Let's build from here together

Project 1: Mitigating Common Web Application Attack Vectors Using AWS WAF

Problem statement

Welcome to Home Depot!. You have just joined the team and your first task is to enhance security for the company website. The site runs on Linux, PHP and Apache and uses an EC2 an autoscaling group behind an Application Load Balancer (ALB). After an initial architecture assessment you have found multiple vulnerabilities and configuration issues. The dev team is swamped and will not be able to remediate code level issues for several weeks. Your mission in this workshop round is to build an effective set of controls that mitigate common attack vectors against web applications, and provide you with the monitoring capabilities needed to react to emerging threats when they occur.

Reveal Project

Project 2: Scaling your encryption at rest capabilities with AWS KMS

Problem statement

As a new security architect for the Amazon Web Services environment within your firm, you receive a request from your governance and compliance department asking you to review and demonstrate privacy controls for data stored in AWS. .

Reviewing the results of your Well-Architected review to protect data at rest, you discover that while your company enabled encryption in some areas, the configuration parameters are inconsistent. Additionally, your governance, compliance, and audit team asked you to provide a report on data consumers.

Working with your Amazon Web Services architects, you identify several focus areas.

1. Logging and archival. Some CloudTrail logs can contain production data. You need to ensure the controls applied to CloudTrail logs can meet the privacy controls
2. Privacy and Security of data at rest for EC2 instances and data backups of those instances
3. Privacy and Security of data for higher-level services like RDS

The recommendation

AWS Security specialists recommended using encryption as secondary access control to your data to enhance your data privacy and security posture.

Reveal answer