{"id":249,"date":"2022-02-03T03:00:21","date_gmt":"2022-02-03T03:00:21","guid":{"rendered":"https:\/\/192.168.1.3\/wordpress\/?p=249"},"modified":"2025-02-24T11:24:18","modified_gmt":"2025-02-24T11:24:18","slug":"aws-solution-architect-associate-saac02-review-material-security-services-tools","status":"publish","type":"post","link":"https:\/\/mylinuxsite.com\/wordpress\/?p=249","title":{"rendered":"AWS Solution Architect Associate (SAA-C02) Review Material  &#8211; Security Services\/Tools"},"content":{"rendered":"\n<!--more Continue reading-->\n\n\n\n<h4 class=\"wp-block-heading\"><strong>SSM Parameter Store<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Part of System Manager<\/li><li>Provides encryption of parameters<\/li><li>Stores parameter in a  hierarchy  (e.g. \/MyApp\/db\/connection , \/MyApp\/db\/user )<\/li><li>Has 3 data types:<ul><li>String (Un-encrypted)<\/li><li>SecureString (Encrypted)<\/li><li>StringList &#8211; a CSV separated string<\/li><\/ul><\/li><li>Has 2 tiers:<ol><li>Standard<ul><li>Free (but API calls has a cost)<\/li><li>Stores up to 10,000 parameters<\/li><li>Max size of the parameter is 4KB<\/li><li>Has NO parameter policy<\/li><\/ul><\/li><li>Advanced<ul><li>Charges apply (API calls has a cost)<\/li><li>Stores up to 100,000 parameters<\/li><li>Max size of the parameter is 8KB<\/li><li>Has parameter policy (i.e. ca specify TTL or expiration)<\/li><\/ul><\/li><\/ol><\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Shield<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Managed DDOS service<\/li><li>2 Types:<ul><li>Standard<ul><li>Enabled for all customers<\/li><li>Free of charge<\/li><li>Receive comprehensive availability protection against all known infrastructure (Layer 3 and 4) attacks when used with <span class=\"has-inline-color has-vivid-cyan-blue-color\">AWS Global Accelerator, Route53 and  CloudFront <\/span><\/li><\/ul><\/li><li>Advance<ul><li>With cost<\/li><li>Provide higher levels of protection against attack on:<ol><li>EC2<\/li><li>ELB<\/li><li>Route53<\/li><li>CloudFront<\/li><li>Global Accelerator<\/li><\/ol><\/li><li>Can integrate with WAF<\/li><\/ul><\/li><\/ul><\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Macie<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Fully managed data security and data privacy service&nbsp;<\/li><li>Uses machine learning to <strong>analyze S3<\/strong> buckets for sensitive data such as personally identifiable information (<strong>PII<\/strong>).<\/li><li>Can integrate with CloudWatch Event\/Event Bridge to notify any findings<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>WAF<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Protect your web applications or APIs against common web exploits and bots<\/li><li>Works on Layer 7 only<\/li><li>Protects only the following AWS Services:<ol><li>CloudFront<\/li><li>ALB<\/li><li>API Gateway<\/li><\/ol><\/li><li>Uses <strong>WACL (Web Access Control List)<\/strong> for fine-grained control over all of the HTTP(S) web requests. WACL can inspect<ul><li>Country of Origin<\/li><li>Source IP<\/li><li>HTTP Body, Query String, URI, method<\/li><li> XSS<\/li><li>SQL injection<\/li><li>Occurrence of events (<strong>Rate-based rule<\/strong>) &#8211; <span class=\"has-inline-color has-vivid-cyan-blue-color\">some kind of DDOS protection<\/span><\/li><li>Can integrate with <strong>Firewall Manager<\/strong> to <span class=\"has-inline-color has-vivid-cyan-blue-color\">centrally manage all firewall rules<\/span>.<\/li><\/ul><\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Inspector<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Automated vulnerability management service<\/li><li><span style=\"box-sizing: border-box; margin: 0px; padding: 0px;\">This is only for <strong>EC2<\/strong>,&nbsp;<strong>ECR<\/strong>&nbsp;Container Images,<\/span> and deployed <strong>Lambda<\/strong> functions. It <strong>scans EC2<\/strong> OS and container workloads for software vulnerabilities and unintended network exposure.<\/li><li>Can send assessment report to SNS for notification<\/li><li>2 Types of Assessment:<ol><li>Host Assessment<ul><li>requires an agent to be installed on the EC2. <\/li><li>scan from inside (e.g. OS, running application)<\/li><li>uses CVE and CIS<\/li><\/ul><\/li><li>Network Assessment<ul><li>agentless<\/li><li>probe from outside i.e. network reachability, open ports<\/li><\/ul><\/li><\/ol><\/li><li>Findings sent to <strong>Security Hub<\/strong> or <strong>Event Bridge <\/strong>(Risk Score)<\/li><li>Looks for <ul><li>Package vulns (Database of CVE)<\/li><li>Network Reachability<\/li><\/ul><\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Guard Duty<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>A <strong>threat detection service<\/strong> that continuously monitors your AWS <strong>accounts and workloads <\/strong>for malicious activity and delivers detailed security findings for visibility and remediation.<\/li><li>Uses machine learning.<\/li><li><strong>Analyzes Logs:<\/strong><ul><li>DNS logs-  e.g. compromised e<\/li><li>CloudTrail logs &#8211; e.g. unusual API calls<\/li><li>VPC Flow logs &#8211; e.g. unusual traffic<\/li><li>EKS Audit logs &#8211; e.g. suspicious activities or EKS cluster compromise<\/li><\/ul><\/li><li><strong>Malware Protection for:<\/strong><ul><li>EC2<\/li><li>S3<\/li><\/ul><\/li><li><strong>Detect Threats on<\/strong>:<ul><li>RDS<\/li><li>Lambda<\/li><\/ul><\/li><li>Can integrate with CloudWatch Event\/Event Bride to notify any findings.<\/li><li>Can protect against  <strong>CryptoCurrency<\/strong> queries &#8211; i.e. an EC2 instance is querying a domain name or IP address that is associated with cryptocurrency-related activity <\/li><li><strong>Disabling the service<\/strong> <strong>will delete all remaining data<\/strong>, including your findings and configurations before relinquishing the service permissions and resetting the service <\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Detective<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>helps you analyze, investigate, and quickly identify the root cause of security findings or suspicious activities.<\/li><li>automatically collects log data from your AWS resources.<\/li><li>uses machine learning, statistical analysis, and graph theory to generate visualizations that help you to conduct faster and more efficient security investigation<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Secret Manager<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Protect secrets needed to access your applications, services, and IT resources<\/li><li><strong>Rotate<\/strong>, manage, and retrieve :<ul><li>RDS credentials<\/li><li>Document DB credentials<\/li><li>Redshift Credentials<\/li><li>General Key\/Value pair parameter e.g. API Key, OAuth token<\/li><\/ul><\/li><li>Tight integration with Lambda and RDS<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[11],"tags":[],"class_list":["post-249","post","type-post","status-publish","format-standard","hentry","category-aws-review-notes"],"_links":{"self":[{"href":"https:\/\/mylinuxsite.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mylinuxsite.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mylinuxsite.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mylinuxsite.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mylinuxsite.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=249"}],"version-history":[{"count":29,"href":"https:\/\/mylinuxsite.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/249\/revisions"}],"predecessor-version":[{"id":1495,"href":"https:\/\/mylinuxsite.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/249\/revisions\/1495"}],"wp:attachment":[{"href":"https:\/\/mylinuxsite.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mylinuxsite.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mylinuxsite.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}