12Aug, 2024
Author Image Pat Saucier
Threat modeling with MITRE ATT&CK – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Threat modeling with MITRE ATT&CK

The MITRE ATT&CK framework has emerged as an interesting tool for organizations using AWS to understand, anticipate, and counteract cyber threats. This globally recognized framework offers a comprehensive matrix of tactics and techniques that are commonly employed by cyber adversaries. The MITRE ATT&CK for Cloud matrix, specifically, is tailored to address cloud environments. It provides insights into potential cloud-specific threats and vulnerabilities, which are particularly useful for AWS users.

Incorporating the MITRE ATT&CK framework into AWS security practices offers numerous benefits as it provides a structured methodology for understanding and anticipating potential threats within your AWS landscape. Here are its key integrations:

  • Mapping to AWS services: By aligning the ATT&CK framework with AWS services, organizations can gain detailed insights into potential attack vectors. This involves understanding how specific ATT&CK tactics and techniques can be applied to or mitigated by AWS services, such as EC2, S3, or IAM.
  • Utilization in security assessments: Incorporating the framework into security assessments allows for a more thorough evaluation of AWS environments. It helps in identifying vulnerabilities that could be exploited through known attack methodologies, thus enabling a more targeted approach to securing cloud assets. For instance, organizations can use the framework to simulate attack scenarios, such as a credential access attack, where an attacker might attempt to obtain AWS access keys through phishing or other methods.
  • Enhancing incident response: The framework can significantly improve incident response strategies. By mapping ongoing attacks to the ATT&CK matrix, incident response teams can more quickly understand the attacker’s Tactics, Techniques, and Procedures (TTPs), leading to faster and more effective containment and remediation.
  • Feeding continuous monitoring: The framework aids in the development of continuous monitoring strategies that are more aligned with the evolving threat landscape. It allows security teams to proactively look for indicators of attack tactics and techniques, enabling early detection of potential threats.
  • Developing customized threat models: Creating threat models based on ATT&CK scenarios tailored to AWS can significantly enhance defense strategies. For example, building a model around the exfiltration techniques can help in preparing defenses against potential data breaches from S3 buckets.
  • Developing red team exercises: Conducting red team exercises using ATT&CK-based scenarios provides a realistic test of AWS defenses. For example, simulating an attack where a red team uses lateral movement techniques to move between EC2 instances can test the effectiveness of network segmentation and access controls.

Building upon our discussion of MITRE ATT&CK and how to handle emerging threats in general, next, we will explore the wealth of resources available for continuous learning in AWS security.

20Jul, 2024
Author Image Pat Saucier
Storage optimization – Introduction to Serverless on AWS

Storage optimization

Modern cloud applications ingest huge volumes of data—operational data, metrics, logs, etc. Teams that own the data might want to optimize their storage (to mini‐ mize cost and, in some cases, improve performance) by isolating and keeping only business-critical data.

Managed data services provide built-in features to remove or transition unneeded data. For example, Amazon S3 supports per-bucket data retention policies to either delete data or transition it to a different storage class, and DynamoDB allows you to configure the Time to Live (TTL) value on every item in a table. The storage optimization options are not confined to the mainstream data stores; you can specify the message retention period for each SQS queue, Kinesis stream, API cache, etc.

DynamoDB manages the TTL configuration of the table items efficiently, regardless of how many items are in a table and how many of those items have a TTL timestamp set. However, in some cases, it can take up to 48 hours for an item to be deleted from the table. Consequently, this may not be an ideal solution if you require guaranteed item removal at the exact TTL time.

AWS Identity and Access Management (IAM)

AWS IAM is a service that controls the authentication and authorization of access to AWS services and resources. It helps define who can access which services and resources, under which conditions. Access to a service or resource can be granted to an identity, such as a user, or a resource, such as a Lambda function. The object that holds the details of the permissions is known as a policy and is stored as a JSON document, as shown in Example 1-1.

Example 1-1. IAM policy to allow read actions on DynamoDB Orders table

{

“Version”: “2012-10-17”,

“Statement”: [

{

“Effect”: “Allow”,

“Action”: [

“dynamodb:BatchGet*”,

“dynamodb:Get*”,

“dynamodb:Query”

],

“Resource”: “arn:aws:dynamodb:eu-west-1:12890:table/Orders”

}

]

}

16Mar, 2024
Author Image Pat Saucier
Why Is AWS a Great Platform for Serverless? – Introduction to Serverless on AWS

Why Is AWS a Great Platform for Serverless?

