DEV Community: Ranjit Sidhu

Security Aspects for cloud adoption - AWS Cloud

Ranjit Sidhu — Wed, 22 Feb 2023 09:50:36 +0000

Hello Everyone, in continuation to my previous blogs, on how to take care of security aspects while adopting the cloud model.
Security Aspects for cloud adoption
Security Aspects for cloud adoption - Before Migration

In this blog I will cover how AWS cloud can meet the various customer requirements from security perspective and other related topics to security and how the security posture can be improved while adopting the cloud model.

Below are some of the important aspect and we will see how AWS cloud supports those aspects.
Security Framework
Customers are having existing security policies, procedures that are in place on premises, so during cloud services selection, they can plan how the cloud service provider will meet the same standards when the cloud model is adopted, for example in case the customer is having various network security controls in place , how the same framework can be achieved in the cloud, if customer is having centralized traffic monitoring in place, how the same can be achieved in the cloud model.
AWS offers various network and security services that can help customer to achieve the same kind of security framework on the cloud model. For example is customer is having granular identity and access management controls in place on prem, then AWS IAM services has vast policies and roles in place that will help customer to achieve the same kind of framework in authentication and authorization management.

Compliance
Since compliance is a shared responsibility, so its very important for a customer to understand there role and responsibilities to secure the environment and what are there responsibility and what are responsibilities of AWS.
To help customers with there compliance requirements, AWS is compliance to compliance requirements and regularly gets validated for thousands of global compliance requirements for finance, retail, healthcare, government etc. AWS has support for more security standards and compliance certifications like PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, helping satisfy compliance requirements for every regulatory agency of the country.

Innovation
These days many companies are offering more and more services and new offerings to end customer to win customer base and disrupting there service competitors and with lot of innovation it helps them out grow the business. To be ahead in the business there is need of new technologies that can be leveraged over the cloud.
AWS has many tools that can be used by the customer to invent, experiment, and iterate. AWS services also provides best performance at the lowest cost that can be used on the pay per use model, and this helps in lowering the barriers to exploring new ideas and innovations. In this way customers can create and test environment on the AWS cloud to test the new ideas and innovations that will help them in there business expansions.

Automation
Its very important for a customer to focus on innovate and scale the business for which you need to automate various tasks.
These days automating security tasks on AWS enables customers to be more secure by reducing human configuration errors and giving the customer's team more time to focus on other activities and support the work critical to customer business business as before customer team was spending lot of time on other activities like hardware maintenance etc., which is not required when cloud model is adopted. Customers can select wide variety of deeply integrated solutions on AWS that can be combined with each other to automate many tasks and making it easier for customer security team to work closely with developer and operations teams to create and deploy code faster and more securely into the development and production. In this way various AWS services help to secure the complete environment.

Improve security posture
To improve the security posture you need to have insights and visibility into the environment to gain control of the environment and confidently secure the same. AWS offers various cloud native services like AWS security hub etc. that can help to see what all is happening in the cloud and accordingly improve the security posture of the environment and gain compliance to various compliance certifications.

I hope these guidelines will help you to enhance your knowledge.

Thanks for reading the blog.

Security Aspects for cloud adoption - Before Migration

Ranjit Sidhu — Fri, 20 Jan 2023 06:30:24 +0000

Hello Everyone, In continuation to my previous blog about the security, in this blog what all aspects should be kept in mind while planning for cloud adoption and before migration what all things should be kept in mind while selecting the cloud service provider. Since we already aware that security plays very important role for cloud adoption and very carefully we need to work on the security architecture to meet the current customer requirements.
Mostly when we plan to adopt the cloud there are various business drivers as well, so mostly it will like offering services to end customers or users and infrastructure is being opened to internet and when infrastructure is exposed over internet, security comes into picture and carefully we have plan the security framework to prevent the attacks like DoS, DDoS etc.
So moving forward one should have very clear picture about the current security picture of the customer environment and how to meet those customer requirements to adopt the cloud.
To meet the customer requirements, one can think on below points to plan how we can select the relevant cloud service provider:

Will the target cloud service provider able to meet the compliance requirements.
How much cloud service provider is flexible with customizations in security requirements.
How much automations are possible in the cloud security?
What kind of support we can get from cloud service provider to meet the modern day cloud security challenges.
Who are the security vendors that are providing support to cloud service provider.
How much cloud service provider is innovative in security framework in introducing new security features in the services.

This is not the complete list but covers pretty much how one can assess the cloud service provider.

I hope these guidelines will help you to enhance your knowledge.

Thanks for reading the blog.

Security Aspects for cloud adoption

Ranjit Sidhu — Thu, 19 Jan 2023 05:19:39 +0000

Hello Everyone, I am going to start a new series of blogs where I am going to create awareness about the various security issues/concerns/challenges that are being faced or security is being neglected during the cloud adoption process.
These days inspite of lot of awareness or attacks on various organizations, still sometimes security is being neglected during the process of cloud adoption and this seems to be the biggest mistake that companies do or due to budget constraints they delay these security activities and decrease the priority towards security. But overall this is one of the biggest mistakes that companies do to neglect the security aspects or decrease the security priority during cloud adoption phases.
This is very important that security should be considered before adopting the cloud and also after moving to the cloud to avoid any issues related that can be a roadblock or major risk in cloud adoption.
In major cases security is neglected due to budget issues, but I have seen many cases when they think about including the security at later stage then the expenses grow to large extent due to other issues or concerns. So its recommended the from day one, security should be kept at the same priority as other activities to avoid many issues related to regulations, compliance etc.
In this series, I will present the content what all security aspects should be considered during initial days of cloud adoption, what all should be considered before selecting the cloud service provider, what all things should be kept in mind about your existing security framework and based on all these consideration, creating a list of steps based on which target cloud service provider should be selected.
I will keep these blogs short to keep them interesting.

Thanks for reading the blog, I hope this will help you increasing your knowledge.

How to be effective AWS solution designer

Ranjit Sidhu — Wed, 18 Jan 2023 05:36:21 +0000

There are many ways to design a solution, sometimes there are bigger challenges and sometimes there are small challenges or pain points or configuration challenges that customer is facing. To design a complete solution, designer should consider all the aspects of the current situation and apart from assessing the current situation, one should also consider the long term requirements and usage of that solution. Once all the aspects and issues/concerns/short term planning/long term planning has been considered, then think about the target solution that will fit into the customer requirements and meet the customer challenges and pain points and that too ensure the optimizations like technical optimization or the cost optimizations should also be considered in to the solution design.
While considering the target solution, some of the additional factors that also need to be considered is that compatibility of the new solution into the existing environment, who will manage the solution, who will perform the changes and handle the incidents of the solution.
While everything has been decided, then one has to ensure that is the target solution meeting the customer service level requirements or not, in case still there are gaps, then solution design has to be reconsidered to incorporate the customer service level requirements so that target solution should deliver the expected services to customer or its clients.
Another major challenge that is being faced while designing the target solution is that, customer budget. While designing the target solution, it has to be ensured that the target solution costing is within the customer budget, else that will be a road block in delivering the solution to customer. To ensure that the solution is meeting the customer budget, ensure the solution components are cost optimized from all the aspects.

Here is the summary on how to be a good solution designer:

Understand the customer current situation
Understand the customer pain points and challenges.
Understand the customer long term and short term goals and strategy planning
Understand the customer budget to be spent on the project

Based on the above inputs

Draw the current situation and confirm the same with customer.
Plan the target reference architecture
Discuss the target architecture with customer for any amendments
Ensure the solution is in the customer budget.
Present the complete solution to customer.

One can refer AWS reference architectures to sample solutions to create effective solution for the customer.
Also one can also refer to the AWS well architected program to ensure that solution that is being presented to the customer is optimized from the various aspects like cost, performance, security etc.

I hope above guidelines help fellow solution designers to consider the aspects while design a cloud solution for the customer.

AWS Application Migration

Ranjit Sidhu — Tue, 20 Dec 2022 10:38:47 +0000

Hello All,
I created a short video to understand the application migration aspects and how to make the application migration smooth.

