Scribd
Upload
5 views

Module 3 Final

The document provides an introduction to AWS Identity and Access Management (IAM) and CloudWatch, covering key features such as IAM permissions, roles, policies, and the structure of Amazon Resource Names (ARNs). It explains the importance of access management, the hierarchy of IAM users and groups, and the role of CloudWatch in monitoring AWS resources. Additionally, it discusses IAM policies, security token service (STS), and identity federation for managing access across different accounts and services.

Uploaded by

cse.21bcsb48
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

Module 3 Final

The document provides an introduction to AWS Identity and Access Management (IAM) and CloudWatch, covering key features such as IAM permissions, roles, policies, and the structure of Amazon Resource Names (ARNs). It explains the importance of access management, the hierarchy of IAM users and groups, and the role of CloudWatch in monitoring AWS resources. Additionally, it discusses IAM policies, security token service (STS), and identity federation for managing access across different accounts and services.

Uploaded by

cse.21bcsb48
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 89

AWS Foundation

INTRODUCTION TO IAM AND CLOUDWATCH


Agenda

Why Access IAM Features and MFA IAM Policies


Management ? 1 1

11 IAM Permissions and Roles Introduction to AWS STS


1 CloudWatch 1

Metrics and Dashboard and


1 Namespaces 1 CloudWatch Alarms 1 CloudWatch Logs

IAM Policy AWS Access CloudTrail and


1 Simulator 1 Analyzer 1 Config
Introduction to IAM

Copyright IntelliPaat, All rightsreserved


Introduction to IAM Introduction to IAM
AWS Identity and Access Management (IAM) is a web service that helps you securely control access
to AWS resources.
You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use
resources.

Copyright IntelliPaat, All rightsreserved


WhyAccessManagement? Introduction to IAM

Server

Receives all the access to Only Web development


Only Data analytics dashboard
the server dashboard

Admin
Web Developer Data Scientist

Copyright IntelliPaat, All rightsreserved


Amazon Resource Name

Copyright IntelliPaat, All rightsreserved


AmazonResource Name Amazon Resource Name

Amazon Resource Names uniquely identify AWS resources. Every


resource in AWS is provided with an ARN.

ARN Format:

arn:partition:service:region:account-id:resource

arn:partition:service:region:account-id:resourcetype/resource

arn:partition:service:region:account-id:resourcetype:resource

Copyright IntelliPaat, All rightsreserved


AmazonResource Name Amazon Resource Name

EC2 Instance > arn:aws:ec2:region:account-id:instance/instance-id

AMI > arn:aws:ec2:region::image/image-id

Key-pair > arn:aws:ec2:region:account-id:key-pair/key-pair-name

N/W Interface > arn:aws:ec2:region:account-id:network-interface/eni-id

EBS Volume > arn:aws:ec2:region:account-id:volume/volume-id

Snapshot > arn:aws:ec2:region:account-id:snapshot/snapshot-id

Copyright IntelliPaat, All rightsreserved


AmazonResource Name Amazon Resource Name

VPC > arn:aws:ec2:region:account-id:vpc/vpc-id

Route Table > arn:aws:ec2:region:account-id:route-table/route-table-id

SG > arn:aws:ec2:region:account-id:security-group/security-group-id

NACL > arn:aws:ec2:region:account-id:network-acl/nacl-id

IGW > arn:aws:ec2:region:account-id:internet-gateway/igw-id

Subnet > arn:aws:ec2:region:account-id:subnet/subnet-id

Peering > arn:aws:ec2:region:account-id:vpc-peering-connection/peering-id

Copyright IntelliPaat, All rightsreserved


IAM Hierarchy IAM Hierarchy

Account
(ROOT)

user1 group1 group2

user2 guser1 Edward

guser2 Anil

guser3

Copyright IntelliPaat, All rightsreserved


IAM Features

Copyright IntelliPaat, All rightsreserved


IAM Features IAM Features
IAM Users

Represents an entity that is created in AWS, can be a person or service.


No permissions by default. Nothing is allowed.
Access requirement
Programmatic Access: User needs to make API calls from programs or uses CLI to access AWS resources.
Management Console Access: User needs to access AWS resources from management console.

EC2

S3

DynamoDB

Copyright IntelliPaat, All rightsreserved


IAM Features IAM Features
IAM Users

EC2

Access Keys CLI


Max 2 ACTIVE access keys at a S3
time.
When disabled access keys cannot
be used to make CLI or API calls. DynamoD
Access B
Key

Access Key ID Secret Access Key

Copyright IntelliPaat, All rightsreserved


IAM Features IAM Features
IAM Groups

• Groups are collection of IAM users.

Admin Developer Operations

admin1 dev1 ops1

admin2 dev2 ops2

dev3 ops3
admin3

dev4

dev5
Copyright IntelliPaat, All rightsreserved
IAM Features IAM Features
Security
Multi-FactorAuthentication SMS
Token
Based
Based

Copyright IntelliPaat, All rightsreserved


JSON JSON
{
“EmpID” : 12345 ,
“EmpID”
“EmpName” : “xyz” ,

“Address” :{ “Address”
“Building” : “Bldg-1” ,
“Street” : ”40/1 Blvd” , “Address.Street”
“ZipCode” : 654321
Introduction to JSON – Java },
Script Object Notation “Skills[1]”
“Skills” : [ “AWS” , “Java” , “Oracle” ] ,
“cars[0].name”
“cars” : [
{ “name” : “Toyota” , “models” : [ “Prius” , “Camry” , “Corolla”] } ,
{ “name” : “Honda” , “models” : [ “Accord” , “Civic” ] },
{ “name” : “Jeep” }
]
“cars[1].models[0]”
}

Copyright IntelliPaat, All rightsreserved


JSON JSON

{
Previous Record
“EmpID” : 12345 ,
“EmpName” : “xyz” ,
“Address” : {
“Building” : “Bldg-1” ,
“Street” : “40/1 Blvd” ,
“ZipCode” : 654321 ,

},
“Skills” : [ “AWS” , “Java” , “Oracle” ] ,
“cars” : [
{ “name” : “Toyota” , “models” : [ “Prius” , “Camry” , “Corolla”] } ,
{ “name” : “Honda” , “models” : [ “Accord” , “Civic” ] } ,
{ “name” : “Jeep” }
]

Copyright IntelliPaat, All rightsreserved


IAM Policies

Copyright IntelliPaat, All rightsreserved


IAM Policies IAM Policies
Policies are JSON documents which mention what an user or group can do on AWS resources. It
defines the Authorization paradigm for AWS resources.
Contains 3 components at the least (EAR):

EFFECT: WhetherACTIONs areALLOWED/DENIED on RESOURCEs.

ACTIONS: What actions are allowed or denied. e.g. create EC2 instance, delete
S3 buckets, create Security Groups etc. all are different type ofACTIONS.

RESOURCES: AWS resources like EC2 instances, ELB, S3 buckets or objects


etc. Denoted byARN.

Policies can be attached to Users or Groups.

Copyright IntelliPaat, All rightsreserved


IAM Policies IAM Policies

Resource based policies: when policies are attached to resources.

PRINCIPAL: An entity that can take action on an AWS Resource.

Group S
3
Effect, Action,
Effect, Action, Resource : “S3”
Resource : “S3”
Principal : “user-1”

Copyright IntelliPaat, All rightsreserved


IAM Policies IAM Policies

Policy with a single statement


{
"Version" : "2012-10-17" ,

"Statement " : [
{ "Effect" : "Allow" , Version 
"Action " : "s3:ListBucket" , 2012-10-17, currentversion.
"Resource" : "arn:aws:s3:::aws-foundation-bucket" 2008-10-17, previous version.
}
]
}

Copyright IntelliPaat, All rightsreserved


IAM Policies IAM Policies
IAM Policies

“Statement” : [ { } , { } , { } ]
Sid : Statement ID.
Effect :Allow/Deny.
Principal : ARN of AWS user, account or service which is allowed or denied
access to a AWS resource.
Action : Specific action that is allowed or denied on an AWS resource.
Resource : ARN of the AWSresource.
Condition : Condition when a policy is in effect.

AWS Managed Policies.


Customer Managed
Policies.
Inline Policies

Copyright IntelliPaat, All rightsreserved


IAM Policies IAM Policies
Examples
Allow users to access a specific S3 bucket (aws-foundation)

{ {
"Version": "2012-10-17", "Effect": "Allow",
"Statement": [ // Statement STARTs here "Action": [
{ "s3:ListBucket",
"Effect": "Allow", "s3:GetBucketLocation"
"Action": "s3:ListAllMyBuckets", ],
"Resource": "arn:aws:s3:::*" "Resource": "arn:aws:s3:::aws-foundation"
}, },

{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::aws-
foundation/*"
}
] // Statement ENDs here
}

Copyright IntelliPaat, All rightsreserved


IAM Permissions IAM Permission
IAM Permissions

Permissions are given by attaching policies to users or groups.

No permission by default for all IAM users.

AWS account “root” credential.

Use the policies defined earlier to provide access to users and groups.

Copyright IntelliPaat, All rightsreserved


IAM Permission
IAM Permissions

Permission Policy

Role
IAM user in the same account
Trust Policy
IAM user in different account

JSON Another AWS service


{ Permission
“Effect” : “Allow”, An external user
“Action” : “sts:AssumeRole”,
“Principal” : “ec2.amazonaws.com”
}

Copyright IntelliPaat, All rightsreserved


IAM Roles

Copyright IntelliPaat, All rightsreserved


IAM Roles
IAM Roles

Role is similar to an user/group which has permissions/policies attached to it.


Roles are temporary access given to anyone who needs to perform the specific task mentioned in the Role.

Cannot Cannot
access EC2 access
RDS

Permissions attached to the users are taken away till the time role is getting used.

Role: Can Role: Can


access EC2 access RDS

Copyright IntelliPaat, All rightsreserved


IAM Roles
Cross-Account Roles

Roles and Permissions between Different Accounts and Users.

Account-1 Role Account-2

user-1

EC2 Instances

Copyright IntelliPaat, All rightsreserved


IAM Roles IAM Roles
Cross-Account Roles

Instance Profile

EC2

Program S3

DynamoDB

Role

Copyright IntelliPaat, All rightsreserved


IAM Roles IAM Roles
Cross-Account Roles

Identity Federation: AWS resources can be accessed by third party Identity Providers (IdP)
Web: Facebook, Google, Amazon or any OIDC
SAML2.0: LDAP or Microsoft AD

Steps (Web Identity Federation)


Sign up as developer in Facebook or Google or Amazon account.
Create an Identity Provider in IAM.
Create Role with Trust and Permission Policy
In Trust Policy Principal should be the Web IdP
Cognito can be used as Identity Broker.

“Principal” : { “Federated” : “www.amazon.com” }


“Principal” : { “Federated” : “graph.facebook.com” } “Action” : “sts:AssumeRoleWithWebIdentity”
“Principal” : { “Federated” : “accounts.google.com”}

Copyright IntelliPaat, All rightsreserved


Identity Federations

Copyright IntelliPaat, All rightsreserved


IAM Federations IAM Federation
Web Identify Federation
How does it
work?
Device Role ARN + Auth Token

AssumeRoleWithWebIdentit
y STS
Temp Security
Credentials

Auth EC2
Authenticate Token

S3
Amazon
Google
Facebook
DynamoDB

Copyright IntelliPaat, All rightsreserved


IAM Federations IAM Federation
SAML IdentifyFederation

Steps (SAML Federation)


Register AWS with Corporate IdP (LDAP).
That will generate a Metadata XML.
Create a SAML identity provider with the SAML metadata.
Create Roles.
These roles should be mapped with Organization’s assertions.

