Ensuring Role Assumption is Logged

Related Videos

5 Focus Areas for AWS Compliance
AWS Controls for Implementing a DMZ
AWS Firewall Manager Centralized Logging
AWS Functions to Restrict Database Access
AWS Incident Response Playbook
AWS Incident Response Playbook for Credential compromise
AWS Incident Response Playbook for Ransomware
AWS Incident Response Playbook for S3 Buckets
AWS Password Best Practices
AWS Password Expiration Policies
AWS Password Reuse Policy
AWS Security Needs a Growth Mindset
AWS Tools for Your SDLC
AWS Web Application Firewall Defaults
Access Control Using IAM Instance Roles
Achieving High Availability in AWS
Activate Microsoft Defender for Azure SQL Databases
Antivirus Solutions on EC2 Instances
Assign Access Based on Business Need to Know
Assign Appropriate Contacts to Essential Roles
Assigning Information Security Management Responsibility
Attaching IAM Policies to Groups or Roles
Attributes of Log Data
Audit Trail Review with Kibana, Athena, and GuardDuty
Audit Your Security Groups for Insecure Ports and Protocols
Avoid Use of the Root Account
Basic Tools for AWS Security
Basics of Role Assumption
Best Practices for Change Management in AWS
Best Practices for Container Security
Best Practices for Password Parameters
Breaking Down AWS Security
Change-Detection Solutions in AWS
Cloud Attacks on the Rise
Cloud Security Posture Management
CloudTrail and CloudWatch Integration
Configuring Network Border Controls
Connect Your AWS Account Using CloudFormation
Connect with AWS Security Experts
Create Policies for Usage of Critical Technologies
Creating a Data Flow Diagram
Creating a Network Diagram
Defining Business Continuity and Disaster Recovery
Defining Resources in IAM Policies
Defining Resources in S3 Bucket Policies
Defining Roles and Responsibilities in AWS
Deploying Security Patches on EC2 Instances
Developing a Process for User Authentication
Disabling Insecure Ports and Protocols
Disabling Unused Credentials
Do All Keys Have Resources Attached?
Do Not Use API Keys at the Project Level
Do Not Use RSASHA1 for DNSSEC Key-Signing Keys
Documenting a Systems Inventory in AWS
Does AWS Provide Vendor Defaults?
Don't Face Cloud Security Alone
EC2 Instances in Availability Zones
Enable Autoprovisioning of Vulnerability Assessment for Machines
Enable DNSSEC to Protect DNS Protocols
Enable Maintenance and Backups for RDS
Enable Multi-Factor Authentication for Non-Service Accounts
Enable VPC Flow Logs for Every Subnet
Enabling AWS Config in All Regions
Enabling CloudTrail Log File Validation
Enabling CloudTrail in All Regions
Enabling MFA for All IAM Users
Encrypt Dataproc Cluster Using Customer Managed Encryption Key
Encrypting Traffic In and Out of AWS
Encryption Decisions for Your Technology Stack
Encryption Opportunities
Encryption for EBS Volumes
Encryption for S3 Buckets
Enforce Separation of Duties When Assigning KMS Related Roles
Enforce Separation of Duties When Assigning Service Account Roles
Enforce Separation with Access Controls
Enforcing Strong Encryption in AWS
Enforcing Strong TLS Ciphers
Ensure ALBs Have WAF ACLs Attached
Ensure Corporate Login Credentials are Used
Ensure KMS Cryptokeys Are Not Publicly Accessible
Ensure No Weak SSL Cipher Suites Are Permitted
Ensure RDS Instances are Only Accessible by Internal IPs
Ensure Service Accounts Can't Access Admin Privileges
Ensure to Restrict SSH Access from the Internet
Establish Policy to Disconnect Vendor Sessions When Not in Use
Exclusively Use GCP-Managed Service Account Keys
House Accounts in CloudTrail
IAM Policies that Address Administrative Privileges
Learn from an AWS Security Expert
MFA for API Calls
Migrate Away from RSASHA1 for DNSSEC Zone-Signing Keys
PCI v4.0 - 6.1.1: Requirement 6 Policies and Procedures Are In Place
PCI v4.0 - 6.1.2: Requirement 6 Roles and Responsibilities Are In Place
PCI v4.0 - 6.2.1: Bespoke and Custom Software Are Developed Securely
PCI v4.0 - 6.2.2: Train Personnel Developing Custom Software in Secure Software Practices
PCI v4.0 - 6.2.3 & 6.2.3.1: Bespoke and Custom Software Is Reviewed Before Being Released
PCI v4.0 - 6.2.4: Utilize Software Engineering Techniques to Secure Bespoke and Custom Software
PCI v4.0 - 6.3.1: Identify Security Vulnerabilities in Software
PCI v4.0 - 6.3.2: Maintain a List of Bespoke and Custom and Third-Party Software
PCI v4.0 - 6.3.3: Remediate Known Vulnerabilities Through Security Patches
PCI v4.0 - 6.4.1: Protect Public-Facing Web Applications
PCI v4.0 - 6.4.2: Use an Automated Solution to Protect Public-Facing Web Applications
PCI v4.0 - 6.4.3: Payment Page Scripts Are Managed Properly
PCI v4.0 - 6.5.1: Have a Documented Change Process for All System Components
PCI v4.0 - 6.5.2: Ensure Applicable PCI DSS Requirements Are In Place After Significant Changes
PCI v4.0 - 6.5.3: Pre-Production and Production Environments Are Separated
PCI v4.0 - 6.5.4: Separate Duties Between Production and Pre-Production Environments
PCI v4.0 - 6.5.5: Live Primary Account Numbers Are Not Used In Pre-Production Environments
PCI v4.0 - 6.5.6: Ensure Test Data and Accounts Are Removed Before Going into Production
PCI v4.0 - A1.1.1: (Multi-Tenant Service Providers) Logical Separation Is Implemented Appropriately
PCI v4.0 - A1.1.2: (Multi-Tenant Service Providers) Each Customer Can Only Access Its Own Data and Environment
PCI v4.0 - A1.1.3: (Multi-Tenant Service Providers) Customers Can Only Access Resources Allocated to Them
PCI v4.0 - A1.1.4: (Multi-Tenant Service Providers) Logical Separation Control Effectiveness Is Tested Regularly
PCI v4.0 - A1.2.1: (Multi-Tenant Service Providers) Ensure Appropriate Logging Is Enabled
PCI v4.0 - A1.2.2: (Multi-Tenant Service Providers) Implement Processes to Support Forensic Investigations
PCI v4.0 - A1.2.3: (Multi-Tenant Service Providers) Implement Processes for Reporting and Addressing Security Incidents
Penetration Testing in AWS
Practice Regular Key Rotation for Service Accounts
Preventing Public Accessibility on DB Instances
Protect Admin Accounts with Security Key Enforcement
Regularly Rotate API Keys
Remove Default Networks from All Projects
Restrict API Key Use to Specified Hosts and Apps
Restrict API Keys to Applications That Need Access
Restrict RDP Authorized Access from the Internet
Restricting Access to EBS Snapshots
Rotate KMS Encryption Keys Regularly
Rotating Access Keys
Securely Store and Access Secrets in Secrets Manager
Systems Manager Maintenance
Use Identity Aware Proxy (IAP) to Restrict Access to Network
Use Least Privilege For Users at Project Level Roles
Using IAM Instance Roles for AWS Resource Access
Using Systems Manager from a Service-Linked Role
Using VPC Endpoints to Access Systems Manager
What is an AWS Scan?
Your AWS Accountability Partner