masterElmar/AWS-CCP-Notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add info about IAM Access Analyzer

Browse Source
This commit is contained in:
aman
2023-10-29 12:37:33 +05:30
parent fc7c416ac3
commit a68fac84a8
3 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -39,7 +39,7 @@ Each Section contains a number of units. **Below Table Link** containing informa
- [VPC](sections/vpc.md) - [VPC](sections/vpc.md)
- VPC & Subnets Primer, Internet Gateway & NAT Gateways, Network ACL & Security Groups, VPC Flow Logs, VPC Peering, VPC Endpoints, Site to Site VPN & Direct Connect, Transit Gateway - VPC & Subnets Primer, Internet Gateway & NAT Gateways, Network ACL & Security Groups, VPC Flow Logs, VPC Peering, VPC Endpoints, Site to Site VPN & Direct Connect, Transit Gateway
- [Security & Compliance](sections/security_compliance.md) - [Security & Compliance](sections/security_compliance.md)
- AWS Shared Responsibility Model, DDOS Protection on AWS, AWS Shield, AWS WAF - Web Application Firewall, AWS KMS (Key Management Service), CloudHSM, AWS Certificate Manager (ACM), AWS Secrets Manager, AWS Artifact (not really a service), Amazon GuardDuty, Amazon Inspector, AWS Config, Amazon Macie, AWS Security Hub, Amazon Detective, AWS Abuse, Root user privileges - AWS Shared Responsibility Model, DDOS Protection on AWS, AWS Shield, AWS WAF - Web Application Firewall, AWS KMS (Key Management Service), CloudHSM, AWS Certificate Manager (ACM), AWS Secrets Manager, AWS Artifact (not really a service), Amazon GuardDuty, Amazon Inspector, AWS Config, Amazon Macie, AWS Security Hub, Amazon Detective, AWS Abuse, Root user privileges, IAM Access Analyzer
- [Machine Learning](sections/machine_learning.md) - [Machine Learning](sections/machine_learning.md)
- Amazon Rekognition, Amazon Transcribe, Amazon Polly, Amazon Translate, Amazon Lex & Connect, Amazon Comprehend, Amazon SageMaker, Amazon Forecast, Amazon Kendra, Amazon Personalize, Amazon Textract - Amazon Rekognition, Amazon Transcribe, Amazon Polly, Amazon Translate, Amazon Lex & Connect, Amazon Comprehend, Amazon SageMaker, Amazon Forecast, Amazon Kendra, Amazon Personalize, Amazon Textract
- [Account Management, Billing & Support](sections/account_management_billing_support.md) - [Account Management, Billing & Support](sections/account_management_billing_support.md)

BIN
images/IAM_Access_Analyzer.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 136 KiB

16
sections/security_compliance.md
View File

@@ -28,6 +28,7 @@
- [Amazon Detective](#amazon-detective) - [Amazon Detective](#amazon-detective)
- [AWS Abuse](#aws-abuse) - [AWS Abuse](#aws-abuse)
- [Root user privileges](#root-user-privileges) - [Root user privileges](#root-user-privileges)
- [IAM Access Analyzer](#iam-access-analyzer)
- [Summary](#summary) - [Summary](#summary)
## AWS Shared Responsibility Model ## AWS Shared Responsibility Model
@@ -312,6 +313,21 @@
- Edit or delete an Amazon S3 bucket policy that includes an invalid VPC ID or VPC endpoint ID - Edit or delete an Amazon S3 bucket policy that includes an invalid VPC ID or VPC endpoint ID
- Sign up for GovCloud - Sign up for GovCloud
## IAM Access Analyzer
- AWS IAM Access Analyzer is a tool that scans your AWS resource policies to find any unintended public or cross-account access. It helps you identify and fix security issues, ensuring that only authorized entities have access to your resources.
- Find out which resources are shared externally:
- S3 Buckets
- IAM Roles
- KMS Keys
- Lambda Functions and Layers
- SQS queues
- Secrets Manager Secrets
- Define Zone of Trust = AWS Account or AWS Organization.
- Access outside zone of trusts => findings
<img src="../images/IAM_Access_Analyzer.png" height="350" width="300">
## Summary ## Summary
- Shared Responsibility on AWS - Shared Responsibility on AWS