“Principal” : { “AWS” : “ARN of the SAML provider” } “Action” : “sts:AssumeRoleWithSAML”

Copyright IntelliPaat, All rightsreserved


ations IAM Federation
SAML IdentifyFederation
How does it
work?
Role ARN + SAML provider ARN

AssumeRoleWithSAML
Application Temp Security STS
Credentials

SAML
Assertion EC2
Authenticate

S3
LDAP Identity Store

DynamoDB
Copyright IntelliPaat, All rightsreserved
Security Token Service
Temporary Security Credentials & STS

STS (Security Token Service) can be used to get temporary security credentials.
Temporary Access Key ID, Secret Access Key and Security Token

STS Call
Application
Security Token
Or
Service
User
Temp Creds
STS Calls.
“AssumeRole”: ARN of the Role, Duration (15 mins to 1 hour (Default) )
“AssumeRoleWithWebIdentity”: ARN of the Role, Auth Token, Duration (15 mins to 1 hour (Default))
“AssumeRoleWithSAML” : ARN of the Role, ARN of the SAML provider created in IAM, SAML assertion,
Duration (15 min to 1 hour (Default)
“GetFederationToken”
“GetSessionToken”

Copyright IntelliPaat, All rightsreserved


i Introduction to CloudWatch
CloudWatch Monitoring

Monitors all AWS resources provisioned and deployed.


Sends notifications if anything goes wrong.

Following services are used in conjunction with CloudWatch:

Copyright IntelliPaat, All rightsreserved


s and Statistics Dimensions and Statistics
Dimensions and Statistics

Dimensions
Statistics: Data aggregations over a period oftime.

Metrics

EC
2 Standalone Metrics

Metrics

Copyright IntelliPaat, All rightsreserved


CloudWatch Metrics and
Namespaces

Copyright IntelliPaat, All rightsreserved


Metrics
h Metrics andNamespaces and Namespaces
Metric and Namespaces

Metrics are fundamental to CloudWatchmonitoring.


Individual data points which are monitored, all actions are based on metrics. e.g.CPU
Utilization percentage.
All AWS services send metrics to CloudWatch bydefault.

cpu cpu
EC2 disk EBS disk

n/w n/w

cpu cpu

ELB disk Route53 disk

n/w n/w
Copyright IntelliPaat, All rightsreserved
Metrics
h Metrics andNamespaces and Namespaces
RReessoouurrcceeM
Meetrtricicss– EECC22

NetworkIn (Bytes)

CPU Utilization
NetworkOut (Bytes)
Network Interface
NetworkPacketsIn(Count)

Attached Disks
NetworkPacketsOut (Count)

DiskReadOps (Count) DiskReadBytes (Bytes)

DiskWriteOps (Count) DiskWriteBytes (Bytes)


Min, Max,Avg

Copyright IntelliPaat, All rightsreserved


Metrics
CloudWatch Metrics andNamespaces and Namespaces
Resource Metrics – EC2

AutoScalingGroupName
CPU Utilization

Network Interface InstanceId

Attached Disks
ImageId

CPU Credit Metrics

Instancetype

CPUCreditUsage (Count) CPUCreditBalance (Count)

Copyright IntelliPaat, All rightsreserved


Metrics and Namespaces
Resource Metrics – EBS

Metrics Unit Statistics


VolumeReadBytes Bytes Sum, Avg, Count
VolumeWriteBytes Bytes Sum, Avg, Count
VolumeReadOps Count
VolumeWriteOps Count
VolumeTotalReadTime Seconds
VolumeTotalWriteTime Seconds
VolumeIdleTime Seconds
VolumeQueueLength Count
VolumeThroughputPercentage Percent
VolumeConsumedReadWriteOps Count

BurstBalance Percent

Copyright IntelliPaat, All rightsreserved


Metrics
h Metrics andNamespaces and Namespaces
Resource Metrics – S3

BytesUploaded Min, Max,


Avg, Count,
Sum
BytesDownloaded
Sum
BucketName
GetRequests (Count)
Av
PutRequests (Count) StorageType
g

DeleteRequests (Count)
NumberOfObjects (Count)

HeadRequests (Count) BucketSizeBytes (Bytes)

PostRequests (Count) FilterId

ListRequests (Count)
Copyright IntelliPaat, All rightsreserved
Metrics
h Metrics andNamespaces and Namespaces
Resource Metrics – S3

BytesUploaded Min, Max,


Avg, Count,
Sum
BytesDownloaded
Sum
BucketName
GetRequests (Count)

PutRequests (Count) Avg StorageType

DeleteRequests (Count)
NumberOfObjects (Count)

HeadRequests (Count) BucketSizeBytes (Bytes)

PostRequests (Count) FilterId

ListRequests (Count)
Copyright IntelliPaat, All rightsreserved
Metrics
h Metrics andNamespaces and Namespaces
Resource Metrics–DynamoDB

PutItem
GlobalSecondaryIndexName StreamLabel TableName DeleteItem
UpdateItem
GetItem
BatchGetItem
Table Item Attributes Scan
Min, Max, Avg, Count, Sum
Query
BatchWriteItem

ConsumedReadCapacityUnits ProvisionedReadCapacityUnits

ConsumedWriteCapacityUnits ProvisionedWriteCapacityUnits

GSI/LSI OnlineIndexConsumedWriteCapacity ReadThrottleEvents

OnlineIndexPercentageProgress WriteThrottleEvents

OnlineIndexThrottleEvents ThrottledRequests

Copyright IntelliPaat, All rightsreserved


Metrics
h Metrics andNamespaces and Namespaces
Resource Metrics –AS

GroupDesiredCapacit
GroupMinSize GroupMaxSize
y

GroupInServiceInstance
GroupPendingInstances GroupStandbyInstances
s

GroupTerminatingInstances GroupTotalInstances

Copyright IntelliPaat, All rightsreserved


hArchitecture Architecture
Architecture

EC2 Metrics

DynamoDB
Metrics

EBS Metrics

Statistics Console
S3 Metrics

Statistics User

Copyright IntelliPaat, All rightsreserved


CloudWatch Dashboard

Copyright IntelliPaat, All rightsreserved


hDashboard CloudWatch Dashboard
Dashboards

Dashboards are pages in the console which can be used toput


all the important statistics deemed important at one place.

Copyright IntelliPaat, All rightsreserved


hDashboard CloudWatch Dashboard

Copyright IntelliPaat, All rightsreserved


CloudWatch Alarm

Copyright IntelliPaat, All rightsreserved


hAlarm CloudWatch Alarm
Alarm

Alarms watch over metrics and metrics only.

Alarms can be set to take action based on metrics data.

CPUUtilization Action

BytesDownloaded Action

Copyright IntelliPaat, All rightsreserved


hAlarm CloudWatch Alarm
Alarm

Alarm States
Alarm Threshold and Period. (Threshold of 75% for 3 consecutive times)
OK – Within Threshold.

ALARM – CrossedThreshold.

INSUFFICIENT_DATA – Metric not


75%
available/ Missing data (Good, Bad,
CPU Ignore, Missing).
Util

Time

Copyright IntelliPaat, All rightsreserved


CloudWatch Logs

Copyright IntelliPaat, All rightsreserved


hLogs CloudWatch Logs
Logs

CloudWatchlogs are used to monitor, store and access log files from variousAWS resources including EC2 etc.

How does itwork:

Logs

agent

CLI plug-in which pushes data to CloudWatch Logs

Script which runs “aws logs push” command to send data to


CW Logs

Cronjob which ensures that the agent daemon runs all the time
Copyright IntelliPaat, All rightsreserved
hLogs CloudWatch Logs
CloudWatch LogComponents

Log Events: Record of some activity


recorded by the application being
monitored. Log Stream
Log Event 1
Log Streams: Sequence of log events
from the same source
Log Event 2
Log Stream

Log Event 3
Log Groups: Group of Log Streams.
Log Stream
Log Stream

Metric Filters: Customized metrics Log Group


Log Group
created from received log data.

