16. Copy and save the following in your text editor for later use
1. Access key ID
2. Secret access key
3. Unique sign in URL (Bookmark this link)
Steps to Configure AWS CLI
Run the following command to configure the aws cli
Ensure that you run this command in the Training VM
aws configure
You will need to provide the access key ID and secret access key
Type the following values
Default region name [None]: us-east-1 (YOU MUST PROVIDE us-east-1 )
Default output format [None]: json
These credentials get stored at ~/.aws/credentials
Validation
Run the following command to validate the AWS configuration to ensure that account is added and set as default
Ensure that you run this command in the Training VM
aws sts get-caller-identity
Additional Information
Setting up access using CLI
AWS
16
25. AWS Security
Five core areas of Cloud Security
According to this whitepaper, security in the cloud is composed of five areas
1. Identity and Access Management
2. Detective Controls
3. Infrastructure Protection
4. Data Protection
5. Incident Response
Mapping these areas to AWS Services and Security
Concepts we covered in the training
Area Services
Identity and Access Management AWS IAM
Detective Controls AWS Config, AWS CloudWatch, AWS S3, AWS Inspector
Infrastructure Protection AWS VPC, AWS S3
Data Protection N/A
Incident Response N/A
Cloud Security Architecture Building Blocks
Block Use Case
AWS VPC Logically seperate network
AWS IAM Secure access to resources and services for people and computers
AWS CloudWatch See logs and take actions
AWS CloudTrail Track API requests and monitor and notify
AWS Config/Cloud Custodian Validate security policy and remediate automatically
Other relevant AWS whitepapers to read and learn from
AWS Security Pillar Whitepaper
AWS Security Best Practices
AWS Auditing use of AWS Checklist
AWS Security
25