Security on AWS: A Brief Overview

AWS places a strong emphasis on security, providing a robust foundation for building secure applications and workloads. However, it's essential to understand the 𝘀𝗵𝗮𝗿𝗲𝗱 𝗿𝗲𝘀𝗽𝗼𝗻𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆 𝗺𝗼𝗱𝗲𝗹:

• 𝗔𝗪𝗦 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆: Securing the underlying cloud infrastructure (hardware, virtualization, networking, etc.).

• 𝗬𝗼𝘂𝗿 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆: Securing the workloads running on the AWS infrastructure (operating systems, applications, data, etc.).

𝗞𝗲𝘆 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗙𝗲𝗮𝘁𝘂𝗿𝗲𝘀 𝗮𝗻𝗱 𝗦𝗲𝗿𝘃𝗶𝗰𝗲𝘀:

• 𝗜𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝗮𝗻𝗱 𝗔𝗰𝗰𝗲𝘀𝘀 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 (𝗜𝗔𝗠): Centralized control of user access to AWS resources, Multi-factor authentication (MFA), Role-based access control (RBAC).

• 𝗢𝗿𝗴𝗮𝗻𝗶𝘇𝗮𝘁𝗶𝗼𝗻𝘀: Consolidate and manage multiple AWS accounts under a single umbrella. Set permissions boundaries using Service Control Policies (SCPs) to prevent unauthorized access and actions.

• 𝗧𝗿𝘂𝘀𝘁𝗲𝗱 𝗔𝗱𝘃𝗶𝘀𝗼𝗿: Helps to optimize AWS environment by providing real-time recommendations across several key areas such as cost optimization, performance, security etc.

• 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗚𝗿𝗼𝘂𝗽𝘀: Act as virtual firewalls for EC2 instances.

• 𝗡𝗲𝘁𝘄𝗼𝗿𝗸 𝗔𝗰𝗰𝗲𝘀𝘀 𝗖𝗼𝗻𝘁𝗿𝗼𝗹 𝗟𝗶𝘀𝘁𝘀 (𝗡𝗔𝗖𝗟𝘀): Control inbound and outbound traffic for subnets.

• 𝗪𝗔𝗙: Protects web applications from common web exploits.

• 𝗞𝗲𝘆 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 (𝗞𝗠𝗦): Manages and controls cryptographic keys.

• 𝗔𝗺𝗮𝘇𝗼𝗻 𝗜𝗻𝘀𝗽𝗲𝗰𝘁𝗼𝗿: Automatically assesses application vulnerabilities.

• 𝗖𝗹𝗼𝘂𝗱𝗧𝗿𝗮𝗶𝗹: Records AWS API calls for auditing and compliance.

• 𝗚𝘂𝗮𝗿𝗱𝗗𝘂𝘁𝘆: Threat detection service for malicious activity.

• 𝗖𝗼𝗻𝗳𝗶𝗴: Tracks configuration changes to AWS resources.

• 𝗦𝗵𝗶𝗲𝗹𝗱: Protects against DDoS attacks.

• 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗿: Manages SSL/TLS certificates.

• 𝗦𝗲𝗰𝗿𝗲𝘁𝘀 𝗠𝗮𝗻𝗮𝗴𝗲𝗿: Helps to securely store and retrieve sensitive information such as database credentials, API keys, OAuth tokens, and other secrets.

• 𝗖𝗹𝗼𝘂𝗱𝗛𝗦𝗠: Provides hardware security modules (HSMs) for generating and storing cryptographic keys.

• 𝗔𝗪𝗦 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗛𝘂𝗯: It is a cloud security posture management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation.