The Security, Identity & Compliance Services category is the second place you would mostly go to after creating your VPC. Here is where you will find services that will help you:
IAM (Identity, Access Management)
- AWS Identity and access Management (IAM) is a web service that helps you securely control access to AWS resources for your users. You use IAM to control who can use your AWS resources (authentication) and how they can use the resources (Authorization)
Cognito
- Amazon Cognito makes it easy for you to have users sign up and sign in to your apps, federate identities from social identity providers, secure access to AWS resources and synchronize data across multiple devices, platforms, and applications.
Secrets Manager
- AWS Secrets Manager is an AWS service that makes it easier for you to manage secrets. Secrets can be database credentials, passwords, third-party API leys, and even arbitrary texts. You can store and control access to these secrets centrally by using the Secrets Manager console, the Secrets Manager command line interface (CLI), or the Secrets Manager API and SDKs.
GuardDuty
- Amazon GuardDuty is a continuous security monitoring service. Amazon GuardDuty can help to identify unexpected and potentially unauthorized or malicious activity in your AWS environment.
Inspector
- Amazon Inspector enables you to analyze the behavior of your AWS resources and helps you identify potential security issues.
Amazon Macie
- Amazon Macie is a security service that uses machine learning to automatically discover, classify and protect sensitive data in AWS. Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.
AWS Single Sign-on
- AWS Single Sign-on is a cloud-based single sign-on service that makes it easy to centrally manage SSO access to all of your AWS accounts and cloud applications. Specifically, it helps you manage SSO access and user permissions across all your AWS accounts in AWS Organizations. AWS SSO also helps you manage access and permission to commonly used third-party software as a service (SaaS) applications as well as custom applications that support Security Assertion Markup Language (SAML) 2.0. AWS SSO includes a user portal where your end-users can find and access all their assigned AWS accounts, cloud applications, and custom applications in one place.
Certificate Manager
- AWS Certificate Manager (ACM) handles the complexity of creating and managing SSL/TLS certificates for your AWS based websites and applications. You can use certificates provided by ACM (ACM Certificates) or certificates that you import into ACM.
CloudHSM
- AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. CloudHSM offers you the flexibility to integrate with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries. CloudHSM is also standards-compliant and enables you to export all of your keys to most other commercially- available HSMs. It is a fully-managed service that automates time-consuming administrative tasks for you, such as hardware provisioning, software patching, high-availability, and backup. Cloud HSM also enables you to scale quickly by adding and removing HSM capacity on-demand, with no up-front costs.
Directory Service
- AWS Directory Service provides multiple ways to use Amazon Cloud Directory and Microsoft Active Directory with other AWS services. You can choose the directory service with the features you need at a cost that fits your budget. Use Amazon Cloud Directory if you need a highly scalable directory store for your application's hierarchical data. Select AWS Directory Service for Microsoft Active Directory (Enterprise Edition) for a feature-rich managed Microsoft Active Directory hosted on the AWS cloud. Use simple AD if you need an inexpensive Active Directory-compatible service with the common directory features. Another option, AD connector, lets you simply connect your existing on-premises Active Directory to AWS.
- Connects Microsoft AD with AWS
WAF (Web Access Firewall) and Shield
- AWS WAF is a web application firewall service that helps protect your web apps from common exploits that could affect availability, compromise security, or consume excessive resources.
- AWS Shield provides expanded DDoS attack protection for your AWS resources. As an AWS customer, you automatically have basic DDoS protection with the AWS Shield Standard plan, at no additional cost beyond what you already pay for AWS WAF and your other AWS services. For an additional cost, you can get advanced DDoS protection by activating the AWS Shield Advanced plan.
Artifact
- AWS Artifact features a comprehensive list of access-controlled documents relevant to compliance and security in the AWS cloud.
- setup user and application access to your VPC
- secure your VPC
- configure access controls, policies and permissions
- connect your on-premise directory service with your AWS VPC services
Below is the list of services in this category.
IAM (Identity, Access Management)
- AWS Identity and access Management (IAM) is a web service that helps you securely control access to AWS resources for your users. You use IAM to control who can use your AWS resources (authentication) and how they can use the resources (Authorization)
Cognito
- Amazon Cognito makes it easy for you to have users sign up and sign in to your apps, federate identities from social identity providers, secure access to AWS resources and synchronize data across multiple devices, platforms, and applications.
