AWS Keyword Connect Flashcards
Recommendation, guidance
Trusted Advisor
Multi-account for enterprises through Account vending machine (AVM)
AWS Landing Zones (4 accounts)
Automatic provision new accounts/ uses SSO via service catalog template
AVM
Digital catalog of 1000’s of software listings. Independent vendors. Free/associated charge.
AWS marketplace (SaaS offering/CloudFormation templates/web ACL)
Metadata for organizing AWS resources
Tag
Collection of resources that share 1 or more tags
Resource Group
Protects from web exploits. Attached to Cloudfront or ALB
AWS WAF
Encrypting your encryption key
Envelope Encryption
Ebs
Fully managed. Continuously monitors sensitive data access. Generates alerts for unauthorized access (uses ML)
Amazon Macie
Create and control encryption keys to encrypt data
KMS (Key Management Service)
Threat detection service (IDS). Use ML
GuardDuty
Fully Managed
DynamoDB
2 services
Role
Minimum of 1 year
Reserved instance
Eliminating as many security risks as possible
Hardening
Runs security assessments benchmark audits 1 single ec2 instance
vulnerabilities
AWS Inspector
Premade packages/templates for deployment of functional architecture in <1 hour
Quick start
Authorized simulated attack to Evaluate the security of the system
Pentesting
No cost/self-service for on-demand access to AWS compliance report. Audit
Artifact
Managed DDoS protection. Route53 /CloudFront protection
AWS Shield
Short period, unpredictable
On-Demand Instances
All checks in trusted Advisor
Business, Enterprise
7 core checks in Trusted Advisor
basic
Secures EC2 Instances
Security Groups