دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش:
نویسندگان: Heartin Kanikathottu
سری:
ISBN (شابک) : 1838826254, 9781838826253
ناشر: Packt Publishing
سال نشر: 2020
تعداد صفحات: 0
زبان: English
فرمت فایل : MOBI (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 66 مگابایت
در صورت ایرانی بودن نویسنده امکان دانلود وجود ندارد و مبلغ عودت داده خواهد شد
در صورت تبدیل فایل کتاب AWS Security Cookbook: Practical solutions for managing security policies, monitoring, auditing, and compliance with AWS به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب کتاب آشپزی امنیتی AWS: راه حل های عملی برای مدیریت سیاست های امنیتی، نظارت، ممیزی و انطباق با AWS نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
زیرساخت خدمات وب آمازون (AWS) خود را با خطمشیهای مجوز، مدیریت کلید، و امنیت شبکه، همراه با پیروی از بهترین شیوههای امنیت ابری، ایمن کنید
به عنوان یک مشاور امنیتی، زیرساختهای خود را با اجرای سیاستها و پیروی از بهترین شیوه ها حیاتی است. این کتاب آشپزی راهحلهای عملی برای رایجترین مشکلات مربوط به حفاظت از زیرساخت، پوشش خدمات و ویژگیهای AWS را مورد بحث قرار میدهد که میتواند به شما در پیادهسازی مدلهای امنیتی مانند سهگانه CIA (محرمانه، یکپارچگی، و در دسترس بودن) و سهگانه AAA (احراز هویت، مجوز) کمک کند. ، و در دسترس بودن)، همراه با عدم انکار.
این کتاب با خطمشیهای IAM و S3 شروع میشود و بعداً شما را با امنیت دادهها، امنیت برنامهها، نظارت و انطباق سریع آشنا میکند. این شامل همه چیز است، از استفاده از فایروال ها و متعادل کننده های بار گرفته تا نقاط پایانی ایمن، تا استفاده از Cognito برای مدیریت کاربران و احراز هویت. در طول این کتاب، شما یاد خواهید گرفت که از خدمات امنیتی AWS مانند Config برای نظارت استفاده کنید و همچنین با GuardDuty، Macie و Inspector مطابقت داشته باشید. در نهایت، این کتاب بهترین شیوههای امنیت ابر را پوشش میدهد و نشان میدهد که چگونه میتوانید خدمات امنیتی اضافی مانند Glacier Vault Lock و Security Hub را برای تقویت بیشتر زیرساختهای خود ادغام کنید.
در پایان این کتاب، شما به خوبی با تکنیک های مورد نیاز برای ایمن سازی استقرارهای AWS آشنا خواهید شد، همراه با دانش آماده شدن برای گواهینامه AWS Certified Security – Speciality.
< h4>آنچه یاد خواهید گرفتاگر حرفه ای در زمینه امنیت فناوری اطلاعات، معمار امنیت ابر، یا توسعه دهنده برنامه های کاربردی ابری هستید روی نقش های مرتبط با امنیت کار می کنید و علاقه مند به استفاده از زیرساخت AWS برای استقرار برنامه های امن هستید، پس این کتاب خدمات وب آمازون برای شما مناسب است. همچنین اگر به دنبال دریافت گواهینامه AWS هستید، این کتاب برای شما مفید خواهد بود. دانش قبلی در مورد AWS و محاسبات ابری برای استفاده حداکثری از این کتاب مورد نیاز است.
Secure your Amazon Web Services (AWS) infrastructure with permission policies, key management, and network security, along with following cloud security best practices
As a security consultant, securing your infrastructure by implementing policies and following best practices is critical. This cookbook discusses practical solutions to the most common problems related to safeguarding infrastructure, covering services and features within AWS that can help you implement security models such as the CIA triad (confidentiality, integrity, and availability), and the AAA triad (authentication, authorization, and availability), along with non-repudiation.
The book begins with IAM and S3 policies and later gets you up to speed with data security, application security, monitoring, and compliance. This includes everything from using firewalls and load balancers to secure endpoints, to leveraging Cognito for managing users and authentication. Over the course of this book, you'll learn to use AWS security services such as Config for monitoring, as well as maintain compliance with GuardDuty, Macie, and Inspector. Finally, the book covers cloud security best practices and demonstrates how you can integrate additional security services such as Glacier Vault Lock and Security Hub to further strengthen your infrastructure.
By the end of this book, you'll be well versed in the techniques required for securing AWS deployments, along with having the knowledge to prepare for the AWS Certified Security – Specialty certification.
If you are an IT security professional, cloud security architect, or a cloud application developer working on security-related roles and are interested in using AWS infrastructure for secure application deployments, then this Amazon Web Services book is for you. You will also find this book useful if you're looking to achieve AWS certification. Prior knowledge of AWS and cloud computing is required to get the most out of this book.
