masterElmar/AWS-CCP-Notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Modify/Add] Add IAM Access Analyzer Doc.

Browse Source 
Add info about IAM Access Analyzer
This commit is contained in:
kanani Nirav
2023-10-31 23:03:09 +09:00
committed by GitHub
parent fc7c416ac3 a68fac84a8
commit 0e844f36d9
3 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -39,7 +39,7 @@ Each Section contains a number of units. **Below Table Link** containing informa
- [VPC](sections/vpc.md)
- VPC & Subnets Primer, Internet Gateway & NAT Gateways, Network ACL & Security Groups, VPC Flow Logs, VPC Peering, VPC Endpoints, Site to Site VPN & Direct Connect, Transit Gateway
- [Security & Compliance](sections/security_compliance.md)
- AWS Shared Responsibility Model, DDOS Protection on AWS, AWS Shield, AWS WAF - Web Application Firewall, AWS KMS (Key Management Service), CloudHSM, AWS Certificate Manager (ACM), AWS Secrets Manager, AWS Artifact (not really a service), Amazon GuardDuty, Amazon Inspector, AWS Config, Amazon Macie, AWS Security Hub, Amazon Detective, AWS Abuse, Root user privileges
- AWS Shared Responsibility Model, DDOS Protection on AWS, AWS Shield, AWS WAF - Web Application Firewall, AWS KMS (Key Management Service), CloudHSM, AWS Certificate Manager (ACM), AWS Secrets Manager, AWS Artifact (not really a service), Amazon GuardDuty, Amazon Inspector, AWS Config, Amazon Macie, AWS Security Hub, Amazon Detective, AWS Abuse, Root user privileges, IAM Access Analyzer
- [Machine Learning](sections/machine_learning.md)
- Amazon Rekognition, Amazon Transcribe, Amazon Polly, Amazon Translate, Amazon Lex & Connect, Amazon Comprehend, Amazon SageMaker, Amazon Forecast, Amazon Kendra, Amazon Personalize, Amazon Textract
- [Account Management, Billing & Support](sections/account_management_billing_support.md)

BIN
images/IAM_Access_Analyzer.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 136 KiB

16
sections/security_compliance.md
View File

@@ -28,6 +28,7 @@
- [Amazon Detective](#amazon-detective)
- [AWS Abuse](#aws-abuse)
- [Root user privileges](#root-user-privileges)
- [IAM Access Analyzer](#iam-access-analyzer)
- [Summary](#summary)
## AWS Shared Responsibility Model
@@ -312,6 +313,21 @@
- Edit or delete an Amazon S3 bucket policy that includes an invalid VPC ID or VPC endpoint ID
- Sign up for GovCloud
## IAM Access Analyzer
- AWS IAM Access Analyzer is a tool that scans your AWS resource policies to find any unintended public or cross-account access. It helps you identify and fix security issues, ensuring that only authorized entities have access to your resources.
- Find out which resources are shared externally:
- S3 Buckets
- IAM Roles
- KMS Keys
- Lambda Functions and Layers
- SQS queues
- Secrets Manager Secrets
- Define Zone of Trust = AWS Account or AWS Organization.
- Access outside zone of trusts => findings
<img src="../images/IAM_Access_Analyzer.png" height="350" width="300">
## Summary
- Shared Responsibility on AWS