├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── recipe-request.md ├── 101-Creating-and-Assuming-an-IAM-Role ├── .gitignore ├── README.md └── assume-role-policy-template.json ├── 102-Generate-Least-Privilege-IAM-Policy └── README.md ├── 103-Enforcing-IAM-User-Password-Policies └── README.md ├── 104-Testing-IAM-Policies-with-the-IAM-Policy-Simulator ├── README.md ├── TestingIAMPolicieswiththeIAMPolicySimulator.png └── assume-role-policy.json ├── 105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries ├── .gitignore ├── README.md ├── assume-role-policy-template.json ├── boundary-policy-template.json ├── lambda-assume-role-policy.json ├── lambda_function.py └── policy-template.json ├── 106-Connecting-to-EC2-Instances-Using-Session-Manager ├── ConnectingToEC2InstancesUsingAWSSSMSessionManager.png ├── README.md ├── assume-role-policy.json └── cdk-AWS-Cookbook-106 │ ├── .gitignore │ ├── README.md │ ├── app.py │ ├── cdk.json │ ├── cdk_aws_cookbook_106 │ ├── __init__.py │ └── cdk_aws_cookbook_106_stack.py │ ├── helper.py │ ├── requirements.txt │ ├── setup.py │ └── source.bat ├── 107-Encrypting-EBS-Volumes-Using-KMS-Keys └── README.md ├── 108-Storing-Encrypting-Accessing-Passwords ├── .gitignore ├── README.md ├── cdk-AWS-Cookbook-108 │ ├── .gitignore │ ├── README.md │ ├── app.py │ ├── cdk.json │ ├── cdk_aws_cookbook_108 │ │ ├── __init__.py │ │ └── cdk_aws_cookbook_108_stack.py │ ├── helper.py │ ├── requirements.txt │ ├── setup.py │ └── source.bat └── secret-access-policy-template.json ├── 109-Blocking-Public-Access-for-S3-Buckets ├── .gitignore ├── README.md └── public-read-template.json ├── 110-Serving-Web-Content-Securely-from-S3-with-CloudFront ├── .gitignore ├── README.md ├── bucket-policy-template.json └── distribution-template.json ├── LICENSE └── README.md /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/.github/ISSUE_TEMPLATE/bug_report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/recipe-request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/.github/ISSUE_TEMPLATE/recipe-request.md -------------------------------------------------------------------------------- /101-Creating-and-Assuming-an-IAM-Role/.gitignore: -------------------------------------------------------------------------------- 1 | assume-role-policy.json -------------------------------------------------------------------------------- /101-Creating-and-Assuming-an-IAM-Role/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/101-Creating-and-Assuming-an-IAM-Role/README.md -------------------------------------------------------------------------------- /101-Creating-and-Assuming-an-IAM-Role/assume-role-policy-template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/101-Creating-and-Assuming-an-IAM-Role/assume-role-policy-template.json -------------------------------------------------------------------------------- /102-Generate-Least-Privilege-IAM-Policy/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/102-Generate-Least-Privilege-IAM-Policy/README.md -------------------------------------------------------------------------------- /103-Enforcing-IAM-User-Password-Policies/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/103-Enforcing-IAM-User-Password-Policies/README.md -------------------------------------------------------------------------------- /104-Testing-IAM-Policies-with-the-IAM-Policy-Simulator/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/104-Testing-IAM-Policies-with-the-IAM-Policy-Simulator/README.md -------------------------------------------------------------------------------- /104-Testing-IAM-Policies-with-the-IAM-Policy-Simulator/TestingIAMPolicieswiththeIAMPolicySimulator.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/104-Testing-IAM-Policies-with-the-IAM-Policy-Simulator/TestingIAMPolicieswiththeIAMPolicySimulator.png -------------------------------------------------------------------------------- /104-Testing-IAM-Policies-with-the-IAM-Policy-Simulator/assume-role-policy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/104-Testing-IAM-Policies-with-the-IAM-Policy-Simulator/assume-role-policy.json -------------------------------------------------------------------------------- /105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/.gitignore -------------------------------------------------------------------------------- /105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/README.md -------------------------------------------------------------------------------- /105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/assume-role-policy-template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/assume-role-policy-template.json -------------------------------------------------------------------------------- /105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/boundary-policy-template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/boundary-policy-template.json -------------------------------------------------------------------------------- /105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/lambda-assume-role-policy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/lambda-assume-role-policy.json -------------------------------------------------------------------------------- /105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/lambda_function.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/lambda_function.py -------------------------------------------------------------------------------- /105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/policy-template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/105-Delegating-IAM-Administrative-Capabilities-Using-Permissions-Boundaries/policy-template.json -------------------------------------------------------------------------------- /106-Connecting-to-EC2-Instances-Using-Session-Manager/ConnectingToEC2InstancesUsingAWSSSMSessionManager.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/106-Connecting-to-EC2-Instances-Using-Session-Manager/ConnectingToEC2InstancesUsingAWSSSMSessionManager.png -------------------------------------------------------------------------------- /106-Connecting-to-EC2-Instances-Using-Session-Manager/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/106-Connecting-to-EC2-Instances-Using-Session-Manager/README.md -------------------------------------------------------------------------------- /106-Connecting-to-EC2-Instances-Using-Session-Manager/assume-role-policy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/106-Connecting-to-EC2-Instances-Using-Session-Manager/assume-role-policy.json -------------------------------------------------------------------------------- /106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/.gitignore -------------------------------------------------------------------------------- /106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/README.md -------------------------------------------------------------------------------- /106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/app.