Chapter 1: Introduction to AWS Security
1.1 Shared Responsibility Model
____1.1.1 AWS Responsibilities
____1.1.2 Customer Responsibilities
1.2 Cloud-Native Security Tools
____1.2.1 IAM
____1.2.2 VPC
____1.2.3 Other security tools
1.3 New operating method
____1.3.1 Infrastructure Development Speed
____1.3.2 Transfer of Responsibility
1.4 Conclusion
summation

Chapter 2 IAM
2.1 IAM Basics
____2.1.1 User
____2.1.2 ID Policy
____2.1.3 Resource Policy
____2.1.4 Group
____2.1.5 Roles
2.2 Using Common Patterns in AWS IAM
____2.2.1 AWS Managed Policies
____2.2.2 Advanced Patterns
2.3 Attribute-based access control using tags
____2.3.1 Tagged Resources
____2.3.2 Tagged Security Principals
summation

Chapter 3 Account Management
3.1 Access security between multiple accounts
____3.1.1 Invisible walls between accounts
____3.1.2 Cross-Account IAM Roles
____3.1.3 Multi-Account Management with AWS Organizations
3.2 Integration with existing access management systems
____3.2.1 Integration with Active Directory and other SAML systems
____3.2.2 Integration with OpenID Connect Systems
summation

Chapter 4 Policies and Procedures for Secure Access
4.1 Establishing IAM Best Practices
____4.1.1 Why create best practices?
____4.1.2 Best Practice Example: MFA
____4.1.3 Enforceable Best Practices
4.2 Applying Least Privilege Access Control
____4.2.1 Why the Principle of Least Privilege is Difficult
____4.2.2 Wildcard Policy
____4.2.3 AWS Managed Policies
____4.2.4 Sharing Permissions (Groups and Managed Policies)
4.3 Choosing Short-Term and Long-Term Credentials
____4.3.1 The Risks of Long-Lived Credentials
____4.3.2 Pros and Cons of Credential Replacement
____4.3.3 Balancing IAM Roles
4.4 Review IAM Permissions
____4.4.1 Why You Should Review IAM Resources
____4.4.2 Review Types
____4.4.3 Reducing the burden of review
summation

Chapter 5 Network Security: VPC
5.1 Working with Virtual Private Clouds
____5.1.1 VPC
____5.1.2 Subnet
____5.1.3 Network Interfaces and IP
____5.1.4 Internet and NAT Gateways
5.2 Traffic Routing and Virtual Firewall
____5.2.1 Routing Table
____5.2.2 Security Groups
____5.2.3 Network ACLs
5.3 Separating Private Networks
____5.3.1 Using Multiple VPCs for Network Isolation
____5.3.2 Connecting VPCs
____5.3.3 Connecting a VPC to a Private Network
summation

Chapter 6: Securing Network Access Beyond VPC
6.1 Securing Access to Services via VPC Endpoints and PrivateLink
____6.1.1 What are the problems with public traffic?
____6.1.2 Using VPC Endpoints
____6.1.3 Creating a PrivateLink Service
6.2 Blocking Malicious Traffic with AWS Web Application Firewall
____6.2.1 Using WAF Managed Rules
____6.2.2 Blocking Real-World Attacks with Custom AWS WAF Rules
____6.2.3 If you are using AWS WAF
6.3 Protecting against Distributed Denial of Service Attacks with AWS Shield
____6.3.1 Free protection through Shield Standard
____6.3.2 Enhanced Protection with Shield Advanced
6.4 Integration with Affiliate Supplier Firewalls
____6.4.1 Web Applications and Next-Generation Firewalls
____6.4.2 Setting up a Firewall in AWS Marketplace
Answers to practice problems
summation

