Appendix: Security, Identity, and Compliance Services - AWS Certified Cloud Practitioner Study Guide

AWS Artifact

• No cost, self-service portal for on-demand access to AWS’ compliance reports
• Reports include Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals
• Agreements include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA

AWS Certificate Manager (ACM)

• Provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources
• Request and deploy certificates
• ACM handles renewals
• Create private certificates for internal resources

AWS CloudHSM

• Hardware security module (HSM) that enables you to easily generate and use your own encryption keys
• Export all of your keys to most other commercially-available HSMs, subject to your configurations

Amazon Cognito

• Lets you add user sign-up, sign-in, and access control to your web and mobile apps
• Supports multi-factor authentication and encryption of data-at-rest and in-transit

Amazon Detective

• Analyze and visualize security data to rapidly get to the root cause of potential security issues
• Automatically collects log data from AWS resources and uses ML, statistical analysis, and graph theory to assist with security investigations

Amazon GuardDuty

• Threat detection service that continuously monitors AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation

AWS Identity and Access Management (IAM)

• Fine-grained access control across all of AWS
• Specify who can access which services and resources, and under which conditions

Amazon Inspector

• Automated and continual vulnerability management
• Continually scans AWS workloads for software vulnerabilities and unintended network exposure

AWS License Manager

• Create customized licensing rules that mirror the terms of licensing agreements
• Use these rules to help prevent licensing violations
• Prevent a licensing breach by stopping the instance from launching or by notifying administrators about the infringement

Amazon Macie

• Fully managed data security and data privacy service
• Uses machine learning and pattern matching to discover and protect sensitive data
• Automatically provides an inventory of Amazon S3 buckets including a list of unencrypted buckets, publicly accessible buckets, and buckets shared with AWS accounts outside those you have defined in AWS Organizations
• Findings can be searched and filtered in the AWS Management Console and sent to Amazon EventBridge

AWS Shield

• Managed Distributed Denial of Service (DDoS) protection service
• Provides always-on detection and automatic inline mitigations
• All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge

AWS WAF

• Web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources
• Create security rules that control bot traffic and block common attack patterns, such as SQL injection or cross-site scripting