aws-cloud-mindmaps
What
This repo contains mindmaps that I have created about AWS based on public information. Since all of the information is already in the public domain, feel free to use and share these mindmaps as you see fit.
Why
This is how I learn. Creating the mindmaps helps me learn, and helps me explain a topic to others. I started using them with my customers and I got interrupted within a few min: "Will, can I please have that mindmap?". After many of these encounters I realized I should make them available to others who might find them useful as well.
Software
I am using Xmind Desktop Pro V8 (now called Classic) to create these mindmaps. These links below are read-only exports from Xmind Desktop Pro V8. For those interested in downloading the free version, here is the direct link.
Contributions
Several colleagues I work with help me review content, suggest improvements, point out errors, typos, etc. - thanks much to Anna, Alvaro, Dario, Ron, and many others for your help.
Known issues
So far the only issue I know about is with the export from Xmind in terms of capitalizing. For example, instead of "AWS Security Hub", the export shows as "Aws Security Hub". We have contacted Xmind and they logged this bug, and hope that will be fixed in a future release.
Contact information
If you have suggestions, fixes, improvements, or ideas to make these better or create new ones, please contact me at my work email: quilesw@amazon.com.
AWS Mindmaps
AWS Security Hub
AWS Security Hub is a cloud security posture management service that performs security best practice checks, aggregates alerts, and enables automated remediation. (Link to mindmap version 4.12)
Amazon GuardDuty
Amazon GuardDuty - A threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation. (Link to mindmap version 1.9)
Amazon Inspector
Amazon Inspector - An automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.
The original Inspector (prior to re:Invent) is now called Inspector Classic. The new Amazon Inspector, a completely rearchitected and redesigned version of Amazon Inspector Classic, is now available across AWS Regions. The new Amazon Inspector has expanded coverage to add support for container images residing in Amazon Elastic Container Registry (Amazon ECR) in addition to EC2 instances. The new Amazon Inspector offers multi-account support through integration with AWS Organizations, and continual software vulnerability and network reachability scanning based on common vulnerabilities and exposures (CVEs). We encourage you to explore and use these and other new and improved features, and to benefit from the significantly enhanced security value. (Link to mindmap version 1.10)
AWS CloudTrail (and intro to CloudTrail Lake)
AWS CloudTrail is an AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.
This mindmap also includes the recently released CloudTrail Lake. Cloud Trail Lake is a managed data lake that lets organizations aggregate, immutably store, and query events recorded by CloudTrail for auditing, security investigation, and operational troubleshooting. This new platform simplifies CloudTrail analysis workflows by integrating collection, storage, preparation, and optimization for analysis and query in the same product. This removes the need to maintain separate data processing pipelines that span across teams and products to analyze CloudTrail events. (Link to mindmap version 1.10)
AWS Config
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. (Link to mindmap version 1.5)