In this very last chapter of the book, we covered one of the more complex aspects of a Cloud infrastructure: its security. After understanding what an AWS customer is expected to secure, we looked at different ways to audit and assess the security of an infrastructure.

We then started to make changes to some of the most critical components of the infrastructure with the help of the IAM service. We put in place policies for users to enforce the use of complex passwords and MFA devices. Still relying on IAM, we also looked at how better to limit the AWS permissions of our resources.

Once we had IAM under control, we started to make changes to our network to expose to the internet only what needs to be internet-facing. For that, we created a new VPC with public and private zones.

Finally, in the last section of the chapter, we saw ways to protect ourselves against targeted attacks by taking advantage of the AWS web application firewall and replicating our backups to another account.