Other Activities

Detect Drift

Performing a drift detection operation on a stack determines whether the stack has drifted from its expected template configuration, and returns detailed information about the drift status of each resource in the stack that supports drift detection. You can try this out in the next section of this lab.

Automated Security Assessment

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.

Try It

  • Warning: it is likely to take more than an hour to run the asessment
  • Create an assessment on the lab by clicking here
  • Click on Assessment templates in the navigation menu
  • Select the Assessment-Template-Default-All-Rules template
  • Click Run
  • After the assessment is complete, you will see a number of findings Inspector Dashboard

Automated Configuration Management

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

Try It

  • Enable Config in the lab here
  • Add required-tags rule
  • Set tag1Key to Name
  • You will see that not all resources have got a name tag Config Dashboard

S3 Versioning and Logging

Versioning is a means of keeping multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures.

Server access logging provides detailed records for the requests that are made to an S3 bucket. Server access logs are useful for many applications. For example, access log information can be useful in security and access audits. It can also help you learn about your customer base and understand your Amazon S3 bill.

Try It

  • Server access logging is already enabled
  • Navigate to S3 by clicking here
  • Click on the S3 bucket beginning lab-
  • Click on the properties tab
  • Click on the versioning box
  • Select Enable versioning
  • Click Save