- Robert Boscacci/
- Projects/
- Certification: AWS DevOps Pro/
- 4: Incident and Event Response/
- 8: Loose ends on incident response/
8: Loose ends on incident response
·1 min
Table of Contents
Destinations for S3 bucket events?
- SNS
- SQS
- Lambda
- EventBridge
What else about S3 is automated?
- Lifecycle expiration
- Lifecycle transition
- Intelligent tiering, archiving
- Object tagging
Which services are event-driven?
- Lambda
- Cloudwatch
- EventBridge
- Kinesis
Which ones also contribute to event-driven?
- CloudTrail: Findings can be actionable, trigger lambdas
- Config: Compliance issues, remediation actions
- S3: Use as repo, trigger pipeline actions on PUT
What’s, like, general security automation workflow?
- Monitor
- CloudWatch
- CloudTrail
- GuardDuty
- Macie
- Detect
- SecurityHub
- GuardDuty
- Remediate
- Lambda
- Systems manager
Sec / Compliance Monitoring:
- Lambda -> Trusted Advisor: Automate security checks
- Config -> Lambda: Download data from AWS config
How to notify when access key in public repo?
- EventBridge event:
AWS_RISK_CREDENTIALS_EXPOSED
- Step function: Delete keys