AWS Security Speciality

# AWS Security Speciality Security Blogs - 1. https://aws.amazon.com/blogs/security/how-to-perform-automated-incident-response-multi-account-environment/ 1. https://aws.amazon.com/blogs/security/use-aws-firewall-manager-vpc-security-groups-to-protect-applications-hosted-on-ec2-instances/ 1. https://aws.amazon.com/blogs/security/how-to-track-changes-to-secrets-stored-in-aws-secrets-manager-using-aws-config-and-aws-config-rules/ 1. https://aws.amazon.com/blogs/security/enable-automatic-logging-of-web-acls-by-using-aws-config/ 1. https://aws.amazon.com/blogs/security/selecting-and-migrating-a-facebook-api-version-for-amazon-cognito/ 1. https://aws.amazon.com/blogs/security/use-aws-lambda-authorizers-with-a-third-party-identity-provider-to-secure-amazon-api-gateway-rest-apis/ 1. https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/ 1. https://aws.amazon.com/blogs/security/continuous-compliance-monitoring-with-chef-inspec-and-aws-security-hub/ 1. https://aws.amazon.com/blogs/security/how-to-create-certificates-with-custom-extensions-using-aws-certificate-manager-private-ca/ 1. https://aws.amazon.com/blogs/security/manage-your-aws-kms-api-request-rates-using-service-quotas-and-amazon-cloudwatch/ 1. https://aws.amazon.com/blogs/security/how-to-use-kms-and-iam-to-enable-independent-security-controls-for-encrypted-data-in-s3/ 1. https://aws.amazon.com/blogs/security/how-to-import-aws-config-rules-evaluations-findings-security-hub/ 1. https://aws.amazon.com/blogs/security/how-to-automate-saml-federation-to-multiple-aws-accounts-from-microsoft-azure-active-directory/ 1. https://aws.amazon.com/blogs/security/how-to-securely-provide-database-credentials-to-lambda-functions-by-using-aws-secrets-manager/ 1. https://aws.amazon.com/blogs/security/how-to-set-up-an-outbound-vpc-proxy-with-domain-whitelisting-and-content-filtering/ 1. https://aws.amazon.com/blogs/security/how-to-centralize-and-automate-iam-policy-creation-in-sandbox-development-and-test-environments/ 1. https://aws.amazon.com/blogs/security/simplify-dns-management-in-a-multiaccount-environment-with-route-53-resolver/ 1. https://aws.amazon.com/blogs/security/how-to-use-service-control-policies-to-set-permission-guardrails-across-accounts-in-your-aws-organization/ 1. https://aws.amazon.com/blogs/security/how-to-share-encrypted-amis-across-accounts-to-launch-encrypted-ec2-instances/ 1. https://aws.amazon.com/blogs/security/guidelines-for-protecting-your-aws-account-while-using-programmatic-access/ 1. https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-manager-securely-store-rotate-ssh-key-pairs/ 1. https://aws.amazon.com/blogs/security/how-get-started-security-response-automation-aws 1. https://aws.amazon.com/blogs/security/setting-permissions-to-enable-accounts-for-upcoming-aws-regions/ 1. https://aws.amazon.com/blogs/security/how-to-use-service-control-policies-to-set-permission-guardrails-across-accounts-in-your-aws-organization/ 1. https://aws.amazon.com/blogs/security/alerting-monitoring-and-reporting-for-pci-dss-awareness-with-amazon-elasticsearch-service-and-aws-lambda/#comment-4399531622 1. https://aws.amazon.com/blogs/security/updated-whitepaper-now-available-aligning-to-the-nist-cybersecurity-framework-in-the-aws-cloud/ 1. https://aws.amazon.com/blogs/security/how-to-visualize-amazon-guardduty-findings-serverless-edition/ 1. https://aws.amazon.com/blogs/security/guidelines-for-protecting-your-aws-account-while-using-programmatic-access/ 1. https://aws.amazon.com/blogs/security/how-to-find-update-access-keys-password-mfa-aws-management-console/ 1. https://aws.amazon.com/blogs/security/how-to-set-up-an-outbound-vpc-proxy-with-domain-whitelisting-and-content-filtering/ 1. https://aws.amazon.com/blogs/security/introducing-the-aws-security-incident-response-whitepaper/ 1. https://aws.amazon.com/blogs/security/how-to-host-and-manage-an-entire-private-certificate-infrastructure-in-aws/ 1. https://aws.amazon.com/blogs/security/how-to-prompt-users-to-reset-their-aws-managed-microsoft-ad-passwords-proactively/ 1. https://aws.amazon.com/blogs/security/working-backward-from-iam-policies-and-principal-tags-to-standardized-names-and-tags-for-your-aws-resources/ 1. https://aws.amazon.com/blogs/security/simplify-dns-management-in-a-multiaccount-environment-with-route-53-resolver/ 1. https://aws.amazon.com/blogs/security/how-to-decrypt-ciphertexts-multiple-regions-aws-encryption-sdk-in-c/ 