In this video, you will gain a broad perspective into the security tools available within AWS. These tools include Identity and Access Management for managing users and controlling their access, Directory Service for getting all the features of Microsoft Active Directory without having to run the associated infrastructure, Web Application Firewall for protecting your application from malicious actors, Certificate Manager for managing SSL/TSL certificates, Network Access Control Lists for controlling network access within a Virtual Private Cloud (VPC), and Security Groups.
- [Voiceover] Let's take a quick look at the palette of security related tools that are available within AWS. Identity and access management serves as one of the core tools within the security tool belt. It allows you to configure users, groups, and permissions. AWS also has a directory service. This allows you to provide all of the services that Microsoft active directory offers without having to run the associated infrastructure. Suppose you decide to use CloudFront, Amazon's global content delivery network in front of your web applications.
In order to provide an additional layer of security, you may be interested in the web application firewall, or WAF. WAF allows you to protect your web applications against hackers by defining rules and filtering malicious traffic. Amazon's Certificate Manager takes the pain out of managing SSL, TLS certificates. At this point, Certificate Manager only works with CloudFront and elastic load balancers. With Certificate Manager, you can request and deploy a certificate quite easily while being comforted by the fact that renewals are automated.
AWS also provides network security tools. When you create virtual private clouds, or VPCs within AWS, you have the ability to apply network access control lists, or NACLs. Acting as a firewall, NACLs allow you to control inbound and outbound network traffic. Security groups are controls that apply primarily to EC2 instances. Security groups act as a virtual firewall, which you can configure to allow network traffic on ports you specify.
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
This course includes trademarks owned by Amazon Web Services. This course has not been prepared, approved, or endorsed by Amazon Web Services.
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor