AWS Security Hub Features

This lesson provides detail on the AWS Security, Identity, and compliance services relevant to the AWS Certified DevOps Engineer - Professional exam. These services are used to help secure and protect your resources and environment through access control mechanisms and encryption.

Want more? Try a lab playground or do a Lab Challenge!

Learning Objectives

• Learn what Identity Federation is
• Learn about the AWS services that can be used with it
• Understand how it's implemented
• Understand the benefits of AWS IAM Identity Center and how it can be used to simplify user access at scale
• Create your own authentication mechanisms using Amazon Cognito
• Create your own customized UI for user sign in
• Create a secure user directory for all your applications and users
• Understand what is meant by identity and access management and the difference between authentication, authorization, and access control
• Learn the components of IAM as well as its reporting features
• Understand the core principles of cross-account access using IAM
• How to implement and configure cross-account access
• Define how the Key encryption process works
• Explain the differences between the different key types 
• Create and modify Key policies
• Understand how to rotate, delete and reinstate keys
• Define how to import your own Key material
• Learn how AWS Security Hub provides a comprehensive view of your security posture across AWS services
• Understand the use of AWS Resource Access Manager (RAM) to securely share resources across multiple AWS accounts
• Learn about AWS Certificate Manager (ACM) and ACM Private Certificate Authority to secure applications and devices using public and private certificates
• Learn how the AWS Security Token Service (STS) enables you to request temporary, limited-privilege credentials for IAM or federated users
• Understand how the AWS Web Application Firewall (WAF) is used to protect applications and APIs against common web exploits