Cover Title Page Copyright and Credits Dedication About Packt Contributors Table of Contents Preface Chapter 1: Managing AWS Accounts with IAM and Organizations Technical requirements Configuring IAM for a new account Getting ready How to do it... Creating a billing alarm How it works... There\'s more... See also Creating IAM policies Getting ready How to do it... Creating policies with the IAM visual editor Creating policies using the AWS CLI How it works... There\'s more... See also Creating a master account for AWS Organizations Getting ready How to do it... How it works... There\'s more... See also Creating a new account under an AWS Organization Getting ready How to do it... Creating an account and OU from the CLI Creating and moving an account from the console How it works... There\'s more... See also Switching roles with AWS Organizations Getting ready How to do it... Switching as an administrator Granting permission for a non-admin user to switch roles Granting permission for a non-admin user to switch roles using the CLI How it works... Switching roles between any two accounts There\'s more... See also Chapter 2: Securing Data on S3 with Policies and Techniques Technical requirements Creating S3 access control lists Getting ready How to do it... Granting READ ACLs for a bucket to everyone from the console Granting READ for AWS users using predefined groups from the CLI Granting public READ for an object with canned ACLs from the CLI How it works... There\'s more... Comparing ACLs, bucket policies, and IAM policies See also Creating an S3 bucket policy Getting ready How to do it... Bucket public access with a bucket policy from the console Bucket list access with a bucket policy from the CLI How it works... There\'s more... See also S3 cross-account access from the CLI Getting ready How to do it... Uploading to a bucket in another account Uploading to a bucket in another account with a bucket policy How it works... There\'s more... See also S3 pre-signed URLs with an expiry time using the CLI and Python Getting ready How to do it... Generating a pre-signed URL from the CLI Generating a pre-signed URL using the Python SDK How it works... There\'s more... See also Encrypting data on S3 Getting ready How to do it... Server-side encryption with S3-managed keys (SSE-S3) Server-side encryption with KMS-managed keys (SSE-KMS) Server-side encryption with customer-managed keys (SSE-C) How it works... There\'s more... See also Protecting data with versioning Getting ready How to do it... How it works... There\'s more... See also Implementing S3 cross-region replication within the same account Getting ready How to do it... How it works... There\'s more... See also Implementing S3 cross-region replication across accounts Getting ready How to do it... How it works... There\'s more... See also Chapter 3: User Pools and Identity Pools with Cognito Technical requirements Creating Amazon Cognito user pools Getting ready How to do it... How it works... There\'s more... See also Creating an Amazon Cognito app client Getting ready How to do it... How it works... There\'s more... Customizing workflows with triggers See also User creation and user signups Getting ready How to do it... Creating a user by an administrator Creating a user through self-signup with admin confirmation Creating a user through self-signup with self-confirmation How it works... There\'s more... See also Implementing an admin authentication flow Getting ready How to do it... How it works... There\'s more... See also Implementing a client-side authentication flow Getting ready How to do it... How it works... There\'s more... See also Working with Cognito groups Getting ready How to do it... How it works... There\'s more... See also Federated identity with Cognito user pools Getting ready How to do it... Configuring within the Amazon developer portal Configuring in Cognito How it works... There\'s more... See also Chapter 4: Key Management with KMS and CloudHSM Technical requirements Creating keys in KMS Getting ready How to do it... How it works... There\'s more... See also Using keys with external key material Getting ready How to do it... Creating key configuration for an external key Generating our key material using OpenSSL Continuing with key creation from the console How it works... There\'s more... See also Rotating keys in KMS Getting ready How to do it... How it works... There\'s more... See also Granting permissions programmatically with grants Getting ready How to do it... How it works... There\'s more... See also Using key policies with conditional keys Getting ready How to do it... How it works... There\'s more... See also Sharing customer-managed keys across accounts Getting ready How to do it... Creating a key and giving permission to the other account Using the key as an administrator user from account 2 Using the key as a non-admin user from account 2 How it works... There\'s more... See also Creating a CloudHSM cluster Getting ready How to do it... How it works... There\'s more... See also Initializing and activating a CloudHSM cluster Getting ready How to do it... Initializing the cluster and creating our first HSM Launching an EC2 client instance and activating the cluster How it works... There\'s more... See also Chapter 5: Network Security with VPC Technical requirements Creating a VPC in AWS Getting ready How to do it... How it works... There\'s more... See also Creating subnets in a VPC Getting ready How to do it... How it works... There\'s more... See also Configuring an internet gateway and a route table for internet access Getting ready How to do it... How it works... There\'s more... See also Setting up and configuring NAT gateways Getting ready How to do it... How it works... There\'s more... See also Working with NACLs Getting ready How to do it... How it works... There\'s