Security Services — WAF, Shield, GuardDuty, Macie, Inspector, Security Hub

Tổng quan

AWS cung cấp nhiều lớp bảo mật: WAF (web application firewall), Shield (DDoS protection), GuardDuty (threat detection), Macie (data protection), Inspector (vulnerability scanning), Security Hub (central dashboard).

AWS WAF & Shield

• WAF: Layer 7 firewall, attach vào CloudFront, ALB, API Gateway, AppSync.
• WAF Rules: IP match, geo match, rate-based, SQL injection, XSS, regex pattern.
• Managed Rule Groups: AWS managed (Core Rule Set, Bot Control) + Marketplace.
• Shield Standard: miễn phí, chống DDoS Layer 3/4 cơ bản.
• Shield Advanced: $3000/tháng, DDoS Response Team (DRT), cost protection, advanced metrics.
• Shield Advanced + WAF: auto-create WAF rules khi phát hiện DDoS Layer 7.

GuardDuty & Macie

• GuardDuty: ML-based threat detection, phân tích VPC Flow Logs, CloudTrail, DNS logs, EKS audit.
• Findings: Recon, UnauthorizedAccess, CryptoCurrency mining, Trojan...
• GuardDuty → EventBridge → Lambda auto-remediate (block IP, isolate instance).
• Macie: ML phát hiện sensitive data (PII, credit card, API keys) trong S3.
• Macie: sensitive data discovery job, automated scanning.

Inspector & Security Hub

• Inspector: automated vulnerability scanning cho EC2 (OS CVE), ECR images, Lambda functions.
• Inspector v2: agentless (SSM agent), continuous scanning, risk score.
• Security Hub: aggregator findings từ GuardDuty, Inspector, Macie, Firewall Manager, 3rd party.
• Security Hub: compliance checks (CIS Benchmark, PCI-DSS, AWS Foundational).
• Security Hub → EventBridge → auto-remediate.