Copyright IntelliPaat, All rightsreserved


hLogs CloudWatch Logs
Installing LogsAgent

Install and configure theagent sudo yum install -y awslogs

/etc/awslogs/awscli.conf

/etc/awslogs/awslogs.conf

sudo service start awslogs

/var/log/awslogs.log

sudo chkconfig awslogs on


Copyright IntelliPaat, All rightsreserved
hLogs CloudWatch Logs
Log Config File

Config File: Contains information needed by “aws logs push” command.

General Section:
state_file
logging_config_file

Logstream Section:
log_group_name = value
log_stream_name = value
file = value
batch_count = integer
batch_size = integer

Copyright IntelliPaat, All rightsreserved


Pricing

Copyright IntelliPaat, All rightsreserved


CloudWatch
h Pricing (us-east-1) Pricing: us-east1

Free Tier
3 dashboards up to 50 metrics per month
Basic monitoring at 5 mins interval of EC2, EBS, ELB, RDS are free.
https://aws.amazon.com/cloudwatch/pricing/

Pricing
Dashboards: $3.00 per dashboard per month
Detailed monitoring for EC2 instances
Custom Metrics

Alarms: $0.10 per alarm/month


CloudWatch Logs
CloudWatch Events

Copyright IntelliPaat, All rightsreserved


Design
Patterns

Copyright IntelliPaat, All rightsreserved


Design Pattern

CloudWatch EC2

Kinesis

EMR
S3

Copyright IntelliPaat, All rightsreserved


terns Design Pattern

CloudWatch S3 EC
2

Copyright IntelliPaat, All rightsreserved


terns Design Pattern

Copyright IntelliPaat, All rightsreserved


Design Pattern

Copyright IntelliPaat, All rightsreserved


Design Pattern

Copyright IntelliPaat, All rightsreserved


AWS STS

Copyright IntelliPaat, All rightsreserved


Security Token Service

AWS Security Token Service (AWS STS) is a web service


provided by AWS that allows you to request temporary,
limited-access credentials for AWS Identity and Access
Management (IAM) users or users you authenticate
(federated users).

Copyright IntelliPaat, All rightsreserved


Security Token Service

Use Case

● Privilege elevation - this is already mentioned, AssumeRole allows to become

another role within the same or different aws account.

● Authorization to aws resources for identities authenticated a other way (AD,

SAML, OIDC,..), see services AssumeRoleWithSAML or

AssumeRoleWithWebIdentity.

● Authorization to aws resources with custom authorization, see

GetFederationToken.

Copyright IntelliPaat, All rightsreserved


IAM
Access Analyzer

Copyright IntelliPaat, All rightsreserved


AWS Acc ess Analyzer Access Analyzer

Identity and Access Management on AWS Access


Analyzer assists in identifying potential resource-access
risks by identifying any policies that grant access to an
external principal. It accomplishes this by analysing
resource-based policies in your AWS environment using
logic-based reasoning. Another AWS account, a root
user, an IAM user or role, a federated user, an AWS
service, or an anonymous user can all be external
principals.

Copyright IntelliPaat, All rightsreserved


AWS Acc ess Analyzer Access Analyzer

Use Case

AWS IAM Access Analyzer provides the following capabilities:

● IAM Access Analyzer helps identify resources in your organization and accounts

that are shared with an external entity.

● IAM Access Analyzer validates IAM policies against policy grammar and best

practices.

● IAM Access Analyzer generates IAM policies based on access activity in your

AWS CloudTrail logs.

