DEV Community: Brandon Carroll

Securing the Cloud #32

Brandon Carroll — Fri, 05 Jul 2024 14:13:16 +0000

Welcome to the 32nd edition of the Securing the Cloud Newsletter! In this issue, we dive into the latest trends and insights in cloud security, explore career development opportunities, and share valuable learning resources. Additionally, we feature insightful perspectives from our community members.

Technical Topic

How to securely transfer files with presigned URLs | AWS Security Blog - Securely sharing large files and private data is critical in today's distributed work environments. This article explores how presigned URLs offer a powerful solution by enabling temporary, controlled access to Amazon S3 objects without exposing long-term credentials. It provides prescriptive guidance on best practices for generating and distributing presigned URLs securely, including implementing safeguards against inadvertent data exposure. The article goes into key technical considerations like using unique nonces, access restrictions, and serverless architectures for generating and validating one-time presigned URL access. It even offers a downloadable code sample illustrating how to implement these secure practices. It also emphasizes the importance of governance, continuous monitoring, and automated revocation procedures to maintain effective oversight and control when sharing presigned URLs broadly. By following the guidance outlined in this article, you can unlock the collaborative benefits of presigned URLs while protecting sensitive data. I encourage you to explore the full post to learn how to strike the right balance between secure data sharing and collaborative efficiency using this powerful architectural pattern.

Career Corner

Guide to Becoming a Cloud Security Engineer: Roadmap (2024) - As businesses adopt cloud computing, the role of cloud security engineers has become more important and more sought after. This guide digs into the exciting world of cloud security, exploring the responsibilities, skills, and career path. In the article you'll discover how cloud security engineers safeguard sensitive data and implement robust security measures to prevent breaches and cyber threats. You will also gain insights into the various types of cloud security attacks they combat, such as DDoS, hypervisor attacks, and malicious insiders. The article also explores earning potential, certifications, and has a roadmap. Yes, they are promoting a Cloud Security Master's Program that they sell, and I am not recommending you jump into that. But overall for someone that needs an overview and a roadmap, it's a start. And yes, I know, some of this you probably already know, but its good review! If you feel good in this area, just skip it!

Learning and Education

Want to learn something new? Here you go!

Community | What is the Get AWS Certified: Data Engineer – Associate Challenge? - Sometimes you need to be challenged to make progress. If that's you, here's a challenge you might be interested in.

Community Voice

A quick note before I get into this weeks share. The articles I share here are mostly posted by AWS Hero's and AWS Community Builders. With that said, I do my best not to do two things: 1\ Share posts from Medium because putting content behind a pay wall is not accessible to everyone and I don't want to encourage people to pay for another service. 2\ Drive traffic to LinkedIn. There is a TON of content there and lots of Hero's and Community Builders share their stuff there. If you want that content please follow them directly on Linkedin. You can find a directory of Hero's and Builders to follow here and here. If you'd like to contribute content to the newsletter, please reach out to me directly!

So, here is a roundup of a few posts from the community this week:

AWS Managed KMS Keys and their Key Policies: Security Implications and Coverage for AWS Services - Are you curious about the AWS Managed KMS Keys and their potential security implications? This blog post provides an insightful overview and introduces a handy tool from Fog Security that scans and lists all AWS Managed KMS Keys along with their corresponding key policies. With visibility into these keys being a challenge, the post highlights the importance of understanding their usage across various AWS services. It also discusses the pros and cons of using AWS Managed KMS Keys, encouraging readers to make informed decisions. The accompanying GitHub repository offers a comprehensive listing of AWS Managed KMS Keys and their key policies, regularly updated through an automated scanning process. Quick statistics and repository contents are also provided, giving you a glimpse into the valuable information available. If you're interested in cloud data security or have feedback on the tool, the author invites you to reach out to Fog Security. Don't miss the opportunity to explore this resource and gain insights into AWS Managed KMS Keys and their potential impact on your cloud environment.
Setting up AWS IAM Identity Center as an identity provider for Confluence - DEV Community - This detailed guide walks you through setting up single sign-on (SSO) for the popular collaboration tool Confluence, using AWS IAM Identity Center. By integrating Confluence with AWS IAM Identity Center, you can centrally manage access for your users across multiple AWS accounts and Confluence itself. The step-by-step instructions cover everything from configuring the Confluence application in IAM Identity Center, to verifying domain ownership in Atlassian Admin, creating the identity provider, and enforcing SSO in Confluence's authentication policies. While the process involves several steps across AWS and Atlassian's interfaces, the guide provides clear directions and troubleshooting tips to ensure a smooth integration. If you're looking to streamline authentication and account management between your AWS environment and Confluence, this comprehensive walkthrough could save you a significant amount of time and effort. The ability to leverage AWS IAM Identity Center for SSO with third-party apps like Confluence also highlights its versatility as an identity provider solution.

That's it for this week. I encourage you to subscribe, share, and leave your comments on this edition of the newsletter.

Also, if you will be attending the AWS Summit New York, please let me know. I will be there as well and I am planning on doing some videos with community members. If videos aren't your thing, lets at least have a chat!

That's it for now!

Happy Labbing!

Securing the Cloud #31

Brandon Carroll — Fri, 14 Jun 2024 21:28:56 +0000

Welcome to the 31st edition of the Securing the Cloud Newsletter! We've taken two weeks off while travelling for two different conferences. The week of June 3rd we were in Las Vegas for Cisco Live. This week we were in Philadelphia for AWS re:Inforce 2024. Both events were amazing and we were able to spend a lot of time with the community talking networking, cloud, security, and Gen AI. So, in this issue, we dive into the latest trends and insights in cloud security with a bit of what came out of re:Inforce. Plus, we explore career development and share some valuable learning resources. Additionally, we feature insightful perspectives from our community members. Let's go!

Technical Stuff From CiscoLive and re:Inforce

Unleashing Cloud Power with Cisco and AWS - Du'An and I presented this 20 minute talk at the AWS booth last week in Las Vegas. We were really excited to help people like us, with a background in Cisco Networking, to bridge that knowledge to the Cloud. Enjoy the video!
Introducing Amazon GuardDuty Malware Protection for Amazon S3 | AWS News Blog - Amazon GuardDuty Malware Protection for Amazon S3 now detects malicious file uploads, adding to its existing capabilities for Amazon EBS volumes. This was an announcement made at re:Inforce this week in case you missed it. Users can easily enable this service in the GuardDuty console and configure advanced malware protection measures such as object tagging and event-based actions. For more details on how to enhance your organization's security with GuardDuty Malware Protection for Amazon S3. Check out the article for the full details.

