Up until this point, you have looked at the different types of attacks that your accounts could be at risk of while managing your day-to-day security responsibilities, along with how to use the services provided by AWS to respond to those incidents. This included instructions on how to gather metrics and logs to keep track of the activity happening in your accounts contained within your AWS Organization.
Protecting the perimeter of your accounts, like placing a fence around your property, is both a deterrent and a barrier for keeping those who are unwanted out of your account. You can’t rely on perimeter protection alone, so ensuring that the instances running your applications are using secure best practices is also necessary. Managing access to your data via a trackable system that leaves a trail of auditable logs is essential, not only for just those companies running with a need for compliance but for almost every enterprise.
This section comprises the following chapters:
In Chapter 10, you will look at how to secure the perimeter of your cloud infrastructure, starting with the constructs of the Virtual Private Cloud. Building security groups and network access controls to allow only the traffic that is authorized to your services will lead you directly to the components of Chapter 11, Securing EC2 Instances. Chapter 11 looks at how to remove risks and vulnerabilities from the Elastic Compute Cloud service, both initially and on an ongoing basis. We finish off this section with Chapter 12 with a look at how to use and manage the Key Management Service (KMS) so that the data stored on the various storage systems of AWS can be kept encrypted and see how to use a combination of key policies and IAM policies to allow access to only those who need permission to use the data.
As you construct your cloud environment, understanding how to build the virtual walls that will protect the data and the resources you hold inside is crucial to becoming a well-rounded security professional. Knowing how to grant access to trusted entities and deny others all starts with the concept of the Virtual Private Cloud (VPC).
When considering your cloud architecture and infrastructure from an IaaS perspective, you, as the customer, are responsible for implementing, maintaining, and managing the security of that infrastructure. This includes your VPC and all the components that make up that VPC.
Knowing how to create a VPC in AWS, connecting multiple VPCs together securely, and then connecting the various services in AWS in the most secure manner are vital parts of being a security professional, regardless of whether the primary responsibility for these actions falls on you. In this chapter, you will look at several of the components used for networking in AWS along with their security implications.
The following main topics will be covered in this chapter:
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
