{"id":2800,"date":"2019-08-30T06:27:21","date_gmt":"2019-08-30T06:27:21","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=2800"},"modified":"2020-05-01T12:32:53","modified_gmt":"2020-05-01T12:32:53","slug":"amazon-web-services-aws-cloud-service-specific-security","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/","title":{"rendered":"Amazon Web Services AWS Cloud Service-Specific Security"},"content":{"rendered":"\n<p><strong>Standards and Best Practices<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>A security assessment service, Amazon Inspector,\nthat automatically assesses applications for vulnerabilities or deviations from\nbest practices, including impacted networks, OS, and attached storage <\/li><li>Deployment tools to manage the creation and\ndecommissioning of AWS resources according to organization standards<\/li><li>Inventory and configuration management tools,\nincluding AWS Config, that identify AWS resources and then track and manage\nchanges to those resources over time<\/li><li>Template definition and management tools,\nincluding AWS CloudFormation to create standard, preconfigured environments <\/li><\/ul>\n\n\n\n<p><strong>Amazon Inspector<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It is an automated security assessment service <\/li><li>Improve the security and compliance of\napplications deployed on AWS. <\/li><li>Automatically assesses applications for\nexposure, vulnerabilities, and deviations from best practices. After\nassessment, it produces a detailed list of security findings prioritized by\nlevel of severity. <\/li><\/ul>\n\n\n\n<p><strong>AWS Config <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It provides a detailed view of the resources\nassociated with your AWS account, <\/li><li>It includes <ul><li>how\nresources are configured<\/li><\/ul><ul><li>how\nthey are related to one another<\/li><\/ul><ul><li>&nbsp;how the configurations and their relationships\nhave changed over time<\/li><\/ul><\/li><li>It continuously monitors and records your AWS\nresource configurations <\/li><li>You can automate the evaluation of recorded configurations against desired configurations.  <\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"294\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-272.png\" alt=\"\" class=\"wp-image-2810\"\/><\/figure><\/div>\n\n\n\n<p><strong>Monitoring and Logging<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Deep visibility into API calls through AWS\nCloudTrail, including who, what, who, and from where calls were made<\/li><li>Log aggregation options, streamlining\ninvestigations and compliance reporting<\/li><li>Alert notifications through Amazon CloudWatch\nwhen specific events occur or thresholds are exceeded <\/li><\/ul>\n\n\n\n<p><strong>AWS CloudTrail<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It helps you enable governance, compliance, and\noperational and risk auditing. <\/li><li>Actions taken by a user, role, or an AWS service\nare recorded as events in CloudTrail. <\/li><li>Events include actions taken in the AWS\nManagement Console, AWS Command Line Interface, and AWS SDKs and APIs.<\/li><\/ul>\n\n\n\n<p><strong>Monitoring and Logging<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Deep visibility into API calls through AWS\nCloudTrail, including who, what, who, and from where calls were made<\/li><li>Log aggregation options, streamlining\ninvestigations and compliance reporting<\/li><li>Alert notifications through Amazon CloudWatch\nwhen specific events occur or thresholds are exceeded <\/li><\/ul>\n\n\n\n<p><strong>AWS CloudTrail<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It helps you enable governance, compliance, and operational and risk auditing. <\/li><li>Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. <\/li><li>Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.<\/li><li>CloudTrail is enabled on your AWS account when you create it.  <\/li><li>CloudTrail is enabled on your AWS account when you create it.  <\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"159\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-273.png\" alt=\"\" class=\"wp-image-2811\"\/><\/figure>\n\n\n\n<p><strong>Identity and Access Control<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>AWS Identity and Access Management (IAM) lets\nyou define individual user accounts with permissions across AWS resources<\/li><li>AWS Multi-Factor Authentication for privileged\naccounts, including options for hardware-based authenticators<\/li><li>AWS Directory Service allows you to integrate\nand federate with corporate directories to reduce administrative overhead and\nimprove end-user experience <\/li><\/ul>\n\n\n\n<p><strong>AWS Multi-Factor Authentication<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>With MFA, when a user signs in to an AWS\nwebsite, they will be prompted for <ul><li>their\nuser name and password (the first factor\u2014what they know)<\/li><\/ul><ul><li>an\nauthentication response from their AWS MFA device (the second factor\u2014what they\nhave)<\/li><\/ul><\/li><li>Multiple factors provide increased security for\nAWS account settings and resources. <\/li><li>Enable MFA for AWS account and for individual\nIAM users created under account. <\/li><li>MFA can be also be used to control access to AWS\nservice APIs.