Search icon Close icon
Search icon
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
AWS Certified Solutions Architect ??? Associate Guide

You're reading from  AWS Certified Solutions Architect ??? Associate Guide

Product type Book
Published in Oct 2018
Publisher Packt
ISBN-13 9781789130669
Pages 626 pages
Edition 1st Edition
Languages
Concepts
Authors (2):
Gabriel Ramirez Gabriel Ramirez
Profile icon Gabriel Ramirez
LinkedIn
Gabriel Ramirez is a passionate technologist with a broad experience in the Software Industry, he currently works as an Authorized Trainer for Amazon Web Services and Google Cloud. He is holder of 9/9 AWS Certifications and does community work by organizing the AWS User Groups in Mexico.
See other products by Gabriel Ramirez
Stuart Scott Stuart Scott
Profile icon Stuart Scott
LinkedIn
Stuart Scott is the AWS content lead at Cloud Academy where he has created over 40 courses reaching tens of thousands of students. His content focuses heavily on cloud security and compliance, specifically on how to implement and configure AWS services to protect, monitor and secure customer data in an AWS environment. He has written numerous cloud security blogs Cloud Academy and other AWS advanced technology partners. He has taken part in a series of cloud security webinars to share his knowledge and experience within the industry to help those looking to implement a secure and trusted environment. In January 2016 Stuart was awarded 'Expert of the Year' from Experts Exchange for his knowledge share within cloud services to the community.
See other products by Stuart Scott
View More author details

Table of Contents (26) Chapters

Preface Introducing Amazon Web Services AWS Global Infrastructure Overview Elasticity and Scalability Concepts Hybrid Cloud Architectures Resilient Patterns Event Driven and Stateless Architectures Integrating Application Services Disaster Recovery Strategies Storage Options Matching Supply and Demand Introducing Amazon Elastic MapReduce Web Scale Applications Understanding Access Control Encryption and Key Management An Overview of Security and Compliance Services AWS Security Best Practices Web Application Security Cost Effective Resources Working with Infrastructure as Code Automation with AWS Introduction to the DevOps practice in AWS Mock Test 1
Mock Test 2
Assessment Another Book You May Enjoy

Web Application Security

Applying security within AWS requires a layered approach, one of those layers can be centered around your web application infrastructure. Ensuring you implement controls and safeguards against your web applications is essential. By their very nature, they are external facing to the open public and with that comes additional threats and risks. As soon as your services are made available to the public, it will not be long before someone, somewhere will be trying to access your data and application in a malicious and harmful way. This chapter will focus on some of the methods and techniques that can be used to help mitigate such threats and exposures.

The following topics will be covered in this chapter:

  • AWS web application firewall (WAF)
  • AWS Shield
  • AWS Firewall Manager

Technical requirements

To gain the most from this chapter you should have some knowledge or experience with using the following services:

  • Amazon CloudFront
  • Application Load Balancer
  • Familiarity of the OSI model

Within this chapter I will be covering the following services and explaining what they are and what they are used for:

  • AWS WAF
  • AWS Shield
  • AWS Firewall Manager
  • Amazon CloudFront security features

AWS web application firewall

AWS WAF works closely with Amazon CloudFront and Application Load Balancers (ALBs) and its primary function is to prevent your web applications from being subjected to intrusion by common attack patterns. By working in conjunction with CloudFront distributions and ALBs, AWS WAF can dictate how these services respond to web requests based on preconfigured conditions. This allows all HTTP and HTTPS requests to be filtered and identified as genuine or damaging inbound requests which are then either allowed or blocked as required.

There are three main component of the AWS WAF service in how it configured to help protect your web applications, these components are comprised of the following:

  • Conditions
  • Rules
  • Web access control lists (ACLs)

Each of these is configured in order, you must first start with configuring conditions, which are then added to your...

AWS Shield

AWS Shield is accessed from within the same dashboard as AWS WAF and again is used to protect your web application infrastructure. AWS Shield is used to protect your infrastructure from Distributed Denial of Service (DDoS) attacks. There are different types of DDoS attacks, but the end goal is always the same, to significantly impact the performance and ability of the targeted web servers. This strain on resources prevents any genuine web request from being processed by your infrastructure due to the effort required to process the bad requests. This performance hit can be so severe that your website or application can appear to be offline.

