AWS Application Security Services for Cloud and DevOps Engineers

AWS Application Security Services for Cloud and DevOps Engineers

Learning path for the AWS Cloud Practitioner exam

Francisco Souza's photo
Francisco Souza
·

5 min read

Table of contents

📝Introduction

This post will cover the main Technologies of AWS Application Security Services.

📝Application Security Services

  • AWS Web Application Firewall(WAF) -> It helps to protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.

    • Save time with managed rules so you can spend more time building applications

    • More easily monitor, block, or rate-limit pervasive bots

    • Improve web traffic visibility with granular control over how metrics are emitted

    • Real-time visibility

    • SQL injection and cross-site scripting

    • WAF in the Real World Scenarios:

      • Prevent account takeover fraud. Monitor your application’s login page for unauthorized access to user accounts using compromised credentials.

      • Filter web traffic. Create rules to filter web requests based on conditions such as IP addresses, HTTP headers and body, or custom URIs.

  • AWS Shield -> It is a managed DDoS protection service that safeguards applications running on AWS.

    • Automatically detect and mitigate sophisticated network-level distributed denial of service (DDoS) events

    • Static threshold DDoS protection for underlying AWS services

    • Health-based detection

    • Proactive event response

    • Protection groups

    • Global availability

    • Free and Advanced version

    • Specialized support - Business and Enterprise support plans give 24/7 access to the SRT(AWS Shield Response Team)

    • Integrated to CloudFront, WAF, Route53 and API Gateway

    • Shield in the Real World Scenarios:

      • Minimize application downtime and latency. Deploy inline mitigations such as deterministic packet filtering and priority-based traffic shaping to stop basic network-layer attacks.

      • Automatically scrub bad traffic at specific layers. Protect applications and APIs from SYN floods, UDP floods, or other reflection attacks.

  • AWS Macie -> It is a data security service that uses machine learning (ML) and pattern matching to discover and help protect your sensitive data.

    • Automate sensitive data discovery at scale

    • Gain cost-efficient visibility into sensitive data stored in Amazon S3

    • Fully managed sensitive data types

    • Multi-account support and integration with AWS Organizations

    • One-selection deployment with no upfront data source integration

    • Macie in the Real World Scenarios:

      • Discover sensitive data for compliance. Schedule data analysis to certify that sensitive data is discovered and protected.

      • Protect sensitive data during migration. During data ingestion, determine if sensitive data has been appropriately protected.

  • AWS Config -> It continually assesses, audits, and evaluates the configurations and relationships of your resources on AWS, on-premises, and on other clouds.

    • Configuration history of resources and software

    • Resource relationships tracking

    • Configurable and customizable rules

    • Multi-account, multi-Region data aggregation

    • Cloud governance dashboard

    • Integrated to AWS Organizations, CloudTrail, AWS Security Hub, AWS Audit Manager, AWS WAF, AWS EC2 Dedicated Host, ELB/ALB, ITSM/ITOM software

    • Config in the Real World Scenarios:

      • Deploy a compliance-as-code framework. Codify your compliance requirements as AWS Config rules and author remediation actions, automating the assessment of your resource configurations across your organization.

      • Continually audit security monitoring and analysis. Evaluate resource configurations for potential vulnerabilities, and review your configuration history after potential incidents to examine your security posture.

  • AWS GuardDuty -> It is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.

    • Continuous monitoring across AWS accounts without added cost and complexity

    • Uses Machine Learning(ML)

    • Accurate, account-level threat detection

    • Mitigate threats early by initiating automated responses

    • Quickly and easily scale threat detection across your environment

    • One-step deployment with no additional software or infrastructure to deploy and manage

    • GuardDuty in the Real World Scenarios:

      • Detect and mitigate threats in your container environment. Identify and profile possible malicious or suspicious behaviour in container workloads by analyzing Amazon EKS audit logs and container runtime activity.

      • Identify files containing malware. Scan Amazon Elastic Block Store (EBS) for files that might have malware creating suspicious behaviour on instance and container workloads running on Amazon Elastic Compute Cloud (EC2).

  • AWS Inspector -> It is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.

    • Detect in near real-time in AWS workloads such as Amazon EC2, AWS Lambda functions, and Amazon ECR

    • Centrally manage software bill of materials (SBOM) exports for all monitored resources

    • Use the highly accurate Amazon Inspector risk score to efficiently prioritize your remediation

    • Reduce mean time to remediate (MTTR) vulnerabilities and streamline workflow with Amazon EventBridge and AWS Security Hub integrations

    • Simplified one-click onboarding and integration with AWS Organizations

    • Inspector in the Real World Scenarios:

      • Meet compliance requirements. Support compliance requirements and best practices for NIST CSF, PCI DSS, and other regulations with Amazon Inspector scans.

      • Quickly discover zero-day vulnerabilities in compute workloads. Automate discovery, expedite vulnerability routing, and shorten MTTR with over 50 sources of vulnerability intelligence.

  • AWS Artifact -> It provides on-demand access to security and compliance documents and reports from AWS and ISVs who sell their products on AWS Marketplace.

    • Save time with on-demand access to AWS and Independent Software Vendor (ISV) compliance reports in a self-service portal

    • On-demand accept, terminate, and download compliance agreements with AWS

    • Improve your workload deploying confidence by understanding the compliance and security posture of AWS.

    • Artifact in the Real Scenarios:

      • Manage to select online agreements at scale. Review, accept, and manage your agreements with AWS and apply them to current and future accounts within your organization.

      • Understand AWS security and compliance posture. Find auditor-issued reports, certifications, accreditations, and other third-party attestations of AWS in a comprehensive resource.

Thank you for reading. I hope you were able to understand and learn something helpful from my blog.

Please follow me on Hashnode and on LinkedIn franciscojblsouza

DevopsDevops articlesCloudCloud ComputingAWS