1 Introduction to AWS security
1.1 The shared responsibility model
1.2 Cloud-native security tools
Identity and access management
Speed of infrastructure development
1.4 Conclusion
2 Identity and access management
2.1 Identity and access management basics
2.2 Using common patterns in AWS IAM
2.3 Attribute-based access control with tags
3.1 Securing access between multiple accounts
Managing multiple accounts with AWS organizations
3.2 Integration with existing access management systems
Integrating with Active Directory and other SAML systems
Integrating with OpenID Connect systems
4 Policies and procedures for secure access
4.1 Establishing best practices for IAM
4.2 Applying least privilege access control
Shared permissions (groups and managed policies)
4.3 Choosing between short- and long-lived credentials
The risk of long-lived credentials
Trade-offs associated with credential rotation
Why you should review IAM resources
5 Securing the network: The virtual private cloud
5.1 Working with a virtual private cloud
5.2 Traffic routing and virtual firewalls
5.3 Separating private networks
Using multiple VPCs for network isolation
Connecting VPCs to private networks
6 Network access protection beyond the VPC
6.1 Securing access to services with VPC endpoints and PrivateLink
What’s wrong with public traffic?
Creating a PrivateLink service
6.2 Blocking malicious traffic with AWS Web Application Firewall
Blocking real-world attacks with custom AWS WAF rules
6.3 Protecting against distributed denial of service attacks using AWS Shield
Free protection with Shield Standard
Stepping up protection with Shield Advanced
6.4 Integrating third-party firewalls
Web application and next-gen firewalls
Setting up a firewall from AWS Marketplace
7 Protecting data in the cloud
Least privilege access controls
Secure protocols for data transport
CloudTrail logs for resource access
VPC Flow Logs for network access
Identifying sensitive data with Amazon Macie
8.1 Recording management events
Investigating an issue with CloudTrail logs
8.2 Tracking resource configuration changes
Pinpoint a change with a configuration timeline
Resource compliance information
8.3 Centralizing application logs
Advanced CloudWatch logs features
9.1 Resource configuration scanning
Compliance standards and benchmarks
9.2 Host vulnerability scanning
10 Incident response and remediation
10.2 Incident response planning
10.3 Automating incident response
11 Securing a real-world application
11.1 A sample application
11.2 Strong authentication and access controls
Overly permissive policies and incorrect authorization settings
Inadvertent admin or root access
11.3 Protecting data
11.4 Web application firewalls
11.5 Implementing authentication and authorization end to end
Securing the API gateway endpoints