more... See also Using a VPC gateway endpoint to connect to S3 Getting ready How to do it... How it works... There\'s more... See also Configuring and using VPC flow logs Getting ready How to do it... How it works... There\'s more... See also Chapter 6: Working with EC2 Instances Technical requirements Creating and configuring security groups Getting ready How to do it... How it works... There\'s more... See also Launching an EC2 instance into a VPC Getting ready How to do it... General steps for launching an EC2 instance and doing SSH Launching an instance into our public subnet Launching an instance into our private subnet How it works... There\'s more... See also Setting up and configuring NAT instances Getting ready How to do it... Adding a route for the NAT instance How it works... There\'s more... See also Creating and attaching an IAM role to an EC2 instance Getting ready How to do it... How it works... There\'s more... See also Using our own private and public keys with EC2 Getting ready How to do it... Generating the keys Uploading a key to EC2 How it works... There\'s more... See also Using EC2 user data to launch an instance with a web server Getting ready How to do it... How it works... There\'s more... See also Storing sensitive data with the Systems Manager Parameter Store Getting ready How to do it... Creating a parameter in the AWS Systems Manager Parameter Store Creating and attaching role for the AWS Systems Manager Retrieving parameters from the AWS Systems Manager Parameter Store How it works... There\'s more... See also Using KMS to encrypt data in EBS Getting ready How to do it... How it works... There\'s more... See also Chapter 7: Web Security Using ELBs, CloudFront, and WAF Technical requirements Enabling HTTPS on an EC2 instance Getting ready How to do it... How it works... There\'s more... See also Creating an SSL/TLS certificate with ACM Getting ready How to do it... How it works... There\'s more... See also Creating a classic load balancer Getting ready How to do it... How it works... There\'s more... See also Creating ELB target groups Getting ready How to do it... How it works... There\'s more... See also Using an application load balancer with TLS termination at the ELB Getting ready How to do it... How it works... There\'s more... See also Using a network load balancer with TLS termination at EC2 Getting ready How to do it... How it works... There\'s more... See also Securing S3 using CloudFront and TLS Getting ready How to do it... CloudFront distribution with CloudFront default domain CloudFront distribution with a custom domain and ACM certificate How it works... There\'s more... See also Configuring and using the AWS web application firewall (WAF) Getting ready How to do it... How it works... There\'s more... See also Chapter 8: Monitoring with CloudWatch, CloudTrail, and Config Technical requirements Creating an SNS topic to send emails Getting ready How to do it... How it works... There\'s more... See also Working with CloudWatch alarms and metrics Getting ready How to do it... How it works... There\'s more... See also Creating a dashboard in CloudWatch Getting ready How to do it... How it works... There\'s more... See also Creating a CloudWatch log group Getting ready How to do it... How it works... There\'s more... See also Working with CloudWatch events Getting ready How to do it... How it works... There\'s more... See also Reading and filtering logs in CloudTrail Getting ready How to do it... How it works... There\'s more... See also Creating a trail in CloudTrail Getting ready How to do it... How it works... There\'s more... See also Using Athena to query CloudTrail logs in S3 Getting ready How to do it... How it works... There\'s more... See also Cross-account CloudTrail logging Getting ready How to do it... How it works... There\'s more... See also Integrating CloudWatch and CloudTrail Getting ready How to do it... How it works... There\'s more... See also Setting up and using AWS Config Getting ready How to do it... How it works... There\'s more... See also Chapter 9: Compliance with GuardDuty, Macie, and Inspector Technical requirements Setting up and using Amazon GuardDuty Getting ready How to do it... How it works... There\'s more... See also Aggregating findings from multiple accounts in GuardDuty Getting ready How to do it... How it works... There\'s more... See also Setting up and using Amazon Macie Getting ready How to do it... How it works... There\'s more... See also Setting up and using Amazon Inspector Getting ready How to do it... How it works... There\'s more... See also Creating a custom Inspector template Getting ready How to do it... How it works... There\'s more... See also Chapter 10: Additional Services and Practices for AWS Security Technical requirements Setting up and using AWS Security Hub Getting ready How to do it... How it works... There\'s more... See also Setting up and using AWS SSO Getting ready How to do it... How it works... There\'s more... See also Setting up and using AWS Resource Access Manager Getting ready How to do it... How it works... There\'s more... See also Protecting S3 Glacier vaults with Vault Lock Getting ready How to do it... How it works... There\'s more... See also Using AWS Secrets Manager to manage RDS credentials Getting ready How to do it... How it works... There\'s more... See also Creating an AMI instead of using EC2 user data Getting ready How to do it... How it works... There\'s more... See also Using security products from AWS Marketplace Getting ready How to do it... How it works... There\'s more... See also Using AWS Trusted Advisor for recommendations Getting ready How to do it... How it works... There\'s more... See also Using AWS Artifact for compliance reports Getting ready How to do it... How it works... There\'s more... See also Other Books You May Enjoy Index