AWS Security

AWS Security by Dylan Shields

Download - AWS Security by Dylan Shields - PDF 

When I first joined AWS, I knew almost nothing about security on the platform. I was fortunate to sit and talk with many of the different security teams and get an introduction to everything AWS security. I remember one of the teams I met with early on was the Automated Reasoning Group. They built several security tools based on automated reasoning, but one really stood out to me: Zelkova. At the time, you could give it two IAM policies, and it would tell if they were effectively the same or if one was more permissive (or not comparable). The tool does much more now, and powers features in S3, Config, GuardDuty, and Trusted Advisor. But even back then, it was an incredible tool. The team had many examples of IAM policies that had unexpected behavior that wasn’t obvious by just reading them. Then, they showed how you could easily identify the issues with Zelkova.

I remember being so excited after that demo that I talked about it to everyone I knew who used AWS. But instead of excitement, I mostly got questions. And not questions about Zelkova but basic questions about IAM, like “What’s a resource policy?” IAM, like a lot of security tools on AWS, is necessarily complicated. And for most people, the information on how these services work isn’t readily discoverable. Sure, there’s documentation on resource policies, but you wouldn’t know to look for it if you didn’t know that it exists. That was when I first thought about writing this book. I had been given a crash course in AWS security by learning from the people who were building all of these tools and services, and I wanted to find a way to share this information with everyone outside of the company who doesn’t have the same access.

AWS and cloud computing in general are growing nonstop, and security is such an important piece of it that I find this topic almost inescapable. Even while working at other companies that don’t use AWS for their primary infrastructure, AWS security knowledge has still come in handy. In my current role at Facebook, I review security and privacy concerns for companies we acquire, and almost all of them run on AWS. It’s getting harder and harder to find organizations that don’t use AWS in some way or another. Part of the growth of the platform is due to how fast AWS pushes out new features and services. They’re constantly improving and making it easier to build new things. But every new addition makes the platform a little more complex and makes securing it just a little bit harder. I hope the information in this book will help you to navigate that complexity and better secure the applications you run on AWS.



  • CC BY-NC-SA 3.0 PH
  • The author's reference is not required

Share on networks

eBooks Details:

Comments (0) Add

Кликните на изображение чтобы обновить код, если он неразборчив
No comments yet. Your comment will be the first!