Albert Anthony - AWS: Security Best Practices on AWS

Maps are vital for your journey, especially when you're holidaying in another continent. When it comes to learning, a roadmap helps you in giving a definitive path for progressing towards the goal. So, here you're presented with a roadmap before you begin your journey.

This book is meticulously designed and developed in order to empower you with all the right and relevant information on AWS. We've created this Learning Path for you that consists of five lessons:

, AWS Virtual Private Cloud , talks about creating and securing our own virtual network in the AWS cloud. This lesson also introduces you to the various connectivity options that AWS provides to create hybrid cloud, public cloud, and private cloud solutions.

, Data Security in AWS , covers encryption in AWS to secure your data in rest and while working with AWS data storage services.

, Securing Servers in AWS , explains ways to secure your infrastructure in AWS by employing continuous threat assessment, agent-based security checks, virtual firewalls for your servers, and so on.

, Securing Applications in AWS , introduces you to ways to secure all your applications developed and deployed in the AWS environment. You will walk through the web application firewall service, as well as securing a couple of AWS services used by developers for web and mobile application development.

, AWS Security Best Practices , walks you through best practices in a consolidated form for securing all your resources in AWS.

This book is for all IT professionals, system administrators, security analysts, solution architects, and chief information security officers who are responsible for securing workloads in AWS for their organizations. Some of the prerequisites that is required before you begin this book are:

Amazon Virtual Private Cloud or VPC, as it is popularly known, is a logically separated, isolated, and secure virtual network on the cloud, where you provision your infrastructure, such as Amazon RDS instances and Amazon EC2 instances. It is a core component of networking services on AWS cloud.

A VPC is dedicated to your AWS account. You can have one or more VPCs in your AWS account to logically isolate your resources from each other. By default, any resource provisioned in a VPC is not accessible by the internet unless you allow it through AWS-provided firewalls. A VPC spans an AWS region.

VPC is essentially your secure private cloud within AWS public cloud. It is specifically designed for users who require an extra layer of security to protect their resources on the cloud. It segregates your resources with other resources within your AWS account. You can define your network topology as per your requirements, such as if you want some of your resources hidden from public or if you want resources to be accessible from the internet.

Getting the design of your VPC right is absolutely critical for having a secure, fault-tolerant, and scalable architecture.

It resembles a traditional network in a physical data center in many ways, for example, having similar components such as subnets, routes, and firewalls; however, it is a software-defined network that performs the job of data centers, switches, and routers. It is primarily used to transport huge volume of packets into, out of, and across AWS regions in an optimized and secured way along with segregating your resources as per their access and connectivity requirements. And because of these features, VPC does not need most of the traditional networking and data center gear.

VPC gives you granular control to define what traffic flows in or out of your VPC.