaries for IAM entities
- Centralizing governance in AWS Organizations with SCPs
- IAM cross-account role switching and identity account architecture
- Cross-service access via IAM roles on EC2 instances
- Chapter 3: Key Management with KMS and CloudHSM
- Creating keys in KMS
- See also.
- Creating keys with external key material (BYOK)
- Rotating keys in KMS
- Granting permissions programmatically with grants
- Using key policies with conditional keys
- Sharing customer-managed keys across accounts
- Creating, initializing, and activating a CloudHSM cluster
- Chapter 4: Securing Data on S3 with Policies and Techniques
- Creating an S3 bucket policy
- Working with S3 ACLs
- Creating S3 presigned URLs
- Protecting files with S3 versioning and object locking
- Encrypting data on S3
- Chapter 5: Network and EC2 Security with VPCs
- Setting up VPC plus VPC resources with minimal effort
- Creating a bare VPC and setting up public and private subnets
- Launching an EC2 instance with a web server using user data
- Creating and configuring security groups
- Working with NACLs
- Using a VPC gateway endpoint to connect to S3
- Configuring and using VPC flow logs
- Setting up and configuring NAT gateways
- Chapter 6: Web Security Using Certificates, CDNs, and Firewalls
- Enabling HTTPS for a web server on an EC2 instance
- Creating an SSL/TLS certificate with ACM
- Creating ELB target groups
- Using an application load balancer with TLS termination at the ELB
- Using a network load balancer with TLS termination at EC2
- Securing S3 using CloudFront and TLS
- Using a WAF
- Chapter 7: Monitoring with CloudWatch, CloudTrail, and Config
- Technical requirements.
- Creating an SNS topic to send emails
- Working with CloudWatch alarms and metrics
- Creating a CloudWatch log group
- Working with EventBridge (previously CloudWatch Events)
- Reading and filtering logs in CloudTrail
- Creating a trail in CloudTrail
- Using Athena to query CloudTrail logs in S3
- Integrating CloudWatch with CloudTrail making use of a CloudFormation template
- Setting up and using AWS Config
- Chapter 8: Compliance with GuardDuty, Macie, Inspector, and Analyzer
- Setting up and using Amazon GuardDuty
- Aggregating findings from multiple accounts in GuardDuty
- Setting up and using Amazon Macie
- Setting up and using Amazon Inspector
- Setting up and using AWS Security Hub
- Getting ready.
- How to do it...
- Using IAM Access Analyzer to inspect unused access
- Chapter 9: Advanced Identity and Directory Management
- Working with Amazon Cognito user pools
- Using identity pools to access AWS resources
- Using AWS Simple AD for creating a lightweight directory solution
- Using Microsoft Entra ID as the identity provider within AWS
- Chapter 10: Additional Services and Practices for AWS Security
- Setting up and using AWS RAM
- Storing sensitive data with the Systems Manager Parameter Store
- Using AWS Secrets Manager to manage RDS credentials
- Creating an AMI instead of using EC2 user data
- Using security products from AWS Marketplace
- Getting ready...
- Using AWS Trusted Advisor for recommendations
- Using AWS Artifact for compliance reports
- How it works.
- There's more.
- Notes:
- Description based on publisher supplied metadata and other sources.
- Description based on print version record.
- ISBN:
- 9781835086124
- 1835086128
- OCLC:
- 1455139947
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.