Ends in

Get up to $10 DISCOUNT on our AWS Solutions Architect Associate Reviewers!

AWS Security & Identity Services

//AWS Security & Identity Services

AWS Certificate Manager


Bookmarks Concepts Types of Certificates For Use With ACM ACM Private Certificate Authority Domain Verification for Certificates Pricing Validate Your Knowledge A service that lets you easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and your internal connected resources. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet as well as resources on private networks. ACM is integrated with the following services: Elastic Load Balancing Amazon CloudFront - To use an ACM certificate with CloudFront, you [...]

AWS Certificate Manager2023-02-01T09:42:12+00:00

Using the Secure String Parameter in Systems Manager Parameter Store


What is AWS Systems Manager Parameter Store AWS Systems Manager Parameter Store helps you securely store and share key-value pairs across your AWS environment. It is one of the packages under AWS Systems Manager that helps you design a more robust and abstract infrastructure. With Parameter Store, you don’t have to hard code parameters nor save them in config files for application use. You can easily reference them in your applications and AWS resources using the unique parameter store key of those items.  Parameter Store supports a lot of use cases, from saving unencrypted plaintext to more sensitive information such [...]

Using the Secure String Parameter in Systems Manager Parameter Store2023-02-02T09:34:06+00:00

Amazon Cognito


Bookmarks How It Works User Pools Identity Pools Common Use Cases Pricing Validate Your Knowledge A user management and authentication service that can be integrated to your web or mobile applications. Amazon Cognito also enables you to authenticate users through an external identity provider and provides temporary security credentials to access your app’s backend resources in AWS or any service behind Amazon API Gateway. Amazon Cognito works with external identity providers that support SAML or OpenID Connect, social identity providers (Facebook, Twitter, Amazon, Google, Apple) and you can also integrate your [...]

Amazon Cognito2023-02-01T09:36:21+00:00

AWS Secrets Manager


Bookmarks Features How Secret Rotation Works Security Compliance Pricing Validate Your Knowledge A secret management service that enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Features AWS Secrets Manager encrypts secrets at rest using encryption keys that you own and store in AWS Key Management Service [customer managed keys]. When you retrieve a secret, Secrets Manager decrypts the secret and transmits it securely over TLS to your local environment. You can rotate secrets on a schedule or on demand by using [...]

AWS Secrets Manager2023-02-02T09:18:34+00:00

AWS Security Hub


Bookmarks Features How It Works Concepts Pricing AWS Security Hub provides a comprehensive view of your security state within AWS and your compliance with security industry standards and best practices. Features You now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, across multiple accounts, AWS partner tools, and AWS services such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS IAM Access Analyzer, AWS Firewall Manager, and AWS Audit Manager. AWS Security Hub works with AWS Organizations to simplify security posture management across all of your existing and [...]

AWS Security Hub2023-02-02T09:24:03+00:00

Amazon GuardDuty


Bookmarks How It Works GuardDuty Findings Trusted IP Lists and Threat Lists Pricing Validate Your Knowledge An intelligent threat detection service. It analyzes billions of events across your AWS accounts from AWS CloudTrail (AWS user and API activity in your accounts), Amazon VPC Flow Logs (network traffic data), and DNS Logs (name query patterns). How It Works GuardDuty is a regional service. Threat detection categories Reconnaissance -- Activity suggesting reconnaissance by an attacker, such as unusual API activity, intra-VPC port scanning, unusual patterns of failed login requests, or unblocked port probing from [...]

Amazon GuardDuty2023-02-01T09:38:19+00:00

AWS Artifact


A self-service central repository of AWS’ security and compliance reports and select online agreements. An audit artifact is a piece of evidence that demonstrates that an organization is following a documented process or meeting a specific requirement (business compliant).  AWS Artifact Reports include the following: ISO, Service Organization Control (SOC) reports,  Payment Card Industry (PCI) reports,  and certifications that validate the implementation and operating effectiveness of AWS security controls. AWS Artifacts Agreements include  the Nondisclosure Agreement (NDA)  the Business Associate Addendum (BAA), which typically is required for companies that are subject to the HIPAA Act to ensure that protected health [...]

AWS Artifact2023-02-01T09:41:23+00:00

Amazon Macie


Bookmarks Concepts Pricing A security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property. Amazon Macie allows you to achieve the following: Identify and protect various data types, including PII, PHI, regulatory documents, API keys, and secret keys Verify compliance with automated logs that allow for instant auditing Identify changes to policies and access control lists Observe changes in user behavior and receive actionable alerts Receive notifications when data and account credentials leave protected zones Detect [...]

Amazon Macie2023-02-01T09:40:23+00:00

IP Blocking: Use AWS WAF or NACL?


What should you do if you identified a series of malicious attacks on your application coming from a specific IP address? Will you use AWS WAF to block that IP address or create a rule in your Network Access Control List to deny traffic from that IP? It is true that AWS WAF can filter web requests based on IP addresses, HTTP headers, HTTP body, or URI strings, to block common attack patterns, such as SQL injection or cross-site scripting. NACL, on the other hand, acts like a firewall for controlling traffic in and out of your subnets. If the [...]

IP Blocking: Use AWS WAF or NACL?2023-02-02T09:31:30+00:00

AWS Directory Service


Bookmarks Concepts Active Directory Schema Features Security and Monitoring Pricing Active Directory Connector Simple AD Amazon Cloud Directory For Microsoft Active Directory Also known as AWS Managed Microsoft AD, the service enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. The service is built on actual Microsoft Active Directory and powered by Windows Server 2012 R2. AWS Managed Microsoft AD is your best choice if you need actual Active Directory features to support AWS applications or Windows workloads, including Amazon RDS for [...]

AWS Directory Service2023-02-01T09:42:57+00:00

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!