AWS Security Services list -
1.Inspector, 2.Macie, 3.Security hub, 4.Cloud Trail, 5.Guard Duty, 6.Shield, 7.WAF, 8.Config, 9.Cognito, 10.Secrets Manager, 11.IAM, 12.Trusted Advisor, 13.Firewall Manager, 14.KMS, 15.HSM, 16.Certificate Manager 17.Directory Services 18.Amazon Detective
Inspector - When enabled for a EC2 Machine it scans and throws the software vulnerability and Network configuration issue. Inspector automatically scans the ECR Images, Repositories and displays the findings in a dashboard. It gives us the remediation for findings.
Shield - When enabled it prevents the DDOS attack on your application. DDOS- Distributed Denial of Service.
It guards the perimeter of your application by analysing the network traffic which comes outside from AWS.
DDOS- When a person or a bot or a machine sends floods of request to an application or another machine in order to make it unavailable or cause disruption to its features is DDOS attack. This can be prevent using a WAF.
Shield standard is a free service, Shield advanced is a paid service, enables access to the AWS Shield response team, Shield standard protects our website or application.Shield advanced protects and automatically mitigates the EC2, ELB, Cloud Front, Global Accelerator.
AWS trusted advisor is a tool of AWS which helps to maintain the AWS account by helping in cost optimization, fault tolerance, performance tuning, Service limits and security. Its available for free and paid service (Developer and Enterprise support plan).
Cost Optimization - Trusted Advisor analyze our AWS resources and provides recommendations to cost optimize the resources cost generated. For example, it recommends using reserved instance than on demand instance or recommends cost savings plan etc
Cost Optimization - It recommends by pointing out the idle load balancer, unassociated elastic Ip, EBS volumes, idle RDS instances, high error rate lambda functions etc
Trusted Advisor Service limit - When the resources in AWS account reaches the service limit allotted, trusted advisor recommends increasing the service limit by showing us that this particular resource reached 80% of the limit allotted to this particular AWS account.
Trusted Advisor Performance - IT shows us the less used EBS volumes, not ebs optimized EC2 instances, less throughput volumes, high utilized EC2 instances. Similarly, it helps us to handle performance fine tuning of other AWS Services associated in our account.
Trusted Advisor Security -It helps by recommending us the security best practices such as to enable mfa, rotate passwords, public EBS snapshots, public S3 bucket, security group opened to the world, to enable VPC flow logs and Cloud Trail logging.
Trusted Advisor Fault Tolerance - Enabling Backup of EC2 instances/Volumes, Enabling Bucket versioning and logging, Enabling RDS backup, VPN tunnel both tunnels should be active, Load Balancer instances connection draining etc are some of the examples.
Amazon Inspector - When enabled for a AWS account it throws the findings by scanning vulnerability in an EC2 instance, ECR images and any network reachability issues of an EC2 instance.
AWS Config - When enabled for an AWS account or for all accounts in an organisation, it provides the configuration changes done - aws resources. We can choose the AWS resources to be monitored and we can store the logs in an S3 bucket.
AWS Guard duty -When enabled for an AWS account or when multiple accounts are linked to the master account it automatically analyse the VPC flow logs,Cloud trail event logs,and DNS query logs (can be stored in Cloudwatch log group or S3 bucket) for potential threats !!
AWS Security hub - It provides consolidated report/findings in a centralised dashboard. AWS Macie, Guard Duty, AWS Config, Systems Manager, Firewall Manager all these services findings report can be monitored or viewed in Security hub.
Top comments (0)