Identify Components and Resources for Security
Source: Dev.to
Exam Guide: Cloud Practitioner – Domain 2: Security & Compliance
Task Statement 2.4
You need to recognize:
- Core AWS security capabilities (network controls, threat detection, DDoS protection, web protection)
- Where to find AWS security documentation and guidance
- That third‑party security tools are available via AWS Marketplace
- Which AWS services can help identify security issues (e.g., Trusted Advisor)
1️⃣ AWS Security Features and Services to Know
Security Groups (SGs)
- Virtual firewall for resources such as Amazon EC2.
- Controls inbound and outbound traffic.
- Generally stateful (return traffic is automatically allowed).
Use SGs when: you need instance/resource‑level traffic control (ports, protocols, source/destination).
Network ACLs (NACLs)
- Firewall at the subnet level in a VPC.
- Controls inbound and outbound rules for subnets.
- Generally stateless (return traffic must be explicitly allowed).
Use NACLs when: you need subnet‑wide allow/deny rules, including explicit denies.
AWS Web Application Firewall (WAF)
- Web application firewall that protects web apps from common exploits.
- Filters/monitors HTTP(S) requests (e.g., SQL injection, XSS).
Use WAF when: you want to block malicious web requests or enforce web rules at the edge/front door.
AWS Firewall Manager
- Central management service for security rules and policies.
- Helps configure and manage protections (e.g., WAF rules) across multiple accounts and resources, typically in AWS Organizations.
Use Firewall Manager when: you need consistent security policy enforcement at scale across many accounts.
AWS Shield
- Protects against DDoS attacks.
- Commonly used for internet‑facing applications.
Use Shield when: the scenario mentions DDoS, volumetric attacks, or the need to keep public endpoints available during attacks.
Amazon GuardDuty
- Threat detection service that monitors for suspicious activity and unauthorized behavior.
- Uses signals such as account activity and network/DNS patterns to generate findings.
Use GuardDuty when: you need continuous threat detection and alerts for potentially compromised resources or accounts.
2️⃣ Third‑Party Security Products
AWS Marketplace
AWS Marketplace offers third‑party security tooling for needs like:
- SIEM / log analytics
- Endpoint protection
- Vulnerability scanning
- Network security appliances
Where to obtain third‑party security solutions for AWS? → AWS Marketplace
3️⃣ Where to Find AWS Security Information
- AWS Security Center – centralized security guidance and best practices.
- AWS Security Blog – announcements and deep dives on AWS security topics.
- AWS Knowledge Center – how‑to articles and troubleshooting steps.
| Need | Source |
|---|---|
| Official guidance / best practices | AWS Security Center |
| Latest updates and detailed posts | AWS Security Blog |
| How‑to / troubleshooting | AWS Knowledge Center |
4️⃣ Using AWS Services to Identify Security Issues
AWS Trusted Advisor
Scans your environment and provides best‑practice recommendations across multiple categories, including Security.
Use Trusted Advisor when: you want recommendations that flag common security risks and misconfigurations (along with other best‑practice areas).
✅ Quick Exam‑Style Summary
- Security Groups: instance‑level firewall (stateful).
- Network ACLs: subnet‑level firewall (stateless).
- AWS WAF: web request filtering/protection.
- AWS Firewall Manager: centralized policy management across accounts/resources.
- AWS Shield: DDoS protection.
- Amazon GuardDuty: threat detection findings.
- AWS Marketplace: third‑party security products.
- Security info sources: AWS Security Center, AWS Security Blog, AWS Knowledge Center.
- AWS Trusted Advisor: identifies security issues via best‑practice checks.