Security is 25% of the Certified Cloud Practitioner Exam. Even though it is only the 3rd out of 4 domains in terms of percentage of the exam, it’s still worth becoming comfortable with the Shared Responsibility Model and the various ways AWS helps to protect your infrastructure.
Securing the Cloud is a very important part of running your infrastructure on the Cloud, as many portions of customer data privacy are prone to government regulations.
AWS Shared Responsibility Model
In AWS’s Shared Responsibility Model is the concept that AWS and the customer share responsibilities for security and compliance of Amazon Web Services.
Good rule of thumb to remember is that AWS is responsible for security OF the cloud, and the customer is responsible for security IN the cloud.
For example, AWS is responsible for securing the physical infrastructures (such as the physical servers), where as the customer is responsible for making sure customer data is secure, and every user has his own account instead of sharing with others.
Security Pillars of AWS Well-Architected Framework
“The ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.”
There are 5 pillars in this concept:
- Detective Controls
- Infrastructure Protection
- Data Protection
- Incident Response
You can learn more about the concept on AWS’s Whitepaper: Security Pillar of AWS Well-Architected Framework.
AWS Cloud Compliance
- Certifications and attestations
- Laws, regulations, privacy
- Alignments and frameworks
There are a few services offered by AWS to help you secure and optimize your AWS infrastructure, ranging from those that protect your web application from DDoS attacks, to those that help you optimize monthly costs.
AWS IAM: Identity and Access Management
AWS IAM allows you to provide very granular access permissions to resources within the AWS infrastructure. You should always provide access to resources within your AWS infrastructure adhering to the Principle of Least Privilege, and use Roles when possible.
AWS WAF: Web Application Firewall
AWS WAF protects your web application from common web exploits that could compromise security, availability, and resource consumption of your AWS infrastructure.
AWS Shield: Managed DDoS Protection
AWS Shield protects your web applications from DDoS attacks with an always-on detection and automatic handling of any potential DDoS attacks.
Amazon Inspector: Automated Security Assessment
Amazon Inspector is an automated security assessment service to help improve security and compliance of applications deployed on AWS cloud.
AWS Trusted Advisor: Optimize Infrastructure
AWS Trusted Advisor helps you optimize your AWS environment by reducing cost, increasing performance, and improving security.
Amazon GuardDuty: Guards Infrastructure
Amazon GuardDuty helps you “guard” your IT infrastructure from malicious activity.