☁️
CTHFM: AWS
  • Welcome
  • Getting Started
    • Account Setup
  • AWS CLI
    • AWS CLI Overview
    • Installation
  • AWS Fundamentals
    • AWS Documentation
    • AWS Shared Responsibility Model
    • Organizational Hierarchy
    • AWS Principals
    • IAM Fundamentals
      • IAM Policy Components
      • IAM Documentation References
    • AWS Security Services Overview
    • AWS Core Services
    • AWS Frameworks
    • Regions and Availability Zones
  • SQL
    • SQL Refresher for Threat Hunting
  • Logging Reference
    • Cloudtrail
      • What is Cloudtrail?
      • Setting Up Cloudtrail
      • Cloudtrail Events Structure
      • Filtering and Searching CloudTrail Logs
      • IAM ID Prefixes
      • Additional Resources
      • API References
    • VPCFlow Logs
    • GuardDuty
      • Multi-Account Setup
      • GuardDuty Concepts
      • GuardDuty Finding References
      • S3 Protection
      • Malware Protection
        • EC2 Malware Protection
          • EC2 Protection Resources
          • Monitoring Scans
          • EC2 Malware Protection Events: CloudWatch
        • S3 Malware Protection
          • Enabling S3 Malware Protection
          • After Enabling S3 Malware Protection
          • S3 Malware Resource Plan Status
          • S3 Malware Protection Quotas
      • RDS Protection Enablement
      • Lambda Protection Enablement
      • Trusted IP Lists and Threat Lists in Amazon GuardDuty
      • Remediation Recommendations
      • GuardDuty API Reference
      • GuardDuty Quotas
    • Access Analyzer
      • Setup
      • External Access and Unused Access Analyzer Findings
      • Review Findings
      • Access Analyzer Resources
      • Access Analyzer API Reference
    • AWS Network Firewall
      • Permissions
      • Firewall Log Contents
      • Logging Destinations
      • CloudWatch Firewall Metrics
    • AWS Config
      • Resource Management in AWS Config
      • AWS Config Integrations
      • AWS Config Resources
      • Configuration Item
      • Config Rules
        • Evaluation Modes
  • CloudWatch
    • Amazon CloudWatch
      • CloudWatch Concepts
      • CloudWatch Metrics
        • Filter Pattern Syntax
      • CloudWatch Alarms
        • Alarm Recommendations
      • Subscriptions
      • CloudWatch Agent
      • CloudWatch Insights
        • Supported Logs and Discovered Fields
        • CloudWatch Insights Query Syntax
      • Anomaly Detection
        • Create Anomaly Detector
        • Alarms for Anomaly Detections
      • CloudWatch Filter Syntax
      • CloudWatch Service Quota
  • Athena For Threat Hunting
    • Introduction to Athena
    • Setting Up Athena
    • SQL For Threat Hunters
    • Automated Response
    • Query Best Practices
  • AWS Security Research and Resources
    • AWS Security Blog
    • AWS Goat
    • Cloud Goat
    • Pacu
    • Prowler
    • Scout Suite
  • Threat Hunting in AWS
    • Threat Hunting in AWS
    • Threat Hunting Introduction
    • Threat Hunting Process
      • Hypothesis Generation
      • Investigation
      • Identification
      • Resolution & Follow Up
    • Pyramid of Pain
    • MITRE Att&ck
      • MITRE Att&ck Concepts
      • MITRE Att&CK Data Sources
      • MITRE Att&CK Mitigations
    • MITRE Att&ck: AWS
      • MITRE Att&CK Matrix
      • Amazon Web Services Security Control Mappings
    • AWS Threat Hunting Ideas
      • AWS Threat Hunting Ideas: EC2
      • AWS Threat Hunting Ideas: Lambda
      • AWS Threat Hunting Ideas: SQS
      • AWS Threat Hunting Ideas: SNS
      • AWS Threat Hunting Ideas: RDS
Powered by GitBook
On this page
  • Overview
  • 1. Compute Services
  • 2. Storage Services
  • 3. Database Services
  • 4. Networking and Content Delivery
  • 5. Identity and Access Management
  • 6. Security and Monitoring
  • 7. Application Integration and Automation
  • 8. Management and Deployment
  • Summary Table
  1. AWS Fundamentals

AWS Core Services

Overview

Understanding some essential services will give you a solid foundation for threat hunting within AWS environments. Below are the core AWS services that every beginner should learn, grouped by category, along with their primary use cases.

