AWS Security Masterclass
Identity and Access Management (IAM):
1
Published on October 07, 2022
Learn about AWS Root user, IAM Users, Access Keys and Credentials Report.
2
Published on October 11, 2022
Article and lab walk-through on foundational elements of an AWS Role, and how to assume it from an AWS service and IAM user.
3
Published on October 19, 2022
Learn about IAM policies or Identity-based policies, with video walkthrough on how to create them and security tips to be mindful of.
4
Published on October 28, 2022
Learn about AWS Resource policy and how it differs from an IAM policy or Identity-based policy. In the video lab, we will create a S3 bucket resource policy, compare that policy with an equivalent IAM policy and see how easy it is to publicly expose a S3 object.
5
Published on December 02, 2022
Learn about policy evaluation for intra-account and cross-account access. In the video lab walk-through, we would show the general policy evaluation logic for IAM and Resource policies, and the exceptional case of KMS policies. We will also show the cross-account policy evaluation for accessing a S3 bucket in a different AWS account.
6
Published on January 06, 2022
Learn about how to use Permissions Boundary for delegated IAM permissions management with a short article and lab demo.
7
Published on February 03, 2022
AWS Organization makes the management of multiple AWS accounts better by providing a single interface to organize, manage and administer all your AWS accounts.
8
Published on February 11, 2022
Service Control Policies are the fourth kind of AWS Policies that we are introducing. Remember that we already learned about IAM policies, Resource policies and Permission Boundaries. Unlike the other three policies which are applicable to identities (IAM policy, Permissions Boundary) and resources (Resource policy) within only a single AWS account, SCPs can be applied to multiple AWS accounts which are organized and managed using AWS Organizations.
9
Published on February 16, 2022
Similar to Permission Boundary and SCP, AWS Session policy is also a limiting policy as it sets the maximum permission that a user session can have.
10
Published on February 21, 2022
Simple explanation of the AWS policy evaluation logic for the five AWS policies – IAM, Resource, SCP, Permissions Boundary and Session.
11
Published on March 25, 2022
In this short but thorough guide, we will explore the security risks of the AWS Root User and the ways to mitigate them using strategies that have been tried and tested at large Cloud software companies.
Network Security:
1
Published on May 22, 2023
Learn about the foundational concepts of AWS VPC and 9 networking patterns to connect VPC to the outside world using gateways and other AWS services.
2
Published on Sep 15, 2023
An overview of the current AWS Firewall capabilities and how to pick one Firewall solution over the other. We will be covering the 5 types of AWS Firewalls – Security Groups, Network Access Control Lists, Web Application Firewall, Route 53 Resolver DNS Firewall and Network Firewall. Apart from the 5 firewalls, we will also briefly cover AWS Firewall Manager which is a centralized Firewall management service.
3
Published on Sep 22, 2023
Learn about the relevance of AWS VPC Flow logs and the various fields within it. Understand the different levels at which Flow Logs can be enabled, other types of Network logs in AWS and finally how to analyze AWS VPC Flow Logs.
4
Published on Jan 2, 2024
Fortify your cloud infra by creating private connectivity using VPC Endpoints. Learn about Gateway and Interface endpoint types.
5
Published on May 17, 2024
Follow the 13 steps mentioned in this article to create your own demo for testing SSRF vulnerability and remediating with WAF on AWS.
Data Protection:
1
Published on Jun 21, 2024
Learn how KMS access model changes with Grants. Understanding KMS Grants is essential for securing AWS KMS keys and preventing potential data leaks and backdoor access.
Logging and Monitoring:
1
Published on Sep 25, 2024
In this article, I will outline the key fundamentals of CloudTrail that are crucial for Cloud Security professionals to understand.
Build Security:
Upcoming
Protecting Critical AWS Services:
securing RDS
Upcoming
securing ec2
Upcoming
securing serverless (api gateway, lambda, dynamodb)
Upcoming