Security Automation Flashcards
What is DevSecOps?
is certainly about security, but it is just as much about the processes you use to build applications and helping to ensure security is built in to those processes by design
Temporary Credentials
Trusted user can:
- Assume roles on a temporary basis
- Use temporary credentials to access your AWS resources 15 mins - 36 hours
Not always necessary
AWS security token service
Switching roles
allows practice of least-privilege principle
- only permission to perform the current task
- use elevated permissions only if the task requires them
- permissions can be removed after task is completed
How to switch roles?
- create a role for cross-account access
- Establish trust from the account that owns the role the resources to the account that contains the user
3.
MFA
Multi-factor Authentication - requires users to enter a unique authentication code when accessing AWS website or service:
AWS IAM Policy Validator
Examines IAM policies for compliance with IAM policy grammar
runs automatically when policy is created or updated
checks only JSON policy syntax and grammar
if it policy validation fails, it will not allow you
AWS Config
safety can be added using AWS Config rules
AWS Secrets Manager
AWS Secrets Manager
AWS Systems Manager Parameter Store
- store parameters as plaintext or as encrypted objects
- reference parameters in scripts and commands
- reference parameters
- integrates with IAM and AWS KMS
What are Secure String parameters?
Secure
The Security Perspective of the Cloud Adoption Framework
Directive
Preventive
Detective
Responsive
The Security Perspective of the Cloud Adoption Framework
Directive
Preventive
Detective
Responsive
Security of the Pipeline
focus on
- user management
- least privilege
- detective controls
- infrastructure controls
Threat detection tools
AWS Guard Duty
AWS Security Hub
Amazon Inspector