Security and Compliance Flashcards
AWS responsibilities in shared responsibility model
AWS Global Infrastructure - regions, edge locations, availability zones
Building Security - controlling data center access
Networking Components - maintaining generators, uninterruptible power supply (UPS) systems, computer room air conditing (CRAC) units, fire suppression systems, etc.
Software - managed services and patching of HOST operating systems
My responsibilities in shared responsibility model
Application Data - manging and encrypting data
Security Configurations - securing account/APIs, rotating credentials, restricting internet access from VPCs
Patching - responsible for guest OS
IAM
Network Traffic - security group firewall configurations
Installed Software - application code patching and scans
How to report abuse of AWS resources
Contact the AWS Trust and Safety team
The 6 pillars of the Well-Architected Framework
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
- Sustainability
What is WAF (framework)
The Well-Architected Framework describes the design principles and best practices for running workloads in the cloud
WAF: Operational Excellence
Focus on creating applications that effectively support production workloads
- Plan for and anticipate failures
- Script operations as code
- Deploy smaller, reversible changes
- Learn from failure and refine
WAF: Security
Focus on putting mechanisms in place that protect your systems and data
- Automate security tasks
- Encrypt data in transit and at rest
- Assign only the least privileges required
- Track who did what and when
- Ensure security at all application layers
WAF: Reliability
Focus on designing systems that work consistently and recover quickly
- Recover from failure automatically
- Scale horizontally for resilience
- Reduce idle resources
- Manage change through automation
- Test recovery procedures
WAF: Performance Efficiency
Focus on the effective use of computing resources to meet system and business requirements while removing bottlenecks
- Use serverless architectures first
- Use multi-region deployments
- Delegate tasks to a cloud vendor
- Experiment with virtual resources
WAF: Cost Optimization
Focus on delivering optimum and resilient solutions at the least cost to the user
- Utilize consumption-based pricing
- Measure overall efficiency
- Implement Cloud Financial Management
- Pay only for resources your application requires
WAF: Sustainability
Focus on environmental impacts, especially energy consumption and efficiency
- Understand your impact
- Maximize utilization
- Establish sustainability goals
- Use managed services
- Reduce downstream impact
Identity and Access Management (IAM)
IAM allows you to control access to your AWS services and resources
- Helps you secure your cloud resources
- You define who has access
- You define what they can do
- A free global service
The principle of least privilege
Giving a user the minimum access required to get the job done
How to create access keys for users that need access to the AWS CLI
IAM
IAM Credential Report
Lists all users in your account and the status of their various credentials