# Security Tools

| Tool                                 | Purpose                               | Key Capabilities                                                        | How to Gain Practical Experience                                                |
| ------------------------------------ | ------------------------------------- | ----------------------------------------------------------------------- | ------------------------------------------------------------------------------- |
| **AWS IAM**                          | Identity & Access Management          | Users, Groups, Roles, Policies, MFA, Permissions boundaries             | Create users/roles, enforce least privilege, manage policies, audit permissions |
| **AWS Organizations & SCPs**         | Multi-account management & governance | Control accounts, Service Control Policies (SCPs), consolidated billing | Set up multi-account hierarchy, enforce policies across accounts                |
| **AWS KMS**                          | Key Management Service                | Create, rotate, and manage encryption keys, integrate with S3, RDS, EBS | Encrypt data at rest, manage CMKs, audit key usage                              |
| **AWS CloudTrail**                   | Audit & Compliance                    | Track API calls, user activity, compliance reporting, log retention     | Enable for all regions, create trails, analyze logs in Athena or CloudWatch     |
| **AWS Config**                       | Continuous compliance                 | Monitor resource configuration, compliance rules, drift detection       | Create rules for S3 encryption, IAM policies, generate compliance reports       |
| **AWS GuardDuty**                    | Threat detection                      | Detect compromised instances, anomalous activity, malware               | Enable across accounts, analyze findings, automate response                     |
| **AWS Inspector**                    | Vulnerability scanning                | Detect OS & app vulnerabilities, CIS benchmark checks                   | Scan EC2/ECS, review findings, remediate issues                                 |
| **AWS Macie**                        | Data security & privacy               | Sensitive data discovery (PII, PCI), monitoring S3 buckets              | Classify S3 data, generate alerts on policy violations                          |
| **AWS WAF**                          | Web Application Firewall              | Block malicious traffic, protect APIs, use rules & rate-based controls  | Create rules for OWASP threats, protect CloudFront/APIs                         |
| **AWS Shield**                       | DDoS protection                       | Standard & Advanced, network-layer protection, integration with WAF     | Monitor attacks, enable protection on ELB/CloudFront                            |
| **AWS Secrets Manager**              | Secret management                     | Store DB/API credentials, auto-rotate secrets                           | Store app secrets, rotate automatically, enforce access policies                |
| **AWS Security Hub**                 | Central security dashboard            | Aggregates GuardDuty, Inspector, Macie, compliance checks               | Enable Hub, monitor findings, prioritize remediation                            |
| **AWS S3 Security Tools**            | Access & encryption                   | Bucket policies, encryption, Block Public Access, MFA Delete            | Apply least privilege, enable encryption, monitor logs                          |
| **AWS CloudWatch Security Insights** | Monitoring & alerting                 | Metrics, logs, alarms, anomaly detection                                | Create alerts on IAM changes, failed logins, unusual API calls                  |
| **AWS VPC Security Tools**           | Network security                      | Security Groups, NACLs, Flow Logs, Traffic Mirroring                    | Set up secure network architecture, monitor traffic, detect anomalies           |