Chapter 7 Data Protection in the Cloud
7.1 Data Security Issues
____7.1.1 Confidentiality
____7.1.2 Data Integrity
____7.1.3 Defense in Depth
7.2 Secure stored data
____7.2.1 Encrypting stored data
____7.2.2 Least Privilege Access Control
____7.2.3 Backup and Version Management
7.3 Data Transmission Security
____7.3.1 Security Protocols for Data Transmission
____7.3.2 Enforcing Secure Transmission
7.4 Data Access Logging
____7.4.1 Logging Access to Amazon S3
____7.4.2 CloudTrail logs for resource access
____7.4.3 VPC Flow Logs for Network Access
7.5 Data Classification
____7.5.1 Identifying Sensitive Data with Amazon Macie
Answers to practice problems
summation

Chapter 8 Logging and Audit Trails
8.1 Management Event Log
____8.1.1 CloudTrail Settings
____8.1.2 Investigating Issues with CloudTrail Logs
8.2 Tracking resource configuration changes
____8.2.1 Identify changes with the configuration timeline
____8.2.2 AWS Config Settings
____8.2.3 Resource Compliance Information
8.3 Centralizing Application Logs
____8.3.1 CloudWatch Logs Basics
____8.3.2 CloutWatch Agent
____8.3.3 Advanced CloudWatch Logs Features
____8.3.4 Network Traffic Log
summation

Chapter 9: Continuous Monitoring
9.1 Resource Configuration Scanning
____9.1.1 Ad-hoc scanning
____9.1.2 Continuous Monitoring
____9.1.3 Compliance Standards and Benchmarks
9.2 Host Vulnerability Scanning
____9.2.1 Host Vulnerability Types
____9.2.2 Host Scanning Tool
9.3 Detecting threats in logs
____9.3.1 Threat Detection in VPC Flow Logs
____9.3.2 Detecting Threats in CloudTrail Logs
summation

Chapter 10: Incident Response and Recovery
10.1 Security Event Tracking
____10.1.1 Alert Centralization
____10.1.2 Status Tracking
____10.1.3 Data Analysis
10.2 Incident Response Plan
____10.2.1 Playbook
10.3 Automated Incident Response
____10.3.1 Playbook Scripting
____10.3.2 Automated Response
Answers to practice problems
summation

Chapter 11: Real-World Application Security
11.1 Sample Application
____11.1.1 Details about the sample application
____11.1.2 Threat Modeling
11.2 Strong Authentication and Access Control
____11.2.1 Credential Stuffing
____11.2.2 Indiscriminate Substitution
____11.2.3 Overly Permissive Policies and Incorrect Permission Settings
____11.2.4 Inadvertent Administrator or Root Access
11.3 Data Protection
____11.3.1 Data Classification
____11.3.2 Highly Sensitive Data
____11.3.3 Sensitive Data
____11.3.4 Public Data
11.4 Web Application Firewall
____11.4.1 Cross-Site Scripting
____11.4.2 Injection Attack
____11.4.3 Scraping
11.5 Starting and Ending Authentication and Authorization Implementations
____11.5.1 Cognito Setup
____11.5.2 API Gateway Endpoint Security
summation

Practical Security Strategies from the AWS Security Hub Team's First Engineer

With AWS now dominating the global cloud market, accounting for 33% of the market, cloud security has become a necessity, not an option.
As the first engineer on the AWS Security Hub team, author Dylan Shields has shared his experience and insights at the forefront of AWS security service development. From authorization management via IAM to network isolation using VPCs and audit log analysis using CloudTrail, this book systematically guides readers through the immediate application of AWS's native security services to their practical applications.

What makes this book different is that it goes beyond simple functional explanations to provide background and context as to why these security controls are necessary.
You'll learn step-by-step how to analyze intentionally vulnerable applications, dissect exploits used in real-world attacks, and respond to them.
In an era where enterprises are rapidly migrating from on-premises to the cloud, this book is essential reading for any engineer seeking practical security capabilities in an AWS environment.

What this book covers

ㆍ Establishing policies for proper access control
ㆍ Granting secure access to AWS resources
Strengthening network access control using VPC
ㆍ Attack detection through audit log recording and analysis
ㆍ Monitoring and assessing the security status of your AWS account