AWS WAF

AWS WAF is a web application firewall that filters HTTP(S) traffic to protect applications from common exploits such as SQL injection and cross-site scripting. SCS-C03 covers it with Shield and CloudFront for edge security.

All SCS-C03 Terms

Amazon GuardDuty

Amazon GuardDuty is a threat-detection service that continuously analyzes CloudTrail, VPC Flow Logs, and DNS logs for malicious activity.

AWS Security Hub

AWS Security Hub is a service that aggregates and prioritizes security findings across accounts and checks them against standards such as CIS and AWS FSBP.

Amazon Detective

Amazon Detective is a service that helps analyze and investigate the root cause of security findings by building linked data from logs.

AWS CloudTrail

AWS CloudTrail is a service that records API activity across an AWS account for auditing and investigation.

Amazon Inspector

Amazon Inspector is an automated vulnerability-management service that scans workloads such as EC2 instances and container images for software vulnerabilities.

VPC Flow Logs

VPC Flow Logs capture information about IP traffic to and from network interfaces in a VPC.

AWS Network Firewall

AWS Network Firewall is a managed, stateful network firewall and intrusion-prevention service for VPCs.

AWS WAF

AWS WAF is a web application firewall that filters HTTP(S) traffic to protect applications from common exploits such as SQL injection and cross-site scripting.

AWS KMS

AWS Key Management Service (KMS) is a managed service that creates and controls the cryptographic keys used to encrypt data, with key policies, grants, and rotation.

AWS Secrets Manager

AWS Secrets Manager is a service that stores, retrieves, and automatically rotates secrets such as database credentials and API keys.

AWS Certificate Manager

AWS Certificate Manager (ACM) is a service that provisions, manages, and renews TLS certificates for AWS services.

IAM Policy

An IAM policy is a JSON document that defines permissions and is evaluated (with explicit denies overriding allows) to authorize requests.

Service Control Policy

A service control policy (SCP) is an AWS Organizations guardrail that limits the maximum permissions for member accounts.

AWS Config

AWS Config is a service that records resource configurations and evaluates them against rules and conformance packs for compliance.