Security ML Flashcards
Amazon GuardDuty
- Intelligent Threat discovery to protect your AWS Account
- uses ML, anomaly detection
- can protect against CryptoCurrency attacks
input: VPC Flow Logs, CloudTrail Logs, DNS Logs (AWS DNS)
output: eventBridge -> SNS or Lambda
Amazon Inspector
- automated security assessment
1.** EC2** -> leverage SSM agent, analyse uninteded network accessibility and runnng OS
2. Container Image - assess container imgae as it is pushed to ECR
3. Lambda Fucntion - identify software vulnerabilities, assessment when deployed
Reporting: AWS Security Hub
Send findings:Event Bridge
AWS Macie
- ML and pattern matchng to discover and protect your sensitive data in AWS
- alerts about PII
AWS Shield Advanced
In addition to the network and transport layer protections that come with Standard, AWS Shield Advanced provides additional detection and mitigation against large and sophisticated DDoS attacks, near real-time visibility into attacks, and integration with AWS WAF, a web application firewall.
AWS Shield Advanced also gives you 24x7 access to the AWS DDoS Response Team (DRT) and protection against DDoS related spikes in your Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing(ELB), Amazon CloudFront, and Amazon Route 53 charges.
EC2 hibernation mode
- It is not possible to enable or disable hibernation for an instance after it has been launched.
- The Instance Metadata Service is just a service that you can access over the network from within an EC2 instance.
EC2 billing
You will be billed when your On-Demand instance is preparing to hibernate with a stopping state is correct because when the instance state is stopping, you will not billed if it is preparing to stop however, you will still be billed if it is just preparing to hibernate.
The option that says: You will be billed when your Reserved instance is in terminated state is correct because Reserved Instances that applied to terminated instances are still billed until the end of their term according to their payment option. I actually raised a pull-request to Amazon team about the billing conditions for Reserved Instances, which has been approved and reflected on your official AWS Documentation: https://github.com/awsdocs/amazon-ec2-user-guide/pull/45
S3 VPC endpoint
*VPC endpoints for Amazon S3 simplify access to S3 from within a VPC by providing configurable and highly reliable secure connections to S3 that do not require an internet gateway or Network Address Translation (NAT) device. When you create an S3 VPC endpoint, you can attach an endpoint policy to it that controls access to Amazon S3.
You can use two types of VPC endpoints to access Amazon S3: gateway endpoints and interface endpoints. A gateway endpoint is a gateway that you specify in your route table to access Amazon S3 from your VPC over the AWS network. Interface endpoints extend the functionality of gateway endpoints by using private IP addresses to route requests to Amazon S3 from within your VPC, on-premises, or from a different AWS Region. Interface endpoints are compatible with gateway endpoints. If you have an existing gateway endpoint in the VPC, you can use both types of endpoints in the same VPC.
There is no additional charge for using gateway endpoints. However, standard charges for data transfer and resource usage still apply.
