AWS Security & Identity Services

Home » AWS Cheat Sheets » AWS Security & Identity Services » Page 2

Working with AWS KMS key using the AWS KMS API

2024-07-11T09:28:47+00:00

What is AWS Key Management Service? AWS Key Management Service (or KMS for short) is the service you use to securely store your encryption keys in AWS. If you need data encryption on your AWS resources, such as EBS volumes or RDS databases, you can use AWS KMS to simplify the process for you. You start using the service by requesting the creation of a KMS key. By default, AWS KMS creates the key material for your KMS key. You also have the option of importing your own keys to AWS if you wish to. Note that during key rotation, [...]

Working with AWS KMS key using the AWS KMS API2024-07-11T09:28:47+00:00

AWS Resource Access Manager

2025-12-04T15:19:20+00:00

AWS Resource Access Manager Cheat Sheet AWS Resource Access Manager (AWS RAM) is a service that allows you to securely share AWS resources across accounts, organizational units (OUs), or your entire AWS Organization. It eliminates the need to duplicate resources in multiple accounts, simplifying management and maintaining security and consistency. Only the master account can enable sharing with AWS Organizations. The organization must be enabled for all features. RAM eliminates the need to create duplicate resources in multiple accounts. You can create resources centrally in a multi-account environment, and use RAM to share those resources across accounts in three simple [...]

AWS Resource Access Manager2025-12-04T15:19:20+00:00

AWS Certificate Manager

2025-11-30T15:04:05+00:00

Bookmarks Concepts Types of Certificates For Use With ACM ACM Private Certificate Authority Domain Verification for Certificates Pricing Validate Your Knowledge AWS Certificate Manager Cheat Sheet AWS Certificate Manager (ACM) is a service that lets you easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services. It removes the manual process of purchasing, uploading, and renewing certificates. Public Certificates (Free): Secure public-facing websites (e.g., www.example.com). These are trusted by browsers by default. Private Certificates (Paid): Secure internal resources (e.g., database servers, internal APIs, IoT devices) within [...]

AWS Certificate Manager2025-11-30T15:04:05+00:00

Using the Secure String Parameter in Systems Manager Parameter Store

2024-07-10T08:42:49+00:00

What is AWS Systems Manager Parameter Store AWS Systems Manager Parameter Store helps you securely store and share key-value pairs across your AWS environment. It is one of the packages under AWS Systems Manager that helps you design a more robust and abstract infrastructure. With Parameter Store, you don’t have to hard code parameters nor save them in config files for application use. You can easily reference them in your applications and AWS resources using the unique parameter store key of those items.  Parameter Store supports a lot of use cases, from saving unencrypted plaintext to more sensitive information such [...]

Using the Secure String Parameter in Systems Manager Parameter Store2024-07-10T08:42:49+00:00

Amazon Cognito

2025-11-30T10:03:41+00:00

How It Works User Pools Identity Pools Common Use Cases Pricing Validate Your Knowledge Amazon Cognito Cheat Sheet A user management and authentication service that can be integrated to your web or mobile applications. Amazon Cognito also enables you to authenticate users through an external identity provider and provides temporary security credentials to access your app’s backend resources in AWS or any service behind Amazon API Gateway. Amazon Cognito works with external identity providers that support SAML or OpenID Connect, social identity providers (Facebook, Twitter, Amazon, Google, Apple) and you can also [...]

Amazon Cognito2025-11-30T10:03:41+00:00

AWS Secrets Manager

2025-12-04T16:00:56+00:00

Bookmarks Features How Secret Rotation Works Security Compliance Pricing Validate Your Knowledge AWS Secrets Manager Cheat Sheet AWS Secrets Manager is a secret management service that enables you to securely rotate, manage, and retrieve database credentials, API keys, OAuth tokens, and other secrets throughout their lifecycle. It eliminates the need to hard-code credentials in applications and improves security posture. Features Encryption & Secure Transmission: Secrets are encrypted at rest using AWS KMS keys (customer-managed or default) and transmitted securely over TLS. Secret Rotation: Rotate secrets on schedule or on demand via [...]

AWS Secrets Manager2025-12-04T16:00:56+00:00

AWS Security Hub

2025-12-07T13:04:20+00:00

Bookmarks Features How It Works Concepts Pricing AWS Security Hub Cheat Sheet AWS Security Hub provides a comprehensive view of your security posture across AWS accounts by aggregating, organizing, and prioritizing security findings from AWS services, AWS partner tools, and automated compliance checks. It helps evaluate compliance with industry standards and best practices. Features Centralized Security Findings Aggregates security alerts (findings) across AWS services such as: Amazon GuardDuty Amazon Inspector Amazon Macie AWS IAM Access Analyzer AWS Firewall Manager AWS Audit Manager Integrated AWS Partner security solutions Multi-Account Support via AWS Organizations Integrates [...]

AWS Security Hub2025-12-07T13:04:20+00:00

Amazon GuardDuty

2025-11-30T11:06:09+00:00

Bookmarks How It Works GuardDuty Findings Trusted IP Lists and Threat Lists Pricing Validate Your Knowledge Amazon GuardDuty Cheat Sheet An intelligent threat detection service. It analyzes billions of events across your AWS accounts from AWS CloudTrail (AWS user and API activity in your accounts), Amazon VPC Flow Logs (network traffic data), and DNS Logs (name query patterns). How It Works Backdoor: Compromised resource contacting a C&C server. CryptoCurrency: Mining software detected. Trojan: Silent malicious activity. Stealth: Attempting to hide actions/tracks. PenTest: Intentional testing tools or vulnerability scanners. EKS Protection: Monitors Kubernetes [...]

Amazon GuardDuty2025-11-30T11:06:09+00:00

AWS Artifact

2025-11-30T12:57:32+00:00

AWS Artifact Cheat Sheet AWS Artifact is a legally binding, self-service portal that provides on-demand access to AWS’ compliance reports and select online agreements. It serves as your central repository for audit artifacts, allowing you to demonstrate to auditors or regulators that your AWS infrastructure meets specific security and compliance standards. Overview & Key Capabilities Central Compliance Repository: A single location to download audit artifacts and manage agreements. Audit Artifacts: Evidence (reports, certifications) that validates AWS security controls are effective and compliant. Legal Agreements: Review, accept, and manage contracts like the Business Associate Addendum (BAA) for HIPAA. Third-Party Visibility: Access [...]

AWS Artifact2025-11-30T12:57:32+00:00

Amazon Macie

2025-11-30T13:46:34+00:00

Bookmarks Concepts Pricing Amazon Macie Cheat Sheet Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in Amazon S3. Primary Focus: S3 Bucket security posture (Encryption/Public Access) and Sensitive Data Discovery (PII, PHI, Credentials). Legacy Note: Macie Classic features (CloudTrail anomaly detection, user behavior analytics) have been removed. Use Amazon GuardDuty for threat detection and AWS CloudTrail Insights for anomaly detection. Key Features 1. Automated Sensitive Data Discovery (New) Continuous Sampling: Once enabled, Macie automatically and continually samples [...]

Amazon Macie2025-11-30T13:46:34+00:00

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Upskill and earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!