Ends in
00
days
00
hrs
00
mins
00
secs
ENROLL NOW

Get $3 OFF ALL CCP, SAA, CDA, and SysOps Video Courses
FacebookTwitterYouTubeLinkedInSlackSlack

Security Related Notes

Home » AWS Cheat Sheets » AWS Security & Identity Services » Security Related Notes

HTTP Flood Attack Notification using AWS Lambda, Amazon EventBridge and CloudWatch Logs Insights

2024-01-25T05:04:59+00:00

We can almost do everything now on the website. Selling clothes, ordering food, video posting, doing business meetings, online classes, and others, you name it. Running a website is very awesome and at the same time hard, especially when bad actors want to mess with it. One sneaky way is an "HTTP Flood Attack," where your website gets bombarded with too many requests. This can slow down or even break your site. Detecting and responding to such attacks promptly is crucial for maintaining the availability and performance of your applications. In this blog post, we'll explore how to implement a simple [...]

HTTP Flood Attack Notification using AWS Lambda, Amazon EventBridge and CloudWatch Logs Insights2024-01-25T05:04:59+00:00

Managing Amazon GuardDuty Security Findings Across Multiple Accounts

2023-05-02T05:23:52+00:00

In our previous article, we discussed how GuardDuty can help organizations monitor their workloads and  AWS accounts from malicious activities and how to monitor findings with Amazon CloudWatch Events. Imagine that your organization has multiple AWS accounts for different workloads, teams, and projects. With every account, you need to monitor GuardDuty findings individually. It will be quite difficult for your security team to monitor these findings with their constant switching between AWS accounts.  Amazon GuardDuty supports the consolidation of these findings to one AWS account. For example, your organization has 10 AWS accounts. All you have to do is to [...]

Managing Amazon GuardDuty Security Findings Across Multiple Accounts2023-05-02T05:23:52+00:00

Monitoring GuardDuty Findings with Amazon CloudWatch Events

2023-05-27T08:47:29+00:00

Large scale cyber attacks are now becoming normal in this age of interconnectivity. As we rely more and more on cloud technologies, companies are looking to tap into digital innovations to improve their businesses. Cyber attacks are costing companies millions of dollars of downtime not to mention the possibility of lawsuits whenever an attack occurs. It is imperative that security teams have the means to prevent, detect, and take actions to ensure that the security of their workloads in AWS are airtight. Amazon GuardDuty was released during the 2017 re:Invent conference. Amazon GuardDuty is an agentless threat detection service that [...]

Monitoring GuardDuty Findings with Amazon CloudWatch Events2023-05-27T08:47:29+00:00

AWS Secrets Manager vs Systems Manager Parameter Store

2023-06-23T05:17:07+00:00

Bookmarks AWS Systems Manager Parameter Store AWS Secrets Manager Similarities and Differences Managing the security of your applications is an integral part of any organization especially for infrastructures deployed in the cloud. One aspect of application security is how the parameters such as environment variables, database passwords, API keys, product keys, etc. are stored and retrieved. As a best practice, secret information should not be stored in plain text and not be embedded inside your source code. It is also recommended to set up an automated system to rotate passwords or keys regularly (which [...]

AWS Secrets Manager vs Systems Manager Parameter Store2023-06-23T05:17:07+00:00

Amazon Cognito User Pools vs Identity Pools

2023-06-23T05:00:39+00:00

Bookmarks Amazon Cognito User Pools Amazon Cognito Identity Pools With the proliferation of smartphones in our connected world, more and more developers are quickly deploying their applications on the cloud. One of the first challenges in developing applications is allowing users to log in and authenticate on your applications. There are multiple stages involved in user verification and most of these are not visible from the end-user. AWS provides an easy solution for this situation. User Identity verification is at the core of Amazon Cognito. It provides solutions for three key areas of user identification:  [...]

Amazon Cognito User Pools vs Identity Pools2023-06-23T05:00:39+00:00

Locking your Glacier Vault using the Amazon S3 Glacier API

2023-06-05T03:07:24+00:00

What is Amazon S3 Glacier Vault Lock A Glacier Vault can be described as a container for your archived objects in S3 Glacier. To begin using Amazon S3 Glacier, you need a vault. Creating and deleting vaults can be easily done in the AWS Management Console, but interacting with them requires you to use the APIs. For example, let’s say you want to upload images or log files to your vault. To do so, you would either use the AWS CLI or write code that would upload these objects. Large corporations often have compliance requirements with how they store their [...]

Locking your Glacier Vault using the Amazon S3 Glacier API2023-06-05T03:07:24+00:00

Amazon S3 Bucket Policies for VPC Endpoints

2023-06-05T03:11:03+00:00

Amazon S3 and Amazon VPC Relationship Amazon S3 is a versatile object storage solution that boasts virtually unlimited storage capacity. You can expect that your files will be durably stored in S3 given that AWS provides an SLA for this service. When creating your S3 bucket, AWS provides you with a unique bucket URL that you can use to access your S3 bucket directly from the public internet, if you have public access enabled.  Amazon S3 is a service that is not used within a VPC. This means that traffic does not pass through VPC resources such as internet gateways [...]

Amazon S3 Bucket Policies for VPC Endpoints2023-06-05T03:11:03+00:00

AWS KMS Key Policy Management in AWS KMS

2024-07-11T12:32:27+00:00

What is an AWS KMS key? In security, a KMS key is what you use to encrypt all other encryption keys in your system. KMS key is a logical representation of a cryptographic key. They are the primary resources in AWS KMS. The AWS KMS Key contains the key material used to encrypt and decrypt data. It also contains metadata such as the key ID, creation date, description, and key state. You can start using AWS KMS through the web console or via API. There are two types of AWS KMS keys that you can create in AWS KMS: symmetric [...]

AWS KMS Key Policy Management in AWS KMS2024-07-11T12:32:27+00:00

Working with AWS KMS key using the AWS KMS API

2024-07-11T09:28:47+00:00

What is AWS Key Management Service? AWS Key Management Service (or KMS for short) is the service you use to securely store your encryption keys in AWS. If you need data encryption on your AWS resources, such as EBS volumes or RDS databases, you can use AWS KMS to simplify the process for you. You start using the service by requesting the creation of a KMS key. By default, AWS KMS creates the key material for your KMS key. You also have the option of importing your own keys to AWS if you wish to. Note that during key rotation, [...]

Working with AWS KMS key using the AWS KMS API2024-07-11T09:28:47+00:00

Using the Secure String Parameter in Systems Manager Parameter Store

2024-07-10T08:42:49+00:00

What is AWS Systems Manager Parameter Store AWS Systems Manager Parameter Store helps you securely store and share key-value pairs across your AWS environment. It is one of the packages under AWS Systems Manager that helps you design a more robust and abstract infrastructure. With Parameter Store, you don’t have to hard code parameters nor save them in config files for application use. You can easily reference them in your applications and AWS resources using the unique parameter store key of those items.  Parameter Store supports a lot of use cases, from saving unencrypted plaintext to more sensitive information such [...]

Using the Secure String Parameter in Systems Manager Parameter Store2024-07-10T08:42:49+00:00

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Upskill and earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!