AWS Associate & Security L-2
AWS Associate certifications validate foundational to intermediate cloud expertise, covering services like EC2, S3, RDS, and networking. AWS Security focuses on securing cloud environments using IAM, encryption, threat detection, and compliance frameworks. It involves implementing security best practices, such as the Principle of Least Privilege, monitoring with AWS Security Hub, and automating security responses with AWS Lambda. Both domains ensure secure, scalable, and efficient cloud operations.
You are an AWS Certified Solutions Architect Associate with security expertise, working for an e-commerce company. A security alert is triggered due to unusual outbound traffic from an EC2 instance.
Investigation:
CloudTrail & GuardDuty detect unauthorized API calls from an IAM user.
IAM logs show multiple failed login attempts.
AWS Config reveals an open SSH port (22) to the public internet.
Mitigation & Response:
Disable compromised IAM user and rotate credentials.
Isolate the EC2 instance using VPC Security Groups.
Take snapshots for forensic analysis.
Implement MFA for all IAM users and enforce strict access control.
Use AWS Systems Manager Session Manager instead of SSH.
Update AWS WAF rules to block suspicious IPs.
Post-Incident Security Enhancements:
Enable AWS Security Hub for centralized security management.
Automate security responses using AWS Lambda (e.g., disabling compromised accounts).
Monitor continuously with Amazon GuardDuty and CloudWatch.