security

Encryption

Encryption in flight (SSL)

Data is
- encrypted before sending
- decrypted after receiving
SSL certificates help with encryption (HTTPS)

Encryption at rest (sever-side)

Data is
- encrypted after being received by the server
- decrypted before being sent
- stored in an encrypted form (using data key).
The key is managed somewhere else.

Client-side encryption

Data is
- encrypted by the client and never decrypted by the server
- decrypted by a receiving client

Secrets

Type of secret	Service
DB user/pass	AWS Secret Manager
AWS credentials	IAM
Encryption keys	AWS KMS
Private keys and certificates	AWS Certificate Manager

Type of secret

Service

DB user/pass

AWS Secret Manager

AWS credentials

IAM

Encryption keys

AWS KMS

Private keys and certificates

AWS Certificate Manager

Inspector vs Guarduty

Aspect	AWS Inspector	AWS GuardDuty
Purpose	Security and compliance assessments	Real-time threat detection and security alerts
Use Cases	Assessing security and compliance of EC2 instances	Detecting potentially malicious activities
Automated vs. Continuous Monitoring	On-demand or scheduled assessments	Continuous monitoring for threats
Resource Coverage	EC2 instances and application assessments	A broader range of AWS resources
Alerts and Notifications	Provides assessment reports and findings	Generates security alerts and findings in real-time
Integration	Integrates with AWS Systems Manager for remediation	Integrates with various AWS services and SIEMs
Pricing	Different pricing models based on volume	Different pricing models based on volume

Aspect

AWS Inspector

AWS GuardDuty

Purpose

Security and compliance assessments

Real-time threat detection and security alerts

Use Cases

Assessing security and compliance of EC2 instances

Detecting potentially malicious activities

Automated vs. Continuous Monitoring

On-demand or scheduled assessments

Continuous monitoring for threats

Resource Coverage

EC2 instances and application assessments

A broader range of AWS resources

Alerts and Notifications

Provides assessment reports and findings

Generates security alerts and findings in real-time

Integration

Integrates with AWS Systems Manager for remediation

Integrates with various AWS services and SIEMs

Pricing

Different pricing models based on volume

Shield vs WAF

Shield - Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Route 53.

WAF - Amazon CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync

Trivia

AWS Shield for DDOS
Amazon Macie for discover and protect sensitive data
Amazon GuardDuty for intelligent thread discovery to protect AWS account
-> alert you when dectect a malicious activity
Amazon Inspector for automated security assessment. like known Vulnerability -> give you a report of findings after a Scan (scheduled or on-demand)

PreviousVirtual Private Gateway NextArtifact

Last updated 8 months ago