As mentioned earlier in this chapter, although the term serverless first appeared in the industry in around 2012, it gained traction after the release of AWS Lambda in 2014. While the large numbers of people who jumped on the Lambda bandwagon elevated serverless to new heights, AWS already had a couple of fully managed serverless services serving customers at this point. Amazon SQS was released almost 10 years before AWS Lambda. Amazon S3, the much-loved and widely used object store in the cloud, was launched in 2006, way before the cloud reached the corners of the IT industry.

This early leap into the cloud with a futuristic vision, offering container services and fully managed serverless services, enabled Amazon to roll out new products faster than any other provider. Recognizing the potential, many early adopters swiftly realized their business ideas and launched their applications on AWS. Even though the cloud market is growing rapidly, AWS remains the top cloud services provider globally.

The Popularity of Serverless Services from AWS

Working closely with customers and monitoring industry trends has allowed AWS to quickly iterate ideas and launch several important serverless services in areas such as APIs, functions, data stores, data streaming, AI, machine learning, event transportation, workflow and orchestration, and more.

What’s in a Name?

When you look at the AWS service names, you’ll notice a mix of “Amazon” and “AWS” prefixes—for example, Amazon DynamoDB and AWS Step Functions. This confuses everyone, including employees at Amazon. Apparently, it’s not a random selection but a way to differentiate services based on their fundamental characteristics.

The most popular and relevant theory suggests that services with the Amazon prefix work on their own (standalone services), whereas the ones with the AWS prefix support other services (utility services) and are not intended to be used on their own. AWS Lambda, for example, is triggered by other services. However, as services evolve over time with new capabilities, you may find exceptions where this distinction no longer holds true.

AWS is a comprehensive cloud platform offering over 200 services to build and operate both serverless and non-serverless workloads. Table 1-3 lists some of the most commonly used managed serverless services. You will see many of these services featured in our discussions throughout this book.

Table 1-3. Popular serverless services from AWS

12Jul, 2023
Author Image Pat Saucier
Resources to prepare for your next exam – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Resources to prepare for your next exam

Preparing for an AWS certification exam demands a methodical study approach and the right resources:

  • Official exam page: Start with the official AWS certification web page, where you can find exam guides detailing the content areas covered. Ensure any training material you use is aligned with the correct exam number and version.
  • Online video courses: Platforms such as Udemy and Coursera offer video courses by highly recognized authors. These courses are very cost-effective and can be valuable for those who like learning from videos. Search for the most reviewed and recently updated courses, avoiding content older than 2 years.
  • Books: Investing in a well-reviewed book tailored to the targeted AWS certification exam can provide in-depth knowledge to study at your own pace. Note that this book itself, while not an exam guide, can complement your study plan with practical AWS security knowledge, enriching your preparation for any exam.
  • AWS Skill Builder: This platform is excellent for an official overview and exam preparation questions, although it may not be free.
  • Cloud Academy: This platform offers structured learning paths for AWS certifications, including hands-on labs and quizzes.
  • Tutorial Dojo: This platform provides a mix of free and paid content, including practice exams and cheat sheets that are highly regarded for exam preparation.
  • AWS exam preparation webinars: AWS regularly hosts webinars focusing on exam preparation, offering insights into the exam structure and tips for success.
  • Instructor-led classroom training: Though often the priciest option, they offer intensive, focused training sessions that can significantly boost your understanding and readiness for the exam. Perform due diligence and prefer official training delivered by AWS-accredited instructors in case of doubt.
  • Mentoring and peering: Connecting with peers or finding a mentor who has successfully navigated AWS certifications can provide personalized advice and encouragement.

Having explored the key resources that are available for your exam preparation, let’s move on to practical advice and strategies that can enhance your study routine and performance.

12Jan, 2023
Author Image Pat Saucier
Attending AWS conferences – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Attending AWS conferences

AWS conferences provide opportunities for deep immersion in the AWS community. Here’s how to make the most of these events:

  • Virtual or in-person attendance: Many AWS conferences are accessible both virtually and in-person, catering to a global audience. Virtual attendance can be a convenient option for those unable to travel, while in-person attendance offers a more immersive experience and direct networking opportunities.
  • Plan your agenda: With numerous sessions available in parallel and limited seats available, review the agenda in advance and prioritize sessions that are most relevant to your interests and professional needs.
  • Network actively: Use these gatherings to connect with peers, AWS professionals, and industry leaders. Networking can open doors to new opportunities, insights, and collaborative ventures.
  • Participate in workshops and breakout sessions: These interactive sessions provide valuable hands-on experience and facilitate deeper discussions on security features and challenges.
  • Stay updated on announcements: AWS often introduces new services, features, and updates during these events. Keeping up with these announcements can give you a competitive edge.
  • Replay access: Many conferences offer replay access to sessions post-event. This feature is useful for revisiting content or catching up on sessions you may have missed, ensuring you don’t miss out on any learning opportunities.

Here is an overview of key relevant AWS conferences:

  • AWS summits: These are free events that are hosted around the world, designed to bring the cloud computing community together to connect, collaborate, and learn about AWS. Attending these summits provides insights into new AWS features, networking opportunities with AWS experts and peers from your country, as well as hands-on workshops that can enhance your practical skills.
  • AWS re:Invent: This is the largest annual AWS cloud conference, offering multiple sessions on cloud strategies, security, and service deep dives. Besides attending AWS re:Invent, look for re:Cap sessions that summarize key takeaways, something that’s perfect for those unable to attend every session of interest.
  • AWS re:Inforce: This is another key event for security professionals and AWS enthusiasts focusing specifically on security. It is ideal for gaining advanced knowledge, discovering new tools and techniques, and networking with industry leaders in that field.

Transitioning from conferences, let’s shift our focus to communities and peer networks.

Leveraging communities and peer networks

Continuous professional development thrives on a strong support network. Seek out and engage with communities of like-minded individuals to exchange knowledge, troubleshoot challenges, and stay updated on the evolving AWS landscape. Here are a few ways to get involved:

  • Online forums: Utilize platforms such as AWS re:Post and Stack Overflow to ask questions, share your expertise, and connect with the broader AWS community.
  • Local meetups and user groups: Discover AWS user groups in your area. These gatherings foster a sense of community and create valuable opportunities for collaboration and networking with peers.
  • AWS Community Builders: This program offers a wealth of resources, mentorship, and networking opportunities for those passionate about sharing AWS knowledge. It’s a fantastic way to accelerate your learning, grow your professional network, and give back to the AWS community.
  • Conferences and community events: Actively participate in the various events hosted by AWS, community groups, or third-party organizations. These are excellent avenues to expand your professional network, learn from others’ experiences, and stay abreast of the latest trends in AWS security.
  • Find a mentor: Build relationships with experienced community members for mentorship and guidance. A mentor can help you learn faster, avoid common pitfalls, and become an active contributor to the AWS security community yourself.

In the next and final section, we will review best practices for keeping abreast of AWS security advancements, enabling you to proactively strengthen your knowledge and your AWS environment’s security posture.

12Oct, 2022
Author Image Pat Saucier
Ensuring compatibility and compliance – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Ensuring compatibility and compliance

As new security technologies are adopted, ensuring compatibility with existing systems and compliance with relevant regulations is essential. This step requires a thorough review of how new tools interact with current architectures and an assessment of compliance implications, especially for industries subject to strict regulatory standards. This requires doing the following:

  • Mapping the current infrastructure: Start by creating an updated map or diagram of your current AWS infrastructure and security setup. This will help you pinpoint where new tools will be integrated.
  • Identifying integration points: Highlight specific areas within your infrastructure where the new security solutions will interact with existing systems. This could include network connections, data flows, APIs, and Lambda functions.
  • Compatibility assessment: Conduct a detailed analysis of how new security solutions integrate with your current AWS setup. Look for potential conflicts or dependencies that might affect their function.
  • Compliance evaluation: For organizations subject to industry regulations, it is crucial to ensure that new technologies do not compromise compliance. Review the security and compliance documentation provided by AWS or third-party vendors to understand their implications.

Next, let’s discuss how to effectively integrate these solutions into your environment.

