🖋️
AWS CCP Notes by Karan Singh
  • Intro
  • The Absolute Basics
  • 6 Advantages of Cloud Computing
  • IAM
    • IAM - Identity and Access Management
  • Serverless Services
  • EC2
    • EC2 - Elastic Compute Cloud
    • EC2 Storage
    • EC2 Purchasing Options
  • ELB & ASG
    • Scalability and Elasticity
    • Elastic Load Balancing
    • Auto Scaling
  • S3
    • Buckets and Objects
    • S3 Security
    • S3 Replication
    • S3 Storage Classes
    • Snowball and Snowmobile
  • Databases/Analytics
    • Aurora
    • RDS
    • ElastiCache
    • DynamoDB
    • DocumentDB
    • Redshift
    • Neptune
  • Analytics
    • EMR
    • Athena
    • DMS
    • Glue
  • Other computing services
    • ECS
    • Fargate
    • Elastic Container Registry
    • EKS
    • Lambda
    • Batch
    • Lightsail
  • Deployment & Provisioning
    • CloudFormation
    • Elastic Beanstalk
    • CodeDeploy
    • Systems Manager
    • OpsWorks
    • QuickStart
    • Marketplace
  • Content Delivery
    • Route 53
    • CloudFront
    • S3 Transfer Acceleration
    • Global Accelerator
  • Communication and Step Functions
    • SQS
    • SNS
    • SES
    • Step Functions
  • Monitoring
    • CloudWatch
    • CloudTrail
    • X-Ray
    • Service Health Dashboard
    • Personal Health Dashboard
  • VPC & Networking
    • VPC
    • Subnets
    • Internet Gateway & NAT Gateway
    • NACL & Security Groups
    • VPC Flow Logs
    • VPC Peering
    • VPC Endpoints
    • Direct Connect & Site-to-site VPN
    • Transit Gateway
  • Shared Responsibility Model
    • Shared Responsibility Model
    • RDS
    • S3
  • Security & Compliance
    • WAF & Shield
    • Penetration Testing
    • KSM & CloudHSM
    • Secrets Manager
    • Artifact
    • GuardDuty
    • Inspector
    • Config
    • Macie
  • Machine Learning
    • Rekognition
    • Transcribe
    • Polly
    • Lex
    • Connect
    • Comprehend
    • SageMaker
  • Organizations
    • Organizations
    • Consolidated Billing
  • Pricing
    • Free Services
    • EC2 Pricing
    • Lambda Pricing
    • ECS Pricing
    • EBS Pricing
    • S3 Pricing
    • RDS Pricing
    • CloudFront Pricing
    • Networking Pricing
  • Billing & Support
    • TCO Calculator
    • Simple Monthly Calculator/Pricing Calculator
    • Billing Dashboard
    • Cost Allocation Tags
    • Cost & Usage Reports
    • Cost Explorer
    • Billing Alarms
    • Budgets
    • Trusted Advisor
    • AWS Support Plans
  • Advanced Identity
    • Cognito
    • Directory Services
    • Single Sign-On (SSO)
  • Architecting On The Cloud
    • Well-Architected Framework & Best Practices
      • 1) Operational Excellence
      • 2) Security
      • 3) Reliability
      • 4) Performance Efficiency
      • 5) Cost Optimization
  • AWS Ecosystem
  • AZ, Regional and Global Services
Powered by GitBook
On this page

Was this helpful?

  • Ability to protect data, systems, and assets to take advantage of cloud technologies to improve your security.

Design Principles:

  • Implement a strong identity foundation: Centralize identity manage and use the principle of least privilege.

  • Enable traceability: Track logs and metrics and if anything is suspicious, take action immediately.

  • Apply security at all layers: Apply security everywhere (edge of network, VPC, load balancing, every instance and compute service, operating system, application, and code).

  • Automate security best practices

  • Protect data in transit and at rest: Use encryption, tokenization, and access control where appropriate.

  • Keep people away from data: Reduce or eliminate the need for direct access or manual processing of data.

  • Prepare for security events: Do incident response simulations and use tools with automation to increase your speed for detection, investigation, and recovery.

Last updated 4 years ago

Previous1) Operational ExcellenceNext3) Reliability
  1. Architecting On The Cloud
  2. Well-Architected Framework & Best Practices

2) Security