Secrets Manager
- AWS Secrets Manager is an AWS service that makes it easier for you to manage secrets. Secrets can be database credentials, passwords, third-party API leys, and even arbitrary texts. You can store and control access to these secrets centrally by using the Secrets Manager console, the Secrets Manager command line interface (CLI), or the Secrets Manager API and SDKs.
GuardDuty
- Amazon GuardDuty is a continuous security monitoring service. Amazon GuardDuty can help to identify unexpected and potentially unauthorized or malicious activity in your AWS environment.
Inspector
- Amazon Inspector enables you to analyze the behavior of your AWS resources and helps you identify potential security issues.
Amazon Macie
- Amazon Macie is a security service that uses machine learning to automatically discover, classify and protect sensitive data in AWS. Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.
AWS Single Sign-on
- AWS Single Sign-on is a cloud-based single sign-on service that makes it easy to centrally manage SSO access to all of your AWS accounts and cloud applications. Specifically, it helps you manage SSO access and user permissions across all your AWS accounts in AWS Organizations. AWS SSO also helps you manage access and permission to commonly used third-party software as a service (SaaS) applications as well as custom applications that support Security Assertion Markup Language (SAML) 2.0. AWS SSO includes a user portal where your end-users can find and access all their assigned AWS accounts, cloud applications, and custom applications in one place.
Certificate Manager
- AWS Certificate Manager (ACM) handles the complexity of creating and managing SSL/TLS certificates for your AWS based websites and applications. You can use certificates provided by ACM (ACM Certificates) or certificates that you import into ACM.
CloudHSM
- AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. CloudHSM offers you the flexibility to integrate with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries. CloudHSM is also standards-compliant and enables you to export all of your keys to most other commercially- available HSMs. It is a fully-managed service that automates time-consuming administrative tasks for you, such as hardware provisioning, software patching, high-availability, and backup. Cloud HSM also enables you to scale quickly by adding and removing HSM capacity on-demand, with no up-front costs.
Directory Service
- AWS Directory Service provides multiple ways to use Amazon Cloud Directory and Microsoft Active Directory with other AWS services. You can choose the directory service with the features you need at a cost that fits your budget. Use Amazon Cloud Directory if you need a highly scalable directory store for your application's hierarchical data. Select AWS Directory Service for Microsoft Active Directory (Enterprise Edition) for a feature-rich managed Microsoft Active Directory hosted on the AWS cloud. Use simple AD if you need an inexpensive Active Directory-compatible service with the common directory features. Another option, AD connector, lets you simply connect your existing on-premises Active Directory to AWS.
- Connects Microsoft AD with AWS
WAF (Web Access Firewall) and Shield
- AWS WAF is a web application firewall service that helps protect your web apps from common exploits that could affect availability, compromise security, or consume excessive resources.
- AWS Shield provides expanded DDoS attack protection for your AWS resources. As an AWS customer, you automatically have basic DDoS protection with the AWS Shield Standard plan, at no additional cost beyond what you already pay for AWS WAF and your other AWS services. For an additional cost, you can get advanced DDoS protection by activating the AWS Shield Advanced plan.
Artifact
- AWS Artifact features a comprehensive list of access-controlled documents relevant to compliance and security in the AWS cloud.
Resource Access Manager
- AWS Resource Access Manager (AWS RAM) enables you to share your resources with any AWS account or organization in AWS Organizations. Customers who operate multiple accounts can create resources centrally and use AWS RAM to share them with all of their accounts to reduce operational overhead. AWS RAM is available at no additional cost.
Key Management Service (KMS)
- AWS Key Management Service (KMS) is an encryption and key management service for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.
AWS Security Hub
- AWS Security Hub provides you with a comprehensive view of your security state within AWS. It collects data from across AWS accounts and services, and helps you analyze your security trends and identify the highest priority security issues across your AWS environment.
Thanks for the comment Sneha! Sorry I've been out for a while and haven't posted any new content. They are in the works and I will be posting more soon. If you have any content suggestions please feel free to message me and I'll gladly write up some fresh contents around your suggested topics. Have a great and AWeSome day!
ReplyDeleteWorth for my valuable time, I am very much satisfied with your blog. Thanks for sharing.
ReplyDeleteDevOps Training in Chennai
RPA Training in Chennai
Java Training in Chennai
ReactJS Training in Chennai
AWS Training in Chennai
AWS Training