• Contents:

Summary/Overview

Generic AWS Services

• IAM – Identity authentication, authorization and management (IDP)
  • IAM Users – mapped to a physical user, has a password for AWS Console
  • IAM Groups – contains users only
  • IAM Roles – for EC2 instances or AWS services
  • IAM Policies – JSON document that outlines permissions for users or groups
• VPC – Virtual Private Network (VPN) within AWS
  • VPC Endpoint powered by PrivateLink – access AWS Services within a private VPC
• S3 – Simple Storage Service
  • S3 Gateway Endpoint: access S3 privately
• EC2 – Infrastructure-as-a-Service (IaaS), Virtual Machines/Servers (VMs)
  • EC2 Instance – AMI (OS) + Instance Size (CPU + RAM) + Storage + security groups + EC2 User Data
• Lambda – serverless, Function-as-a-Service (FaaS), seamless scaling

AWS Security Services

• Macie – find sensitive data (e.g. PII data) in S3 buckets
• Config – track config changes and compliance against rules over time
• Inspector – find software vulnerabilities in EC2 instances, ECR images, and Lambda functions
• CloudTrail – track API calls made by users within account
• Artifact – access compliance reports such as PCI, ISO, etc
• Audit Manager – continuously audit AWS services usage and prepare audits
• Trusted Advisor – get high-level security insights, Support Plan adapted to your needs

Detailed Pages