A. Managing AWS Identity and Access Management (IAM) B. Securing edge locations C. Monitoring physical device security D. Implementing service organization Control (SOC) standards
151 Question 3 Which of the following security requirements are managed by AWS customers? Select 2 answers from the options given below. A. Password Policies B. User permissions C. Physical security D. Disk disposal E. Hardware patching
152 Question 4 How can the AWS Management Console be secured against unauthorized access? A. Apply Multi-Factor Authentication (MFA) B. Set up a secondary password C. Request root access privileges D. Disable AWS console access
153 Question 5 When giving permission to users via the AWS Identity and Access Management tool, which of the following principles should be applied when granting permissions? A. Principle of least privilege B. Principle of greatest privilege C. Principle of most privilege D. Principle of lower privilege
154 Security Services Summary 1 – Layered Security Approach 2 – Identity and Access Management – IAM Users Groups Roles 3 – Best Practices Roles Root Account 3 – AWS Directory Services 4 – Key Management Services 5 – AWS Shield
155 AWS Management Services Amazon EC2 Amazon ECS AWS Lambda Auto Scaling Compute Amazon RDS Amazon DynamoDB Amazon Aurora Amazon ElastiCache Databases Security IAM AWS KMS AWS Shield AWS WAF Elastic Load Balancing* Amazon VPC* Amazon Route 53 VPN connection Application Load Balancer AWS Direct Connect Networking Storage Amazon S3 Amazon Glacier Amazon EBS Amazon CloudWatch AWS CloudFormation AWS CloudTrail AWS Config Management Amazon EC2 Systems Manager Amazon EFS AWS Storage Gateway
156 • Monitoring service for AWS cloud resources and applications • Collect and track metrics, monitor log files, and set alarms • Gain visibility into resource utilization, application performance, and operational health • Set alarms to send notifications or take other automated actions • Supports custom dashboards • Use cases: – Cost management; billing alerts AWS CloudWatch
157 Amazon CloudWatch Alarms AWS resources that support CloudWatch Amazon CloudWatch Available statistics Statistics Consumer AWS Management Console CloudWatch Metrics CPUUtilization StatusCheckFailed Custom Application- Specific Metrics PageViewCount Amazon CloudWatch alarm Amazon SNS email notification Auto Scaling
158 CloudWatch Metrics Examples
159 • Permits governance, compliance, audit. • Logs API calls. • Security analysis. • Tracking of resource changes. • Problems solution. AWS CloudTrail CloudTrail provides the event history of AWS account activity Who did that?!
160 CloudFormation: Infrastructure as Code AWS CloudFormation allows you to launch, configure, and connect AWS resources with JSON or YAML templates. Template Stack AWS CloudFormation Engine • JSON/YAML-formatted file describing the resources to be created • Treat it as source code: put it in your repository • AWS service component • Interprets AWS CloudFormation template into stacks of AWS resources • A collection of resources created by AWS CloudFormation • Tracked and reviewable in the AWS Management Console
You've reached the end of your free preview.
Want to read all 184 pages?
- Spring '16
- Amazon Web Services, AWS, Amazon Elastic Compute Cloud