Security, Identity & Compliance

AWS Shield

Provides protection against DDoS.

• The standard version of Shield is implemented automatically on all AWS accounts.

• There are two layers for AWS Shield:

  • Standard

    • Covers Network Flow Monitoring.

    • Protection from DDoS attacks.

  • Advanced

    • Covers deeper (layer 7) application layers traffic monitoring.

    • More DDoS mitigations ways.

    • Visibility and Reporting of attacks.

      • Like forensic reports.

      • History resport.

    • DDoS response support team.

    • Cost protection, for reimbursing related Route 53, CloudFront and ELB DDoS charges.

Web Application Firewall (WAF)

• It is a web application firewall that allows you to monitor http and https requests forwaded tp CloudFront, Load Balancer or Gateway API.

• It also provide additional protection against common attacks such as SQL injection and cross-side scripting (XSS).

• It has different sets of rules that can be used for different applications.

  • Like allow access to your content or not.

It allows 3 different behavior types:

• Allow all the requests Except the ones you specify.

• Block all the requests Except the ones you specify.

• Count the number of requests that satisfy the properties you specify.

Identity and Access Management (IAM)

More info Identity and Access Management (IAM).

AWS Organizations

More info AWS Organizations.

Amazon Inspector

• Is an automated security assessment service.

• It can help automatically identifying vulnerabilities or areas of improvement within your AWS account.

  • After inspecting, it produces a detailed list of security vulnerabilities found ordered by importance.

Artifact

• Is an online portal that provides access to AWS security and compliance documentation, and that documentation can be readily available when needed for auditing and compliance purposes.

Certificate Manager

• Issues SSL certificates for HTTPS communication with your website.

• It integrates with AWS services such as Route 53 and CloudFront, and the certificates that are provisioned through AWS Certificate Manager are completely free.

Amazon Cloud Directory

• Is a cloud-based directory service that can have hierarchies of data in multiple dimensions.

• Unlike conventional LDAP-based directory services that can only have a single hierarchy.

Directory Service

• Is a fully managed Microsoft Active Directory service in the AWS cloud.

CloudHSM

• Is a dedicated hardware security module in the AWS cloud.

• This allows you to achieve corporate and regulatory compliance while at the same time greatly reducing your costs over using your own HSM in your own infrastructure.

Amazon Cognito

• Provides sign-in and sign-up capability for your web and mobile applications.

• You can also integrate that sign-up process with external OAuth providers such as Google and Facebook, and also Saml 2.0 providers as well.

Key Management Service (KMS)

• Makes it easy to create and control encryption keys for your encrypted data, ant it also uses hardware security modules to secure your keys.

• It's integrated well with AWS services such as S3, Redshift and EBS.