Nic Acton
  • My Gitbook
  • My Favorite Things
    • Podcasts
    • Newsletters
  • Monthly Summaries
    • May 2019
    • June 2019
  • Cloud Computing
    • Cloud Concepts
    • AWS
      • Certified Solutions Architect
      • Well Architected Framework
        • Operational Excellence
        • Reliability
        • Performance Efficiency
        • Cost Optimization
        • Security
      • Analytics
        • Elasticsearch Service
        • Kinesis
        • Elastic MapReduce (EMR)
      • Compute Services
        • Elastic Beanstalk
        • Elastic Container Service (ECS)
      • Deployment
        • CloudFormation
      • Application Services
        • Key Management Service (KMS)
        • Simple Queue Service (SQS)
        • API Gateway
        • Simple Work Flow (SWF)
        • Amazon MQ
        • Simple Notification Service (SNS)
      • Simple Storage Service (S3)
        • Macie
      • Databases
        • RDS
        • DynamoDB
        • ElastiCache
        • Neptune
        • Redshift
      • Cloudfront
      • IAM
      • Monitoring
        • Trusted Advisor
        • Amazon Inspector
        • AWS Config
        • AWS Shield
        • CloudWatch
          • VPC Flow Logs
        • CloudTrail
        • Guard Duty
      • Route53
      • Serverless Architectures
        • Lambda
      • VPC
        • Highly Available & Fault Tolerant VPCs
        • Hybrid Environments
          • VPC Peering
          • Direct Connect
        • Cloud HSM
    • GCP
    • Azure
    • HashiCorp
    • Red Hat
      • RHEL
        • Basics
        • Grep & Regex
        • SSH
      • Ansible
    • Tutorials/Guides
      • Linux
        • Admin
  • Software Engineering
    • Machine Learning
      • Deep Learning
        • Tensorflow
      • Training and Loss
    • Programming
      • APIs
    • Security
    • Web Development
      • OSI 7 Layer Model
    • Tutorials/Guides
      • Apache Server
    • Virtualization
      • Virtual Machines
      • Containers
      • Serverless
  • Fitness
    • Nutrition
      • Diets
      • Macronutrients
      • Supplements
      • Miscellaneous
    • Strength Training
    • BodyBuilding
  • Miscellaneous
    • Technology Ethics
      • Education
    • Interesting Concepts
      • Libertarian Paternalism
Powered by GitBook
On this page
  • Design Principles
  • Best Practices
  • Identity and Access Management
  • Detective Controls
  • Infrastructure Protection
  • Data Protection

Was this helpful?

  1. Cloud Computing
  2. AWS
  3. Well Architected Framework

Security

The ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Design Principles

  • Implement a strong identity foundation

  • Enable traceability

  • Apply security at every layer

  • Automate security

  • Protect data in transit and at rest

  • Prepare for security events

Best Practices

Identity and Access Management

  • Access Control

    • IAM

  • Centrally Manage Accounts

    • AWS Organizations

  • Identity Authentication

    • MFA Tokens

      • Hardware FOBs

      • Virtual MFA - Google Auth, DUO, etc.

  • Limited Life Credentials

    • Temporary Security Credentials

    • Roles instead of credentials!

Detective Controls

  • API Access Logs

  • Resource Inventory

  • Logs Metric Filters

  • Threat Detection

    • Guard Duty

Infrastructure Protection

  • Isolated Virtual Networks

  • Vulnerability Detection

  • DDOS Mitigation

  • Application Firewall

Data Protection

  • Data Security Automation

  • Object Encryption

  • Incident Response

    • Infrastructure as Code

    • Response Team Authorization

      • IAM

PreviousCost OptimizationNextAnalytics

Last updated 5 years ago

Was this helpful?

Encryption

CloudTrail
AWS Config
CloudWatch
VPC
Amazon Inspector
AWS Shield
Macie
Simple Storage Service (S3)
Key Management Service (KMS)
CloudFormation
AWS WAF