Cloud Security Automation : Get to grips with automating your cloud security on AWS and OpenStack.
In the current market, enterprise organizations are moving rapidly towards the cloud infrastructure because of its flexibility and cost effectiveness. Hence, it has become extremely important to have a security framework in place. Automating security functions will play a key role when it comes to c...
Table of Contents:
- Cover; Title Page; Copyright and Credits; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Introduction to Cloud Security; Types of cloud; Public cloud; Private cloud; Hybrid cloud; Software as a Service; Platform as a Service; Infrastructure as a Service; Cloud security; Confidentiality; Integrity; Availability; Authentication; Authorization; Auditing; Shared responsibility model; Shared responsibility model for infrastructure ; Shared responsibility model for container service; Shared responsibility model for abstract services; Key concern areas of cloud security.
- Infrastructure levelUser access level ; Storage and data level ; Application access level; Network level; Logging and monitoring level; Summary; Chapter 2: Understanding the World of Cloud Automation; What is DevOps?; Why do we need automation?; Infrastructure as Code; Configuration management; Automate deployment
- AWS OpsWorks; Quick recap; Summary; Chapter 3: Identity and Access Management in the Cloud; IAM features; How does AWS work in IAM?; Anatomy of IAM users, groups, roles, and policies ; IAM users; IAM groups; IAM roles; IAM policies; Access right delegation using IAM.
- Temporary credentialsCross-account access; Identity federation; IAM best practices; Other security options in AWS; AWS Certificate Manager; WAF and Shield; Cloud hardware security module; Cognito; Amazon Macie; AWS Inspector; AWS GuardDuty; Quick recap; Summary; Chapter 4: Cloud Network Security; Virtual private cloud; NACL; Security group; VPN connection; Direct Connect; DNS security; CDN-level security; Logging and monitoring; CloudTrail; CloudWatch; Quick recap; Summary; Chapter 5: Cloud Storage and Data Security; EBS; Fault tolerance at EBS; RAID 0; RAID 1; Encryption in EBS; S3.
- Security in S3AWS Glacier ; Security in AWS Glacier; EFS ; Security in EFS; Storage gateway; Security in the storage gateway; AWS Snowball; Security in Snowball; A quick recap; Summary; Chapter 6: Cloud Platform Security; RDS; Security in RDS; Using security groups; Using IAM; Using SSL to encrypt database connections; Security best practices for AWS RDS ; Back up and restore database; Monitoring of RDS; AWS Redshift ; Security in Redshift; AWS DynamoDB; Security in DynamoDB; ElastiCache ; Securing ElastiCache; VPC-level security; Authentication and access control.
- Authenticating with Redis authenticationData encryption; Data-in-transit encryption; Data-at-rest encryption; AWS ECS; Securing ECS; SQS; Securing SQS; Let's have a recap; Summary; Chapter 7: Private Cloud Security; Securing hypervisor; Securing KVM; Securing XenServer; Securing ESXi; Securing compute ; IAM; Authentication; Authentication methods
- internal and external; Authorization; Policy, tokens, and domains; Federated identity; Horizon
- OpenStack dashboard service; Cinder
- OpenStack block storage; Glance
- OpenStack image storage; Manila
- OpenStack shared file storage.