Cheat Sheet #day14 - AWS Security Services

AWS Security Services Cheat Sheet

AWS provides a variety of security services to help protect your data, accounts, and workloads. Here is a cheat sheet to quickly understand and utilize these services.

Identity and Access Management

1. AWS Identity and Access Management (IAM)

   • Purpose: Manage access to AWS services and resources.

   • Key Features: Users, groups, roles, policies, MFA, Identity Federation.

   • Commands:

     • Create User: aws iam create-user --user-name USERNAME

     • Attach Policy: aws iam attach-user-policy --user-name USERNAME --policy-arn POLICY_ARN

   • Best Practices:

     • Use groups for permissions.

     • Implement the principle of least privilege.

     • Enable MFA for all users.

2. AWS Single Sign-On (SSO)

   • Purpose: Centralized access management for multiple AWS accounts and applications.

   • Key Features: Single sign-on, user management, custom user attributes.

   • Setup: Integrate with your identity provider, configure AWS SSO, assign user permissions.

Data Protection

3. AWS Key Management Service (KMS)

   • Purpose: Create and manage cryptographic keys.

   • Key Features: Key creation, rotation, and management, encryption and decryption.

   • Commands:

     • Create Key: aws kms create-key

     • Encrypt Data: aws kms encrypt --key-id KEY_ID --plaintext fileb://data.txt --output text --query CiphertextBlob

   • Best Practices:

     • Regularly rotate keys.

     • Use customer-managed keys for sensitive data.

4. AWS CloudHSM

   • Purpose: Hardware-based key storage for compliance with stringent security requirements.

   • Key Features: Dedicated HSM devices, high availability, FIPS 140-2 Level 3 compliance.

   • Setup: Provision HSM cluster, initialize HSM, configure clients.

5. AWS Certificate Manager (ACM)

   • Purpose: Provision, manage, and deploy SSL/TLS certificates.

   • Key Features: Automatic renewal, easy integration with AWS services.

   • Commands:

     • Request Certificate: aws acm request-certificate --domain-name example.com

     • List Certificates: aws acm list-certificates

   • Best Practices:

     • Use ACM for managing certificates.

     • Automate certificate renewal.

Threat Detection and Monitoring

6. Amazon GuardDuty

   • Purpose: Continuous threat detection and monitoring.

   • Key Features: Anomaly detection, threat intelligence feeds, integration with CloudWatch.

   • Commands:

     • Enable GuardDuty: aws guardduty create-detector

     • View Findings: aws guardduty list-findings

   • Best Practices:

     • Regularly review and respond to GuardDuty findings.

     • Integrate with AWS Security Hub for consolidated view.

7. AWS Security Hub

   • Purpose: Centralized view of security findings across multiple AWS accounts.

   • Key Features: Compliance checks, automated security checks, integration with other AWS services.

   • Commands:

     • Enable Security Hub: aws securityhub enable-security-hub

     • List Findings: aws securityhub get-findings

   • Best Practices:

     • Regularly review security posture.

     • Integrate with automated response mechanisms.

8. Amazon Macie

   • Purpose: Data security and privacy service to protect sensitive data in S3.

   • Key Features: Machine learning to detect PII, data classification, continuous monitoring.

   • Commands:

     • Enable Macie: aws macie2 enable-macie

     • Create Findings: aws macie2 create-findings

   • Best Practices:

     • Regularly scan S3 buckets for sensitive data.

     • Implement automated remediation for Macie findings.

Network and Application Security

9. AWS Shield

   • Purpose: DDoS protection for applications running on AWS.

   • Key Features: Standard (free) and Advanced (paid) protection, automatic attack mitigation.

   • Setup: Shield Standard is enabled by default, for Shield Advanced, sign up via AWS Console.

   • Best Practices:

     • Enable AWS Shield Advanced for critical applications.

     • Integrate with AWS WAF for additional protection.

10. AWS Web Application Firewall (WAF)

    • Purpose: Protect web applications from common web exploits.

    • Key Features: Customizable rules, managed rulesets, integration with CloudFront and ALB.

    • Commands:

      • Create Web ACL: aws wafv2 create-web-acl

      • Update Web ACL: aws wafv2 update-web-acl

    • Best Practices:

      • Regularly update WAF rules.

      • Use managed rulesets for common threats.

Logging and Monitoring

11. AWS CloudTrail

    • Purpose: Track user activity and API usage across AWS accounts.

    • Key Features: Event history, multi-region configuration, integration with CloudWatch.

    • Commands:

      • Create Trail: aws cloudtrail create-trail --name MyTrail --s3-bucket-name MyBucket

      • Lookup Events: aws cloudtrail lookup-events

    • Best Practices:

      • Enable CloudTrail for all regions.

      • Regularly review CloudTrail logs.

12. Amazon Inspector

    • Purpose: Automated security assessment service to help improve the security and compliance of applications.

    • Key Features: Assessment templates, agent-based scanning, detailed findings.

    • Commands:

      • Create Assessment Template: aws inspector create-assessment-template

      • List Findings: aws inspector list-findings

    • Best Practices:

      • Regularly run assessments.

      • Address high and medium severity findings promptly.

Conclusion

AWS security services provide a comprehensive suite of tools to help secure your cloud environment. By leveraging these services, you can protect your data, monitor and respond to threats, and maintain compliance with security best practices. Use this cheat sheet as a quick reference to the key commands and best practices for AWS security services.