DDoS

There are different types of DDoS attacks which AWS Shield can mitigate...

AWS Firewall Manager

The AWS Firewall Manager is an extremely useful tool if you are using AWS Organizations and multiple AWS accounts. In fact, without configuring AWS Organizations you are unable to use the feature at all.

AWS Firewall Manager has been designed to help you manage, control and implement your AWS WAF rules across the whole AWS Organization with ease and simplicity. Once you have set up your AWS WAF rules using the conditions that you define, they can then be deployed and used within other AWS accounts within your organization without having to recreate them in each account. Any new resources that are created that need to be protected will automatically be safeguarded via the AWS Firewall Manager. For example, you might create additional CloudFront distributions in your existing accounts, or even if a new account is created within your organization with a new...

Summary

Security threats to web application and infrastructure have and always will be a concern for the organization who provide public-facing services. Unfortunately, you have to prepare for those who are determined to breach your security defenses and take advantage of any weaknesses that may exist within your infrastructure. AWS has a number of Security services that help you to control and manage these inevitable attacks, in this chapter we discussed AWS WAF, AWS Shield, AWS Firewall Manager, and some of the CloudFront security features. Although some of these services come at an additional cost, this cost is negligible when it comes to comparing it against the cost of compromised data and resources within your business. Not just a financial cost, but reputational cost which can unintentionally adversely affect your business going forward.

...

Further reading

lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 26
Next Chapter arrow right
You have been reading a chapter from
AWS Certified Solutions Architect ??? Associate Guide
Published in: Oct 2018 Publisher: Packt ISBN-13: 9781789130669
© 2018 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Authors (2)

Left arrow icon
Profile icon Gabriel Ramirez
LinkedIn
Gabriel Ramirez is a passionate technologist with a broad experience in the Software Industry, he currently works as an Authorized Trainer for Amazon Web Services and Google Cloud. He is holder of 9/9 AWS Certifications and does community work by organizing the AWS User Groups in Mexico.
See other products by Gabriel Ramirez
Profile icon Stuart Scott
LinkedIn
Stuart Scott is the AWS content lead at Cloud Academy where he has created over 40 courses reaching tens of thousands of students. His content focuses heavily on cloud security and compliance, specifically on how to implement and configure AWS services to protect, monitor and secure customer data in an AWS environment. He has written numerous cloud security blogs Cloud Academy and other AWS advanced technology partners. He has taken part in a series of cloud security webinars to share his knowledge and experience within the industry to help those looking to implement a secure and trusted environment. In January 2016 Stuart was awarded 'Expert of the Year' from Experts Exchange for his knowledge share within cloud services to the community.
Read more
See other products by Stuart Scott
Right arrow icon

