AWS offers a bunch of natively security features that we can use to enhance security:
AnnouncementI have released my new course on Udemy, Kubernetes By Example. Sign up now to get free lifetime access!
- AWS API access security – via api keys
- buitin vpc firewalls – private and public subnets. Encourages us to use private subnets whenever possible
- IAM – only authenticated users and apps are granted access privileges
- MFA – multifactor authentication – must use android phone as part of login process
- Encrypt data stores – e.g. the Encrypted EBS feature, also s3 encryption
- AWS direct connect – ISP’s routes AWS traffic straight to AWS AZs, without going through the rest of the internet
- Monitoring aws api usage – i.e. cloudtrail. Keeps track of user activities
- AWS config – Lets you compare point-in-time snapshot view of how your infrastructure has changed over time. This is useful for example if you want to see what ec2 instances have been created/stopped/terminated a 5 days go, compared to today. Each point-in-time snapshot is documented in json format
- Key management service – A place to store your private keys
- A prart of AWS that’s isolated from the rest of AWS in order for use by governments, aka govcloud. This part has industry standards to satisfy goverment security grequeiments.
- CloudHSM – This is a Hardware Security Module (HSM) for hardware based encryption
- AWS Trusted Advisor – This is an AWS support service (which is available as part of premiere support) where an AWS specialist reviews your infrastructure to identify any ways to improves your AWS setup’s:
- Cost efficiency
- High Availability and fault tolerance