Copyright IntelliPaat, All rightsreserved


IAM
Access Advisor

Copyright IntelliPaat, All rightsreserved


AWS Acc ess Advisor Access Advisor

The AWS Identity and Access Management (IAM) access


advisor uses data analysis to help you confidently set
permission guardrails by providing service last accessed
information for your accounts, organizational units
(OUs), and your AWS Organizations-managed
organization.

Copyright IntelliPaat, All rightsreserved


AWS Acc ess Advisor Access Advisor

Use Case

Assume Arnav Desai is a security administrator for Example Corp. He works with several
development teams and monitors their access across multiple accounts. To get his
development teams up and running quickly, he initially created multiple roles with broad
permissions that are based on job function in the development accounts. Now, his
developers are ready to deploy workloads to production accounts. The developers need
access to configure AWS, however, Arnav only wants to grant them access to what they
need. To determine these permissions, he uses access advisor APIs to automate a process
that helps him understand the services developers accessed in the last six months. Using
this information, he authors policies to grant access to specific services in production. I’ll
now show you an example to achieve this in one account using AWS CLI commands.
IAM
Policy Simulator

Copyright IntelliPaat, All rightsreserved


Policy Stimulator IAM Policy Simulator

Identity-based policies, IAM permissions boundaries,


Organizations service control policies (SCPs), and
resource-based policies can all be tested and
troubleshooted using the IAM policy simulator.

Copyright IntelliPaat, All rightsreserved


Policy Stimulator IAM Policy Simulator

Working of policy
stimulator
The simulator assesses the policies you select and
determines the effective permissions for each of
the actions you specify. The simulator employs the
same policy evaluation engine as real-world
requests to AWS services.

Copyright IntelliPaat, All rightsreserved


Policy Stimulator IAM Policy Simulator

Benefits

● Improve developer agility.


● Application monitoring and auditing
● SaaS integrations expand functionality.
● AI/ML to personalize SaaS

Copyright IntelliPaat, All rightsreserved


CloudWatch
EventBridge

Copyright IntelliPaat, All rightsreserved


CloudWatch EventBridge

Amazon EventBridge is a serverless event bus that makes


it simple to connect applications using data from your
own applications, SaaS applications, and AWS services.

Copyright IntelliPaat, All rightsreserved


CloudWatch EventBridge

Benefits

● Improve developer agility.


● Application monitoring and auditing
● SaaS integrations expand functionality.
● AI/ML to personalize SaaS

Copyright IntelliPaat, All rightsreserved


AWS CloudTrail

Copyright IntelliPaat, All rightsreserved


CloudTrail

AWS CloudTrail is a service provided by Amazon Web


Services that enables operational and risk auditing,
governance, and compliance for your AWS account.
Events in CloudTrail are actions taken by a user, role, or
AWS service. Events include AWS Management Console,
AWS Command Line Interface, and AWS SDKs and APIs
actions.

Copyright IntelliPaat, All rightsreserved


CloudTrail

Benefits

● Improves your security posture by recording user activity and events, and set up
automated workflow rules with Amazon EventBridge.

● Protects your organization from penalties using CloudTrail logs to prove


compliance with regulations such as SOC, PCI, and HIPAA.

● Captures and consolidate user activity and API usage across AWS Regions and
accounts on a single, centrally controlled platform.

.
Copyright IntelliPaat, All rightsreserved
AWS Config

Copyright IntelliPaat, All rightsreserved


fig AWS Config

AWS Config displays a detailed view of the AWS resource


configuration in your AWS account. This includes how
the resources are related to one another as well as how
they were previously configured, allowing you to see
how the configurations and relationships change over
time.

Copyright IntelliPaat, All rightsreserved


fig AWS Config

Benefits

● Security Analysis and Resource Administration

● Continuous monitoring

● Continuous assessment

● Monitoring compliance across the enterprise

Copyright IntelliPaat, All rightsreserved


India : +91-7847955955

US : 1-800-216-8930 (TOLLFREE)

[email protected]

24X7 Chat with our CourseAdvisor

Copyright IntelliPaat, All rightsreserved

You might also like