Career Corner

AWS re:Invent 2024 All Builders Welcome | Amazon Web Services - Ok, this share is in the Career Corner today because I realized many of you may not be familiar with the program. At AWS re:Inforce we had several builders early in their career that were mentored and brought to re:Inforce with the All Builders Welcome program. This is a program where AWS is empowering underrepresented technologists in the early stages of their careers by providing grants to attend certain events. AWS is also doing this for AWS re:Invent in December 2024, offering opportunities to learn, network, and grow in the tech industry. Read the landing page for the re:Invent specific program where it describes the AWS commitment to fostering diversity and inclusion while bridging the gap in the tech space, inviting those interested to apply for the grant and join the next generation of technical leaders. It's a pretty cool opportunity that you might want to give a shot.

Learning and Education

Exam Updates, Beta Exams, and New Certifications | Coming Soon to AWS Certification | AWS - Ok, this normally wouldn't be in this section because it's not really an article that teaches you something. It's here because it shows the two new certifications that AWS announced at re:Inforce and I couldn't find an article that went into more details. Anyhow, check them out. They aren't availabe yet, but keep them on your radar.
- AWS Certified AI Practitioner beta exam
- AWS Certified Machine Learning Engineer - Associate beta exam

Community Voice

Here are a few things going on in the community.

Incognito Authentication | CarriageReturn.Nl - Learn how to implement a shared password authentication for a web service using ALB and Lambda from this article, which details the challenges faced and solutions adopted in a step-by-step manner. Explore the author's journey in setting up secure authentication in the cloud and the insights gained along the way.
MITRE ATT&CK Cloud Matrix: New Techniques & Why You Should Care. Part I | Mitigant - The MITRE ATT&CK Framework v.14, released in October 2023, introduces over 18 new techniques crucial for modern cybersecurity defenses, with two notable additions in the IaaS section for enterprises. Exploring these techniques sheds light on how attackers exploit vulnerabilities in cloud systems and emphasizes the importance of staying updated and implementing effective detection strategies. For a deeper dive into cloud threat detection and mitigation strategies, read more at https://www.mitigant.io/sign-up.
MITRE ATT&CK Cloud Matrix: New Techniques & Why You Should Care - Part II | Mitigant - The MITRE ATT&CK Framework v.14 introduces new techniques like Log Enumeration to address challenges in cloud attack detection. Explore how the framework, along with suggested mitigation strategies, can help defend against evolving threats in cloud environments in the full article.
Learn to Build RAG Application using AWS Bedrock and LangChain - Explore the world of Retrieval-Augmented Generation (RAG) in natural language processing and machine learning. Discover how RAG enhances language models by bridging gaps in data sources, offering accurate responses, and fostering innovation, as demonstrated through a step-by-step guide to building an RAG application in this insightful article.

Thanks for reading this weeks edition. We encourage you to subscribe, share, and leave your comments on this edition of the newsletter. Happy Labbing!

Securing the Cloud #30

Brandon Carroll — Sat, 25 May 2024 01:45:47 +0000

Welcome to the 30th edition of the Securing the Cloud Newsletter! In this issue, we dive into the latest trends and insights in cloud security, explore career development opportunities, and share valuable learning resources. Additionally, we feature insightful perspectives from our community members.

Technical Topic

How to Apply GitOps to Everything Using Amazon Elastic Kubernetes Service (Amazon EKS), Crossplane, and Flux | AWS Open Source Blog - This post provides a detailed walkthrough on using GitOps, Crossplane, and Flux to provision and manage cloud infrastructure and applications on Amazon Web Services (AWS). It explains how GitOps enables declarative management of cloud-native stacks, while Crossplane allows using Kubernetes APIs to provision and manage resources across different cloud providers. By following this tutorial, you'll gain practical experience in leveraging the power of GitOps, Crossplane, and Flux to streamline your cloud infrastructure and application deployments on AWS. You'll learn how to version your desired state in Git, automate deployments, and consistently manage resources across environments.

Career Corner

Reddit - Dive into anything - Are you someone who works with Infrastructure-as-Code tools like Terraform? If so, this thread goes into an interesting debate - what exactly do you identify as professionally? Are you a developer since you're writing code? An infrastructure engineer since you're provisioning infrastructure? Or perhaps both roles blend together in the world of IaC?

Learning and Education

A Beginners Guide to GitOps - GitOps takes the tried-and-true DevOps best practices used for application development, such as version control, collaboration, compliance, and CI/CD, and applies them to infrastructure automation. By leveraging the principles of Git, the widely-adopted version control system, GitOps empowers teams to manage and automate their infrastructure with the same level of rigor and efficiency as they do with their application code. Dive into this beginner's guide to GitOps and discover how this powerful framework can transform your infrastructure automation journey.

Community Voice

Mastering the AWS Security Specialty (SCS) Exam - A Quick Guide - DEV Community - Want to ace the challenging AWS Certified Security Specialty exam? This guide shares invaluable tips and top resources that helped Damien pass on their first attempt. Get an inside look at must-use study materials like Stephane Maarek's comprehensive Udemy course, Whizlabs' hands-on labs for practical experience, TutorialsDojo's realistic practice exams and cheat sheets, and Becky Weiss's session on AWS cloud security fundamentals.
Enable GuardDuty the Right Way - In this article, Rich Mogull takes readers on a journey through the importance of GuardDuty, AWS's Intrusion Detection System for the cloud. With his signature storytelling flair, Mogull transports us back to the "dark days" of the early cloud era, highlighting the significance of visibility tools like CloudTrail and GuardDuty.
Tactical Cloud Audit Log Analysis with DuckDB - AWS CloudTrail - DEV Community - Have you ever needed to analyze CloudTrail logs but found yourself without a convenient search interface or had to temporarily enable CloudTrail for troubleshooting? This article demonstrates how to leverage the capabilities of DuckDB, a powerful open-source SQL database, to query CloudTrail logs directly from Amazon S3.
AWS Cloud Incident Analysis Query Cheatsheet - Securosis - This post provides a comprehensive cheatsheet of essential CloudTrail log queries for cloud incident analysis and response.
Publicly Exposed AWS Document DB Snapshots – High Signal Security – YAIB - Security researcher Dylanjacob discovered a massive public exposure of over 3.5TB of sensitive customer data. Here is the story!

