AWS All-in-one Security Guide: Design, Build, Monitor, and Manage a Fortified Application Ecosystem on AWS

Learn to build robust security controls for the infrastructure, data, and applications in the AWS Cloud.

Key Features

• Takes a comprehensive layered security approach that covers major use-cases.
• Covers key AWS security features leveraging the CLI and Management Console.
• Step-by-step instructions for all topics with graphical illustrations.
• Relevant code samples written in JavaScript (for Node.js runtime).

Description

If you're looking for a comprehensive guide to Amazon Web Services (AWS) security, this book is for you. With the help of this book, cloud professionals and the security team will learn how to protect their cloud infrastructure components and applications from external and internal threats.

The book uses a comprehensive layered security approach to look into the relevant AWS services in each layer and discusses how to use them. It begins with an overview of the cloud's shared responsibility model and how to effectively use the AWS Identity and Access Management (IAM) service to configure identities and access controls for various services and components. The subsequent chapter covers AWS infrastructure security, data security, and AWS application layer security. Finally, the concluding chapters introduce the various logging, monitoring, and auditing services available in AWS, and the book ends with a chapter on AWS security best practices.

By the end, as readers, you will gain the knowledge and skills necessary to make informed decisions and put in place security controls to create AWS application ecosystems that are highly secure.

What you will learn

• Learn to create a layered security architecture and employ defense in depth.
• Master AWS IAM and protect APIs.
• Use AWS WAF, AWS Secrets Manager, and AWS Systems Manager Parameter Store.
• Learn to secure data in Amazon S3, EBS, DynamoDB, and RDS using AWS Key Management Service.
• Secure Amazon VPC, filter IPs, use Amazon Inspector, use ECR image scans, etc.
• Protect cloud infrastructure from DDoS attacks and use AWS Shield.

About the Author

Adrin Mukherjee is an experienced solutions architect who has taken up several challenging roles throughout his career, building distributed applications and high-performance systems. He enjoys helping customers in their digital transformation journeys, especially migrating applications to the cloud and creating highly scalable, secure, and resilient cloud-native platforms.

He is a certified AWS and Google Cloud solutions architect and security engineer. His interests include serverless computing, containerization, cloud security, and machine learning. When not dabbling at the keyboard, he loves