awesome-kubernetes/docs/aws-security.md

AWS Security

• Introduction
• Policy as Code with AWS CDK and Open Policy Agent
• Payment Card Industry Data Security Standard compliance
• AWS IAM
• AWS Organizations
• AWS Control Tower
• AWS Firewalls
• AWS WAF Web Application Firewall
• AWS Secrets Manager
• AWS Vault

Introduction

• AWS Security Blog
• AWS Security
• AWS Security docs
• Tutorial: Configure Apache Web Server on Amazon Linux to use SSL/TLS
• The Most Popular AWS Security Blog Posts in 2015
• dzone: Private Subnets Are Broken on AWS
• Amazon’s customer service backdoor
• Announcing Industry Best Practices for Securing AWS Resources
• The Most Viewed AWS Security Blog Posts so Far in 2016
• Oracle Database Encryption Options on Amazon RDS
• Learn AWS Security Fundamentals with Free and Online Training
• How to Restrict Amazon S3 Bucket Access to a Specific IAM Role
• Updated Whitepaper Available: AWS Best Practices for DDoS Resiliency
• AWS Security Blog: In Case You Missed These: AWS Security Blog Posts from June, July, and August 2016
• Amazon Inspector Announces General Availability for Windows
• encrypt and decrypt data: Importing Key Material in AWS Key Management Service (AWS KMS) Use your own encryption keys with AWS Key Management Service.
• Amazon s2n: AWS’s new Open Source implementation of the SSL/TLS network encryption protocols
• dzone: 9 AWS Security Best Practices: Securing Your AWS Cloud Working with Amazon facilities, it is necessary to implement AWS security best practices to ensure the safety of the data and the cloud.
• Encrypt global data client-side with AWS KMS multi-Region keys Today, AWS Key Management Service (AWS KMS) is introducing multi-Region keys, a new capability that lets you replicate keys from one Amazon Web Services (AWS) Region into another. Multi-Region keys are designed to simplify management of client-side encryption when your encrypted data has to be copied into other Regions for disaster recovery or is replicated in Amazon DynamoDB global tables.
• dzone: Removing the Bastion Host and Improving the Security in AWS This article covers the security in AWS and overcoming the classic SSH/RDP jump with a better alternative for all OS.
• acloudguru.com: How to audit and secure an AWS account
• yobyot.com: AWS multi-region KMS keys and Data Lifecycle Manager: better together
• try.jupiterone.com: The Absolute Minimum Every Developer Must Know about AWS Security
• ==How to automate AWS account creation with SSO user assignment==
• Security practices in AWS multi-tenant SaaS environments Many good tips, from identity management to tenant isolation.

Policy as Code with AWS CDK and Open Policy Agent

• Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent 🌟

Payment Card Industry Data Security Standard compliance

• PCI DSS Standardized Architecture on the AWS Cloud: Quick Start Reference Deployment

AWS IAM

• AWS Identity and Access Management - Getting Started
• AWS Identity and Access Management (IAM) best practices in 2016
• How to Record and Govern Your IAM Resource Configurations Using AWS Config
• How to Use SAML to Automatically Direct Federated Users to a Specific AWS Management Console Page
• New IAMCTL tool compares multiple IAM roles and policies
• Bring your own CLI to Session Manager with configurable shell profiles
• keepler.io: Gestionando el control de accesos en nuestro data lake en AWS
• aws.amazon.com: IAM Access Analyzer now supports over 100 policy checks with actionable recommendations to help you author secure and functional policies
• aws.amazon.com: IAM Access Analyzer Update – Policy Validation
• netflixtechblog.com: ConsoleMe: A Central Control Plane for AWS Permissions and Access - github.com/Netflix/consoleme
• cloudkatha.com: Difference between Root User and IAM User in AWS You Need to Know
• ben11kehoe.medium.com: AWS Authentication: Principals (users and roles) in AWS IAM this article uses the boto3, the AWS Python SDK, as an example, but other SDKs have analogous features.
• infoq.com: Incorrect IAM Policy Raised Questions About AWS Access to S3 Data
• ==iann0036/iamlive== Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
• ==awsiam.info: AWS IAM Search==

AWS Organizations

• Simplifying permissions management at scale using tags in AWS Organizations
• Standardize compliance in AWS using DevOps and a Cloud Center of Excellence (CCOE) approach

AWS Control Tower

• ==AWS Control Tower== The easiest way to set up and govern a secure multi-account AWS environment
• ==aws.amazon.com: New – AWS Control Tower Account Factory for Terraform==
• hashicorp.com: HashiCorp Teams with AWS on New Control Tower Account Factory for Terraform AWS Control Tower Account Factory for HashiCorp Terraform (AFT), the evolution of Terraform Landing Zones, offers an easy way to set up and govern a secure, multi-account AWS environment.

AWS Firewalls

• doit-intl.com: AWS Firewalls 101: How and when to use each one
• Automatically block suspicious traffic with AWS Network Firewall and Amazon GuardDuty

AWS WAF Web Application Firewall

• AWS WAF - Web Application Firewall
• How to Automatically Update Your Security Groups for Amazon CloudFront and AWS WAF by Using AWS Lambda (boto3 python)
• How to Use AWS WAF to Block IP Addresses That Generate Bad Requests
• How to Reduce Security Threats and Operating Costs Using AWS WAF and Amazon CloudFront
• AWS WAF sample rules
• medium: Blocking bots using AWS WAF
• medium: Protecting your Web Application or APIs using AWS WAF

AWS Secrets Manager

• How to replicate secrets in AWS Secrets Manager to multiple Regions
• AWS Secrets Manager controller POC: an EKS operator for automatic rotation of secrets
• k21academy.com: AWS Secrets Manager

AWS Vault

• AWS Vault is a tool to securely store and access AWS credentials in a development environment.
• AWS: Sourcing AWS CLI Credentials using a Custom AWS CLI Credential Provider and AWS Vault