Ends in
00
days
00
hrs
00
mins
00
secs
ENROLL NOW

🚀 Extended! 25% OFF All Practice Exams & Video Courses, $2.99 eBooks, Savings on PlayCloud and CodeQuest!

AWS Security & Identity Services

Home » AWS Cheat Sheets » AWS Security & Identity Services » Page 3

IP Blocking: Use AWS WAF or NACL?

2023-08-14T02:45:24+00:00

What should you do if you identified a series of malicious attacks on your application coming from a specific IP address? Will you use AWS WAF to block that IP address or create a rule in your Network Access Control List to deny traffic from that IP? It is true that AWS WAF can filter web requests based on IP addresses, HTTP headers, HTTP body, or URI strings, to block common attack patterns, such as SQL injection or cross-site scripting. NACL, on the other hand, acts like a firewall for controlling traffic in and out of your subnets. If the [...]

IP Blocking: Use AWS WAF or NACL?2023-08-14T02:45:24+00:00

AWS Directory Service

2025-11-30T16:02:23+00:00

Bookmarks Concepts Active Directory Schema Features Security and Monitoring Pricing Active Directory Connector Simple AD Amazon Cloud Directory AWS Directory Service Cheat Sheet For Microsoft Active Directory AWS Directory Service provides multiple ways to use Microsoft Active Directory (AD) or other directory structures with AWS services. It allows your directory-aware workloads (like EC2 instances, RDS for SQL Server, and WorkSpaces) to use managed Active Directory in the AWS Cloud. Concepts Managed Infrastructure: AWS creates two Domain Controllers (DCs) in two different subnets (AZs) within your VPC. Note: You do [...]

AWS Directory Service2025-11-30T16:02:23+00:00

Amazon Inspector

2025-11-30T12:25:34+00:00

Bookmarks Features Concepts Rules Packages and Rules Assessment Reports Pricing Amazon Inspector Cheat Sheet Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure. Legacy Note: This service replaces "Amazon Inspector Classic." Inspector Classic required manual scheduling and custom agents; the new Inspector is continuous, automated, and integrated with AWS Organizations. Key Capabilities Continuous Scanning: Automatically detects new resources and scans them immediately. It re-scans resources whenever changes occur (e.g., new software installed, new CVE released). Multi-Resource Coverage: Scans Amazon EC2 instances, [...]

Amazon Inspector2025-11-30T12:25:34+00:00

AWS Key Management Service (AWS KMS)

2025-12-07T13:18:44+00:00

Bookmarks Features Concepts Importing Keys Deleting Keys Pricing Validate Your Knowledge AWS KMS Cheat Sheet A managed service that enables you to easily encrypt your data. KMS provides a highly available key storage, management, and auditing solution for you to encrypt data within your own applications and control the encryption of stored data across AWS services. Features AWS KMS is integrated with CloudTrail, which provides you the ability to audit who used which keys, on which resources, and when. AWS KMS keys are used to control access to data encryption keys [...]

AWS Key Management Service (AWS KMS)2025-12-07T13:18:44+00:00

AWS Organizations

2025-12-04T15:13:52+00:00

Bookmarks Features Administrative Actions in Organization Concepts Pricing Validate Your Knowledge AWS Organizations Cheat Sheet AWS Organizations is a management service that lets you centrally govern multiple AWS accounts. It supports policy-based controls, consolidated billing, hierarchical grouping of accounts, and organization-wide governance. Key terms: Organization — A collection of AWS accounts managed centrally. Management Account — The main account that creates and administers the organization; acts as the payer account. Member Account — Any account (besides the management account) that is part of an organization. Administrative Root — The top container in [...]

AWS Organizations2025-12-04T15:13:52+00:00

AWS WAF

2025-12-07T13:34:42+00:00

AWS WAF Cheat Sheet AWS WAF is a web application firewall that protects web applications and APIs from common web exploits by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions you define. Conditions can include IP addresses, HTTP headers, request body, URI strings, SQL injection attempts, and cross-site scripting (XSS). Features Flexible Rule-Based Filtering Create rules using conditions based on IPs, headers, body, URI paths, geographic location, and more. Detect and block common exploits such as SQL injection and XSS. JSON body inspection allows validating keys/values for secure API protection. Rule Types [...]

AWS WAF2025-12-07T13:34:42+00:00

AWS Shield

2025-12-07T13:15:58+00:00

AWS Shield Cheat Sheet A managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. Shield Tiers and Features Standard All AWS customers benefit from the automatic protections of Shield Standard. Provides always-on network flow monitoring that inspects incoming traffic to AWS and detects malicious traffic in real time. Uses techniques such as deterministic packet filtering and priority-based traffic shaping to automatically mitigate attacks without impacting your applications. When used with CloudFront and Route 53, Shield Standard provides comprehensive availability protection against known infrastructure-layer attacks. You can view detected and mitigated events in your account’s AWS [...]

AWS Shield2025-12-07T13:15:58+00:00

AWS Firewall Manager

2025-11-30T15:59:53+00:00

AWS Firewall Manager Cheat Sheet AWS Firewall Manager is a security management service that allows you to centrally configure and manage firewall rules across multiple AWS accounts and applications in AWS Organizations. Simplification: You set up your firewall rules just once, and the service automatically applies them across your accounts and resources (even as new resources are created). Scope: It goes beyond just WAF; it manages VPC Security Groups, Network ACLs, AWS Network Firewall, DNS Firewall, and Shield Advanced. Key Features 1. Centralized Management Integrated with AWS Organizations: Automatically fetches new accounts and resources to apply protection policies immediately upon [...]

AWS Firewall Manager2025-11-30T15:59:53+00:00

AWS Identity and Access Management ( IAM )

2025-12-07T12:34:10+00:00

Bookmarks Features Infrastructure Elements Users Policies AWS Security Token Service (STS) Assume Role Options STS Get Tokens IAM Access Analyzer IAM Identity Center Best Practices AWS IAM-related Cheat Sheets Validate Your Knowledge AWS Identity and Access Management Cheat Sheet AWS Identity and Access Management (IAM) is a global service that enables you to manage access to AWS services and resources securely. It controls who is authenticated (signed in) and authorized (has permissions) to use resources. Features Global Service IAM configurations apply to all AWS Regions [...]

AWS Identity and Access Management ( IAM )2025-12-07T12:34:10+00:00

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Upskill and earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!