Conclusion

Thanks for coming along for this weeks journey. I encourage you to subscribe, share, and leave your comments on this edition of the newsletter. Please share with your colleagues and if you have any requests please send them my way. I hope you found this useful. Happy Labbing!

Securing the Cloud #29

Brandon Carroll — Fri, 17 May 2024 16:55:40 +0000

Welcome to the 29th edition of the Securing the Cloud Newsletter! In this issue, we dive into the latest trends and insights in cloud security, explore career development opportunities, and share valuable learning resources. Additionally, we feature insightful perspectives from our community members.

Technical Topic

Building a modern application development mindset | AWS Training and Certification Blog - In today's digital landscape, modern applications need to meet demanding requirements - handling millions of users, managing massive data volumes, and delivering lightning-fast responses. This article outlines how modern application development practices can help businesses rapidly innovate and create robust, secure, and scalable applications that delight customers.

Career Corner

How to Become a DevSecOps Engineer-DevSecOps Career Path - As the demand for skilled DevSecOps engineers skyrockets, this comprehensive guide unveils the exciting career path that awaits those who embrace this innovative field. Delve into the essential skills, tools, and technologies that define a successful DevSecOps engineer, and discover how you can equip yourself with the knowledge and expertise to excel in this rapidly evolving domain. From understanding the roles and responsibilities of a DevSecOps engineer to mastering the art of continuous integration, continuous delivery, and continuous monitoring, this article provides a roadmap to navigating the challenges and opportunities that lie ahead.

Learning and Education

Episode 3: Building Secure Code | AWS Public Sector Blog - This post provides a comprehensive overview of common application security vulnerabilities and best practices for building, testing, and deploying code securely. It highlights the importance of addressing security concerns throughout the entire application lifecycle, not just during the architecture phase.

Community Voice

S3 fixes billing for unauthorised APIs 🚀☁️ #55 - This comes from AWS Serverless Hero, JONES ZACHARIAH NOEL N. and this issue of Serverless Infrastructure and API provides an insightful look into the latest updates and developments in the world of serverless computing on AWS. Of note, it covers the recent S3 billing issue for unauthorized APIs and how AWS swiftly addressed it within 15 days, showcasing their commitment to customer satisfaction. If you're not subscribed already I recommend you have a look!
June LVAWSUG Meeting/Party - Will you be attending AWS Re:Inforce this year? If so, spend some extra time with the AWS Community in Philly!
Getting Your Hands Dirty With RAG: Production Experience With LLM Enhancement - If you're getting into Generative AI and RAG this could prove to be a really good session. It was shared by AWS Hero, Luc van Donkersgoed.
AI: Authoritative AWS - AWS Machine Learning Hero, Noah Gift, shared this edX course that covers SIX certifications at the same time in one mega course. I'm definitely checking it out.
The Legend of AWS Warrior: A Free Opensource 3D RPG Adventure Game with Generative AI for learning AWS - AWS ML Hero, Cyrus Wong, shares an innovative approach to learning AWS through 3D RPG gaming at Hong Kong Institute of Information Technology (HKIIT).

Conclusion

As we wrap up this edition of the Securing the Cloud Newsletter, I hope you found the insights, resources, and community highlights both informative and inspiring. Whether you're into modern application development, exploring a career in DevSecOps, or enhancing your skills in building secure code, remember that continuous learning and community engagement are key to staying ahead in the ever-evolving world of cloud security.

Keep pushing your boundaries, stay curious, and never hesitate to reach out and share your own experiences and questions with our community. Your journey in cloud and cloud security is as much about collaboration and shared growth as it is about individual progress. Until next time, stay secure and keep experimenting.

I encourage you to subscribe, share, and leave your comments on this edition of the newsletter. Happy Labbing!

Securing the Cloud #28

Brandon Carroll — Fri, 10 May 2024 18:20:24 +0000

Welcome to the 28th edition of the Securing the Cloud Newsletter! In this issue, we dive into the latest trends and insights in cloud security, explore career development opportunities, and share valuable learning resources. Additionally, we feature insightful perspectives from our community members.

Technical Topics

Considerations for security operations in the cloud | AWS Security Blog - Cybersecurity teams consist of different functions like Governance, Risk & Compliance (GRC), Security Architecture, Assurance, and Security Operations (SecOps), each working towards securing the business and its workloads, with SecOps focused on operational oversight and responding to security incidents using various operating models like centralized, decentralized, or hybrid approaches tailored to an organization's cloud environment.
Securing generative AI: An introduction to the Generative AI Security Scoping Matrix - This blog post introduces the Generative AI Security Scoping Matrix, a framework for understanding and prioritizing security controls for generative AI deployments within AWS, emphasizing the importance of aligning security disciplines with different types of AI implementations.
Securing generative AI: data, compliance, and privacy considerations - The second in the series, this blog post provides a detailed exploration of data, compliance, and privacy considerations essential for securing generative AI, offering guidance on navigating the complexities associated with deploying generative AI workloads responsibly.
Securing generative AI: Applying relevant security controls - Finally, the third in the series. this blog post gets into practical strategies for applying security controls to protect generative AI applications, mapping these controls to frameworks like MITRE ATLAS for comprehensive risk management.

Career Corner
Security Operations Center (SOC) Analyst Salary and Job Description | The University of Tulsa - A comprehensive overview of the role, responsibilities, skills, education, and salary expectations for Security Operations Center (SOC) analysts, emphasizing the importance of vigilance against cyber threats and the rewarding nature of this cybersecurity career path.

Learning and Education

Security Operations Course by ISC2 | Coursera - This course covers security operations, focusing on actively using security controls, mitigating risks, securing data and systems, encouraging secure practices, understanding data security, encryption, controls, asset management, security policies, security awareness training, and reviewing network operations concepts.

Community Voice

In this weeks edition we have some more insight from AWS Hero Sena Yakut. Sena shares thoughts on resilience and rec:

My key recommendations for resilience and recovery strategies and overcoming disasters in cloud environments:

High Available Architectures: We need to always design our cloud infrastructure with high availability. We always consider using load balancers, auto-scaling, cross-account, or cross-regional architectures when needed. - Failover Systems: We need to implement failover systems that automatically switch to backup resources in the event of an incident, ensuring continuous cloud services availability.
Incident Response Plan and Strong Team: We need to develop a comprehensive incident response plan that outlines procedures for detecting, responding to, and recovering from cloud security incidents. This plan should include roles and responsibilities, escalation procedures, and communication protocols to facilitate a coordinated response. There is a great resource to develop and test an incident response plan. Also, it’s important to establish an incident response team trained to quickly identify and respond to security incidents or disasters. This team should have clearly defined roles and responsibilities and be ready to execute the plan when needed.
Continuous Improvement and Adaptation: We should continuously monitor and assess the evolving threat landscape and emerging security risks in our cloud environments. Regularly update and adapt security policies, controls, and practices to address new threats and vulnerabilities and improve overall cloud security posture.
Security Automation and Orchestration: We need to use automation and orchestration tools to streamline cloud security operations and incident response processes. We automate routine security tasks, such as vulnerability scanning, threat detection, and incident triage, to improve efficiency and reduce response times during security incidents. You can use AWS security-managed services such as AWS Security Hub, AWS Config, Amazon Inspector, and Amazon GuardDuty for all security automation and orchestration.

