Cloud Security Automation电子书

Title Page

Copyright and Credits

Cloud Security Automation

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Disclaimer

Introduction to Cloud Security

Types of cloud

Public cloud

Private cloud

Hybrid cloud

Software as a Service

Platform as a Service

Infrastructure as a Service

Cloud security

Confidentiality

Integrity

Availability

Authentication

Authorization

Auditing

Shared responsibility model

Shared responsibility model for infrastructure

Shared responsibility model for container service

Shared responsibility model for abstract services

Key concern areas of cloud security

Infrastructure level

User access level

Storage and data level

Application access level

Network level

Logging and monitoring level

Summary

Understanding the World of Cloud Automation

What is DevOps?

Why do we need automation?

Infrastructure as Code

Configuration management

Automate deployment – AWS OpsWorks

Quick recap

Summary

Identity and Access Management in the Cloud

IAM features

How does AWS work in IAM?

Anatomy of IAM users, groups, roles, and policies

IAM users

IAM groups

IAM roles

IAM policies

Access right delegation using IAM

Temporary credentials

Cross-account access

Identity federation

IAM best practices

Other security options in AWS

AWS Certificate Manager

WAF and Shield

Cloud hardware security module

Cognito

Amazon Macie

AWS Inspector

AWS GuardDuty

Quick recap

Summary

Cloud Network Security

Virtual private cloud

NACL

Security group

VPN connection

Direct Connect

DNS security

CDN-level security

Logging and monitoring

CloudTrail

CloudWatch

Quick recap

Summary

Cloud Storage and Data Security

EBS

Fault tolerance at EBS

RAID 0

RAID 1

Encryption in EBS

S3

Security in S3

AWS Glacier

Security in AWS Glacier

EFS

Security in EFS

Storage gateway

Security in the storage gateway

AWS Snowball

Security in Snowball

A quick recap

Summary

Cloud Platform Security

RDS

Security in RDS

Using security groups

Using IAM

Using SSL to encrypt database connections

Security best practices for AWS RDS

Back up and restore database

Monitoring of RDS

AWS Redshift

Security in Redshift

AWS DynamoDB

Security in DynamoDB

ElastiCache

Securing ElastiCache

VPC-level security

Authentication and access control

Authenticating with Redis authentication

Data encryption

Data-in-transit encryption

Data-at-rest encryption

AWS ECS

Securing ECS

SQS

Securing SQS

Let's have a recap

Summary

Private Cloud Security

Securing hypervisor

Securing KVM

Securing XenServer

Securing ESXi

Securing compute

IAM

Authentication

Authentication methods – internal and external

Authorization

Policy, tokens, and domains

Federated identity

Horizon – OpenStack dashboard service

Cinder – OpenStack block storage

Glance – OpenStack image storage

Manila – OpenStack shared file storage

Neutron – OpenStack network

Swift – OpenStack object storage

Message queue

Database services

Data privacy and security for tenants

Security for instances

Quick recap

Summary

Automating Cloud Security

Infrastructure as Code

CI/CD

Monitoring

Summary

Cloud Compliance

Cloud security compliance

Security compliance – ISMS

Security compliance – PCI DSS

Quick recap

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think