[AWS Architecture Patterns] Security
AWS Security Architecture Patterns
2023-09-14 09:00:45 时间
Need to enable custom domain name and encryption in transit for an application running behind an Application Load Balancer?
Use AWS Route 53 to create an Alias record to the ALB's DNS name and attach an SSL/TLS certificate issued by Amazon Certificate Manager (ACM).
Company records customer information in CSV in an S3 bucket and must ont store PII data?
Use Macie to scan the S3 bucket for any PII data.
For compliance reasons all S3 buckets must have encryption enabled and any non-compliant buckets must be auto remediated?
Use AWS Config to check the encryption status of the buckets and use auto remediation to enable encyprtion as requried.
EC2 instances must be checked against CIS benchmarks every 7 days?
Install Amazon Inspector agent and configure a host assessment every 7 days.
Webiste running on EC2 instances behind and ALB must be protected against well known web exploits?
Create a Web ACL in AWS WAF to protect against web exploits against web exploits and attach to the ALB.
Need to block access to an application running on an ALB from connections originating in a specific list of countries?
Create a Web ACL in AWS WAF with a geographic match and block traffic that matches the list of countries.
Partten matching for 100 requests per 5 mins, block it
相关文章
- Serverless 风起云涌,为什么阿里,微软,AWS 却开始折腾 OAM?
- [AWS] IAM Best Practices
- [AWS Explained] Security
- [AWS - DA] Lambda - PART 2
- [Serverless CLI + AWS] Get started with Serverless and AWS lambda
- [AWS] Updating Elastic Beans Talks & RDS
- [AWS - Design Resilient Architectures] 1.1 Design a multi-tier architecture solution
- [AWS Developer Guru] CI/CD
- [AWS DA - Cloud Fundamentals] 2.4 Security
- [AWS Amplify] Deploy Your React Application to AWS Using the Amplify CLI
- aws EKS
- 实现AWS中不同VPC之间通信
- AWS DAS认证考点整理(Athena&Glue篇)