Skip to content

태그: Security

AWS Managed Microsoft AD

AWS offers AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, to provide a highly available and resilient Active Directory service. Starting with Kerberos Kerberos is a subject that, on the surface, is simple enough, but can quickly become much more complex. If you wish to look further into the topic, see the Microsoft Kerberos documentation. In this post

Amazon Cognito is an identity platform for web and mobile apps. It’s a user directory, an authentication server, and an authorization service for OAuth 2.0 access tokens and AWS credentials. With Amazon Cognito, you can authenticate and authorize users from the built-in user directory, from your enterprise directory, and from consumer identity providers like Google and Facebook. User pools Crea

Conformance Packs & Security Hub

Conformance Packs A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a Region or across an organization in AWS Organizations. Conformance packs are created by authoring a YAML template that contains the list of AWS Config managed or custom rules and remediation actions. You can also use AWS Systems Manager

IAM enables you to securely control access to AWS services and resources for your AWS users, groups, and roles. Using IAM, you can create and manage fine-grained access controls with permissions, specify who can access which services and resources, and under which conditions. IAM allows you to do the following: terms Users any individual end user such as an employee, system architect, CTO, etc. Gr

KMS는 Key Management Service의 약자로, 데이터를 암호화 할떄 사용되는 암호화 Key를 안전하게 관리하는데 목적을 둔 AWS의 서비스이다. KMS는 크게 세가지 방식으로 key 관리 서비스를 제공한다. AWS managed key AWS 서비스들이 내부적으로 발급받는 Key로, 내부적으로 자동으로 일어나게 되며 사용자가 직접적으로 제어가 불가능하다. 자신의 AWS 계정에 들어가면 만들어진 Key의 목록을 확인하는건 가능하다. (참고) 모든 AWS managed keys는 1년마다 rotate된다. 이 주기는 사용자가 변경할 수 없다. Customer managed key(CMK) 사용자가 직접 key를 생성하고 관리하는 것이다. CMK에 대해서는 IAM을 통해 권한을 부여받아 제

1. Intro IAM and KMS are easily one of the most 2 important services in terms of AWS security. KMS is used extensively for cryptographic operations not only within the AWS universe itself, but also in various hybrid architectures. It is a solid service which offers a wide variety of cryptographic services and possibilities. In this article, we will compare from a security point of view, the usage

MalformedPolicyDocument

Terminal windowaws_iam_policy.codebuild: Modifying... [id=arn:aws:iam::&x3C;AWS Account ID>:policy/bot-dev-CodeBuild-policy]Error: Error updating IAM policy arn:aws:iam::&x3C;AWS Account ID>:policy/bot-dev-CodeBuild-policy: MalformedPolicyDocument: Policy document should not specify a principal. status code: 400, request id: ...:policy/bot-dev-CodeBuild-policy]Error: Error updating IAM policy arn

Microsoft Active Directory

In 2017, AWS introduced AWS Directory Service for Microsoft Active Directory, also known as AWS Microsoft AS, which is managed Microsotf Active Directory (AD) that is performance optimized for small and midsize businesses. AWS Microsoft AD offers you a highly available and cost-effective primary directory in the AWS Cloud that you can use to manage users, groups, and computers. It enables you

WAF & Firewall Manager & Shield Advanced

You can use AWS WAF, AWS Shield, and AWS Firewall Manager together to create a comprehensive security solution. AWS WAF: A web application firewall that you can use to monitor web requests that your end users send to your applications and to control access to your content. AWS Shield: It provides protection against distributed denial of service (DDoS) attacks for AWS resources, at the network