100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace

Cloud Security Fundamentals Cheat Sheet

Cloud Security Fundamentals Cheat Sheet

Foundational cloud security concepts including the shared responsibility model, encryption, network controls, and identity hardening.

2 PagesIntermediateFeb 5, 2026

Least-Privilege IAM Policy (AWS)

Scoped policy granting only what's needed, nothing more.

json
{  "Version": "2012-10-17",  "Statement": [    {      "Effect": "Allow",      "Action": ["s3:GetObject"],      "Resource": "arn:aws:s3:::my-bucket/reports/*",      "Condition": {        "IpAddress": {"aws:SourceIp": "203.0.113.0/24"}      }    }  ]}

Restrictive Security Group (AWS CLI)

Allow SSH only from a known IP range, not 0.0.0.0/0.

bash
aws ec2 authorize-security-group-ingress \  --group-id sg-0123456789abcdef0 \  --protocol tcp --port 22 \  --cidr 203.0.113.0/24

Shared Responsibility Model

Key shared responsibility model to know.

  • Provider Responsibility- Security OF the cloud: physical datacenters, hardware, hypervisor, network infrastructure
  • Customer Responsibility- Security IN the cloud: data, IAM, OS patching (IaaS), app config, network controls
  • IaaS vs PaaS vs SaaS- Customer's share of responsibility shrinks as you move from IaaS to SaaS
  • Encryption Responsibility- Provider often encrypts at rest by default; customer must manage keys and enable in-transit TLS

Core Security Controls

Key core security controls to know.

  • Encryption at Rest- Protects stored data using provider-managed or customer-managed keys (KMS)
  • Encryption in Transit- TLS/HTTPS protects data moving between services and clients
  • Network Segmentation- VPCs/VNets, subnets, and security groups restrict lateral movement
  • MFA- Multi-factor authentication drastically reduces credential-theft risk, especially for privileged accounts
  • CSPM (Cloud Security Posture Management)- Continuously scans for misconfigurations against best-practice benchmarks (e.g. CIS)
  • Audit Logging- CloudTrail/Activity Log/Cloud Audit Logs record every API call for forensics and compliance
Pro Tip

Treat public storage buckets and open security groups (0.0.0.0/0) as the default failure mode to guard against — misconfigured access controls, not sophisticated exploits, cause the vast majority of real-world cloud breaches.

Was this cheat sheet helpful?

Explore Topics

#CloudSecurityFundamentals#CloudSecurityFundamentalsCheatSheet#CloudComputing#Intermediate#Least#Privilege#IAM#Policy#Networking#Security#CheatSheet#SkillVeris
Advertisement
Sri Hayavadhana Info-Tech

Professional Web Designing Services

  • Responsive Websites
  • E-commerce Solutions
  • SEO Friendly Design
  • Fast & Secure
  • Support & Maintenance
Get a Free Quote

Share this Cheat Sheet