Amazon web services

VPC

IAM

Overview Security AWS

EC2 (Elastic compute cloud)

• Lifecycle of EC2

ECS

SAM and Cloudformation

DynamoDB

SNS

SQS

References

https://github.com/PacktPublishing/Mastering-AWS-CloudFormation

There are 2 types of policy:

• Identity based policy: are attached to an IAM identity (user/ group/ role)
• Resource based policy: are attached to a resource
• For example,
  • Allowing DescribeTable, Query and Scan to all resource

  {
      "Version": "2012-10-17",
      "statement": [
          {
              "Sid": "ListTables",
              "Effect": "Allow",
              "Action": [
                  "dynamodb:ListTables"
              ],
              "Resource": "*"
          }
      ]
  }

  • Specifically

  {
      "Version": "2012-10-17",
      "Statement": [
          {
          "Sid": "DescribeQueryScanEmployeeTable",
          "Effect": "Allow",
          "Action": [
              "dynamodb:DescribeTable",
              "dynamodb:Query",
              "dynamodb:Scan"
          ],
          "Resource": "arn:aws:dynamodb:us-east-1:account-id:table/employee"
          }
      ]
  }

Terraform

• Terraform security
• Terraform common
• Terraform in detail
• Terraform structure
• Terraform pattern
• Terraform example

Penetration testing

Best practise

• Best Practices of Infrastructure-as-Code with Terraform

Tools

• Create flow chart with markdown
• Create aws architecture with cloudcraft
• pre-commit for validating configuration
• NMAP
• Online tools