aws services

AWS Security and Compliance Services

Posted on By Hiroko Nishimura

AWS’s Security and Compliance services help protect and secure your IT infrastructure on the AWS Cloud. You can learn about these core security services in conjunction with reviewing AWS Certified Cloud Practitioner Exam’s Domain 2: Security and Compliance.

AWS Identity and Access Management (IAM)

AWS Identity and Access Management, or AWS IAM, helps you specify who or what accesses which services or resources with granularity. You can utilize IAM Policies set policies that utilize the Principle of Least Privilege. IAM allows you to define who (workforce users, workloads) can access (permissions with IAM policies) what (resources).

AWS Web Application Firewall (WAF)

AWS Web Application Firewall, or AWS WAF, is, as the name suggests, a firewall service for your web applications hosted on AWS Cloud. It provides protection from malicious web exploits and your resources, which could potentially compromise security or availability of your web apps, as well as run you up a hefty bill by consuming excessive resources.

Amazon Inspector

Amazon Inspector automatically “inspects” your AWS resources for software vulnerabilities and potential network exposures, by proactively identifying potential issues that misalign with your best practices and policies. Once the assessments are completed, it sends you detailed reports so you can review them for security vulnerabilities.

AWS Shield

AWS Shield protects your applications from DDoS (Distributed Denial-of-Service) attacks, acting as a… you guessed it… shield! DDoS attacks are cybercrimes where the attacker floods your server with a huge amount of internet traffic in an attempt to make it inaccessible for legitimate users.

Amazon GuardDuty

Amazon GuardDuty utilizes machine learning, anomaly detection, and integrated threat intelligence to monitor your AWS resources for malicious activity and unauthorized behavior.

Amazon CloudWatch

Amazon CloudWatch collects and tracks metrics of your AWS infrastructure in real time to enhance observability. It collects monitoring data (logs), metrics, and events to detect unusual activities, set alarms, and troubleshoot issues that arise. You can look at the data on its homepage, or a custom dashboard.

AWS CloudTrail

AWS CloudTrail tracks user, role, and AWS services activity and API usage 24/7 and leaves an event log, providing visibility into who (or what) is doing what. You can search and download account activity and analyze and respond to events using AWS CloudTrail.

AWS Audit Manager

AWS Config

AWS Config monitors and manages your AWS infrastructure configurations by continuously monitoring and recording your AWS resource and service configurations. AWS Config helps you assess, audit, and evaluate resource configurations to make sure you’re aligned with your best practices.

AWS Artifact

AWS Artifact helps you obtain audit reports, certifications, and legal agreements related to AWS services. It is an on-demand service for security and compliance documentation to make sure your organization can meet compliance requirements.

Security Hub

AWS Trusted Advisor

AWS Trusted Advisor acts as AWS’s automated “auditor,” helping you look at different ways to optimize your IT infrastructure so that they align with AWS’s best practices. Once the checks are completed, it provides recommendations to better align your infrastructure to best practices.

The categories of checks offered by this services are:

  • Cost optimization
  • Performance
  • Security
  • Fault tolerance
  • Service quotas

AWS Firewall Manager

If your organization has multiple AWS accounts, but want to make maintaining

Exam Prep Services

Related Posts

Comments (2)

  1. Pingback: AWS CLF-C02 Domain 2: Security and Compliance - awsnewbies.com

  2. That’s a really useful overview. It’s good to see how these services tie into the Cloud Practitioner exam – I’m planning on studying that material soon.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *