DEV Community: Aditya Gaur

A Beginner’s Guide to Cloud Computing

Aditya Gaur — Tue, 16 Nov 2021 04:31:55 +0000

I’m assuming that you must be really curious about cloud computing if you are here. This article is for college undergraduates or the beginners who want to explore or build their career in cloud computing. Moreover, anyone can give it a read, all we need is just a desire to learn!

I know it’s been a while being stuck in this new normal and some of us are really tire of this monotonous routine. Hence, throughout this article, I’ll try to not to sound like a monologue. I know what kind of questions you may have related to cloud computing; hence I’ll try to cover all of ’em. Trust me, I’ve been there, done that. Now it’s my time to help you all. 😊

So, you’ve to just assume that you are sitting right in front of me and we are doing a podcast together.

Let’s begin with our first question.

Why Cloud?

Computer Science is a vast field and it’s been in the industry for many years. But emerging as a cascade, it has emerged into a large delta of rivers, all flowing together into the corporate world. Earlier people had this perception that by pursuing computer science one can only become a software engineer. And by software engineer they meant only coding. But now it’s lot more than that, really a lot! We all have witnessed a tremendous growth and advancement in the technology over the last few decades. But unfortunately, the pace of revision of our curriculum of what we study in colleges is too low than this growth rate. It’s all the game of supply and demand. With the new technologies making our lives easier day by day, we need people to keep making it happen and consistent.

This can go very long, so let’s jump back to cloud. As of now, most of the organizations are somehow dependent on cloud. Cloud has become one of the necessities like internet. Now you can imagine the horizon of opportunities cloud lays in front of us.

There are of course many paths to pursue in the field of computer science, but in this article, I’ll just stick to cloud computing.

How having a distinct skill set helps in a career growth?

You might say that why don’t just study what’s there in curriculum? Why the need to study extra?

Yes, that’s not a wrong way but considering the competition you need a lot more than that. This is the world of ‘Master of one thing and Jack of everything’. But remember don’t let yourself become a frog of a well.

Everyone has a unique skill set and abilities. Hence, it’s always preferable to explore things of your interests and start getting familiar with those things. And don’t forget it’s a responsibility of a computer science engineer to be familiar with all of your concerned fields as well. Having a skill set that could make you feel confident and familiarizing with the other domains is always a good trait.

How would you know what is your best until you try some things? During the first year of our courses, we tend to spend most of our time in adjusting in the new environment. It’s a transitional phase from school to colleges. It’s fun and adventurous. The next phase i.e. the second year is all about exploring. People explore different horizons of their streams. The next year i.e. the penultimate year of the entire course is the time where we tend to make differences. And the rest is a marathon we all are running in.

How to start with cloud?

Azure, AWS, GCP, Oracle…..

Where to start?

It might sound very confusing that which cloud platform is best for the beginners. But it’s not.

The recommended pathway is to first understand the basic architecture of cloud computing and its underlying technology. Try to understand the different service models and deployment models of cloud and how are they distinct from each other. Then dig little bit about virtualization, gain some knowledge around hypervisors, how virtualization takes place at the root level etc.

This thing is vendor neutral. You don’t need to have any prior knowledge of any of the platforms to understand this. After getting familiar with the basic concepts of cloud you can start your cloud journey with any of the cloud platforms you like.

Trust me, there’s no that much difference. The architecture is nearly same, just different nomenclature of services. See, which platform is relevant to you in terms of the resources you could gather easily for understanding their services. Many platforms are providing several learning opportunities at free of cost. Now it’s your turn to explore. Here I’ll stick to AWS.

· Find free courses and much more on aws.training

· AWS Skill Builder Platform

· A lot of insightful videos on AWS Technology at AWS Youtube Channel

· Find many learning and career opportunities for student at awseducate

There are some good paid courses as well. But why to spend money when you’ve so much resources at free of cost. But still if you want everything at one place than I’d recommend you to go for the following course on Udemy.

Ultimate AWS Certified Cloud Practitioner — 2021 By Stephane Maarek — https://www.udemy.com/course/aws-certified-cloud-practitioner-new/

Take your time, focus on exploring more rather than just completing the courses. Try to implement the things on your own. You can even start with creating a free tier account on AWS.

Happy learning!

How I passed the AWS Certified Cloud Practitioner Exam?

Aditya Gaur — Wed, 28 Jul 2021 17:48:00 +0000

I recently passed the AWS Cloud Practitioner Exam and felt the need to share my experience with you all. Today I’m going to tell you how to prepare for this exam and get certified in just one week! Trust me it really feels amazing to be called AWS Certified, and you too can gain this title easily.

Why this exam?

AWS Certified Cloud Practitioner is a foundational-level AWS Certification and is for those people who want to kickstart their career in cloud computing, especially for beginners. And it’s the cheapest AWS exam available that can give you the tag of ‘AWS Certified.’ If you are looking to become a solutions architect, then you can begin your pathway from this exam. Although it is not mandatory to pass this exam to appear for any other AWS exam, but there are some reasons I’ll tell you that why should you give this exam first but at the end of this blog. It doesn’t matter if you are technical or non-technical, if you have little interest in the cloud or you want to build your career in it then passing this exam can be a great deal for you!

How should you start preparing for it?

First of all, become familiar with the exam, it’s architecture, format, types of questions, syllabus and all those kinds of things. Then plan accordingly and start studying. You can find the exam’s official study guide and sample questions by clicking the link given below.

https://aws.amazon.com/certification/certified-cloud-practitioner/

The Actual Preparation!

The course of this exam is designed in a way to make you aware of almost all the service offerings of AWS and it’s just not limited to compute, network, storage, and database services. You’d have to be aware of the other offerings also like Machine Learning, Analytics, Developer Tools, etc. So, it’s preferable to come up with a list of all the services that fall under the scope of this exam. Do it on your own, it’ll help you to understand the AWS Global Infrastructure. Integrate this list with your schedule, give time to each and every service. For a better learning experience, you can create an AWS account as well. Go ahead and leverage the AWS Free Tier of 12 months. Start experimenting on your own. Although there are limits on the services and usage but for the sake of passing this exam, the free tier is more than sufficient.

This was the manual guide to prepare for the exam. There are plenty of other resources and already designed courses available on the web. You can purchase one from Cloud Academy, A Cloud Guru, or Linux Academy. These websites are preferred when you are preparing for a higher level of certification. For the Cloud Practitioner exam, you can find many free resources. Let me list them all one by one.

- Free courses available on aws.training

This website is not only for registering for exams, besides that it provides free learning material that can be very useful and can be found under the tab ‘Learning Library’.

- AWS Virtual Summits

Due to the outbreak of COVID-19, all the AWS summits are being held online and that too free of cost. These virtual summits are very interactive, you can attend webinars and sessions, and sometimes quizzes too! I recently participated in the AWS Hong Kong Virtual Summit and won an AWS Tote Bag as a reward for participating in some of the events.

Click the link given below to see the upcoming AWS Events.

https://aws.amazon.com/events/

- AWS Whitepapers

AWS keeps on publishing whitepapers of its services, best practices, and usage. These can be very insightful and can help you a lot in your preparation. All these whitepapers can be found online on the AWS official website free of cost.

- AWS Documentation

Just like the wallpapers, there’s official documentation associated with each and every service of the AWS Cloud. You can refer to these documentations if you want to have detailed knowledge of the services.

- AWS FAQs

Last but not the least, the Frequently Asked Questions! These questions can be very very useful if you are preparing for any associate-level certification or above. Keep reading these FAQs along with your preparation to have a vivid vision over the conflicting topics. FAQs can help you a lot in answering Scenario-based questions.

- Practice Exams

AWS offers Practice Exams at a cost of $20. You can appear for these exams for self-evaluation. There are many other sites that too offer practice questions. Use these questions in an ethical manner as you’ll find a detailed explanation of each and every question. If you’ll run after free dumps, then it’ll lead you to nowhere. You can’t trust these dumps and you never know whether their answers are correct or not. Refrain yourself from such click baits saying ‘Free dumps available’, most of them are just meant for phishing. I’d suggest appearing for legit practice exams 2–3 days before your actual exam so that you could self-evaluate and hence improve.

- ‘D-Day’ — Facing the Actual Exam!

You can book your exam through aws.training by clicking the Certification Tab. The cost is $100 and it can be given through Pearson VUE. Pearson VUE enables you to write these exams under a proctored environment from your home using your own laptops. Just when you start feeling you are confident, book your exam. Don’t delay it further and start revising. Try to do practical on AWS Management Console on your own and start reading the FAQs more. It will only make your concepts clearer.

Tips

· Make a list of services.
· Focus on the keywords and use cases,
· Make sure international payments are enabled for your account while making the payment.
· Don’t ignore topics like Billing and Monitoring. Each domain has its own weightage!
· Don’t spend too much time in the preparation. Schedule it and just do it!

About the thing that I said, in the beginning, why should you appear for this exam. I giving you the hint and you have to find it on your own. The hint is associated with the ‘benefits’ of this passing this exam.

So, All the best! Start preparing and feel free to contact me if you face difficulty during the preparation or any other part. I’d be glad to help you out!

The Rebirth of the New Zealand Privacy Act

Aditya Gaur — Mon, 26 Jul 2021 05:36:07 +0000

Yes, you read it right, it’s rebirth, not birth. So, when did it born?

As of now, the Privacy Act of New Zealand is 27 years old and it has its roots of origin in the year 1993. 27 years is a long period of time i.e. almost three decades, people spend their lives gaining experience of that many years, and so many readers must be younger than this act, at least speaking of me, I’m. The cyberspace we had 27 years ago was very much different and small compared to the one we have now. Plenty of things like policies, technologies, human behavior, etc reformed during the last few decades. Hence with the advancement of technology, it becomes necessary to reform the policies. That’s why New Zealand felt the need to reform its privacy regime. Privacy Act of 1993, rather than covering all the aspects of privacy, focused more on information privacy. And when it comes to legal matters, things are needed to stated very vividly without any prejudice or sense of confusion.

The revised act now called Privacy Act 2020 almost retains all the principles of the Privacy Act 1993, but a lot of changes are done in the way of enforcement and regulation. The scope has been revised, the Privacy Commissioner has been given more power, there are now new rules regarding cross-border data transfers, and a lot more. On the last day of the previous month — 30th June 2020, the Privacy Bill received the royal assent and became Privacy Act 2020. The Act is proposed to be enacted on 1st December 2020. Couldn’t get the meaning of the royal assent? Neither I, hence I looked it on the web and got the following answer.

“The granting of the Royal assent signifies the bill has the approval of the Queen, who is New Zealand’s Head of State. In New Zealand, the Royal assent is given by the Governor-General as the Sovereign’s representative.” [1]

Yes, New Zealand is an independent country but Queen Elizabeth II is still the Head of State. Yeah, that’s additional information for you, thank me later! Now, let’s get back to the Act. The New Act has the following new schema and the reforms.

Scope

The scope applies to agencies operating inside or outside New Zealand or anyone involved in collecting or holding PII of the residents of the country.

Here, ‘Agency’ is another legal jargon that collectively refers to any person or group of persons, including the government departments, companies, businesses, social groups irrespective of the fact whether they belong to the private sector or to the public sector.

The Data Controller and Data Processor defined under GDPR too here are referred to as Agencies.

Let’s revise both the terms quickly. The data controller determines the purpose of the PII processing and the Data Processor processes PII on the behalf of the controller.

Principles

As stated above, almost all the principles of the Privacy Act 1993 are retained and are defined as ‘Information Privacy Principles. There are total 12 or 13 principles defined separately, namely Purpose of Collection of Personal Information (PI), Source of PI, Collection of information from subject, etc.

Rights

The act provides a variety of rights to its data subject like Right to be informed, Right of access, Right to correction, and some more.

Privacy Breach Notification Mandate

If any privacy breach occurs, the agencies are bound to notify the Privacy Commissioner and the affected people considering the sensitivity of PI and other relevant factors required to reduce the risk of harm. There’s a fine of $10,000 if agencies fail to notify.

More power in the hands of Privacy Commissioner

The Privacy Commissioner now has the power to make Compliance Notices which require agencies to comply with the new legislation and failing to which can attract fines up to $10,000. The Privacy Commissioner has also the power to direct agencies to give an individual access to their data. Also, there’s a provision to impose fine on anyone under the scope of this act for not cooperating with the commissioner or any other person exercising his or her powers under this act.

Cross-Border Data Transfers

The new Act has made it very clear under the Information Privacy Principle 12 ‘Disclosure of PI outside New Zealand’ that agencies need to ensure that the organizations outside New Zealand they intend to share the data are protecting their data on the same level.

References

[1] https://www.parliament.nz/en/get-involved/features/the-royal-assent-turning-bills-into-%20%20%20%20law/#:~:text=The%20granting%20of%20the%20Royal,to%20change%20an%20existing%20one.

Thanks for giving it a read, I hope you liked my article. Please comment down your reviews, what you think about it, or anything that you’d like to share.

Stay safe, stay home, and stay secure!

Are Security Groups really associated with Instances in AWS?

Aditya Gaur — Sat, 17 Jul 2021 09:30:51 +0000

Are Security Groups really associated with instances?

What do you think? If yes, then that’s what I thought until I saw something while reading the AWS Certified Solutions Architect Study Guide.

It’s very common to say that Security Groups are associated with instances and Network Access Control Lists (NACLs) are associated with subnets, and that’s the most basic difference between both of them. But to be more precise, what I found is that security groups are associated with ENIs, not directly to the instances.

Those who don’t know what are security groups are, then let me help you to make them familiar with you.

A security group functions as a firewall that controls traffic to and from an instance by permitting traffic to ingress or egress that instance’s ENI.*

*source: AWS Certified Solutions Architect Study Guide

It says instance’s ENI, so what’s basically an ENI? Have you heard of Network Interface Cards? I hope you know the functioning of those cards, if not then it’s not a big deal just continue to read. The NICs that we know, in AWS cloud architecture they are called Elastic Network Interfaces (ENIs). The Elastic Network Interface gives the instances an ability to carry out communication with other network resources. These network resources can be AWS services, other instances, your on-premises servers, and the world wide web.

An instance can have multiple ENIs but there’s always a primary network interface present which is also known as primary ENI.

And do you know why can’t you launch an instance without specifying a subnet with it?

The reason is that the primary ENI of an instance is connected to only one subnet and you can’t just detach or remove the primary ENI from an instance. That’s why it becomes necessary to specify a subnet during the launch.

And there are more amazing facts about ENIs. Like an ENI doesn’t always need to be attached to an instance, it can exist independently! And since ENIs are independent, they can be created separately in a subnet and then later can be attached to an instance as a primary or secondary. You can also preserve the ENIs upon the deletion or termination of the instances.

Consider the ENI like a CUG Number in your organization. Let’s suppose, there’s a new recruit in your department and he has been given a CUG Number which was being used by the person who has now transferred to a different country. Now he has two sim cards in his mobile phone — one for his personal usage to talk to the people outside of the organization and the CUG number for the official use. Consider the CUG number as the primary ENI, if he has to call someone within the organization he’ll use that but it doesn’t restrict him to not to make any calls outside. And he decides to leave in future he’d have to submit that CUG Sim back to the organization.

I hope the concept is now clearer to you. In practice, most of the instances have only one ENI and that’s the reason why people think that security groups are associated with instances and forgets about ENIs. I can guess what you are thinking. What if an instance has more than one ENIs? Yes, it happens, and it’s not necessary for all the ENIs of an instance to be associated with only one security group, instead, they can be linked to different ones.

That’s all for today! I hope you liked the article. If you found any mistake please feel free to reach out to me, I’d be glad! There’s one thing that I’d like to add that don’t let your curiosity die, keep asking questions to yourself, to your mentors, to google and you’ll end with vivid concepts and a great deal of knowledge!

Stay Safe, Stay Secure!

References:

* aws.amazon.com (Image)
* Certified Solutions Architect Exam Guide (Concepts)

How AWS helps Domino’s to deliver their pizzas in record timings?

Aditya Gaur — Thu, 15 Jul 2021 07:23:39 +0000

You excitedly opened the box containing your delicious Double Cheese Margherita loaded with extra cheese. Sprinkled oregano and chili flakes over it, made a smiley with the tomato sauce. You were just about to put the first bite of your Double Cheese Margherita and your date interrupted in between and asked you to click a photograph first!

Doesn’t sounds like the ad-interruption of Spotify?

We are so much surrounded by technology,

Oops!

Let me say it again.

Saying ‘surrounded’ would be like looking at the tip of an iceberg.

We are so much submerged into the technology that sometimes it makes us compromise with our special moments.

I haven’t been to Domino’s since the lockdown, neither my house falls within their delivery range, so yes, I’m very much missing hanging out with my friends and enjoying those cheesy creamy pizzas.

What about you?

Well, talking about Pizzas, or to be more precise Domino’s, have you ever thought about how are they able to deliver your desired pizza at your doorstep in record timings?

How it feels like waiting for your food with the cravings brimming out of your mind and unwanted sounds coming out of your stomach?

Along with these things, some people have a slight intention of getting their order delayed so that they can enjoy their food free of cost.

So, which category do you belong to?

Even the 30 minutes sounds a great deal of time to an empty stomach.

Well, here’s good news for those who love to enjoy their meals at their homes. Domino’s aims to reduce this delivery time to 10 minutes or less under a collaborative effort with AWS under the name Project 3TEN.

Why this project is named 3TEN?

Any guesses?

No worries, let me break it down for you.

With this initiative, Dominos aims to have an ordered pizza ready within 3 minutes or safely delivered within 10 minutes to the customer. That’s ‘3TEN’.

Why Dominos is focusing so much on reducing the delivery time in spite of having so many outlets already?

This may sound crazy to you, but 70% of sales of Domino’s come solely from online orders!

They’ve already started to deploy the 3TEN solutions to stores located in New Zealand, France, the Netherlands, Japan, and Germany. Now, this brings hope for the people residing in the rest of the world too. Upon asking what’s the key ingredient in Dominos’s growth as a business, ‘Investment in technology’ was the reply of Michael Gillespie, Chief Digital and Technology Officer for Domino’s.

How Domino’s taking the leverage of technology in enhancing their delivery solutions?

Here comes the entry of AWS. With the help of AWS and an Advanced Consulting Partner from AWS Partner Network, Domino’s wished to create a predictive ordering solution. Doesn’t it sound astonishing that they would be knowing already what are you going to order even before you order! That’s what Gillespie saw in AWS machine learning technologies.

In order to build any predictive solution, one must have a huge amount of data relevant to the field in which the predictions are going to be made. That’s how machine learning works. You need data to get the desired data. Hence the first task for Domino’s was to accumulate the key information of their orders at a single place. For this, they took the advantage of Amazon Simple Storage Service (S3) to create a data lake of their own.

