Last week we started with AWS security by introducing Identity and Access Management in details. Today we will look at what’s else in the security services group and talk about how not to get hacked in the cloud in general.
Remaining named services we are interested in are Inspector, Certificate Manager, Directory Service, Web Application Firewall, Shield, Key Management Service, CloudHSM and Organizations. We will also look at Shared Responsibility Model.
AWS Inspector is an automated auditing service. It uses a low-level agent deployed on EC2 instances to monitor system state, processes, network communication, installed software and other parameters in order to benchmark, spot security vulnerabilities and deviations from best practices. First we need to define an assessment template, which governs what targets should be tested, as well as subset of rules. There is plenty of Read the rest of this entry »