12Aug, 2024
Author Image Pat Saucier
Threat modeling with MITRE ATT&CK – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Threat modeling with MITRE ATT&CK

The MITRE ATT&CK framework has emerged as an interesting tool for organizations using AWS to understand, anticipate, and counteract cyber threats. This globally recognized framework offers a comprehensive matrix of tactics and techniques that are commonly employed by cyber adversaries. The MITRE ATT&CK for Cloud matrix, specifically, is tailored to address cloud environments. It provides insights into potential cloud-specific threats and vulnerabilities, which are particularly useful for AWS users.

Incorporating the MITRE ATT&CK framework into AWS security practices offers numerous benefits as it provides a structured methodology for understanding and anticipating potential threats within your AWS landscape. Here are its key integrations:

  • Mapping to AWS services: By aligning the ATT&CK framework with AWS services, organizations can gain detailed insights into potential attack vectors. This involves understanding how specific ATT&CK tactics and techniques can be applied to or mitigated by AWS services, such as EC2, S3, or IAM.
  • Utilization in security assessments: Incorporating the framework into security assessments allows for a more thorough evaluation of AWS environments. It helps in identifying vulnerabilities that could be exploited through known attack methodologies, thus enabling a more targeted approach to securing cloud assets. For instance, organizations can use the framework to simulate attack scenarios, such as a credential access attack, where an attacker might attempt to obtain AWS access keys through phishing or other methods.
  • Enhancing incident response: The framework can significantly improve incident response strategies. By mapping ongoing attacks to the ATT&CK matrix, incident response teams can more quickly understand the attacker’s Tactics, Techniques, and Procedures (TTPs), leading to faster and more effective containment and remediation.
  • Feeding continuous monitoring: The framework aids in the development of continuous monitoring strategies that are more aligned with the evolving threat landscape. It allows security teams to proactively look for indicators of attack tactics and techniques, enabling early detection of potential threats.
  • Developing customized threat models: Creating threat models based on ATT&CK scenarios tailored to AWS can significantly enhance defense strategies. For example, building a model around the exfiltration techniques can help in preparing defenses against potential data breaches from S3 buckets.
  • Developing red team exercises: Conducting red team exercises using ATT&CK-based scenarios provides a realistic test of AWS defenses. For example, simulating an attack where a red team uses lateral movement techniques to move between EC2 instances can test the effectiveness of network segmentation and access controls.

Building upon our discussion of MITRE ATT&CK and how to handle emerging threats in general, next, we will explore the wealth of resources available for continuous learning in AWS security.

20Jul, 2024
Author Image Pat Saucier
Storage optimization – Introduction to Serverless on AWS

Storage optimization

Modern cloud applications ingest huge volumes of data—operational data, metrics, logs, etc. Teams that own the data might want to optimize their storage (to mini‐ mize cost and, in some cases, improve performance) by isolating and keeping only business-critical data.

Managed data services provide built-in features to remove or transition unneeded data. For example, Amazon S3 supports per-bucket data retention policies to either delete data or transition it to a different storage class, and DynamoDB allows you to configure the Time to Live (TTL) value on every item in a table. The storage optimization options are not confined to the mainstream data stores; you can specify the message retention period for each SQS queue, Kinesis stream, API cache, etc.

DynamoDB manages the TTL configuration of the table items efficiently, regardless of how many items are in a table and how many of those items have a TTL timestamp set. However, in some cases, it can take up to 48 hours for an item to be deleted from the table. Consequently, this may not be an ideal solution if you require guaranteed item removal at the exact TTL time.

AWS Identity and Access Management (IAM)

AWS IAM is a service that controls the authentication and authorization of access to AWS services and resources. It helps define who can access which services and resources, under which conditions. Access to a service or resource can be granted to an identity, such as a user, or a resource, such as a Lambda function. The object that holds the details of the permissions is known as a policy and is stored as a JSON document, as shown in Example 1-1.

