Note Did you notice the StringLike and StringEquals operators in the policies contained in the condition statements? Knowing how to parse these out will be essential for deciphering the policies on the test. This will be covered in more detail in Chapter 14, Working with Access Policies. aws iam create-policy –policy-name cr-policy –policy-document file://iam_config_policy.json aws iam attach-role-policy […]

The Config Role During the setup of the configuration recorder, you will create and specify the IAM role that the recorder will need to gain read-only access to the resources to record the configuration items. The role also needs read and write permissions for the designated S3 bucket in order to publish the configuration snapshots. […]

Configuration items As your resources change over time, there needs to be a way to capture those changes so they can be evaluated against both the rules set out in Config and the differences between the unchanged and changed resources themselves. A configuration item is a point-in-time snapshot stored in JSON format that holds that […]

Understanding the Various Components of AWS Config In a standard AWS account, the resources that make up that account constantly change in one form or another. Instances are started, stopped, created, or destroyed as part of an autoscaling event. An admin or developer might add or remove a port to or from a security group […]

Understanding Your AWS Environment through AWS Config With the number of services rising each year in AWS, it can be difficult to understand what resources might be running within your environment. How can you keep up with what instances you have running and where, what they are running, and whether the resources are still needed? […]

Moving through the incident response domain, you have now come to the next critical service that you need to know about, one that helps to show you what has changed after an incident has occurred—AWS Config. AWS Config and its configuration recorder can help you take a real-time inventory of most of the resources in […]

Further Reading For additional information on and a more comprehensive foundation to AWS security, please look at the following resources: Exam Readiness Drill – Chapter Review Questions Apart from a solid understanding of key concepts, being able to think quickly under time pressure is a skill that will help you ace your certification exam. That […]

Using Automation as a Response to Incident Response AWS has several tools that allow you to automate security responses with human intervention and without it. As you saw in the previous example, using Systems Manager Incident Manager and predefined runbooks allows a team member on the contact list to execute predetermined steps and procedures. Other […]

Systems Manager Incident Manager AWS has a native tool that allows you to track, respond to incidents, and even alert those responsible for responding to the incidents, all from a single service: Systems Manager Incident Manager. Before an incident ever happens, you need to prepare for it. This involves the formulation and analysis of escalation […]

EC2 Resource Isolation Assume you have an EC2 instance initiating unexpected API behavior. This has been identified as an anomaly and is considered to be an abnormal operation. As a result, this instance is showing signs of being a potentially compromised resource. Until you have identified the cause, you must isolate the resource to minimize […]