Summary

Let us recap what we have learnt in this chapter:

We learnt about the shared security responsibility models of AWS. We found that AWS does the heavy lifting for customers by taking complete ownership of the security of its global infrastructure of regions and availability zones consisting of data centers, and lets customers focus on their business. We got to know that AWS offers multiple services under broad categories and we need to have different security models for various services that AWS offers, such as AWS infrastructure services, AWS container services, and AWS abstract services. 

AWS has a different set of security responsibilities for AWS and the customer for the above three categories. We also learnt about physical security of AWS, global infrastructure, network security, platform security, and people and procedures followed at AWS. We looked at ways to protect our AWS account. We went through a couple of AWS services such as AWS Trusted Advisor's and AWS Config and saw how they can help us secure our resources in cloud. We briefly looked at security logs and AWS CloudTrail for finding the root causes for security related incidents. We'll look at logging features in detail in the subsequent chapters later in this book.

In subsequent chapters, we'll go through services that AWS offers to secure your data, applications, network, access, and so on. For all these services, we will provide scenarios and solutions for all the services. As mentioned earlier, the aim of this book is to help you automate security in AWS and help you build security by design for all your AWS resources. We will also look at logging for auditing and identifying security issues within your AWS account. We will go through best practices for each service and we will learn about automating as many solutions as possible.

In the next chapter, AWS Identity and Access Management, we will deep dive into AWS IAM that lets you control your AWS resources securely from a centralized location. IAM serves as an entry point to AWS Security where AWS transfers the security baton to customers for allowing tiered access and authenticating that access for all your AWS resources. We are going to see how we can provide access to multiple users for resources in our AWS account. We will take a look at the various credentials available in detail. We will deep dive into AWS identities such as users, groups and roles along with access controls such as permissions and policies.