- Tác giả
- Name
- Nguyễn Đức Xinh
- Ngày xuất bản
- Ngày xuất bản
Bảng Tổng Hợp Các Dịch Vụ AWS: Bảo Mật, Giám Sát, Quản Lý, Phân Tích, Tối Ưu Hóa, Tuân Thủ
Security & Compliance Services
Amazon GuardDuty
What It Does: Intelligent threat detection service using ML that continuously monitors for malicious activity
Key Features:
- Machine learning-based anomaly detection
- Integrated threat intelligence
- DNS log analysis
- VPC Flow Log monitoring
Use Cases:
- Phát hiện các trường hợp bị xâm phạm(Detecting compromised instances)
- Phát hiện khai thác tiền điện tử(Cryptocurrency mining detection)
- Tấn công do thám(Reconnaissance attacks)
- Ngăn chặn đánh cắp dữ liệu(Data exfiltration prevention)
Pricing: Pay-per-use based on volume of events analyzed (CloudTrail, DNS, VPC Flow Logs)
Target Services: CloudTrail, VPC Flow Logs, DNS, S3, EKS, RDS, Lambda
Amazon Inspector
What It Does: Automated vulnerability assessment service for applications and infrastructure
Key Features:
- Continuous scanning
- Software vulnerability detection
- Network reachability analysis
- Prioritized findings
Use Cases:
- Application security assessments
- Compliance scanning
- Container image vulnerability scanning
Pricing: Pay-per-assessment for EC2 instances and container images
Target Services: EC2 instances, ECR container images, Lambda functions
Amazon Macie
What It Does: AI-powered data security service that discovers and protects sensitive data
Key Features:
- Automated data discovery
- PII detection
- Data classification
- Access pattern analysis
Use Cases:
- Data privacy compliance (GDPR, HIPAA)
- Sensitive data discovery
- Data loss prevention
Pricing: Pay-per-GB of data processed and per S3 bucket monitored
Target Services: Amazon S3 buckets and objects
AWS Security Hub
AWS Security Hub là trung tâm bảo mật tập trung của AWS, giúp bạn tổng hợp, phân tích và quản lý trạng thái bảo mật trên toàn bộ tài khoản AWS. (Centralized security posture management dashboard)
Key Features:
- Aggregates findings from multiple security services
- Compliance checks
- Automated remediation
- Custom insights
Use Cases:
- Central security operations center
- Compliance reporting
- Multi-account security management
Pricing: Pay-per-finding ingested and per compliance check
Target Services: GuardDuty, Inspector, Macie, Config, third-party tools
Amazon Security Lake
What It Does: Purpose-built data lake for security data
Key Features:
- Automatic data normalization
- OCSF format
- Centralized storage
- Query capabilities
Use Cases:
- Security analytics
- Threat hunting
- Compliance reporting
- Custom security applications
Pricing: Pay for data ingestion, storage, and queries
Target Services: CloudTrail, GuardDuty, VPC Flow Logs, third-party sources
Monitoring & Observability Services
| Service | What It Does | Key Features | Use Cases | Pricing | Target Services |
|---|---|---|---|---|---|
| AWS CloudTrail | API activity logging and audit service | Comprehensive API call logging, data event tracking, insight events, multi.region trails | Compliance auditing, security analysis, operational troubleshooting, forensic investigation | Pay.per.trail and per data event recorded | All AWS services that make API calls |
| Amazon CloudWatch | Comprehensive monitoring and observability platform | Metrics collection, log aggregation, alarms, dashboards, application insights | Performance monitoring, resource optimization, automated scaling, troubleshooting | Pay.per.metric, log ingestion, API requests, and dashboard usage | EC2, Lambda, RDS, custom applications, on.premises |
| AWS X.Ray | Distributed application tracing service | End.to.end request tracing, service maps, performance analysis, error detection | Microservices debugging, performance optimization, bottleneck identification | Pay.per.trace recorded and retrieved | Lambda, EC2, ECS, Elastic Beanstalk, API Gateway |
Management & Governance Services
| Service | What It Does | Key Features | Use Cases | Pricing | Target Services |
|---|---|---|---|---|---|
| AWS Trusted Advisor | Real.time guidance and recommendations service | Cost optimization recommendations, security checks, performance insights, fault tolerance analysis | Cost reduction, security improvements, performance optimization, best practices implementation | Basic checks free with AWS Support; full checks with Business/Enterprise Support | All AWS services and account.wide configurations |
| AWS Config | Configuration management and compliance monitoring | Resource configuration tracking, compliance rules, configuration history, change notifications | Compliance monitoring, configuration drift detection, change management, audit trails | Pay.per.configuration item recorded and per rule evaluation | All supported AWS resources across your account |
| AWS Control Tower | Multi.account governance and setup service | Automated account provisioning, guardrails .SCPs., centralized logging, compliance dashboards | Multi.account strategy, organizational governance, compliance automation | Pay.per.managed account and data events processed | AWS Organizations, CloudFormation, Config, CloudTrail |
Analytics & Data Processing Services
| Service | What It Does | Key Features | Use Cases | Pricing | Target Services |
|---|---|---|---|---|---|
| Amazon Athena | Serverless interactive query service | SQL queries on S3 data, no infrastructure management, integration with AWS Glue, multiple data formats | Ad.hoc data analysis, log analysis, business intelligence, data lake queries | Pay.per.query based on data scanned | Amazon S3, AWS Glue Data Catalog |
| AWS Glue | Fully managed ETL .Extract, Transform, Load. service | Serverless data integration, automatic schema discovery, visual ETL jobs, data catalog | Data preparation, data lake creation, data warehouse loading, data migration | Pay.per.DPU .Data Processing Unit. hour for ETL jobs and crawler runtime | S3, RDS, Redshift, on.premises databases |
Optimization & Cost Management Services
| Service | What It Does | Key Features | Use Cases | Pricing | Target Services |
|---|---|---|---|---|---|
| AWS Compute Optimizer | Machine learning.powered resource optimization service | Right.sizing recommendations, performance risk analysis, cost savings estimates, utilization metrics | Cost optimization, performance improvement, capacity planning | Free service .no additional charges. | EC2 instances, Auto Scaling groups, EBS volumes, Lambda functions |
Compliance & Audit Services
| Service | What It Does | Key Features | Use Cases | Pricing | Target Services |
|---|---|---|---|---|---|
| AWS Artifact | Compliance documentation and agreement management | On.demand access to compliance reports, security certifications, audit artifacts, SOC/ISO/HIPAA reports, BAA management | Compliance audits, security assessments, regulatory requirements, due diligence | Free service .no charges for accessing documents. | Account.wide compliance and legal documentation |