Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security and Identity - Coggle Diagram
Security and Identity
Web App Firewall (WAF)
-
-
-
AWS Firewall Manager
Useful when managing firewall policies across accounts and apps inside an organization.
AWS Config is required for the use of Firewall Manager security policies.
Firewall Manager policy is created on OU level.
scope-down statements in JSON
The scope-down statement guarantees that traffic will be evaluated first against the scope-down statement.
IAM
-
Ways Rotate IAM Access Keys:
Only 2 access keys can be created for each IAM user
Use AWS IAM Credential Report to audit key ages across all users.
- Manual Rotation via Console
- CLI
- Lambda Rotation Function if Access Keys are in Secrets Manager
- AWS Config to detect old key then chain with Lambda rotation function
IAM Identity Center
You can connect IAM IC to your existing identity provider (external AD) and synchronize users and groups from there.
-
IAM IC Permission Set
permission set that uses the AWS managed PowerUserAccess IAM policy.
Assign the permission set to the self-managed development team AD group in IAM Identity Center.
-
Cognito
Amazon Cognito provides token handling through user pools. Amazon Cognito must supply and validate the tokens.
GuardDuty
a threat detection service that monitors for malicious activity and anomalous behavior to protect AWS accounts, workloads, and data.
GuardDuty Finding
GuardDuty will read VPC Flow Logs and detect any sus behavior.
GuardDuty Threat List
there is also Trusted List
Finding Filter:
A finding filter refines findings against criteria that you specify but it just do that, it cannot make GuardDuty do anything.
-
-
-
Inspector
Beefed up Trivy
It checks your EC2 instances, container images, and other resources for vulnerabilities, misconfigurations, and deviations from best practices