AWS IAM
Manage access to AWS resources.
<h3>AWS IAM (Identity and Access Management)</h3>
<p><strong>Definition:</strong> Manage access to AWS services and resources.</p>
<p><strong>Components:</strong></p>
<ul>
<li><strong>Users:</strong> End users.</li>
<li><strong>Groups:</strong> Collection of users.</li>
<li><strong>Roles:</strong> Temporary credentials for AWS services/EC2.</li>
<li><strong>Policies:</strong> JSON permission documents.</li>
</ul>
<p><strong>Best Practices:</strong> Least privilege, MFA, password policies, use roles.</p>
AWS IAM Identity Center (SSO)
Manage workforce access.
<h3>AWS IAM Identity Center (formerly SSO)</h3>
<p><strong>Definition:</strong> Centralized access management for multiple AWS accounts and business applications.</p>
<p><strong>Features:</strong> Centralized user management, MFA, attribute-based access control.</p>
AWS Organizations
Central governance and management.
<h3>AWS Organizations</h3>
<p><strong>Definition:</strong> Manage multiple AWS accounts.</p>
<p><strong>Features:</strong> Consolidated billing, Service Control Policies (SCPs), Organizational Units (OUs).</p>
AWS KMS
Create and control encryption keys.
<h3>AWS KMS (Key Management Service)</h3>
<p><strong>Definition:</strong> Managed encryption key service.</p>
<p><strong>Key Types:</strong> AWS Managed Keys, Customer Managed Keys (CMK), AWS Owned Keys.</p>
<p><strong>Features:</strong> Key rotation, key policies, audit via CloudTrail.</p>
AWS Secrets Manager
Rotate, manage, and retrieve secrets.
<h3>AWS Secrets Manager</h3>
<p><strong>Definition:</strong> Store and rotate secrets (database credentials, API keys).</p>
<p><strong>Features:</strong> Automatic rotation, cross-region replication, integration with RDS.</p>
AWS Certificate Manager (ACM)
Provision, manage, and deploy SSL/TLS certificates.
<h3>AWS Certificate Manager (ACM)</h3>
<p><strong>Definition:</strong> Provision, manage, and deploy SSL/TLS certificates.</p>
<p><strong>Features:</strong> Free public certificates, automatic renewal, integration with ELB/CloudFront.</p>
AWS WAF
Protect web apps from common exploits.
<h3>AWS WAF (Web Application Firewall)</h3>
<p><strong>Definition:</strong> Protect web applications from common exploits.</p>
<p><strong>Features:</strong> Web ACLs (allow/block rules), Rate-based rules (DDoS), Managed rule sets.</p>
AWS Shield
DDoS protection service.
<h3>AWS Shield</h3>
<p><strong>Definition:</strong> DDoS protection service.</p>
<p><strong>Types:</strong> Standard (Free), Advanced (24/7 response team).</p>
Amazon GuardDuty
Intelligent threat detection.
<h3>Amazon GuardDuty</h3>
<p><strong>Definition:</strong> Threat detection service using ML.</p>
<p><strong>Data Sources:</strong> VPC Flow Logs, DNS Logs, CloudTrail Events.</p>
<p><strong>Findings:</strong> Unauthorized deployments, cryptocurrency mining, compromised instances.</p>
AWS Security Hub
Unified security and compliance center.
<h3>AWS Security Hub</h3>
<p><strong>Definition:</strong> Centralized security view across AWS accounts.</p>
<p><strong>Features:</strong> Aggregates findings from GuardDuty, Inspector, Macie, etc.</p>
AWS Config
Assess, audit, and evaluate configurations.
<h3>AWS Config</h3>
<p><strong>Definition:</strong> Track resource configuration and compliance.</p>
<p><strong>Features:</strong> Configuration history, configuration snapshots, rules.</p>
