AWSGlossary

Security

Identity and Access Management (IAM), KMS, Secrets Manager, Cognito, WAF, Shield, and governance services. Learn how AWS protects data, enforces least privilege, and meets compliance.

AWS WAF: Rules, Managed Rule Groups & Pricing Explained

AWS WAF is a Layer 7 web application firewall for CloudFront, ALB, API Gateway, and AppSync. Learn rule groups, rate-based rules, CAPTCHA, logs, and pricing.

AWS Shield: Standard vs Advanced DDoS Protection Compared

AWS Shield protects AWS workloads from DDoS attacks. Standard is free always-on; Advanced is $3,000/month with SRT support, cost protection, and bundled WAF.

AWS Secrets Manager: Rotation, Pricing & RDS Integration

AWS Secrets Manager stores and rotates passwords, API keys, and DB credentials. Learn Lambda rotation, RDS integration, versioning, cross-account sharing, pricing.

AWS KMS: Key Types, Envelope Encryption & Pricing Guide

AWS KMS is a managed service for cryptographic keys. Learn customer-managed vs AWS-managed vs AWS-owned keys, key policies, envelope encryption, and pricing.

AWS IAM: Users, Roles, Policies & How It Works

AWS IAM controls who can access what in AWS. Learn users, groups, roles, identity vs resource-based policies, evaluation logic, MFA, and least-privilege best practices.

AWS IAM Role: Temporary Credentials, Trust Policies, Uses

An IAM role is an AWS identity with temporary STS credentials assumed by services, users, or federated principals. Learn trust vs permissions policies and uses.

IAM Role vs IAM User: Key Differences & Best Practices

IAM role vs IAM user compared: long-lived access keys vs temporary STS credentials, federation, instance profiles, and current AWS best practices for security.

AWS IAM Policy: JSON Structure, Types, Limits Explained

An AWS IAM policy is a JSON document with Effect, Action, Resource, and Condition fields. Learn managed vs inline, identity vs resource-based, and size limits.

Amazon GuardDuty: Threat Detection, Data Sources, Pricing

Amazon GuardDuty is managed threat detection using CloudTrail, VPC Flow Logs, DNS logs, and ML. Learn findings, EKS/S3/Lambda/Malware Protection, and pricing.

Amazon Cognito: User Pools, Identity Pools & Pricing

Amazon Cognito provides user sign-up/sign-in via User Pools and temporary AWS credentials via Identity Pools. Learn SAML/OIDC federation, MFA, JWTs, MAU pricing.