Introduction to Security, Identity and Compliance in AWS

 

 In this post, we will talk about AWS. The below features are included in the service:

• AWS Artifact
• AWS Certification Manager
• AWS Cloud Directory
• AWS Directory Service
• AWS Cloud HSM
• Amazon Cognito
• Identity and Access Management (IAM)
• AWS Organizations
• AWS Inspector
• AWS Key Management Service (KMS)
• AWS shield
• AWS Web Application Firewall
• AWS Artifact

It is an online portal that provides excess AWS security and compliance documentation. 

 

 

 

The SSL for HTTP communication is integrated with your AWS service websites. It removes the time-consuming, manual process of purchasing and then uploading certificates.

 

 

 

Enables you to build flexible, cloud-native directories for organizing hierarchies of data along multiple dimensions. You can create directories for a variety of use cases, such as organizational charts, course catalogs, and device registries.

 

 

It is a fully managed Microsoft directory service in the AWS cloud. It does not require you to synchronize or replicate data from your existing Active Directory to the cloud.

 

 

It is a dedicated Hardware Security Module. It is a fully-managed service that automates time-consuming administrative tasks for you, such as hardware provisioning, software patching, high-availability, and backups. CloudHSM also enables you to scale quickly by adding and removing HSM capacity on-demand, with no up-front costs.

 

 

 

It adds user signup, sign in and access control to your web and mobile apps. The social identity OAUTH providers, such as Facebook, Google, and Amazon. The enterprise identity provides via SAML 2.0. It consists of 3 services (user pools, Federated Identity pools and sync key stores).

 

 

A web service that allows you to securely control individual and group access to your AWS resource. It creates and manages user identifies (“IAM user”) and grant permissions.

 

 

 

It allows multiple AWS accounts used by an organization to be part of an organizational unit (OU). The service control policies (SCPs) allow the whitelisting or blacklisting of service within an organizational unit. A blacklisted service will not be available even if the IAM user or group policy allows it.

 

 

It is an automated security assessment service. It reduces cost and increases the effectiveness of security assessments and compliance. The pricing starts at $0.30per agent assessment per month with volume discounting to achieve as low as $0.05per agent and assessment per month.

 

 

It makes it easy to create and encryption keys hardware security module in your keys. It is an integrated amazon such as S3 (Simple Storage Service), Redshift and EBS (Elastic Block Store).

 

 

 

It provides protection distributed denial service protection against data attacks. It is available globally on all Amazon CloudFront and Amazon Route 53 edge locations.

 

 

You can use it to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application.