DEV Community

Cover image for Security on AWS: A Brief Overview
Amal Kuriakose
Amal Kuriakose

Posted on • Updated on

Security on AWS: A Brief Overview

#aws #security

AWS places a strong emphasis on security, providing a robust foundation for building secure applications and workloads. However, it's essential to understand the ๐˜€๐—ต๐—ฎ๐—ฟ๐—ฒ๐—ฑ ๐—ฟ๐—ฒ๐˜€๐—ฝ๐—ผ๐—ป๐˜€๐—ถ๐—ฏ๐—ถ๐—น๐—ถ๐˜๐˜† ๐—บ๐—ผ๐—ฑ๐—ฒ๐—น:

  • ๐—”๐—ช๐—ฆ ๐—ฅ๐—ฒ๐˜€๐—ฝ๐—ผ๐—ป๐˜€๐—ถ๐—ฏ๐—ถ๐—น๐—ถ๐˜๐˜†: Securing the underlying cloud infrastructure (hardware, virtualization, networking, etc.).

  • ๐—ฌ๐—ผ๐˜‚๐—ฟ ๐—ฅ๐—ฒ๐˜€๐—ฝ๐—ผ๐—ป๐˜€๐—ถ๐—ฏ๐—ถ๐—น๐—ถ๐˜๐˜†: Securing the workloads running on the AWS infrastructure (operating systems, applications, data, etc.).

๐—ž๐—ฒ๐˜† ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—™๐—ฒ๐—ฎ๐˜๐˜‚๐—ฟ๐—ฒ๐˜€ ๐—ฎ๐—ป๐—ฑ ๐—ฆ๐—ฒ๐—ฟ๐˜ƒ๐—ถ๐—ฐ๐—ฒ๐˜€:

  • ๐—œ๐—ฑ๐—ฒ๐—ป๐˜๐—ถ๐˜๐˜† ๐—ฎ๐—ป๐—ฑ ๐—”๐—ฐ๐—ฐ๐—ฒ๐˜€๐˜€ ๐— ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜ (๐—œ๐—”๐— ): Centralized control of user access to AWS resources, Multi-factor authentication (MFA), Role-based access control (RBAC).

  • ๐—ข๐—ฟ๐—ด๐—ฎ๐—ป๐—ถ๐˜‡๐—ฎ๐˜๐—ถ๐—ผ๐—ป๐˜€: Consolidate and manage multiple AWS accounts under a single umbrella. Set permissions boundaries using Service Control Policies (SCPs) to prevent unauthorized access and actions.

  • ๐—ง๐—ฟ๐˜‚๐˜€๐˜๐—ฒ๐—ฑ ๐—”๐—ฑ๐˜ƒ๐—ถ๐˜€๐—ผ๐—ฟ: Helps to optimize AWS environment by providing real-time recommendations across several key areas such as cost optimization, performance, security etc.

  • ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—š๐—ฟ๐—ผ๐˜‚๐—ฝ๐˜€: Act as virtual firewalls for EC2 instances.

  • ๐—ก๐—ฒ๐˜๐˜„๐—ผ๐—ฟ๐—ธ ๐—”๐—ฐ๐—ฐ๐—ฒ๐˜€๐˜€ ๐—–๐—ผ๐—ป๐˜๐—ฟ๐—ผ๐—น ๐—Ÿ๐—ถ๐˜€๐˜๐˜€ (๐—ก๐—”๐—–๐—Ÿ๐˜€): Control inbound and outbound traffic for subnets.

  • ๐—ช๐—”๐—™: Protects web applications from common web exploits.

  • ๐—ž๐—ฒ๐˜† ๐— ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜ ๐—ฆ๐—ฒ๐—ฟ๐˜ƒ๐—ถ๐—ฐ๐—ฒ (๐—ž๐— ๐—ฆ): Manages and controls cryptographic keys.

  • ๐—”๐—บ๐—ฎ๐˜‡๐—ผ๐—ป ๐—œ๐—ป๐˜€๐—ฝ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Automatically assesses application vulnerabilities.

  • ๐—–๐—น๐—ผ๐˜‚๐—ฑ๐—ง๐—ฟ๐—ฎ๐—ถ๐—น: Records AWS API calls for auditing and compliance.

  • ๐—š๐˜‚๐—ฎ๐—ฟ๐—ฑ๐——๐˜‚๐˜๐˜†: Threat detection service for malicious activity.

  • ๐—–๐—ผ๐—ป๐—ณ๐—ถ๐—ด: Tracks configuration changes to AWS resources.

  • ๐—ฆ๐—ต๐—ถ๐—ฒ๐—น๐—ฑ: Protects against DDoS attacks.

  • ๐—–๐—ฒ๐—ฟ๐˜๐—ถ๐—ณ๐—ถ๐—ฐ๐—ฎ๐˜๐—ฒ ๐— ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—ฟ: Manages SSL/TLS certificates.

  • ๐—ฆ๐—ฒ๐—ฐ๐—ฟ๐—ฒ๐˜๐˜€ ๐— ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—ฟ: Helps to securely store and retrieve sensitive information such as database credentials, API keys, OAuth tokens, and other secrets.

  • ๐—–๐—น๐—ผ๐˜‚๐—ฑ๐—›๐—ฆ๐— : Provides hardware security modules (HSMs) for generating and storing cryptographic keys.

  • ๐—”๐—ช๐—ฆ ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—›๐˜‚๐—ฏ: It is a cloud security posture management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation.

Top comments (0)

Read next

ifedayo profile image

Production-Ready Vault Deployment on EC2: A Detailedย Guide

Ifedayo Adesiyan -

gitchimp88 profile image

Request Strapi's REST API behind a Content Delivery Network (CDN)

Michael -

shivam_agnihotri profile image

Amazon Web Services (AWS): DevOps in the Cloud : Day 36 of 50 days DevOps Tools Series

Shiivam Agnihotri -

lakhera2015 profile image

๐ŸŽ‰ My Road to Amazon Web Services (AWS) Certified AI Practitioner Certification๐ŸŽ‰

Prashant Lakhera -