Example 1-1. IAM policy to allow read actions on DynamoDB Orders table

{

“Version”: “2012-10-17”,

“Statement”: [

{

“Effect”: “Allow”,

“Action”: [

“dynamodb:BatchGet*”,

“dynamodb:Get*”,

“dynamodb:Query”

],

“Resource”: “arn:aws:dynamodb:eu-west-1:12890:table/Orders”

}

]

}

12Apr, 2024
Author Image Pat Saucier
Your evolution as a serverless engineer – Introduction to Serverless on AWS

Your evolution as a serverless engineer

Consider the simple serverless application shown in Figure 1-8, where a Lambda function reads and writes to a DynamoDB table. Imagine that you are proficient in TypeScript and have chosen Node.js as your Lambda runtime environment. As you implement the function, it becomes your responsibility to code the interactions with DynamoDB. To be efficient, you learn NoSQL concepts, identify the partition key (PK) and sort key (SK) attributes as well as appropriate data access patterns to write your queries, etc. In addition, there may be data replication, TTL, caching, and other requirements. Security is also a concern, so you then learn about AWS IAM, how to create roles and policies, and, most importantly, the principle of least privilege. From being a programmer proficient in a particular language, your engineering role takes a 360-degree turn. As you evolve into a serverless engineer, you pick up many new skills and responsibilities.

As you saw in the previous section, your job requires having the ability to build the deployment pipeline for your application, understand service metrics, and proac‐ tively act on production incidents. You’re now a multiskilled engineer—and when most engineers in a team are multiskilled, it becomes a diverse engineering team capable of efficient end-to-end serverless delivery. For organizations where upskilling of engineers is required, Chapter 2 discusses in detail the ways to grow serverless talents.

The Parts of a Serverless Application and Its Ecosystem

An ecosystem is a geographic area where plants, animals, and other organisms, as well as weather and landscape, work together to form a bubble of life.

NationalGeographic.org

In nature, an ecosystem contains both living and nonliving parts, also known as factors. Every factor in an ecosystem depends on every other factor, either directly orindirectly. The Earth’s surface is a series of connected ecosystems.

The ecosystem analogy here is intentional. Serverless is too often imagined as an architecture diagram or a blueprint, but it is much more than FaaS and a simple framework. It has both technical and nontechnical elements associated with it. Ser‐ verless is a technology ecosystem!

As you learned earlier in this chapter, managed services form the bulk of a serverless application. However, they alone cannot bring an application alive—many other factors are involved. Figure 1-13 depicts some of the core elements that make up the serverless ecosystem.

Figure 1-13. Parts of the serverless technology ecosystem

They include:

The cloud platform

This is the enabler of the serverless ecosystem—AWS in our case. The cloud host‐ ing environment provides the required compute, storage, and network resources.

Managed cloud services

Managed services are the basic building blocks of serverless. You compose your applications by consuming services for computation, event transportation, mes‐ saging, data storage, and various other activities.

Architecture

This is the blueprint that depicts the purpose and behavior of your serverless application. Defining and agreeing on an architecture is one of the most impor‐ tant activities in serverless development.

Infrastructure definition

Infrastructure definition—also known as infrastructure as code (IaC) and expressed as a descriptive script—is like the circuit diagram of your application. It weaves everything together with the appropriate characteristics, dependencies, permissions, and access controls. IaC, when actioned on the cloud, holds the power to bring your serverless application alive or tear it down.

Development and test tools

The runtime environment of your FaaS dictates the programming language, libraries, plug-ins, testing frameworks, and several other developer aids. These tools may vary from one ecosystem to another, depending on the product domain and the preferences of the engineering teams.

Repository and pipelines

The repository is a versioned store for all your artifacts, and the pipelines per‐ form the actions that take your serverless application from a developer environ‐ ment all the way to its target customers, passing through various checkpoints along the way. The infrastructure definition plays a pivotal role in this process.

Observability tools

Observability tools and techniques act as a mirror to reflect the operational state of your application, offering deeper insights into how it performs against its intended purpose. A non-observable system cannot be sustained.

Best practices

To safeguard your serverless application against security threats and scaling demands and ensure it is both observable and resilient in the face of unexpected disruptions, you need well-architected principles and best practices acting as guardrails. The AWS Well-Architected Framework is an essential best practices guide; we’ll look at it later in this chapter.