1. https://aws.amazon.com/blogs/security/create-fine-grained-session-permissions-using-iam-managed-policies/ 1. https://aws.amazon.com/blogs/security/how-to-share-encrypted-amis-across-accounts-to-launch-encrypted-ec2-instances/ 1. https://aws.amazon.com/blogs/security/how-to-quickly-launch-encrypted-ebs-backed-ec2-instances-from-unencrypted-amis/ 1. https://aws.amazon.com/blogs/security/trimming-aws-waf-logs-with-amazon-kinesis-firehose-transformations/ 1. https://aws.amazon.com/blogs/security/enabling-serverless-security-analytics-using-aws-waf-full-logs/ 1. https://aws.amazon.com/blogs/security/how-to-rotate-amazon-documentdb-and-amazon-redshift-credentials-in-aws-secrets-manager/ 1. https://aws.amazon.com/blogs/security/setting-permissions-to-enable-accounts-for-upcoming-aws-regions/ 1. https://aws.amazon.com/blogs/security/how-to-find-update-access-keys-password-mfa-aws-management-console/ 1. https://aws.amazon.com/blogs/security/how-to-use-aws-waf-to-filter-incoming-traffic-from-embargoed-countries/ 1. https://aws.amazon.com/blogs/security/how-to-use-bucket-policies-and-apply-defense-in-depth-to-help-secure-your-amazon-s3-data 1. https://aws.amazon.com/blogs/security/aws-single-sign-on-now-enables-command-line-interface-access-for-aws-accounts-using-corporate-credentials 1. https://aws.amazon.com/blogs/security/how-to-create-an-aws-iam-policy-to-grant-aws-lambda-access-to-an-amazon-dynamodb-table 1. https://aws.amazon.com/blogs/security/automate-analyzing-permissions-using-iam-access-advisor/ 1. https://aws.amazon.com/blogs/security/securing-messages-published-to-amazon-sns-with-aws-privatelink/ 1. https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/ 2. https://aws.amazon.com/blogs/?awsf.blog-master-category=category%23security-identity-compliance 3. https://aws.amazon.com/blogs/compute/protecting-your-api-using-amazon-api-gateway-and-aws-waf-part-i/ 4. https://aws.amazon.com/blogs/mobile/building-adfs-federation-for-your-web-app-using-amazon-cognito-user-pools/ S3 Events https://github.com/linuxacademy/la-aws-security_specialty/tree/master/S3Events Inspector https://docs.aws.amazon.com/inspector/latest/userguide/inspector_rule-packages.html https://docs.aws.amazon.com/inspector/latest/userguide/inspector_rule-packages_across_os.html https://docs.aws.amazon.com/inspector/latest/userguide/inspector_cves.html https://docs.aws.amazon.com/inspector/latest/userguide/inspector_cis.html https://docs.aws.amazon.com/inspector/latest/userguide/inspector_security-best-practices.html https://docs.aws.amazon.com/inspector/latest/userguide/inspector_runtime-behavior-analysis.html CloudWatch Events https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/resource-based-policies-cwe.html https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_Troubleshooting.html https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/iam-access-control-identity-based-cwe.html VPC FlowLogs https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html#flow-logs-records-examples CloudFront https://docs.aws.amazon.com/lambda/latest/dg/lambda-edge.html https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html S3 Bucket Policy examples - https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html IAM User Policy examples - https://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html ACL examples - https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html CRR - https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-how-setup.html https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-walkthrough-3.html https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-walkthrough-4.html WAF https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html VPC Endpoints https://docs.aws.amazon.com/vpc/latest/userguide/vpce-gateway.html https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html#vpc-endpoints-policies-s3 https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html#vpce-interface-limitations https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html Lambda/Serverless Security https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html#intro-permission-model-access-policy https://docs.aws.amazon.com/lambda/latest/dg/access-control-overview.html https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html vpc vs nat https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html https://aws.amazon.com/mp/scenarios/security/ids/ https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring/ IAM https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_dynamodb_columns.html https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entities https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteAccessPermissionsReqd.html https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies-vpc-endpoint.html https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-8 https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-owner-access/ https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/ https://web-identity-federation-playground.s3.amazonaws.com/index.html https://aws.amazon.com/blogs/compute/query-for-the-latest-amazon-linux-ami-ids-using-aws-systems-manager-parameter-store/ https://aws.amazon.com/blogs/compute/sharing-secrets-with-aws-lambda-using-aws-systems-manager-parameter-store/ https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#requests-per-second-table https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html https://docs.aws.amazon.com/kms/latest/developerguide/requests-per-second.html KMS https://docs.aws.amazon.com/kms/latest/developerguide/service-integration.html https://docs.aws.amazon.com/kms/latest/developerguide/services-ebs.html https://docs.aws.amazon.com/kms/latest/developerguide/services-dynamodb.html https://docs.aws.amazon.com/kms/latest/developerguide/services-rds.html https://docs.aws.amazon.com/kms/latest/developerguide/services-s3.html https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html https://docs.aws.amazon.com/kms/latest/developerguide/crypto-intro.html https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html https://en.wikipedia.org/wiki/FIPS_140-2 https://aws.amazon.com/blogs/security/how-to-protect-the-integrity-of-your-encrypted-data-by-using-aws-key-management-service-and-encryptioncontext/ https://docs.aws.amazon.com/kms/latest/developerguide/grants.html encryption sdk https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/sample-cache-example.html https://www.atlas.aws/ https://aws.amazon.com/compliance/ https://aws.amazon.com/compliance/programs/ HSM https://en.wikipedia.org/wiki/FIPS_140-2 https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html Cross Account Access https://aws.amazon.com/blogs/security/how-to-enable-cross-account-access-to-the-aws-management-console/ AWS Security Whitepapers https://d1.awsstatic.com/whitepapers/Security/Security_Compute_Services_Whitepaper.pdf https://d0.awsstatic.com/whitepapers/Security/Security_Storage_Services_Whitepaper.pdf https://d0.awsstatic.com/whitepapers/Security/Security_Database_Services_Whitepaper.pdf https://d0.awsstatic.com/whitepapers/Security/Security_Application_Services_Whitepaper.pdf https://d0.awsstatic.com/whitepapers/Security/Security_Analytics_Mobile_Services_Applications_Whitepaper.pdf https://d0.awsstatic.com/whitepapers/Security/Networking_Security_Whitepaper.pdf Revisit these - [ ] General - [ ] https://www.youtube.com/watch?v=FH6AXreSQWQ - [ ] https://www.youtube.com/watch?v=PD9S5xGC16g - [ ] https://www.youtube.com/watch?v=ZeltFg8PCzY&list=PLhr1KZpdzukcq-PFq4d4-BVgY1-j-sERx - [ ] SES - [ ] S3 Security - [ ] https://www.youtube.com/watch?v=vPgXx_zlEx0 - [ ] Systems Manager - [ ] https://www.youtube.com/watch?v=2efz7EH4czQ - [ ] Well Architectred - [ ] https://www.youtube.com/watch?v=u6BCVkXkPnM - [ ] AWS SSO - [ ] https://www.youtube.com/watch?v=aEIqeFCcK7E - [ ] Security Hub - [ ] https://www.youtube.com/watch?v=1DvAOOwOa5Q - [ ] AWS Organization - [ ] https://www.youtube.com/watch?v=fxo67UeeN1A - [ ] https://www.youtube.com/watch?v=W30sx0hpY0Y - [ ] VPC - [ ] https://www.youtube.com/watch?v=fnxXNZdf6ew - [ ] Athena - [ ] AWS Config - [ ] https://www.youtube.com/watch?v=X_fznJtSyV8 - [ ] https://www.youtube.com/watch?v=_lnp6IN_W6Q - [ ] WAF and Shield - [ ] https://www.youtube.com/watch?v=0xlwLEccRe0 - [ ] https://www.youtube.com/watch?v=llTu49RNXw0 - [ ] Glacier - [ ] Vault - [ ] Kinesis - [ ] https://www.youtube.com/watch?v=jKPlGznbfZ0 - [ ] Elastic Search - [ ] Secret Manager - [ ] Guard Duty - [ ] https://www.youtube.com/watch?v=o2YaIsps5LY - [ ] Firewall Manager - [ ] https://www.youtube.com/watch?v=w-zbsmpi7vw - [ ] AWS Trusted Advisor - [ ] AWS Personal Health dashboard - [ ] Macie - [ ] Health Dashboard - [ ] AWS Systems Manager - [ ] https://www.youtube.com/watch?v=BmpxZsk9N48 - [ ] https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-walk-support.html