And from around the web here are a few articles written by AWS Community Builders you should check out!

Semgrep for Terraform Security – High Signal Security – YAIB (Yet Another Infosec blog). - Semgrep is a powerful SAST tool that can be used for detecting security misconfigurations and enforcing secure-by-default patterns in Terraform code, enabling developers to write secure infrastructure as code.
My Journey to Passing the AWS Certified Solutions Architect Associate Exam - DEV Community - A detailed summary of how the author successfully prepared for and passed the AWS Certified Solutions Architect - Associate (SAA) exam, including the resources used, study plan followed, practice exams taken, and key tips for exam preparation.
From Metadata to Mayhem: Protecting AWS account from SSRF Attacks via IMDSV2 - Server-Side Request Forgery (SSRF) vulnerability allows attackers to manipulate servers into making unintended requests, potentially exposing sensitive data from AWS Instance Metadata Service (IMDS); IMDSv2 mitigates SSRF risks by requiring session tokens, enhancing security for AWS EC2 instances.

That's a wrap!

Thank you for joining us for the 28th edition of the Securing the Cloud Newsletter. This issue brought you a comprehensive dive into the ever-evolving landscape of cloud security, from detailed discussions on security operations to the intricacies of securing generative AI with AWS's Scoping Matrix. We explored significant career opportunities within the realm of cybersecurity and shared educational resources to further your expertise. The insights from our community, especially Sena Yakut's robust strategies for resilience in cloud environments, underscore the ongoing need for vigilance and continuous improvement in our security practices. Remember to stay connected, share your thoughts, and engage with the content as we continue to navigate the complexities of cloud security together. Happy Labbing!

Securing the Cloud #27

Brandon Carroll — Sat, 20 Apr 2024 03:56:08 +0000

Welcome to the 27th edition of the Securing the Cloud Newsletter! In this issue, we dive into the latest trends and insights in cloud security, explore career development opportunities, and share valuable learning resources. Additionally, we feature insightful perspectives from our community members. This weeks edition is focused on Data Security and Cryptography. Is that your area of expertise? If so, join the conversation and share your insights. Here we go!

Technical Topic

Community | Data Security and Cryptography on AWS - This is a round-up article of sorts. In this article I share some terms related to Data Security and Cryptography and point you to useful resources to help you dig deeper into the topics.

Career Corner

Specializing in a Cryptography Career - Brandon J Carroll - In this article, I discuss what it might take to pursue a career specializing in cryptography.

Learning and Education

Questions from Readers: How can I prepare for and take certification exams if I have dyslexia? - Brandon J Carroll - Inspired by one of my LinkedIn connection's query, I share what I have seen over my years of teaching Cisco networking classes.

Community Voice

Ever-changing CNAPP. In this blog, I would like to introduce… | by Shun Yoshie | Mar, 2024 | Medium - In this article, Shun talks about CNAPP (Cloud Native Application Protection Platforms), emerging as a comprehensive approach to ensuring security in cloud-native environments, integrating various previously siloed security functions like container scanning, CSPM, IaC scanning, CIEM, and CWPP.
VPC Lattice: yet another connectivity option or a game-changer? - Proud2beCloud Blog - In this article, VPC Lattice, a fairly new AWS service that simplifies secure communication and management of microservices across different AWS accounts and VPCs, is explored through an example deployment highlighting its key components, workflow, benefits, and limitations compared to other connectivity options.
Kickstarting Your DevSecOps Career - The 4 Essential Certifications You Need - DEV Community - In this article, my friend Damien Burks summarizes four pivotal certifications for launching a DevSecOps career: CompTIA Security+, CompTIA Linux+, AWS Certified Developer - Associate, and Certified Kubernetes Administrator, highlighting their importance and key focus areas along with emphasizing hands-on experience through projects and lab work.

Well that's it for this week. I hope you've found this round-up useful. If so, I encourage you to subscribe, share, and leave your comments on this edition of the newsletter. Happy Labbing!

Data Security and Cryptography on AWS

Brandon Carroll — Fri, 19 Apr 2024 18:19:41 +0000

As organizations increasingly rely on cloud services to store and process sensitive data, cryptography and data security become evident areas that a security professional needs to be familiar with. It's true, cloud environments present unique security challenges and risks, so being ready to address them means you need to understand the concepts and the tools available. This article is intended to be a quick explanation of these concepts with some direction on more detailed articles, user guides, and developer guides, that will prepare you to take on the task. Let's dig in.

Encryption at Rest

Encryption at rest refers to encrypting data when it is stored, as opposed to when it is being transmitted (encryption in transit). There are three main approaches for encryption at rest:

Server-side encryption: The service storing the data (e.g. Amazon S3) encrypts the data when it is received and decrypts it when requested by an authorized user. This is seamless for developers but allows any role with appropriate permissions to decrypt the data.
Client-side encryption: The application encrypts the data before sending it to the storage service, so the service never has access to the unencrypted data. This provides more control over who can decrypt the data.
Client-side in-browser encryption: Sensitive data is encrypted in the user's browser before being sent to the application, protecting it even if it is accidentally exposed by intermediary services.

Encryption at rest helps protect sensitive data from unauthorized access if it is lost, stolen, or accidentally exposed. It is an important technique for preserving user privacy and preventing disclosure of sensitive business data throughout the data lifecycle, from collection to storage to processing and sharing.

Check out the Protecting data at restsection of the Well architected framework for more details.

Encryption in Transit

Encryption in transit (opposite of encryption at rest) refers to the encryption of data while it is being transmitted over a network from one point to another, typically between a client and a server. The data is encrypted before being sent and decrypted after being received, but it may be stored in plaintext at the source and destination systems

Check out the Protecting data in transitsection of the Well architected framework for more details.

Key Management

Key management is an important aspect of encryption solutions. It involves protecting encryption keys at rest so that the keys can never be used outside the authorized system, and ensuring that the authorization to use encryption keys is independent from how access to the underlying data is controlled. This separation of key access from data access helps prevent issues like overly permissive data access policies from compromising encrypted data.

The AWS Service that handles key management is called KMS and you can learn KMS conceptsin this developer guide.

Cryptographic Services

Cryptographic services refer to the application of cryptography techniques and protocols to secure data, communications, and systems. These services include encryption, digital signatures, key management, and authentication mechanisms, enabling confidentiality, integrity, and non-repudiation of information exchanged over insecure networks or stored in vulnerable environments.

AWS offers a few services specific to Cryptographic Services. You can learn about them here.

Compliance and Regulations

Compliance and regulations refer to the set of rules, guidelines, and standards that organizations must adhere to, ensuring data security and privacy. These standards, such as HIPAA for healthcare organizations and PCI DSS for companies handling payment card data, mandate specific data security and encryption requirements to protect sensitive information and prevent data breaches.

You can learn how AWS services and tools can help achieve compliance here.

Best Practices and Recommendations

When it comes to data security and cryptography on AWS, some key best practices include: Implementing encryption at rest and in transit using AWS services like AWS Key Management Service (KMS) and AWS Certificate Manager. Regularly rotating encryption keys and following the principle of least privilege for access to encrypted data and key material. Leveraging AWS services like Amazon Macie and AWS CloudTrail to monitor and audit data access and encryption activities for compliance purposes.

I encourage you to become familiar with these best practices on AWS. You can read more here.

Securing the Cloud #26

Brandon Carroll — Sat, 13 Apr 2024 05:15:57 +0000

Welcome to the 26th edition of the Securing the Cloud Newsletter! In this issue, we dive into the latest trends and insights in cloud security, explore career development opportunities, and share valuable learning resources. Additionally, we feature insightful perspectives from our community members.

Technical Topic

Community | Threat Detection and Management for Beginners - In this series, introduce the world of threat detection and management in the cloud and cybersecurity ecosystem, explaining key security terms, exploring the potential of generative AI, and providing a practical use case involving a distributed denial of service (DDoS) attack. This is the first of 6 articles in this series, so be sure to go through them all. They are all available, and if you start from the beginning you can follow along through them all, and at the end create a Generative AI application that interprets your CloudWatch logs. I'm excited about this series so PLEASE share your feedback.

Career Corner

Navigating Knowledge Hoarding in IT - Here a a few strategies for overcoming knowledge hoarding in the workplace, such as building positive relationships, seeking mentors, utilizing formal training resources, and fostering a collaborative culture. In this article, I talk about the root causes of this issue and provides practical tips to navigate these challenges effectively.

Learning and Education

Strategies for Technical Certification Exam Success - This article has some tips for acing the AWS Solutions Architect Associate certification exam (or any exam really), from familiarizing yourself with the testing environment to leveraging practice exams and seeking external feedback. I share a recent experience I had with my youngest son (the wounds are fresh) highlighting the importance of preparation beyond just studying the content.

Community Voice

Let’s CI/CD! How Agile x CI/CD Complement Each Other, Increasing Efficiency by Over 98%! | by 林家瑋 (Ray Lin) | 大Ray | Apr, 2024 | Medium - Ray Lin explains how agile development combined with continuous integration and deployment (CI/CD) allows software teams to rapidly deliver customer value through short iterations while maintaining high quality and security.
Resolve 90% of Cloud Incidents with RECIPE PICKS - Securosis - Rich Mogull introduces a brilliant mnemonic called "RECIPE PICKS" to help streamline cloud incident response.
My Backdoors to Your AWS Infrastructure – Part 1: Public EC2 - Michal provides an insightful look into potential backdoors in AWS environments, highlighting how seemingly harmless permissions can be exploited to gain unauthorized access.
My Backdoors in your AWS infrastructure – Part 2: IAM - Stephane Hurtaud talks about the intricate world of AWS Identity and Access Management (IAM) backdoors. He highlights various techniques that could potentially lead to unauthorized access, emphasizing the importance of adhering to the principle of least privilege.
[Discover thousands of collaborative articles on 2500+ skills](https://www.linkedin.com/pulse/my-backdoors-your-aws-infrastructure-part-3-network-micha%C5%82-brygidyn\) - This article provides insightful tips to maintain passion for web development well into your late career while achieving work-life balance.

I hope you've found this edition useful. I encourage you to subscribe, share, and leave your comments on this edition of the newsletter below. Happy Labbing!

Better Threat Detection with CloudWatch Logs and Generative AI

Brandon Carroll — Sat, 13 Apr 2024 03:30:04 +0000

In the previous parts of this series, I set up a base architecture for AWS Threat Detection and Management, deployed AWS WAF, AWS Shield Advanced, GuardDuty, Inspector, and AWS Config. I also briefly touched upon Amazon EventBridge. As we wrap up this series, I want to emphasize the importance of CloudWatch Logs and how Generative AI can be leveraged to enhance our threat detection and management capabilities.

CloudWatch

CloudWatch is a fully managed service that enables you to centralize, store, and analyze log data from various AWS resources, applications, and services. In our case, we are sending logs from AWS WAF, which allows us to monitor and analyze traffic patterns, detect potential threats, and take appropriate actions.

Generative AI for Threat Detection

While CloudWatch Logs provide invaluable data, manually analyzing and interpreting logs can be a daunting and time-consuming task, especially when dealing with large volumes of log data. This is where Generative AI comes into play. By leveraging the power of Large Language Models (LLMs), I can streamline the analysis process and gain valuable insights from our log data.

Here's the updated section of the blog post with the latest code:

Sample Application with Streamlit and Python

To demonstrate the integration of CloudWatch Logs and Generative AI, I have developed a sample application using Streamlit and Python. Let's break down the code and understand how it works:

import streamlit as st
import boto3
import json
from botocore.exceptions import ClientError

# Initialize Streamlit app
st.title("CloudWatch Log Analyzer")

# Create a session client for CloudWatch Logs
session = boto3.Session()

The application starts by importing the necessary libraries: streamlit for creating the user interface, boto3 for interacting with AWS services, json for handling JSON data, and botocore.exceptions for catching AWS-related exceptions. The title "CloudWatch Log Analyzer" is set for the Streamlit application, and a session client for CloudWatch Logs is created.