Builders and stakeholders

The people who come up with the requirements for an application and the ones who design, build, and operate it in the cloud are also part of the ecosystem. In addition to all the tools and techniques, the role of humans in a serverless ecosystem is vital—they’re the ones responsible for making the right decisions and performing the necessary actions, similar to the role we all play in our environmental ecosystem!

12Jan, 2024
Author Image Pat Saucier
AWS Technical Support Plans – Introduction to Serverless on AWS

AWS Technical Support Plans

Depending on the scale of your cloud operation and the company’s size, Amazon offers four technical support plans to suit your needs:

Developer

This is the entry-level support model, suitable for experimentation, building prototypes, or testing simple applications at the start of your serverless journey.

Business

As you move from the experimentation stage toward production deployments and operating business applications serving customers, this is the recommended support level. As well as other support features, it adds response time guarantees for production systems that are impaired or go down (<4 hours and <1 hour, respectively).

Enterprise on-ramp

The main difference between this one and the Enterprise plan is the response time guarantee when business-critical applications go down (<30 minutes, versus <15 minutes with the higher-level plan). The lower-level plans do not offer this guarantee.

Enterprise

If you’re part of a big organization with several teams developing and operating high-profile, mission-critical workloads, the Enterprise support plan will give you the most immediate care. In the event of an incident with your mission-critical applications, you get support within 15 minutes. This plan also comes with several additional benefits, including:

  • A dedicated Technical Account Manager (TAM) who acts as the first point of contact between your organization and AWS
  • Regular (typically monthly) meeting cadence with your TAM
  • Advice from AWS experts, such as solution architects specializing in your business domain, when building an application
  • Evaluation of your existing systems and recommendations based on AWS Well-Architected Framework best practices
  • Training and workshops to improve your internal AWS skills and develop‐ ment best practices
  • News about new product launches and feature releases
  • Opportunities to beta-test new products before they become generally available
  • Invitations to immersion days and face-to-face meetings with AWS product teams related to the technologies you work with

The number one guiding principle at Amazon is customer obsession: “Leaders start with the customer and work back‐ wards. They work vigorously to earn and keep customer trust. Although leaders pay attention to competitors, they obsess over customers.”

11Sep, 2023
Author Image Pat Saucier
Formal AWS certification program – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Formal AWS certification program

AWS certifications encompass a wide range of knowledge areas within AWS. They can be very interesting options for professionals seeking to validate and enhance their expertise. Opinions on the value of certifications in general vary widely and are often debated. I find certifications to be instrumental in setting goals for self-study and invaluable as a freelance AWS security consultant and instructor for demonstrating expertise and commitment to professional development.

Overview of the AWS certification program

AWS offers a series of certifications that can be instrumental for individuals aiming to develop and demonstrate their AWS knowledge. A considerable portion of each certification’s curriculum is devoted to security-related topics, accounting for 15% to 30% of the exam content, as outlined in the guide documentation for each specific exam. The exception to this range is the AWS Certified Security—Specialty exam, which is wholly centered on security topics.

For readers of this book embarking on their AWS learning path, the following certifications are particularly pertinent:

  • AWS Certified SysOps Administrator – Associate (SOA): This certification validates expertise in deploying, managing, and operating workloads. It also covers operational security to ensure VPCs and systems are secure and compliant.
  • AWS Certified Developer – Associate (DVA): Ideal for developers, this certification covers security concepts relevant to developing and maintaining secure applications on AWS throughout the CI/CD pipeline.
  • AWS Certified Solutions Architect – Associate (SAA): This certification focuses on designing secure and robust distributed systems using multiple AWS services. It covers aspects of network security, encryption, and access control, among others.
  • AWS Certified DevOps Engineer – Professional (DOP): Tailored to professionals involved in DevOps roles, this certification dives deeper into automation and security protocols for continuous delivery and the secure deployment of applications and infrastructures on AWS.
  • AWS Certified Solutions Architect – Professional (SAP): For advanced architectural skills, this certification includes designing scalable and secure solutions across diverse AWS projects and services.
  • AWS Certified Security – Specialty (SCS): Specifically tailored for security experts, this certification is crucial for those looking to prove their knowledge of AWS security services and best practices. It is highly relevant to you as it offers deep insights into AWS-specific security considerations.
  • AWS Certified Advanced Networking – Specialty (ANS): This certificate demonstrates mastery in architecting and operating highly available, secure network solutions on AWS. It’s ideal for network engineers and security specialists responsible for robust network infrastructure.

