Amazon Macie
Ref: https://www.udemy.com/course/aws-ai-practitioner-certified/learn/lecture/45375619
- 🔧 Fully-managed data security and privacy service
- Uses ML and pattern matching to discover and
protect your sensitive data in AWS
- Example integration:
- Store dataset for your ML model in S3
- Scan dataset with Macie, which identifies sensitive data (e.g. personally identifiable information - PII)
- Alert the user via Amazon EventBridge whenever PII has been detected or redacted
- Architecture diagram
AWS Config
Ref: https://www.udemy.com/course/aws-ai-practitioner-certified/learn/lecture/45375623
- 🔧 Records configurations and changes of AWS resources over time
- AWS Config Rule = defines what to track
- Helps with auditing and recording compliance of your AWS resources
- Example questions/compliance that can be tracked with Config:
- Is there unrestricted SSH access to my security groups?
- Do my buckets have any public access?
- How has my ALB configuration changed over time?
- Per-region service
- Can be aggregated across regions and accounts
- Integrations:
- Can store configuration data in S3 (then analyzed by Athena)
- Can send alerts (SNS notifications) for any changes
- Can view CloudTrail API calls if enabled
- Screenshots
- View compliance of a resource over time
- View configuration of a resource over time
Amazon Inspector
Ref: https://www.udemy.com/course/aws-ai-practitioner-certified/learn/lecture/45375625
- 🔧 Automated Security & Vulnerabilities Assessments
- Continuous scanning of the infrastructure, only when needed
- A risk score is associated with all vulnerabilities for prioritization
- ‼️ ONLY for EC2 instances, container images in ECR (Elastic Container Registry) and Lambda functions!!