Chapter 1, Managing AWS Accounts with IAM and Organizations, covers recipes for working with Identity and Access Management (IAM) users, groups, roles, and permission policies. This chapter also discusses recipes to create and manage multiple user accounts from a single master account using the AWS Organizations service.
Chapter 2, Securing Data on S3 with Policies and Techniques, discusses recipes related to securing Simple Storage Service (S3) data with Access Control Lists (ACLs), bucket policies, pre-signed URLs, encryption, versioning, and cross-region replication.
Chapter 3, User Pools and Identity Pools with Cognito, focuses mostly on application security with Cognito and discusses recipes related to concepts such as user pools, user signups, authentication and authorization flows, and federated identity logins.
Chapter 4, Key Management with KMS and CloudHSM, discusses recipes for managing encryption keys with AWS Key Management Service (KMS), which uses shared Hardware Security Modules (HSMs), as well as CloudHSM, which uses dedicated HSMs for enhanced security.
Chapter 5, Network Security with VPC, discusses recipes to secure your AWS infrastructure by creating Virtual Private Clouds (VPCs). We discuss topics such as public and private subnets, configuring route tables and network gateways, and using security mechanisms such as security groups and Network Access Control Lists (NACLs) to secure incoming and outgoing traffic.
Chapter 6, Working with EC2 Instances, covers additional recipes for securing Amazon Elastic Compute Cloud (EC2) instances, such as launching them into custom VPCs, using security groups, using the Systems Manager Parameter Store, and bootstrapping an EC2 instance with user data. We will also learn to encrypt data in Elastic Block Store (EBS).
Chapter 7, Web Security Using ELBs, CloudFront, and WAF, discusses recipes for securing web traffic and improving availability with different types of load balancers, the CloudFront service, and features such as instance-level TLS termination. We will also learn how to configure and use Web Application Firewalls (WAFs) within AWS.
Chapter 8, Monitoring with CloudWatch, CloudTrail, and Config, covers recipes to help us in troubleshooting, achieving compliance and accountability, and more through continuous monitoring, alerting, and regular auditing. We will learn about services such as CloudWatch, CloudTrail, Config, and Simple Notification Service (SNS).
Chapter 9, Compliance with GuardDuty, Macie, and Inspector, discusses recipes related to checking for compliance and notifying us about non-compliance. We will learn about services, such as GuardDuty, Macie, and Inspector, that use machine learning and advanced algorithms to help us to check compliance.
Chapter 10, Additional Services and Practices for AWS Security, discusses additional services and features that you can use to secure your AWS infrastructure, such as Security Hub, Single Sign-On (SSO), Resource Access Manager, Secrets Manager, Trusted Advisor, Artifact, and S3 Glacier vaults. We will also learn how to use additional security products from AWS Marketplace.
