Security and Compliance Services

Question 1

What is the Customer responsible for in the Cloud

Answer 1

Managment of guest OS, customer data, IAM, NACL, client and server side encryption

Question 2

What is AWS responsible for of the Cloud

Answer 2

Setup and maintenance of physical hardware, maintenace of host virtualisation software, compute, storage, database, networking, global infrastructure (regions, az and edge locations)

Question 3

DDoS and penetration testing

Answer 3

AWS customers can do this without prior approval. They cannot however do DNS zone walking, DDoS and floodings.
CloudFront and Route 53 aid in DDoS mitigation

Question 4

Other AWS Security Services

Answer 4

1. AWS Org = centralised management of AWS accounts and billings
2. Amazon GuardDuty = Threat detection
3. Amazon Inspector = Analyses VPC environment for potential security issues (gives findings and recommendations)
4. AWS Shield = Managed DDoS protection
5. WAF = Monitors web requests (can allow/deny access)
6. AWS Artifact = Portal access to AWS compliance docs e.g PCI and ISO

Question 5

What is AWS Key Management Service

Answer 5

Encryptes data and provided key storage. Keys can be made in KMS, CloudHSM or imported. KMS integrates with S3, Databases, CloudTrail and SNS

Question 6

Other Services?

Answer 6

Amazon Athena = Serverless sql service
Amazon EMR = Managed Hadoop framework, big data
Amazon Lightsail = private virtual server with prepackaged setups
Amazon Rekognition = Video/image analysis
Amazon Mech Turk = crowdsourced marketplace