Integrating into existing environments

The successful adoption of new security technologies depends on their integration into your existing AWS environment without causing disruptions. This involves doing the following:

  • Incremental deployments: Gradually introduce new technologies, starting with non-critical systems to minimize disruption and allow for adjustments based on initial observations.
  • Automating where possible: Leverage automation for the integration process to reduce manual errors and streamline deployment. Automation can also assist in maintaining configuration standards across your environment.
  • Updating security documentation: Revise your existing security documentation. This update should cover any new Standard Operating Procedures (SOPs) introduced by the integration.
  • Monitoring and adjusting: After deployment, continuously monitor for operational and security performance. Be prepared to make adjustments based on the outcome.

Integration lays the groundwork for our final focus—planning for future-proof security.

12Aug, 2022
Author Image Pat Saucier
Planning for future-proof security – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Planning for future-proof security

Adopting a forward-thinking approach to security can help you stay ahead of threats and leverage innovations in the AWS ecosystem effectively. This includes doing the following:

  • Future trends analysis: Keep an eye on emerging trends and anticipate technological advancements by leveraging market studies from renowned institutes such as Gartner, Forrester, and the Cloud Security Alliance (CSA). Such research provides a broad view of the cloud security landscape, helping you predict shifts in threats and technology that could impact your security posture.
  • Engaging with AWS previews: Participate in AWS beta and preview programs by regularly checking AWS blogs and announcements, engaging with the AWS community, and attending AWS events for early access to upcoming features and services. This engagement not only offers a sneak peek into potential AWS innovations but also allows you to test and adapt these technologies in a controlled manner, giving you a competitive edge in security preparedness.
  • Monitoring AWS roadmaps: Keep a close watch on AWS product roadmaps and future feature announcements. By staying informed about planned developments, you can better align your security measures and strategies with upcoming AWS enhancements.
  • Adopting an adaptive security framework: Establish an inherently adaptable security framework, allowing for the seamless integration of new technologies. Such a framework typically involves modular security policies that can be quickly updated, automation to swiftly implement changes, and continuous monitoring to assess the effectiveness of your current security measures.

Employing these strategies will help you stay abreast of new security developments and ensure that your AWS environment remains secure and prepared for the future. Concluding our exploration of future-proof security strategies, let’s pivot to a summary of the essential points that were discussed throughout this chapter.

Summary

This final chapter served as a comprehensive guide for AWS professionals aiming to stay at the forefront of AWS security advancements. We delved into the critical importance of staying current with AWS security best practices and the evolving threat landscape. This chapter emphasized the necessity of continuous learning and adaptation in the face of rapidly advancing cloud technologies and security threats. We explored how AWS professionals can leverage a wide array of resources, including educational materials, training and certification programs, and community insights to enhance their security knowledge and skills. Through strategic planning, regular engagement with AWS updates, and proactive integration of new security measures, professionals can fortify their AWS environments against current and future vulnerabilities. This chapter serves as a guide to navigating the complex and dynamic field of AWS security, providing the tools and strategies needed to maintain a robust and resilient security posture.

25Apr, 2022
Author Image Pat Saucier
The Road to Serverless – Introduction to Serverless on AWS

The Road to Serverless

During the early 2000s, I (Sheen) was involved in building distributed applications that mainly communicated via service buses and web services—a typical service-oriented architecture (SOA). It was during this time that I first came across the term “the cloud,” which was making a few headlines in the tech industry. A few years later, I received instructions from upper management to study this new technology and report on certain key features. The early cloud offering that I was asked to explore was none other than Amazon Web Services.

My quest to get closer to the cloud started there, but it took me another few years to fully appreciate and understand the ground-shifting effect it was having in the industry. Like the butterfly effect, it was fascinating to consider how past events had brought us to the present.

The butterfly effect is a term used to refer to the concept that a small change in the state of a complex system can have nonlinear impacts on the state of that system at a later point. The most common example cited is that of a butterfly flapping its wings somewhere in the world acting as a trigger to cause a typhoon elsewhere.

From Mainframe Computing to the Modern Cloud

During the mid-1900s, mainframe computers became popular due to their vast com‐ puting power. Though massive, clunky, highly expensive, and laborious to maintain, they were the only resources available to run complex business and scientific tasks. Only a lucky few organizations and educational institutions could afford them, and they ran jobs in batch mode to make the best use of the costly systems. The concept of time-sharing was introduced to schedule and share the compute resources to run programs for multiple teams (see Figure 1-1). This distribution of the costs and resources made computing more affordable to different groups, in a way similar to the on-demand resource usage and pay-per-use computing models of the modern cloud.