# Get the list of available regions with CloudWatch Logs access
available_regions = []
logs_client = session.client('logs')
try:
    response = logs_client.describe_log_groups()
    available_regions = [region for region in session.get_available_regions('logs')]
except ClientError as e:
    st.error(f"Error retrieving available regions: {e}")

# Set the default region to us-east-1 if available, otherwise use the first available region
default_region = 'us-east-1' if 'us-east-1' in available_regions else available_regions[0] if available_regions else None

# Create a dropdown menu for selecting the region
if available_regions:
    selected_region = st.selectbox("Select a region", available_regions, index=available_regions.index(default_region) if default_region else 0)

    # Create a client for CloudWatch Logs in the selected region
    logs_client = session.client('logs', region_name=selected_region)

The application retrieves the list of available regions where the current AWS credentials have access to CloudWatch Logs. If there's an error retrieving the available regions, an error message is displayed. The default region is set to us-east-1 if available, or the first available region if us-east-1 is not accessible. A dropdown menu is created for selecting the region, with the default region preselected if available.

# Get a list of log groups in the selected region
try:
    log_groups = logs_client.describe_log_groups()['logGroups']
except ClientError as e:
    st.error(f"Error retrieving log groups in {selected_region}: {e}")
    log_groups = []

# Check if log groups are available
if not log_groups:
    st.warning(f"No logs available in {selected_region}, please select another region.")
else:
    # Create a dropdown menu for selecting the log group
    selected_log_group = st.selectbox("Select a log group", [log_group['logGroupName'] for log_group in log_groups])

    # Get a list of log streams in the selected log group
    try:
        log_streams = logs_client.describe_log_streams(logGroupName=selected_log_group)['logStreams']
    except ClientError as e:
        st.error(f"Error retrieving log streams in {selected_region}/{selected_log_group}: {e}")
        log_streams = []

    # Check if log streams are available
    if not log_streams:
        st.warning(f"No log streams available in {selected_region}/{selected_log_group}, please select another log group.")
    else:
        # Create a dropdown menu for selecting the log stream
        selected_log_stream = st.selectbox("Select a log stream", [log_stream['logStreamName'] for log_stream in log_streams])

The application retrieves the list of log groups in the selected region, handling any errors that may occur due to insufficient permissions. If log groups are available, a dropdown menu is created for selecting the log group. Similarly, the application retrieves the list of log streams in the selected log group, handling any errors that may occur. If log streams are available, a dropdown menu is created for selecting the log stream.

# Get the contents of the selected log stream
try:
    log_stream_data = logs_client.get_log_events(
        logGroupName=selected_log_group,
        logStreamName=selected_log_stream
    )
except ClientError as e:
    st.error(f"Error retrieving log events in {selected_region}/{selected_log_group}/{selected_log_stream}: {e}")
else:
    # Concatenate the log event messages into a single string
    prompt_data = ''.join([event['message'] + '\n' for event in log_stream_data['events']])

    # Create a Bedrock Runtime client
    bedrock = boto3.client(service_name="bedrock-runtime", region_name="us-west-2")

    def summarize_article(prompt_data):
        try:
            prompt_config = {
                "anthropic_version": "bedrock-2023-05-31",
                "max_tokens": 1000,
                "messages": [
                    {
                        "role": "user",
                        "content": [
                            {
                                "type": "text",
                                "text": f"You are a threat detection expert working with the AWS Cloud. Review the log data I am providing for AWS WAF and explain in detail what you see, and if you have any recommendations on rules that could be configured based on what you see in the log data, please tell me.\n\n {prompt_data}"
                            }
                        ]
                    }
                ]
            }
            body = json.dumps(prompt_config)
            modelId = "anthropic.claude-3-sonnet-20240229-v1:0"
            contentType = "application/json"
            accept = "application/json"
            response = bedrock.invoke_model(
                modelId=modelId,
                contentType=contentType,
                accept=accept,
                body=body
            )
            response_body = json.loads(response.get("body").read())
            summary = response_body.get("content")[0]["text"]
            return summary
        except Exception as e:
            st.error(f"An error occurred with the Bedrock Runtime API: {e}")
            return None

    # Display the log data and LLM response on the Streamlit page
    st.markdown("**Log Data:**")
    st.code(prompt_data, language="text")
    response = summarize_article(prompt_data)
    if response:
        st.markdown("**Recommendations:**")
        st.write(response)
else:
    st.warning("No regions available with CloudWatch Logs access.")

The application retrieves the log events from the selected log stream, handling any errors that may occur. If log events are retrieved successfully, the log event messages are concatenated into a single string called prompt_data. A client for the Bedrock Runtime service is created to interact with the LLM.

The summarize_article function takes the prompt_data as input and constructs a prompt configuration object with instructions for the LLM. The log data is included in the prompt, and the LLM is tasked with analyzing the data and providing recommendations for AWS WAF rules. The invoke_model method is used to send the prompt configuration to the Bedrock Runtime API. The LLM's response is received and parsed to extract the summary.

Finally, the application displays the log data and the LLM's recommendations on the Streamlit page. If there are no regions available with CloudWatch Logs access, a warning message is displayed.

With this application, you can select a region, log group, and log stream, and the application will retrieve the log data, send it to the LLM for analysis, and display the LLM's recommendations on the Streamlit page.

Demonstration

To illustrate the application's capabilities, let's refer to the provided images:

Figure 1 shows the initial screen of the application, where the AWS region "us-east-1" has been selected.

Figure 1

In Figure 2 you can see the details of the log data being analyzed by the LLM.

Figure 2

Figure 3 is a continuation of Figure 2, that shows the LLM's summary of what happened. In this case, it indicates that the request was blocked due to the URI /.env being identified as a potential exploitation attempt by the ExploitablePaths_URIPATH rule in the AWS-AWSManagedRulesKnownBadInputsRuleSet rule group.

Figure 3

The final figure, Figure 4, displays the LLM's recommendations based on the log data analysis.

Figure 4

Improving Threat Detection

This application demonstrates how CloudWatch Logs can be effectively utilized in conjunction with Generative AI to enhance threat detection capabilities. By leveraging the LLM's natural language understanding and analysis capabilities, we can quickly interpret and gain valuable insights from log data. The LLM can identify potential threats, provide explanations, and recommend appropriate actions or rule configurations based on the log data.

Instead of manually sifting through vast amounts of log data, security analysts can rely on the LLM to streamline the process and highlight potential issues or areas of concern. This approach not only saves time but also reduces the risk of overlooking critical information hidden within the logs.

