This is part II of our blog series: "Road to the AWS Security Specialty"
You can find part I here: Road to the AWS Security Specialty - Part I: How to prepare for the AWS Security Specialty
In this blogpost I want to give you a more technical view into my take-aways from the security specialty and why they are so helpful during day-to-day business with AWS. Through this you will hopefully also get a better idea of the general content of the certification.
What happens when you have conflicting policies?
How do I force encryption using S3?
Best practices for KMS
- Be ready to scale to absorb the attack
- Safeguard exposed resources
- Use CloudFront for geo restriction / blocking
- Use Route 53 to redirect traffic
- Learn the normal behavior of your applications
- Create a plan for attacks
Real world problems
- Stop instance immediately
- Take a snapshot of the EBS volume
- Deploy instance into an isolated environment -> no internet access
- Access the instance using a forensic workstation
- Read through the logs
- Disable access keys
- Create new keys
- Delete old ones
- To prevent your API from being overwhelmed by too many requests, AWS throttles requests
- When requests exceed steady-state request rate and burst limits
- API Gateway fails the limit-exceeding requests and returns 429 too many requests error
- Default 10.000 requests per seconds steady-state
- Burst is 5000 requests across all APIs within an AWS account
- Limits can be increased