AWS – Natively available AWS features for enhancing security

AWS offers a bunch of natively security features that we can use to enhance security:

  • AWS API access security – via api keys
  • buitin vpc firewalls – private and public subnets. Encourages us to use private subnets whenever possible
  • IAM – only authenticated users and apps are granted access privileges
  • MFA – multifactor authentication – must use android phone as part of login process
  • Encrypt data stores – e.g. the Encrypted EBS feature, also s3 encryption
  • AWS direct connect – ISP’s routes AWS traffic straight to AWS AZs, without going through the rest of the internet
  • Monitoring aws api usage – i.e. cloudtrail. Keeps track of user activities
  • AWS config – Lets you compare point-in-time snapshot view of how your infrastructure has changed over time. This is useful for example if you want to see what ec2 instances have been created/stopped/terminated a 5 days go, compared to today.  Each point-in-time snapshot is documented in json format
  • Key management service – A place to store your private keys
  • A prart of AWS that’s isolated from the rest of AWS in order for use by governments, aka govcloud. This part has industry standards to satisfy goverment security grequeiments.
  • CloudHSM – This is a Hardware Security Module (HSM) for hardware based encryption
  • AWS Trusted Advisor – This is an AWS support service (which is available as part of premiere support) where an AWS specialist reviews your infrastructure to identify any ways to improves your AWS setup’s:
    • Cost efficiency
    • security
    • High Availability and  fault tolerance
    • performance