As the name suggests, S3 is just a simple storage service, and instead of having a traditional hierarchical structure for storing files, it has a flat structure of containers known as buckets in which the files are stored. You can’t just make complicated queries to get your desired result. Each file has its unique Key ID and URLs are used to access the contents in the bucket.

The next task was to perform analytics on the data stored in S3, that can’t be done directly. In this scenario, AWS Glue was the best option to use in between. To keep it simple, AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy to prepare and load your data for analytics.

So, what next?

The next task was to predict the probability that an order will be placed. Glue along with Amazon SageMaker is capable of performing this job without any hustle. They had to just build and train the machine learning models for the same so that your pizza can visit the oven even before you place the order.

This was possible not only through AWS, but Dominos had to look at each and every factor that contributed to reducing the delivery time. This includes enhancing the cooking methods and transportation techniques and opening more stores in more proximity to the customers.

So next time when you’ll be having your Domino’s meal, don’t forget to say thanks to the technology that made it possible to deliver it in much less time. And to everyone who’s playing an immense role in this. Farmers, Cooks, Delivery Men, and other workers too, have their equal contribution!

References:

Fig. 1: https://d1.awsstatic.com/case-studies/Dominos_031019__1830.858a45d28fb2879b938cec7e0961767fe7a8e695.jpg
https://aws.amazon.com/solutions/case-studies/dominos-case-study/

10 Steps To Secure Your Cloud

Aditya Gaur — Mon, 12 Jul 2021 06:19:40 +0000

In the realm of cloud computing, security is something that possesses duality. Duality in the sense, for example, for some incumbents, security must have been the need that made them adopt cloud whereas for some people it might be a concern hence they are still hesitant to step into the cloud. But what’s the reality? Is the cloud really unsecure or is it more secure?

Actually, it’s nothing like that. In simple words, security is a shared responsibility in the world of cloud computing. You must have heard the term ‘Shared Responsibility Model’, if not then you can search about it on the web. On a very high level, it clearly states that maintaining the security of cloud is a responsibility of the cloud service provider while maintaining security in the cloud is a responsibility of the customer. And if we dig deep into it there are different perimeters defined for different services across different service models in different cloud platforms.

Let me break it down for you in simple words to just have a gist of it. Suppose you’ve put your jewellery in a bank locker and the bank has given you a password for the locker. Now it’s the responsibility of the bank to take care of your things. The bank will ensure that the physical security, proper access management, authorization, etc are in place or not. You’ve just shared your responsibilities with your bank. If it hasn’t been like this then you’d have to take care of all the things on your own. i.e., you’d have to keep your jewellery at your home and then protect it. Now after putting it into the locker, the only thing that you’ve to take care of is the password that they’ve given to you. It’s nearly impossible for someone to gain access to your stuff even if she or he has your password but still, we shouldn’t share our passwords with anyone.

Now I hope you’ve got a basic understanding of the shared responsibility model. Let’s come back to the cloud. In cloud, you don’t have to worry about the things that cloud service providers are required to take care of. You just have to take care of the things which are on your platter. But the problem is security is not getting enough attention. Also, there’s a blurry line between the shared responsibilities. In this article, I’ve tried to list out some generic steps that would help to maintain security in the cloud. I’ve taken AWS for the sake examples but the principles are almost the same across all the clouds.

Get familiar with your account and don’t miss out leveraging existing security features

In order to protect your cloud, you got to be familiar with your account, as it’s a door to your cloud. It happens quite often that we forget to implement or enable the security features that the Cloud Service Providers provide to us.

For example, you can find the best practices and security alerts in your IAM dashboard in AWS. So, it’s not something that should be ignored, instead if implemented all those things will enhance your security.

Service(s): AWS IAM

Enhance your authentication

Well, you’ve protected your door but what about the lock? Yes, I’m talking about the authentication. Organizations with their workload on cloud ought to have a strong authentication mechanism. Enhance your authentication with Multi-Factor Authentication. And in that too, avoid using security questions or text messages. Use of genuine Authenticator Applications is recommended. Hardware MFA Devices can be used as well.

https://aws.amazon.com/iam/features/mfa/

Service(s): AWS IAM

Say no to hard-coded secrets and transmission of unencrypted sensitive information

Sometimes programmers leave access keys exposed in the plain format in code that can become a risk of compromise. And it might happen that due to some security misconfiguration, that some sensitive information in transit is unprotected. Hence, we should avoid hard-coded secrets and we must encrypt all of our sensitive data in transit.

For example, you can use your IAM Credentials to authenticate into your RDS instance instead of the traditional authentication methods.

Click the link given below to know more.

https://aws.amazon.com/premiumsupport/knowledge-center/users-connect-rds-iam/

And to encrypt the data in transit, AWS Certificate Manager can be used.

Also, you can even encrypt a connection to a DB Instance.

Click the link given below to know more.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html

Service(s): AWS Certificate Manager

Implement proper access controls

Grant access to the users in your organization on the basis of least privilege or need to know basis. Define proper segregation between workloads & networks and use tags wherever possible. Through these practices, it’d be easy to manage your resources and keep them secure.

Service(s): AWS IAM

Protect your storage

AWS S3 uses buckets to store date inside. You can even use these buckets to host data on your website(s). And for that you’d have to allow the public access to the bucket. Now in some cases, you might have your sensitive information residing in the same bucket for which you’ve allowed the public access. This can compromise your data. So, it’s very important to disable the public access for your sensitive objects or buckets. Same goes with the CORS configuration, use it as per your requirements. Also, do not forget to implement encryption for your data at rest. There are many ways to encrypt your data in S3.

Click the link given below to know more.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingEncryption.html

Service(s): Amazon S3, AWS KMS

Centralize your logs

Logs are very necessary to keep an eye on your workloads. They can have many applications, but in security perspective it’s very important to have the logs of critical actions, operations, access attempts to your critical resources etc. Maintaining logs is one side of a coin, the other side is to review them and fetch out the relevant information. At the same time, consolidating your logs from multiple sources at a single place makes the reviewing process much easier.

In AWS, Always store the access logs of your S3 bucket in a different bucket, otherwise it’ll create an infinite series of events that can cause trouble.

Service(s): AWS CloudTrail, AWS CloudWatch, Amazon S3

Review and Validate your , Roles, Security Groups & NACLs

As discussed above, it’s good to have a proper access control for your organization. But it should be a consistent effort. It might happen that the admin forgot to revoke access granted to someone for a limited period of time, or to delete the access keys that are no longer in use. There can be many such cases, hence it’s important to keep reviewing & validating your Roles, Security Groups & NACLs.

Service(s): AWS IAM, Amazon EC2, Amazon VPC

Be proactive with security findings

CSPs offer many services that will help you to keep your cloud secure, like Amazon Macie, Amazon Inspector in AWS & Azure Security Center in Azure, etc. Do leverage these services as they offer quite flexible and efficient features over the other third-party tools available in the market.

Along with that, it’s very important to take actions on the security findings these tools show, otherwise they won’t be of any good.

Service(s):

https://aws.amazon.com/products/security/

Don’t forget to rotate your keys

You’ve protected the door, the lock but what about the keys? It’s always a good practice to keep rotating your keys i.e., changing your keys. You can also automate the process to rotate your keys at regular period of intervals. And in fact, a lot of compliance standards demands the same thing.

Services: AWS KMS, AWS IAM

Make security a habit

Even after implementing all the required security services and incorporating the best practices, you just can’t sit idle, as I mentioned security is a consistent effort. So, it’s always good to make security a habit. It can be a burden sometimes, but it’s always worth the risk, depending upon your risk appetite. So, whenever performing any operation whether it’s a tiny one like deploying an virtual instance or huge like migrating your entire workload to cloud, keep security in mind.

Stay safe, Stay Secure!

Thank you! :)