With an understanding of the key AWS certifications to target, let’s proceed to examine the wealth of resources and study strategies to ensure your success in these exams.

15Mar, 2023
Author Image Pat Saucier
Engaging in continuous professional development – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Engaging in continuous professional development

Continuous professional development is essential for staying current in the rapidly evolving field of cloud computing and AWS security. Engaging in such activities ensures that professionals not only maintain their skills and knowledge but also stay ahead of new AWS technologies and security best practices. Let’s go through strategies for engaging in continuous learning and professional growth.

Participating in webinars

AWS and other reputable platforms frequently host webinars covering a broad spectrum of topics, from unveiling new services to comprehensive explorations of specific security practices. These sessions, which are often led by field experts, present a prime opportunity to stay abreast of the latest trends and best practices in AWS security. The majority of these webinars are offered free of charge, providing an accessible avenue for broadening your knowledge. Engaging in these webinars not only enhances your expertise but also facilitates interaction with professionals and allows for direct questioning. Here’s how to derive maximum benefit from these learning opportunities:

  • Select relevant topics: Focus on webinars and courses that align with your career goals and areas where you seek improvement or deeper knowledge.
  • Engage with experts: Most webinars offer Q&A sessions. Take advantage of these opportunities to engage directly with AWS experts and gain insights that are not readily available in written content. It is also common to connect with speakers on LinkedIn post-event. Seize the opportunity to expand your professional network and deepen your understanding.
  • Dedicate time for learning: Schedule regular slots in your weekly or monthly schedule for attending webinars or progressing through online courses, treating them as essential components of your workweek.
  • Apply learned concepts: After attending a webinar, look for AWS workshops or consult the AWS Security Blog for posts that offer hands-on applications related to the topics discussed. This approach helps bridge the gap between theoretical knowledge and practical implementation.
  • Become a speaker: Consider sharing your expertise by becoming a webinar speaker. This not only enhances your visibility within the professional community as a thought leader in AWS security but also deepens your understanding of the subject matter as you prepare your presentation.

The following platforms are known to regularly host webinars related to AWS security:

  • AWS events and webinars: This page lists all upcoming AWS webinars and events, ensuring access to the latest information directly from the source.
  • Securzy: A platform dedicated to security professionals, it offers deep-dive sessions into the latest AWS security technologies and challenges. While most webinars are free, replays may require a subscription.
  • BrightTALK and TechTarget: Both platforms offer a wide range of webinars across various topics, including cloud security and AWS-specific sessions. Note that content is often sponsored by vendors, so a degree of marketing material can be expected, yet they remain valuable for educational content.
  • Cloud Academy: While primarily known for its comprehensive courses, Cloud Academy also hosts webinars that delve into the latest trends and practices in AWS and cloud security.
  • Cloud Security Alliance (CSA): CSA provides webinars focusing on wider cloud security issues, which is ideal for those looking to understand the broader security landscape.

Following webinars, let’s dive into the opportunities offered by AWS conferences.

15Dec, 2022
Author Image Pat Saucier
Keeping abreast with new technologies – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Keeping abreast with new technologies

The AWS ecosystem is dynamic, with the landscape of cloud technology and security threats constantly evolving. AWS and third-party vendors frequently introduce new security services, features, and tools designed to address these challenges. For AWS professionals, staying updated with these innovations is not just about enhancing security postures—it is also about ensuring their knowledge remains current. This section delves into effective strategies for keeping pace with these developments and seamlessly integrating them into your environment.

Staying informed

Information is power in the realm of security. Security professionals must proactively seek out information on the latest AWS security announcements and security blog posts related to their topics of interest. Regular participation in AWS-specific webinars and workshops provides opportunities to gain firsthand knowledge of the latest updates and how they can be applied in practice. These resources can help you to anticipate and mitigate emerging threats with the latest AWS security technologies.