Conclusion

By integrating CloudWatch Logs and Generative AI, I can significantly improve our threat detection and management capabilities. The sample application showcases how this integration can be achieved using Streamlit, Python, and the Bedrock Runtime LLM. The ability to quickly analyze log data and receive actionable recommendations from the LLM empoIrs security teams to respond promptly and effectively to potential threats.

I encourage you to explore this application and experiment with it using your own log data. Feel free to modify and enhance the code to suit your specific requirements. Happy Labbing!

Enhancing AWS Monitoring for Improved Threat Management

Brandon Carroll — Fri, 12 Apr 2024 04:50:56 +0000

Welcome to the next article in our series on Threat Detection and Management on AWS. This is a multi-part series so I recommend following along in order to get the full sense of what we're talking about. At this point we have added WAF, Shield Advanced, GuardDuty, and Inspector to our base architecture. Building upon these tools, this article will delve into how AWS Config and Amazon EventBridge can be leveraged to monitor your environment and respond to detected threats. And to tease the article to follow this one, we will explore the exciting potential of Generative AI in enhancing threat detection. For now, lets talk about AWS Config and Amazon EventBridge.

Monitoring with AWS Config

AWS Config offers a detailed resource inventory, configuration history, and configuration change notifications, which are vital for maintaining security in dynamic cloud environments. It helps you track changes, identify non-compliant resources, and simplify audits. With AWS Config, you can view both current and historical configurations of your resources, receiving notifications about resource modifications and overall compliance status against your desired configurations.

Deploying and Managing Conformance Packs

A conformance pack in AWS Config is a collection of rules and remediation actions that assess and manage the compliance of your AWS resources. These packs are crucial for applying and enforcing compliance policies across multiple accounts and regions within your organization. Figure 1 illustrates the initial state with no conformance packs deployed.

Figure 1

To deploy, select a suitable template like the Operational Best Practices for EC2, which is shown in Figure 2. I've selected this one since I am using EC2 instances in my demo environment.

Figure 2

Once deployed, the conformance pack will continuously monitor your resources, identifying compliance issues and security risks. In my case we can see several issues it found on the Dashboard, seen in figure 3.

Figure 3

Automated Responses with EventBridge

Amazon EventBridge allows you to automate responses to the events detected by services like AWS Config, Inspector, and EC2. It can trigger actions such as notifications through SNS based on specified criteria, enhancing your ability to respond quickly to security incidents. While this article briefly introduces EventBridge, further details on setting up and managing event rules will be covered in future discussions.

Conclusion

Threat detection and management are crucial for maintaining a secure AWS environment. By effectively using AWS Config and Amazon EventBridge, alongside other AWS security services, you can significantly enhance your security posture. As the landscape of cloud security evolves, staying informed and ready to adapt is paramount. Our next article will shift focus to the role of Generative AI in threat detection, discussing how this emerging technology can further empower your security strategy.

Boost Threat Detection with Amazon GuardDuty & Inspector

Brandon Carroll — Thu, 11 Apr 2024 23:49:45 +0000

While AWS WAF and AWS Shield are powerful tools for web application security, a comprehensive security strategy requires broader threat detection and vulnerability assessment capabilities. In this article, we'll explore how Amazon GuardDuty and Amazon Inspector can bolster your threat detection and management efforts. If you followed along in the last article in this series, you know have understanding the basics of AWS WAF and Shield. Let’s now dive into how Amazon GuardDuty can further enhance our security posture.

Setting Up Amazon GuardDuty

To enhance threat detection and security assessments, we'll leverage Amazon GuardDuty and Amazon Inspector. From the AWS Console enable GuardDuty by clicking on "Get Started" on the GuardDuty landing page. You can see this in Figure 1.

Figure 1

GuardDuty needs Service Permissions. It will set this up for you when you enable GuardDuty. The service permissions let GuardDuty analyze VPC Flow logs, AWS CloudTrail management event logs, DNS query logs, AWS CloudTrail S3 data event logs, Kubernetes (EKS) audit logs, and RDS login activity. It's this data that GuardDuty users to generate findings. A finding is an event that GuardDuty thinks you should look at. The service permissions also let GuardDuty analyze Elastic Block Storage (EBS) volume data so it can generate malware detection findings. By turning on GuardDuty you get a 30 day trial in which all the protection plans except Runtime monitoring are enabled. Be sure to read all the details before clicking the Enable GuardDuty button. You can see this in Figure 2.

Figure 2.

At this point GuardDuty will get to work. It will take some time before findings are generated and you can customize many settings using the menu on the left hand side. For now you'll want to come back to the Summary page, see in figure 3, to see a list of findings.

Figure 3.

One last thing I want to do with GuardDuty is enable Runtime Monitoring for EC2 since I am running EC2 instances. Once GuardDuty is activated, it begins to monitor and analyze system logs. Let's explore the types of findings GuardDuty can generate and what they mean for your security.

Understanding GuardDuty Findings

GuardDuty Runtime Monitoring for Amazon EC2 is a feature that provides real-time monitoring and threat detection for your EC2 instances. It analyzes the behavior of processes running on your instances, using machine learning models to identify potentially malicious or unauthorized activities. GuardDuty Runtime Monitoring can detect threats such as cryptocurrency mining, reverse shells, credential theft, and other malware or suspicious activities. It continuously inspects the runtime environment, including process execution, network activity, and file system changes, and generates findings for any detected threats, allowing you to quickly investigate and respond to potential security incidents within your EC2 environment. You can enable it in the Runtime Monitoring page on the left hand menu. For this to work you need to enable both Runtime monitoring and Amazon EC2 as seen in figure 4.

Figure 4

With GuardDuty monitoring in place, our next step is to strengthen our defenses with Amazon Inspector, which focuses on vulnerability management.

Enabling Amazon Inspector

With Inspector we get a 15-day trial. To get started we simply click the "Get Started" button. To enable Inspector click the Activate Inspector button as seen in figure 5. It may appear to be greyed out, but you can still click it.

Figure 5.

Once you enable inspector it will begin your fist scan. You can come back to the Dashboard page after the scan is complete and review the results.

Inspector will also prompt you to enable deep inspection of EC2 instances, seen in figure 6.

Figure 6

Since we are using EC2 I will enable this as well.

After setting up Inspector and starting our first scan, we'll next review the vulnerabilities it uncovers.

Reviewing Inspector Results

After scanning we can see the instances we are currently monitoring, and this lines up with the two instances we created in our base architecture. These are listed in figure 7.

Figure 7.