Figure 1-1. Mainframe computer time-sharing (source: adapted from an image in Guide to Operating Systems by Greg Tomsho [Cengage])

15Feb, 2022
Author Image Pat Saucier
Cloud deployment models – Introduction to Serverless on AWS

Cloud deployment models

As cloud services gained momentum thanks to the efforts of companies like Amazon, Microsoft, Google, Alibaba, IBM, and others, they began to address the needs of different business segments. Different access models and usage patterns started to emerge (see Figure 1-2).

Figure 1-2. Figurative comparison of different cloud environments

These are the main variants today:

Public cloud

The cloud service that the majority of us access for work and personal use is the public cloud, where the services are accessed over the public internet. Though cloud providers use shared resources in their data centers, each user’s activities are isolated with strict security boundaries. This is commonly known as a multitenant environment.

Private cloud

In general, a private cloud is a corporate cloud where a single organization has access to the infrastructure and the services hosted there. It is a single-tenant environment. A variant of the private cloud is the government cloud (for example, AWS GovCloud), where the infrastructure and services are specifically for a par‐ ticular government and its organizations. This is a highly secure and controlled environment operated by the respective country’s citizens.

Hybrid cloud

A hybrid cloud uses both public and private cloud or on-premises infrastructure and services. Maintaining these environments requires clear boundaries on secu‐ rity and data sharing.

Enterprises that prefer running their workloads and consuming services from multiple public cloud providers operate in what is called a multicloud environment. We will discuss this further in the next chapter.

The Influence of Running Everything as a Service

The idea of offering something “as a service” is not new or specific to software. Public libraries are a great example of providing information and knowledge as a ser‐ vice: we borrow, read, and return books. Leasing physical computers for business is another example, which eliminates spending capital on purchasing and maintaining resources. Instead, we consume them as a service for an affordable price. This also allows us the flexibility to use the service only when needed—virtualization changes it from a physical commodity to a virtual one.

In technology, one opportunity leads to several opportunities, and one idea leads to many. From bare VMs, the possibilities spread to network infrastructure, databases, applications, artificial intelligence (AI), and even simple single-purpose functions. Within a short span, the idea of something as a service advanced to a point where we can now offer almost anything and everything as a service!

15Nov, 2021
Author Image Pat Saucier
Infrastructure as a service (IaaS) – Introduction to Serverless on AWS

Infrastructure as a service (IaaS)

IaaS is one of the fundamental cloud services, along with platform as a service (PaaS), software as a service (SaaS), and function as a service (FaaS). It represents the bare bones of a cloud platform—the network, compute, and storage resources, commonly housed in a data center. A high-level understanding of IaaS is beneficial as it forms the basis for serverless.

Figure 1-3 shows a bird’s-eye view of AWS’s data center layout at a given geographic area, known as a Region. To offer a resilient and highly available service, AWS has built redundancy in every Region via groups of data centers known as Availability Zones (AZs). The core IaaS offerings from AWS include Amazon EC2 and AmazonVirtual Private Cloud (VPC).

Figure 1-3. An AWS Region with its Availability Zones

Platform as a service (PaaS)

PaaS is a service abstraction layer on top of IaaS to offer an application development environment in the cloud. It provides the platform and tools needed to develop, run, and manage applications without provisioning the infrastructure, hardware, and necessary software, thereby reducing complexity and increasing development velocity. AWS Elastic Beanstalk is a popular PaaS available today.

Software as a Service (SaaS)

SaaS is probably the most used and covers many of the applications we use daily, for tasks such as checking email, sharing and storing photos, streaming movies, and connecting with friends and family via conferencing services.

Besides the cloud providers, numerous independent software vendors (ISVs) utilize the cloud (IaaS and PaaS offerings) to bring their SaaS solutions to millions of users. This is a rapidly expanding market, thanks to the low costs and easy adoption of cloud and serverless computing. Figure 1-4 shows how these three layers of cloud infrastructure fit together.

Figure 1-4. The different layers of cloud infrastructure

Copyright © 2025 randolphfly.com