<\/li><\/ul>\n\n\n\n<p>Supported MFA mechanism other than, regular sign-in\ncredentials, are<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Virtual MFA devices. A software app that runs on\na phone or other mobile device and emulates a physical device. The device\ngenerates a six-digit numeric code based upon a time-synchronized one-time\npassword algorithm. The user must type a valid code from the device on a second\nwebpage during sign-in. Each virtual MFA device assigned to a user must be\nunique. A user cannot type a code from another user&#8217;s virtual MFA device to\nauthenticate. <\/li><li>U2F security key. A device that you plug into a\nUSB port on your computer. U2F is an open authentication standard hosted by the\nFIDO Alliance. When you enable a U2F security key, you sign in by entering your\ncredentials and then tapping the device instead of manually entering a code. <\/li><li>Hardware MFA device. A hardware device that\ngenerates a six-digit numeric code based upon a time-synchronized one-time\npassword algorithm. The user must type a valid code from the device on a second\nwebpage during sign-in. Each MFA device assigned to a user must be unique. A\nuser cannot type a code from another user&#8217;s device to be authenticated. <\/li><li>SMS text message-based MFA. A type of MFA in\nwhich the IAM user settings include the phone number of the user&#8217;s\nSMS-compatible mobile device. When the user signs in, AWS sends a six-digit\nnumeric code by SMS text message to the user&#8217;s mobile device. The user is\nrequired to type that code on a second webpage during sign-in. Note that\nSMS-based MFA is available only for IAM users. You cannot use this type of MFA\nwith the AWS account root user.<\/li><\/ul>\n\n\n\n<p><strong>Security Support<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Real-time insight through AWS Trusted Advisor<\/li><li>Proactive support and advocacy with a Technical Account Manager (TAM)  <\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Standards and Best Practices A security assessment service, Amazon Inspector, that automatically assesses applications for vulnerabilities or deviations from best practices, including impacted networks, OS, and attached storage Deployment tools to manage the creation and decommissioning of AWS resources according to organization standards Inventory and configuration management tools, including AWS Config, that identify AWS resources&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":53,"menu_order":34,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[10,7,483],"class_list":["post-2800","page","type-page","status-publish","hentry","category-amazon-aws","tag-amazon-web-services","tag-aws","tag-cloud-service-specific-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Amazon Web Services AWS Cloud Service-Specific Security - Testprep Training Tutorials<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Amazon Web Services AWS Cloud Service-Specific Security - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"Standards and Best Practices A security assessment service, Amazon Inspector, that automatically assesses applications for vulnerabilities or deviations from best practices, including impacted networks, OS, and attached storage Deployment tools to manage the creation and decommissioning of AWS resources according to organization standards Inventory and configuration management tools, including AWS Config, that identify AWS resources...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-01T12:32:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-272.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/\",\"name\":\"Amazon Web Services AWS Cloud Service-Specific Security - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-30T06:27:21+00:00\",\"dateModified\":\"2020-05-01T12:32:53+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Solutions Architect Associate (SAA-C03)\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Amazon Web Services AWS Cloud Service-Specific Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Amazon Web Services AWS Cloud Service-Specific Security - Testprep Training Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/","og_locale":"en_US","og_type":"article","og_title":"Amazon Web Services AWS Cloud Service-Specific Security - Testprep Training Tutorials","og_description":"Standards and Best Practices A security assessment service, Amazon Inspector, that automatically assesses applications for vulnerabilities or deviations from best practices, including impacted networks, OS, and attached storage Deployment tools to manage the creation and decommissioning of AWS resources according to organization standards Inventory and configuration management tools, including AWS Config, that identify AWS resources...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-01T12:32:53+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-272.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/","name":"Amazon Web Services AWS Cloud Service-Specific Security - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-30T06:27:21+00:00","dateModified":"2020-05-01T12:32:53+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-aws-cloud-service-specific-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Solutions Architect Associate (SAA-C03)","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/"},{"@type":"ListItem","position":3,"name":"Amazon Web Services AWS Cloud Service-Specific Security"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=2800"}],"version-history":[{"count":5,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2800\/revisions"}],"predecessor-version":[{"id":5180,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2800\/revisions\/5180"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/53"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=2800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=2800"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=2800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}