AWS – Natively available AWS features for enhancing security

AWS offers a bunch of natively security features that we can use to enhance security:

  • AWS API access security - via api keys
  • buitin vpc firewalls - private and public subnets. Encourages us to use private subnets whenever possible
  • IAM - only authenticated users and apps are granted access privileges
  • MFA - multifactor authentication - must use android phone as part of login process
  • Encrypt data stores - e.g. the Encrypted EBS feature, also s3 encryption
  • AWS direct connect - ISP's routes AWS traffic straight to AWS AZs, without going through the rest of the internet
  • Monitoring aws api usage - i.e. cloudtrail. Keeps track of user activities
  • AWS config - Lets you compare point-in-time snapshot view of how your infrastructure has changed over time. This is useful for example if you want to see what ec2 instances have been created/stopped/terminated a 5 days go, compared to today. ¬†Each point-in-time snapshot is documented in json format
  • Key management service - A place to store your private keys
  • A prart of AWS that's isolated from the rest of AWS in order for use by governments, aka govcloud. This part has industry standards to satisfy goverment security grequeiments.
  • CloudHSM - This is a Hardware Security Module (HSM) for hardware based encryption
  • AWS Trusted Advisor - This is an AWS support service (which is available as part of premiere support) where an AWS specialist reviews your infrastructure to identify any ways to improves your AWS setup's:
    • Cost efficiency
    • security
    • High Availability and ¬†fault tolerance
    • performance