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/app.py -------------------------------------------------------------------------------- /106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/cdk.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/cdk.json -------------------------------------------------------------------------------- /106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/cdk_aws_cookbook_106/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/cdk_aws_cookbook_106/cdk_aws_cookbook_106_stack.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/cdk_aws_cookbook_106/cdk_aws_cookbook_106_stack.py -------------------------------------------------------------------------------- /106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/helper.py -------------------------------------------------------------------------------- /106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/requirements.txt: -------------------------------------------------------------------------------- 1 | -e . 2 | boto3 -------------------------------------------------------------------------------- /106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/setup.py -------------------------------------------------------------------------------- /106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/source.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/106-Connecting-to-EC2-Instances-Using-Session-Manager/cdk-AWS-Cookbook-106/source.bat -------------------------------------------------------------------------------- /107-Encrypting-EBS-Volumes-Using-KMS-Keys/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/107-Encrypting-EBS-Volumes-Using-KMS-Keys/README.md -------------------------------------------------------------------------------- /108-Storing-Encrypting-Accessing-Passwords/.gitignore: -------------------------------------------------------------------------------- 1 | secret-access-policy.json 2 | -------------------------------------------------------------------------------- /108-Storing-Encrypting-Accessing-Passwords/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/108-Storing-Encrypting-Accessing-Passwords/README.md -------------------------------------------------------------------------------- /108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/.gitignore -------------------------------------------------------------------------------- /108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/README.md -------------------------------------------------------------------------------- /108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/app.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/app.py -------------------------------------------------------------------------------- /108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/cdk.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/cdk.json -------------------------------------------------------------------------------- /108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/cdk_aws_cookbook_108/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/cdk_aws_cookbook_108/cdk_aws_cookbook_108_stack.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/cdk_aws_cookbook_108/cdk_aws_cookbook_108_stack.py -------------------------------------------------------------------------------- /108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/helper.py -------------------------------------------------------------------------------- /108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/requirements.txt: -------------------------------------------------------------------------------- 1 | -e . 2 | boto3 -------------------------------------------------------------------------------- /108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/setup.py -------------------------------------------------------------------------------- /108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/source.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/108-Storing-Encrypting-Accessing-Passwords/cdk-AWS-Cookbook-108/source.bat -------------------------------------------------------------------------------- /108-Storing-Encrypting-Accessing-Passwords/secret-access-policy-template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/108-Storing-Encrypting-Accessing-Passwords/secret-access-policy-template.json -------------------------------------------------------------------------------- /109-Blocking-Public-Access-for-S3-Buckets/.gitignore: -------------------------------------------------------------------------------- 1 | public-read.json -------------------------------------------------------------------------------- /109-Blocking-Public-Access-for-S3-Buckets/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/109-Blocking-Public-Access-for-S3-Buckets/README.md -------------------------------------------------------------------------------- /109-Blocking-Public-Access-for-S3-Buckets/public-read-template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/109-Blocking-Public-Access-for-S3-Buckets/public-read-template.json -------------------------------------------------------------------------------- /110-Serving-Web-Content-Securely-from-S3-with-CloudFront/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/110-Serving-Web-Content-Securely-from-S3-with-CloudFront/.gitignore -------------------------------------------------------------------------------- /110-Serving-Web-Content-Securely-from-S3-with-CloudFront/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/110-Serving-Web-Content-Securely-from-S3-with-CloudFront/README.md -------------------------------------------------------------------------------- /110-Serving-Web-Content-Securely-from-S3-with-CloudFront/bucket-policy-template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/110-Serving-Web-Content-Securely-from-S3-with-CloudFront/bucket-policy-template.json -------------------------------------------------------------------------------- /110-Serving-Web-Content-Securely-from-S3-with-CloudFront/distribution-template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/110-Serving-Web-Content-Securely-from-S3-with-CloudFront/distribution-template.json -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AWSCookbook/Security/HEAD/README.md --------------------------------------------------------------------------------