This series is intended to be a personal study guide. Information may not be comprehensive or accurate. I am sharing it in case others find it useful. Please feel free to comment if any information is inaccurate.
2.2 Define AWS Cloud security and compliance concepts
Identify where to find AWS compliance information
- AWS Compliance page
- Compliance Whitepaper
- Locations of lists of recognized available compliance controls (for example: HIPPA, SOCs)
- Recognize that compliance requirements vary among AWS services
At a high level, describe how customers achieve compliance on AWS
-
Identify different encryption options on AWS (for example, in transit, at rest)
- In transit - encrypting while data moves from one place to another
- At rest - encrypting in storage and compute
- AWS compute environments are continuously audited
- Assurance programs provide templates and control mappings
- Automated tools and services reduce audit effort
Describe who enables encryption on AWS for a given service
- AWS automatically encrypts traffic on global and regional networks between AWS secured facilities
- Customers independently control encryption on services as a part of the shared responsibility model
Recognize there are services that will aid in auditing and reporting
- Recognize that logs exist for auditing and monitoring (do not have to understand the logs)
-
Define Amazon CloudWatch, AWS Config, and AWS CloudTrail
-
CloudWatch
- monitoring and observability service to detect anomalous behavior in your environments, set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly
-
Config
- service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
- Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configuration
-
CloudTrail
- monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions
-
CloudWatch
Explain the concept of least privileged access
- Least privileged access user guide
- Users and roles should have the minimum amount of access needed to perform their tasks
Top comments (0)