1. Compute Services

Amazon EC2 (Elastic Compute Cloud)

  • What it is: A virtual server that you can launch in the cloud.

  • Use Case:

    • Run web servers, databases, or custom applications.

    • Host workloads like websites or APIs.

AWS Lambda

  • What it is: A serverless compute service that runs your code only when needed, without managing servers.

  • Use Case:

    • Execute code in response to events (e.g., upload to S3).

    • Build lightweight APIs or automation functions.

2. Storage Services

Amazon S3 (Simple Storage Service)

  • What it is: An object storage service for storing data like files, backups, and media.

  • Use Case:

    • Store and serve static website files.

    • Keep backups and logs securely with built-in redundancy.

Amazon EBS (Elastic Block Store)

  • What it is: Block storage that can be attached to EC2 instances for storing operating systems and data.

  • Use Case:

    • Store data persistently on virtual machines (e.g., databases).

3. Database Services

Amazon RDS (Relational Database Service)

  • What it is: A managed relational database service that supports engines like MySQL, PostgreSQL, and SQL Server.

  • Use Case:

    • Host relational databases without worrying about infrastructure management.

Amazon DynamoDB

  • What it is: A fully managed NoSQL database service.

  • Use Case:

    • Store data for applications that need high availability and low latency, such as real-time apps.

4. Networking and Content Delivery

Amazon VPC (Virtual Private Cloud)

  • What it is: A service to create isolated networks for your AWS resources.

  • Use Case:

    • Control network access to your instances and services through security groups and subnets.

Amazon CloudFront

  • What it is: A content delivery network (CDN) service that delivers content to users with low latency.

  • Use Case:

    • Serve static assets (e.g., images, videos) globally with low latency.

5. Identity and Access Management

AWS IAM (Identity and Access Management)

  • What it is: A service to manage user access and permissions across AWS.

  • Use Case:

    • Control who can access what services and resources (e.g., granting access to developers or limiting access to critical infrastructure).

6. Security and Monitoring

Amazon CloudWatch

  • What it is: A monitoring service for AWS resources and applications.

  • Use Case:

    • Track performance metrics, create dashboards, and set alarms for resource health.

AWS CloudTrail

  • What it is: A service that logs API calls and tracks changes across AWS resources.

  • Use Case:

    • Audit resource changes and ensure security policies are followed.

7. Application Integration and Automation

Amazon SQS (Simple Queue Service)

  • What it is: A message queuing service that allows applications to send and receive messages.

  • Use Case:

    • Decouple components of distributed systems by ensuring messages are reliably delivered.

Amazon SNS (Simple Notification Service)

  • What it is: A notification service for sending messages to subscribers.

  • Use Case:

    • Send alerts (e.g., SMS, emails) or push notifications to applications or users.

8. Management and Deployment

AWS CloudFormation

  • What it is: A service that helps provision resources using infrastructure as code (IaC).

  • Use Case:

    • Automate the deployment of resources with templates for repeatable setups.

AWS Elastic Beanstalk

  • What it is: A Platform-as-a-Service (PaaS) offering that makes it easy to deploy applications.

  • Use Case:

    • Deploy web applications without managing the underlying infrastructure.

Summary Table

Category

Service

Use Case

Compute

EC2

Host virtual machines (web servers, databases)

Lambda

Run code without managing servers

Storage

S3

Store files, backups, and media

EBS

Attach persistent storage to EC2 instances

Database

RDS

Manage relational databases

DynamoDB

Store NoSQL data with high availability

Networking

VPC

Create isolated networks

CloudFront

Serve content with low latency worldwide

Identity & Access

IAM

Manage user permissions and roles

Security

CloudWatch

Monitor resource health and create alarms

CloudTrail

Audit changes to AWS resources

Application Integration

SQS

Decouple components with message queues

SNS

Send notifications or alerts

Management

CloudFormation

Automate deployments using templates

Elastic Beanstalk

Deploy web apps easily with minimal setup

PreviousAWS Security Services OverviewNextAWS Frameworks

Last updated 8 months ago