Security Best Practices - AWS Well-Architected Framework Study Guide

Ensure only authorized and authenticated users and components are able to access resources, and only intended manner
Define principals (accounts, users, roles, and services that can perform actions in your account)
Build out policies aligned with these principals, and implement strong credential management
Apply least-privileged access approach
Ask:
- How do you manage identities for people and machines?
- How do you manage permissions for people and machines?

Control methodologies necessary for best practices and organizational or regulatory obligations
Implement stateful and stateless packet inspection
Use Amazon Virtual Private Cloud (Amazon VPC) to create a private, secured, and scalable environment
Enforce boundary protection
Monitor points of ingress and egress
Engage in comprehensive logging, monitoring, and alerting
Ask:
- How do you protect your network resources?
- How do you protect your compute resources?

Use data classification to categorize organizational data based on levels of sensitivity
Encrypt data and manage keys, including regular key rotation
Perform detailed logging that contains important content, such as file access and changes
Use versioning to protect against accidental overwrites, deletes, and similar harm
Ask:
- How do you classify your data?
- How do you protect your data at rest?
- How do you protect your data in transit?

Put processes in place to respond to and mitigate the potential impact of security incidents
Routinely practicing incident response through game days
Ensure that you have a way to quickly grant access for your security team
Practice the following:
- Detailed logging
- Automate event processing and response
- Pre-provision tooling and a “clean room” to carry out forensics in a safe, isolated environment
Ask:
- How do you anticipate, respond to, and recover from incidents?