The next crucial phase involves evaluating and testing these advancements within AWS.

Evaluating and testing

Upon discovering new security technologies, evaluating their potential impact and testing their effectiveness is key. This involves doing the following:

  • Defining security enhancement objectives: Evaluate how new services or features can bolster your security posture. Establish clear metrics for evaluating new security tools, including performance, compatibility with existing systems, and overall security enhancement.
  • Testing in a controlled environment: Implement new technologies in a sandbox or development environment first. This allows you to gauge their performance, identify any integration issues, and understand their operational implications without risking production systems.
  • Security testing: Determine the actual security benefits by simulating attack scenarios or using penetration testing tools. Evaluate how technology improves your defense against these simulated threats.
  • Performance testing: Measure how the new technology performs under different scenarios. Look at its responsiveness, speed, and resource consumption during peak and off-peak hours.

Following evaluation and testing, let’s transition to ensuring compatibility and compliance as our next essential step.

12Aug, 2022
Author Image Pat Saucier
Planning for future-proof security – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Planning for future-proof security

Adopting a forward-thinking approach to security can help you stay ahead of threats and leverage innovations in the AWS ecosystem effectively. This includes doing the following:

  • Future trends analysis: Keep an eye on emerging trends and anticipate technological advancements by leveraging market studies from renowned institutes such as Gartner, Forrester, and the Cloud Security Alliance (CSA). Such research provides a broad view of the cloud security landscape, helping you predict shifts in threats and technology that could impact your security posture.
  • Engaging with AWS previews: Participate in AWS beta and preview programs by regularly checking AWS blogs and announcements, engaging with the AWS community, and attending AWS events for early access to upcoming features and services. This engagement not only offers a sneak peek into potential AWS innovations but also allows you to test and adapt these technologies in a controlled manner, giving you a competitive edge in security preparedness.
  • Monitoring AWS roadmaps: Keep a close watch on AWS product roadmaps and future feature announcements. By staying informed about planned developments, you can better align your security measures and strategies with upcoming AWS enhancements.
  • Adopting an adaptive security framework: Establish an inherently adaptable security framework, allowing for the seamless integration of new technologies. Such a framework typically involves modular security policies that can be quickly updated, automation to swiftly implement changes, and continuous monitoring to assess the effectiveness of your current security measures.

Employing these strategies will help you stay abreast of new security developments and ensure that your AWS environment remains secure and prepared for the future. Concluding our exploration of future-proof security strategies, let’s pivot to a summary of the essential points that were discussed throughout this chapter.

Summary

This final chapter served as a comprehensive guide for AWS professionals aiming to stay at the forefront of AWS security advancements. We delved into the critical importance of staying current with AWS security best practices and the evolving threat landscape. This chapter emphasized the necessity of continuous learning and adaptation in the face of rapidly advancing cloud technologies and security threats. We explored how AWS professionals can leverage a wide array of resources, including educational materials, training and certification programs, and community insights to enhance their security knowledge and skills. Through strategic planning, regular engagement with AWS updates, and proactive integration of new security measures, professionals can fortify their AWS environments against current and future vulnerabilities. This chapter serves as a guide to navigating the complex and dynamic field of AWS security, providing the tools and strategies needed to maintain a robust and resilient security posture.

16Jun, 2022
Author Image Pat Saucier
The essence of AWS security mastery – Closing Note

The essence of AWS security mastery

Our journey began with the shared responsibility model, a foundational concept that sets the stage for understanding the balance of security tasks between AWS and its users. We ventured deeper into infrastructure security, IAM, data protection, and the vast arsenal of AWS security services. We dissected VPC design, IAM intricacies, the power of encryption, the nuances of securing microservices, serverless deployments, multi-tenancy, automating security, and many more topics. Each chapter was built upon the last, brick-by-brick, layering knowledge to equip you with a robust framework for AWS security. With practical examples and in-depth discussions, the goal was to illuminate the path toward a comprehensive and resilient security posture.

