Skip to main content
  1. Projects/
  2. Certification: AWS DevOps Pro/
  3. 4: Incident and Event Response/

8: Loose ends on incident response

·1 min

Destinations for S3 bucket events?

  • SNS
  • SQS
  • Lambda
  • EventBridge

What else about S3 is automated?

  • Lifecycle expiration
  • Lifecycle transition
  • Intelligent tiering, archiving
  • Object tagging

Which services are event-driven?

  • Lambda
  • Cloudwatch
  • EventBridge
  • Kinesis

Which ones also contribute to event-driven?

  • CloudTrail: Findings can be actionable, trigger lambdas
  • Config: Compliance issues, remediation actions
  • S3: Use as repo, trigger pipeline actions on PUT

What’s, like, general security automation workflow?

  1. Monitor
  • CloudWatch
  • CloudTrail
  • GuardDuty
  • Macie
  1. Detect
  • SecurityHub
  • GuardDuty
  1. Remediate
  • Lambda
  • Systems manager

Sec / Compliance Monitoring:

  • Lambda -> Trusted Advisor: Automate security checks
  • Config -> Lambda: Download data from AWS config

How to notify when access key in public repo?

  • EventBridge event: AWS_RISK_CREDENTIALS_EXPOSED
  • Step function: Delete keys