Task Statement 4.1: Implement and maintain network features to meet security and compliance needs and requirements.
📘AWS Certified Advanced Networking – Specialty
1. What is a Threat Model?
A threat model is a structured way to:
- Identify possible security threats
- Understand where attacks can happen
- Decide how to protect the system
It answers three key questions:
- What are we protecting?
- What can go wrong?
- How do we stop it?
2. Why Threat Modeling is Important in AWS Networking
In AWS, applications can be built in different ways (architectures), such as:
- Public-facing web applications
- Private internal systems
- Hybrid cloud environments
Each architecture has different risks, so:
👉 You must design network security controls based on the architecture
3. Key Concepts You Must Know for the Exam
3.1 Assets
Things you need to protect:
- Data (databases, files)
- Applications (APIs, services)
- Infrastructure (EC2, VPC, load balancers)
3.2 Threats
Possible attacks, such as:
- Unauthorized access
- Data leakage
- Denial of service
- Traffic interception
3.3 Attack Surface
All possible entry points into your system:
- Open ports
- Public IPs
- APIs
- Load balancers
👉 Larger attack surface = higher risk
3.4 Trust Boundaries
Points where:
- Data moves between different security zones
Examples:
- Internet → VPC
- Public subnet → Private subnet
- On-premises → AWS
👉 These are high-risk areas
4. Common Threat Modeling Framework (Exam Tip)
You should know STRIDE:
| Threat Type | Meaning |
|---|---|
| S | Spoofing (fake identity) |
| T | Tampering (data modification) |
| R | Repudiation (denying actions) |
| I | Information Disclosure |
| D | Denial of Service (DoS) |
| E | Elevation of Privilege |
👉 STRIDE helps you systematically identify threats.
5. Threat Models Based on Application Architecture
Now the most important part for the exam.
Different architectures = different threat models.
5.1 Public-Facing Web Application Architecture
Description
- Application is accessible from the internet
- Uses:
- Public load balancer
- Public subnets
- Backend in private subnets
Threats
- DDoS attacks
- Flooding the application with traffic
- Web attacks
- SQL injection
- Cross-site scripting (XSS)
- Unauthorized access
- Exploiting open ports
- Data exposure
- Sensitive data sent over insecure channels
AWS Security Controls
- AWS Shield
- Protects against DDoS
- AWS WAF
- Filters malicious HTTP traffic
- Security Groups
- Allow only required ports (e.g., 80, 443)
- Private subnets
- Keep backend systems hidden
- TLS (HTTPS)
- Encrypt data in transit
Key Exam Insight
👉 Internet-facing = highest risk level
5.2 Internal Application (Private Architecture)
Description
- No internet access
- Only accessible within VPC or corporate network
Threats
- Insider threats
- Unauthorized internal users
- Lateral movement
- Attack spreading inside network
- Misconfigured permissions
- Overly permissive access
AWS Security Controls
- Network ACLs and Security Groups
- IAM roles and policies
- VPC endpoints (no internet exposure)
- Traffic monitoring (VPC Flow Logs)
Key Exam Insight
👉 Even without internet, threats still exist internally.
5.3 Multi-Tier Architecture (3-Tier)
Description
Typical layers:
- Web tier (public)
- Application tier (private)
- Database tier (private)
Threats
- Compromise of one tier affects others
- Unauthorized communication between tiers
- Data access attacks on database
AWS Security Controls
- Separate subnets per tier
- Strict Security Group rules:
- Web → App only
- App → DB only
- No direct DB exposure
Key Exam Insight
👉 Apply least privilege network access between tiers
5.4 Serverless Architecture (Lambda, API Gateway)
Description
- Uses managed services:
- AWS Lambda
- API Gateway
- DynamoDB
Threats
- API abuse
- Excessive or malicious API calls
- Event injection
- Malicious input to Lambda
- Permission misconfiguration
- Over-permissive IAM roles
AWS Security Controls
- API Gateway throttling
- IAM role restrictions
- Input validation
- AWS WAF on API Gateway
Key Exam Insight
👉 Focus more on IAM + API security, less on network
5.5 Hybrid Architecture (On-Premises + AWS)
Description
- Connected using:
- VPN
- Direct Connect
Threats
- Data interception over connection
- Untrusted on-prem network
- Routing misconfiguration
- Man-in-the-middle attacks
AWS Security Controls
- VPN encryption (IPsec)
- Private virtual interfaces (Direct Connect)
- Route filtering
- Network segmentation
Key Exam Insight
👉 Hybrid = extended attack surface
5.6 Microservices Architecture
Description
- Many small services communicate over network
Threats
- Service-to-service attacks
- Unsecured internal APIs
- Increased attack surface
- Identity spoofing between services
AWS Security Controls
- Service authentication (IAM roles)
- mTLS (mutual TLS)
- Service mesh (e.g., AWS App Mesh)
- Network segmentation
Key Exam Insight
👉 More services = more communication paths = more risk
6. Mapping Threats to AWS Network Controls
| Threat | AWS Solution |
|---|---|
| DDoS | AWS Shield |
| Web attacks | AWS WAF |
| Unauthorized access | Security Groups |
| Data interception | TLS, VPN |
| Internal attacks | Network ACLs |
| API abuse | API Gateway throttling |
| Misconfiguration | IAM policies |
7. Best Practices for Threat Modeling in AWS
7.1 Minimize Attack Surface
- Avoid unnecessary public IPs
- Use private subnets
7.2 Use Defense in Depth
Multiple layers of security:
- WAF
- Security Groups
- NACLs
- IAM
7.3 Apply Least Privilege
- Only allow required access
- Restrict ports and IP ranges
7.4 Encrypt Everything
- Data in transit (TLS)
- Data at rest
7.5 Monitor and Log
- VPC Flow Logs
- CloudTrail
- CloudWatch
8. Exam Tips (Very Important)
✔ Know how architecture affects threats
✔ Understand public vs private risk differences
✔ Remember STRIDE model
✔ Focus on AWS-native security services
✔ Always think:
👉 Where is the traffic coming from?
👉 What can attack it?
9. Quick Summary
- Threat modeling identifies risks and protections
- Different architectures have different threats
- Key architectures:
- Public web apps → DDoS, web attacks
- Private apps → insider threats
- Multi-tier → lateral movement
- Serverless → API/IAM risks
- Hybrid → connection security
- Microservices → service-to-service threats
- Use AWS tools like:
- WAF, Shield, IAM, Security Groups, VPN