The continuous evolution of cloud security

In the realms of AWS, cloud computing, and cybersecurity, change is the only constant. New threats emerge with increasing sophistication, prompting AWS to continuously roll out new services and features. These advancements are designed not just to combat emerging threats but also to meet the evolving demands of businesses. This ever-shifting landscape demands a proactive and informed security approach – an approach agile enough to embrace change and integrate cutting-edge technologies.

A significant part of AWS security’s future lies in the advancements of artificial intelligence (AI), machine learning (ML), and the burgeoning field of generative AI. These technologies are already reshaping our security strategies, from enhancing threat detection and prediction to automating security responses. AWS has begun this transformative journey, integrating AI and ML into services such as Amazon GuardDuty for intelligent threat detection and Amazon SageMaker for building ML models to predict and thwart security vulnerabilities. As AWS continues to innovate, your ability to harness these technologies is crucial for staying ahead in the security domain.

The journey of continuous learning

As the landscape of cloud security continuously evolves, so does the need for perpetual learning and adaptation. True mastery in AWS security transcends theory; it thrives on application. This book has provided the seeds, but the garden of your expertise must be continually cultivated. The vast expanse of cloud security demands relentless curiosity, exploration, and hands-on experience. To refine your skills, actively engage with the vibrant AWS community, dive into forums and workshops, and embark on real-world projects that challenge and expand your knowledge. Remember, the path to proficiency is one of perpetual learning, where each challenge conquered is a stepping stone toward mastery.

In conclusion

This book marks a significant milestone in your journey toward AWS security mastery, but it is merely the beginning. The road ahead is filled with opportunities to expand your knowledge and refine your skills. As you progress, carry the principles and insights from these pages with you. May this knowledge serve as a foundation upon which you will continue to build, innovate, and secure within the ever-evolving AWS ecosystem.

Keep learning, keep exploring, and keep securing your cloud with passion and expertise.

12Mar, 2022
Author Image Pat Saucier
The emergence of networking – Introduction to Serverless on AWS

The emergence of networking

Early mainframes were independent and could not communicate with one another. The idea of an Intergalactic Computer Network or Galactic Network to interconnect remote computers and share data was introduced by computer scientist J.C.R. Lick‐ lider, fondly known as Lick, in the early 1960s. The Advanced Research Projects Agency (ARPA) of the United States Department of Defense pioneered the work, which was realized in the Advanced Research Projects Agency Network (ARPANET). This was one of the early network developments that used the TCP/IP protocol, one of the main building blocks of the internet. This progress in networking was a huge step forward.

The beginning of virtualization

The 1970s saw another core technology of the modern cloud taking shape. In 1972, the release of the Virtual Machine Operating System by IBM allowed it to host multiple operating environments within a single mainframe. Building on the early time-sharing and networking concepts, virtualization filled in the other main piece of the cloud puzzle. The speed of technology iterations of the 1990s brought those ideas to realization and took us closer to the modern cloud. Virtual private networks (VPNs) and virtual machines (VMs) soon became commodities.

The term cloud computing originated in the mid to late 1990s. Some attribute it to computer giant Compaq Corporation, which mentioned it in an internal report in 1996. Others credit Professor Ramnath Chellappa and his lecture at INFORMS 1997 on an “emerging paradigm for computing.” Regardless, with the speed at which technology was evolving, the computer industry was already on a trajectory for massive innovation and growth.

The first glimpse of Amazon Web Services

As virtualization technology matured, many organizations built capabilities to auto‐ matically or programmatically provision VMs for their employees and to run busi‐ ness applications for their customers. An ecommerce company that made good use of these capabilities to support its operations was Amazon.com.

During early 2000, engineers at Amazon were exploring how their infrastructure could efficiently scale up to meet the increasing customer demand. As part of that process, they decoupled common infrastructure from applications and abstracted it as a service so that multiple teams could use it. This was the start of the concept known today as infrastructure as a service (IaaS). In the summer of 2006, the com‐ pany launched Amazon Elastic Compute Cloud (EC2) to offer virtual machines as a service in the cloud for everyone. That marked the humble beginning of today’s mammoth Amazon Web Services, popularly known as AWS!

Copyright © 2025 randolphfly.com