Preface
Security in information technology is considered a nerdy or geeky topic, reserved for technologists who know about the nitty-gritty of networks, packets, algorithms, and so on for years. With organizations moving their workloads, applications, and infrastructure to the cloud at an unprecedented pace, security of all these resources has been a paradigm shift for all those who are responsible for security; experts, novices, and apprentices alike. AWS provides many controls to secure customer workloads and quite often customers are not aware of their share of security responsibilities, and the security controls that they need to own and put in place for their resources in the AWS cloud. This book aims to resolve this problem by providing detailed information, in easy-to-understand language, supported by real-life examples, figures, and screenshots, for all you need to know about security in AWS, without being a geek or a nerd and without having years of experience in the security domain!
This book tells you how you can enable continuous security, continuous auditing, and continuous compliance by automating your security in AWS; with tools, services, and features provided by AWS. By the end of this book, you will understand the complete landscape of security in AWS, covering all aspects of end-to-end software and hardware security along with logging, auditing, and the compliance of your entire IT environment in the AWS cloud. Use the best practices mentioned in this book to master security in your AWS environment.
What this book covers
Chapter 1, Overview of Security in AWS, introduces you to the shared security responsibility model, a fundamental concept to understand security in AWS. As well as this, it introduces you to the security landscape in AWS.
Chapter 2, AWS Identity and Access Management, walks you through the doorway of all things about security in AWS, access control, and user management. We learn about identities and authorizations for everything in AWS in great detail in this chapter.
Chapter 3, AWS Virtual Private Cloud, talks about creating and securing our own virtual network in the AWS cloud. This chapter also introduces you to the various connectivity options that AWS provides to create hybrid cloud, public cloud, and private cloud solutions.
Chapter 4, Data Security in AWS, talks about encryption in AWS to secure your data in rest and while working with AWS data storage services.
Chapter 5, Securing Servers in AWS, explains ways to secure your infrastructure in AWS by employing continuous threat assessment, agent-based security checks, virtual firewalls for your servers, and so on.
Chapter 6, Securing Applications in AWS, introduces you to ways to secure all your applications developed and deployed in the AWS environment. This chapter walks you through the web application firewall service, as well as securing a couple of AWS services used by developers for web and mobile application development.
Chapter 7, Monitoring in AWS, provides a deep dive into the monitoring of your resources in AWS, including AWS services, resources, and applications running on the AWS cloud. This chapter helps you to set up monitoring for your native AWS resources along with your custom applications and resources.
Chapter 8, Logging and Auditing in AWS, helps you to learn ways to stay compliant in the AWS cloud by logging and auditing all that is going on with your AWS resources. This chapter gives you a comprehensive, hands-on tour of logging and auditing all the services to achieve continuous compliance for your AWS environment.
Chapter 9, AWS Security Best Practices, walks you through best practices in a consolidated form for securing all your resources in AWS. Ensure that these best practices are followed for all your AWS environments!
What you need for this book
You will need to sign up for the AWS Free Tier account available at https://aws.amazon.com/free/ for this book. That is all you need, an AWS Free Tier account and the basic understanding of AWS foundation services, such as AWS Simple Storage Service, Amazon Elastic Compute Cloud, and so on.
Who this book is for
This book is for all IT professionals, system administrators, security analysts, and chief information security officers who are responsible for securing workloads in AWS for their organizations. It is helpful for all solutions architects who want to design and implement secure architecture on AWS by following the security by design principle. This book is helpful for people in auditing and project management roles to understand how they can audit AWS workloads and how they can manage security in AWS respectively.
If you are learning AWS or championing AWS adoption in your organization, you should read this book to build security into all your workloads. You will benefit from knowing about the security footprint of all major AWS services for multiple domains, use cases, and scenarios.
Conventions
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "Amazon EC2 key pair that is stored within AWS is appended to the initial operating system user’s ~/.ssh/authorized_keys
file".
A block of code is as follows:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:Describe*", "Resource": "*" } ] }
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Statistic chosen is Average
and the period is 5 Minutes
:"
Note
Warnings or important notes appear like this
Note
Tips and tricks appear like this.
Readers feedback
Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply email [email protected]
, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the color images of this book
We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/MasteringAWSSecurity_ColorImages.pdf.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form
link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata
section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at [email protected]
with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at [email protected]
, and we will do our best to address the problem.