In this example, we enable Amazon GuardDuty to monitor our AWS environment for potential threats and malicious activities. We also initiate an Amazon Inspector assessment run to evaluate the security posture of our web application and identify potential vulnerabilities or deviations from best practices.

Having examined the detailed findings from Inspector, let's conclude by discussing how integrating these tools with Amazon CloudWatch and AWS Config enhances overall security.

Conclusion: Enhancing Security with AWS Tools

By enabling Amazon GuardDuty and Amazon Inspector, you've added critical layers of threat detection and vulnerability assessment to your AWS environment. These services will continuously monitor for potential threats, malicious activities, and deviations from best practices, allowing you to proactively address security concerns.

At this point in our series, we've integrated Amazon GuardDuty and Amazon Inspector with our AWS setup that includes a VPC, ALB, and two EC2 instances, complemented by AWS WAF and Shield Advanced. GuardDuty enhances our ability to detect and respond to threats by continuously monitoring the environment and analyzing traffic and logs associated with our infrastructure. Meanwhile, Amazon Inspector helps identify vulnerabilities in the applications running on our EC2 instances by performing automated security assessments.

These tools are practical for maintaining strong security measures within your AWS environment, providing essential defenses against potential security threats. As we move forward in our series on Threat Detection and Management on AWS, we will continue exploring ways to effectively utilize AWS services to safeguard your infrastructure.

Securing Your Web Application with AWS WAF and AWS Shield

Brandon Carroll — Thu, 11 Apr 2024 17:39:02 +0000

This is the second article in a series. If you don't have the base architecture built and you would like to follow along, please read this article first.

In this article, we'll explore a practical use case for detecting and managing threats targeting a web application hosted on AWS. We'll leverage the power of AWS Web Application Firewall (WAF) and AWS Shield to protect our application from common web exploits and distributed denial-of-service (DDoS) attacks. With our base architecture build, lets now switch to the AWS Console to configure AWS WAF and AWS Shield. To protect our web application from common web exploits and DDoS attacks, we'll deploy AWS WAF (Web Application Firewall) and AWS Shield.

Deploying AWS WAF and AWS Shield

As we continue our article series on threat detection, we move to the AWS console. Start by navigating to the WAF and Shield page. You can see this in Figure 1.

Figure 1.

Click on Create web ACL

Pick your resource type. In this case, its going to be regional because we are going to attach it to the ALB. You can see this in Figure 2.

Figure 2.

You'll need to give it a name and associate it with the ALB. It should look like Figure 3.

Figure 3.

Next we need to add a rule. We are going to add a managed rule group. These are rules that are prebuilt by AWS and other partners and they cover a lot of common exploits. Make sure you select "Add managed rule groups" as seen in figure 4.

Figure 4.

AWS WAF charges subscription and usage fees for paid managed rule groups. These are in addition to the standard service charges for AWS WAF. AWS WAF Pricing

Expand the AWS managed rule groups and then select Core rule set, Known bad inputs, Linux operating system, and SQL database. Then at the bottom of the page click "Add rules." These groups will add several rules to your WebACL that will protect your server against threats. You can then see the rules that have been added as shown in figure 5.

Figure 5.

You need to then click Next at the bottom of the page, then set the rule priority. You can leave the priority alone at this time. Then click Next. This is seen in Figure 6.

Figure 6.

The next step is important to the conversation about Threat Detection, and that's the metrics we gather that give us visibility into how our web requests, web ACKs and rules are working. On the Configure metrics page you see that there are individual CloudWatch metrics for each set of enabled rules. You can see this in Figure 7.

At the bottom of the page you have the option to change request sampling. Leave this as is or you wont be able to see requests that match your WebACL rules.

Figure 7

The last page is your summary of everything you are creating. Scroll to the bottom and click Create web ACL.. It takes a bit for the WAF to be build, so be patient. When it's done you'll see the Web ACL listed as seen in figure 8.

Figure 8.

With that you've enable WAF for your ALB to protect your EC2 instances. You are well on your way to providing Threat Detection and Management for your AWS environment. One las thing to do here would be to ensure that we are logging to CloudWatch. To do this, follow these steps:

Go to the "Web ACLs" section and select the desired Web ACL.
Click on the "Logging and Metrics" tab, and you'll find various metrics like "AllowedRequests," "BlockedRequests," and "HTTPCode" metrics.
Enable Logging to a CloudWatch Logs Log group. You may need to create a log group. When you do, it should begin with aws-waf-logs- or it will not show up as a log group to select.

We will come back to the logging bit later on.

Still there is more we can do, and we are going to continue that right here in the WAF & Shield. Next we are going to enable Shield Advanced. Navigate to this in the left hand menu as seen in figure 9.

Figure 9.

There are a few things you should know about AWS Shield. First, AWS Shield is already enabled in your account. This protects against DDoS attacks. What's not enabled is Shield Advanced. Shield Advanced is a paid subscription that costs $3000 USD per month. A comparison between the tiers is shown at the bottom of the Getting started page, and you can also see this in Figure 10.

Figure 10.

One of the biggest benefits to Shield Advanced is the access to the AWS Shield Response Team. This team can help with manual mitigation of edge cases that affect your availability.

If you are willing to pay for the service then you simply click the subscribe button and then Acknowledge the service terms as shown in figure 11.

Figure 11

Once you are subscribed you will add resources to protect. You can skip this step, but we will do it for this example. Click Add resources to protect as see in figure 12.

Figure 12.

On the next page you can load all the Resources and select which ones you want to protect. For now I am just going to select my load balancer. You can see what this looks like in Figure 13.

Figure 13.

At the bottom of that page you click the button Protect with Shield Advanced. Then on the Configure layer 7 DDoS mitigation in US East (N. Virginia) - optional page you select your balancer and click next. You can then configure health checks and alarms and notifications, but I'm going to leave those alone for now since they are optional, and I'll finish the configuration.

Once this is done you should see the protection status as "OK" in the protections list as seen in figure 14.

Figure 14.

With AWS WAF and AWS Shield now deployed, you've taken significant steps to detect and protect your web application against common exploits and DDoS attacks. You configured rules, logging, and protections to enhance your security posture. However, comprehensive threat detection requires a multi-layered approach. In the next article, we'll explore how Amazon GuardDuty and Amazon Inspector can further improve your threat detection and vulnerability assessment capabilities, providing continuous monitoring and enabling you to proactively address potential security concerns across your AWS environment. Stay tuned as we continue building a threat detection and management solution on AWS.