AWS Cloud Practitioner/Security
Security
Objectives and Skills
editObjectives and skills for the security portion of AWS Cloud Practitioner certification include:[1]
- Define the AWS Shared Responsibility model
- Define AWS Cloud security and compliance concepts
- Identify AWS access management capabilities
- Identify resources for security support
Readings
editMultimedia
editActivities
edit- Complete AWS: Cloud Practitioner Essentials Modules 6 - 7.
Lesson Summary
editDefine the AWS Shared Responsibility model
edit- AWS is responsible for securing the underlying infrastructure that supports the cloud, and you’re responsible for anything you put on the cloud or connect to the cloud.[2]
Define AWS Cloud security and compliance concepts
edit- AWS cloud security and compliance concepts include:[3]
- AWS Compliance Program
- Physical and Environmental Security
- Business Continuity Management
- Network Security
- AWS Access
- Secure Design Principles
- Change Management
- AWS Account Security Features
- Individual User Accounts
- Secure HTTPS Access Points
- Security Logs
- AWS Trusted Advisor Security Checks
- AWS Config Security Checks
- AWS Compliance enables customers to understand the robust controls in place at AWS to maintain security and data protection in the cloud.[4]
Identify AWS access management capabilities
edit- AWS Identity and Access Management (IAM) allows you to create multiple users and manage the permissions for each of these users within your AWS Account.[5]
- A user is an identity (within an AWS Account) with unique security credentials that can be used to access AWS Services.[6]
- IAM enables you to implement security best practices, such as least privilege, by granting unique credentials to every user within your AWS Account and only granting permission to access the AWS services and resources required for the users to perform their jobs.[7]
- IAM is secure by default; new users have no access to AWS until permissions are explicitly granted.[8]
- An IAM role uses temporary security credentials to allow you to delegate access to users or services that normally don't have access to your AWS resources.[9]
- A role is a set of permissions to access specific AWS resources, but these permissions are not tied to a specific IAM user or group.[10]
- An authorized entity (e.g.,mobile user, EC2 instance) assumes a role and receives temporary security credentials for authenticating to the resources defined in the role.[11]
- Temporary security credentials provide enhanced security due to their short life- span (the default expiration is 12 hours) and the fact that they cannot be reused after they expire.[12]
Identify resources for security support
editSecurity in the cloud is composed of five areas:[13]
- Identity and access management
- Detection
- Infrastructure protection
- Data protection
- Incident response
AWS security services include:[14]
- Identity and Access Management(IAM)
- Web Application Firewall (WAF)
- Shield
- Inspector
- Trusted Advisor
- GuardDuty
- CloudTrail
Key Terms
editSee Also
editReferences
edit- ↑ AWS: Certified Cloud Practitioner (CLF-C01) Exam Guide
- ↑ AWS: Overview of Security Processes
- ↑ AWS: Overview of Security Processes
- ↑ AWS: Overview of Security Processes
- ↑ AWS: Overview of Security Processes
- ↑ AWS: Overview of Security Processes
- ↑ AWS: Overview of Security Processes
- ↑ AWS: Overview of Security Processes
- ↑ AWS: Overview of Security Processes
- ↑ AWS: Overview of Security Processes
- ↑ AWS: Overview of Security Processes
- ↑ AWS: Overview of Security Processes
- ↑ AWS: Security Pillar - AWS Well-Architected Framework
- ↑ AWS: Security Pillar - AWS Well-Architected Framework