Other recommended products

Related to this chapter
Left arrow icon
AWS Certified Security – Specialty Exam Guide
AWS Certified Security – Specialty Exam Guide
Amazon has come up with Specialty certifications which validates a particular user's expertise that he/she would want to build a career in. This Guide will be a companion to getting skilled with complex and creative security solutions.
Sep 2020 18 hours 36 minutes
AWS Security Cookbook
AWS Security Cookbook
AWS Security Cookbook lists all the practical solutions to the common problems faced by individuals or organizations in securing their instances. Here readers will learn to troubleshoot security concerns and understand additional patterns and services for securing AWS infrastructure.
Feb 2020 14 hours 40 minutes
Practical AWS Networking
Practical AWS Networking
Amazon Web Services has dominated the public cloud market by a huge margin and continues to be the first choice for many organizations. Networking has been an area of focus for all the leading cloud service providers. AWS has a suite of network-related products which help in performing network related task on AWS.
Jan 2018 8 hours 36 minutes
AWS: Security Best Practices on AWS
AWS: Security Best Practices on AWS
With organizations moving their workloads, applications, and infrastructure to the cloud at an unprecedented pace, security of all these resources has been a paradigm shift for all those who are responsible for security; experts, novices, and apprentices alike.
Mar 2018 3 hours 56 minutes
Designing AWS Environments
Designing AWS Environments
AWS is one of the most popular public clouds available in the market today. Small to medium-sized businesses, as well as large business organizations, utilize AWS to set up highly scalable and agile infrastructure to meet faster time to market. This book provides hands-on details with respect to the fundamentals of designing an AWS environment with security and governance.
Sep 2018 5 hours 48 minutes
Mastering AWS Security
Mastering AWS Security
Security is a key ingredient when it comes to workloads deployed in cloud. Security is highest priority for any organization and it is considered job zero at AWS. Our book will dig deep into the achieving end to end automated security for all workloads deployed, running and stored in AWS cloud.
Oct 2017 8 hours 24 minutes
AWS Networking Cookbook
AWS Networking Cookbook
With a lot of enterprises moving towards cloud, the need for advanced cloud networking has significantly increased. This book follows a recipe-based approach starting with basic topics to covering the pain points of cloud networking, and will teach you to perform complex networking tasks.
Aug 2017 12 hours 12 minutes
Amazon Web Services Bootcamp
Amazon Web Services Bootcamp
AWS Bootcamp is designed to teach you how to build and manage AWS resources using different ways. This highly practical guide leverages the reliability, versatility, and flexible design of the AWS Cloud. It enables you to perform tasks such as hosting multi-tier websites, running large-scale applications, data storage and archival, and a lot more with ease.
Mar 2018 11 hours 16 minutes
AWS for System Administrators
AWS for System Administrators
AWS for System Administrators covers a variety of tools, techniques, tips, and tricks for building highly available and fault-tolerant infrastructure. You’ll get to grips with AWS fundamentals and concepts with the help of step-by-step explanations and practical code examples.
Feb 2021 12 hours 56 minutes
AWS Administration - The Definitive Guide
AWS Administration - The Definitive Guide
AWS is at the forefront of Cloud Computing today, providing a plethora of ready to use services that help organizations quickly build, scale and deploy massive workloads on the Cloud. This book is specially designed for users who wish to explore and get started with some of the most commonly used AWS services in a quick and efficient way.
Mar 2018 11 hours 56 minutes
AWS Certified Developer - Associate Guide
AWS Certified Developer - Associate Guide
With rapid adaptation of the cloud platform, the need for cloud certification has also increased. This is your one stop solution and will help you transform yourself from zero to certified. This guide will help you gain technical expertise in the AWS platform and help you start working with various AWS Services.
Jun 2019 27 hours 4 minutes
AWS Tools for PowerShell 6
AWS Tools for PowerShell 6
Amazon Web Services is the leading cloud platform today. Using Windows PowerShell, this book shows you exactly how to automate all aspects of AWS. You can take advantage of the amazing power of the cloud, yet add powerful scripts and mechanisms to perform common tasks faster than ever before. In this book, you will learn to use Amazon Web Services to automate and manage Windows servers. You will also gain a good understanding of automating the AWS infrastructure using simple coding.
Aug 2017 12 hours 24 minutes
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.
Aug 2023 17 hours 28 minutes
Microsoft 365 Security, Compliance, and Identity Administration
Microsoft 365 Security, Compliance, and Identity Administration
The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.
Aug 2023 21 hours 0 minutes
Zero Trust Overview and Playbook Introduction
Zero Trust Overview and Playbook Introduction
Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.
Oct 2023 8 hours 0 minutes
The Self-Taught Cloud Computing Engineer
The Self-Taught Cloud Computing Engineer
This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.
Sep 2023 15 hours 44 minutes
Technology Operating Models for Cloud and Edge
Technology Operating Models for Cloud and Edge
This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.
Aug 2023 7 hours 36 minutes
Azure Architecture Explained
Azure Architecture Explained
Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.
Sep 2023 14 hours 52 minutes
Pentesting Active Directory and Windows-based Infrastructure
Pentesting Active Directory and Windows-based Infrastructure
This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.
Nov 2023 12 hours 0 minutes
Practical Ansible
Practical Ansible
In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.
Sep 2023 14 hours 0 minutes
Windows 11 for Enterprise Administrators
Windows 11 for Enterprise Administrators
Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.
Oct 2023 9 hours 32 minutes
The Linux DevOps Handbook
The Linux DevOps Handbook
This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.
Nov 2023 14 hours 16 minutes
Right arrow icon