I hope this will help you get high level for application migration aspects.
Thanks

Community Builders – My Experience

Ranjit Sidhu — Tue, 20 Dec 2022 10:08:30 +0000

What surprises you most about the community builders program?
This is one of the greatest programs started by AWS and I feel really great to be part of this program. Blogs, events, gifts etc. are really helpful to enhance knowledge about AWS and helps to gain latest AWS features and this helps you to be ahead of others in discussions.
What’s your background and your experience with AWS?
I am AWS security solution architect and AWS security specialist certified. I work with various AWS services to create a secure environment for customers when they move to AWS.
What’s the biggest benefit you see from the program?
Knowledge about AWS services, features, that gives you edge during discussions with customers.
What’s the next swag item that you would like to get?
Hoddie, jacket, tshirt etc. that I can use my daily routine and show to the same to others that this is my real brand LOL.
What are you eating for dinner today? Share the recipe!
I am going to have glass of wine with roasted chicken and fish.
Is there anything else you would like to say about the community builders program in 2022?
I thank CB team to give me another chance to stay with this awesome program, this is really beneficial program from various aspects and anyone who is involved with AWS should join this program and this really helps to get edge of solution design, discussion and creating impressive solution presentation to customer and overall it help to win the business. I am always ready to help my fellow CBs and other freshers to get knowledge about AWS

AWS Autoscaling Group Service

Ranjit Sidhu — Sat, 27 Nov 2021 14:28:01 +0000

Hello Everyone,

I hope you are doing good and safe at your home.

This is my first blog for cloud beginners, to share my AWS cloud services knowledge, in this blog where I will introduce you to a very interesting concept in AWS called AWS Auto Scaling Group.

I have created step by step approach for cloud learning beginners to clear your AWS autoscaling group service. In case you still get some queries don't hesitate to ping me.

Here is the link where you can follow step by step approach to create your own demonstration about AWS Autoscaling services.
In case you haven't still created your AWS free tier account, I have mentioned step by step approach for that as well.

Link - https://techinforay.com/blog/f/introduction-to-aws-auto-scaling-group-concept?blogcategory=AWS+Auto+Scaling+Group

This blog will help you get introduced you to below AWS services in the demonstration:
AWS VPC
AWS Subnets
Routing tables
Security groups
AWS Internet Gateway
AWS Elastic IP address
AWS EC2 Instance
AWS Autoscaling group service
AWS Cloudwatch
AWS Load balancer
AWS SNS

Auto Scaling Group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. Using health check replacements and scaling policies features will be used using the Auto Scaling group.

Core Functionality of the ASG:

· Maintaining the number of instances
· Automatic scaling

The size of an ASG depends on the number of instances that you set as the desired capacity while configuring the ASG and one can adjust its size to meet demand, either manually or by using automatic scaling policies.

So, in the process of configuring the autoscaling group, below are the high-level steps that will be followed:

Login to AWS console
Go to VPC, DemoAWS VPC, public subnet, internet gateway, routing and security groups are already in place.
Creation of Linux instances with webserver installed in DemoAWS VPC and placed in Public subnet
Creation of AMI
Launch configuration

a. Collection of attribute values to be used for launching EC2 instances

Autoscaling group

a. Define Launch configuration
b. Choose VPC and Subnet
c. Define group size (Desired, minimum, and maximum capacity)
d. Add notification - Creation of SNS Topic and Subscription
e. Create auto-scaling group

Test desired capacity by terminating the instances
Addition of Load balancer and target group

a. Testing of desired capacity while using Load Balancer and target group

Introduction to CloudWatch Monitoring
Creation of Scale in and Scale-Out Policy and CloudWatch Alarms

a. Creation of CloudWatch alarm for average CPU utilization greater than 70 for ASG
b. Creation of CloudWatch alarm for average CPU utilization less than 70 for ASG
c. Scale in policy testing

Scale-out policy testing

a. Installation of stress tool and implying the stress on web servers
b. Testing of scale-out policy using stress tool

Decommission of AWS Autoscaling group

a. Automatically drain the machines from target group
b. Deletion of load balancer
c. Termination of machines

Thanks for reading the blog. I hope you have enjoyed learning AWS autoscaling group service and understand automation.

In case you have any queries, dont hesitate to ping me.