AWS Security Fundamentals
AWS Security tools are divided into 6 crucial components that form the pyramid of AWS Security. Those are:
1. Identity and Access Management
2. Detective Controls
3. Infrastructure Protection
4. Data Protection
5. Incident Response
6. DDoS MitigationIdentity and Access Management
The tools used for Identity and Access Management in AWS are:
1. AWS IAM Users and Groups - mechanism for creating and managing individual users and their permissions2. Secrets Manager - to manage secrets used to access AWS resources3. Single Sign-On - centralized sign-on4. Security Token Service - web service that enables to request temporary, limited privilege credentials for IAM users taking on a different role5. Directory Service - active directory on Cloud built on Microsoft Active Directory6. AWS Organizations - centrally manage and enforce policies for multiple AWS accounts7. Cognito - lets you add user sign-in, sign-up and access control to web and mobile applications. Can define roles and map users to different roles so your application can access only the resources that are authorized for each user8. User-Pool - user directory that manages the overhead of managing the tokens returned from social sign-in providersDetective Controls
Detective Controls in AWS means Capturing and Collecting Logs and Auditing.
The most important tools for this that AWS provides are:
1. CloudTrail - records API calls made on your account. This info helps you track changes made to your AWS resources, troubleshoot operational issues, ensure compliance with internal policies and regulatory standards2. CloudWatch - triggers actions, monitors logs, reacts to unexpected events, can automatically recover via Lambda functions if fails due to loss of network connectivity3. VPC flow logs - captures IP traffic going in and out of your network interfaces and subnets4. GuardDuty - tool that uses machine learning to detect anomalies5. SecurityHub - single page glass view of high priority security alerts6. AWS Config - continuous monitoring and assessment service to help detect non-compliance configurations in almost real timeInfrastructure Protection
Usually, the most important service for a business is the EC2 instance. The protection of the EC2 instance is done in 3 layers. The first layer is the Security Groups which act as a built-in firewall to control traffic. The second layer is the Network ACLs (Access Control Lists) and the third layer is the Subnet Routing which is used to group instances and AWS resources based on security and operational needs.
The most important tools here are the following:
1. AWS System Manager - used for deploying automation scripts for instances 2. CloudFormation - automates and simplifies the task of repeatedly creating and deploying AWS resources3. Direct Connect - tool used for establishing private connection between AWS service and the data centerData Protection
Data, for any business, is the most important currency. In AWS there are several tools that provide data protection:
1. KMS - service for creating and controlling encryption keys.2. Certificate Manager - for managing SSL/TLS certificates3. Macie - tool that uses machine learning to classify, discover and protect sensitive data4. Glacier - infrequently used data storage device, also called cold data5. Amazon S3 - storage for data, where the data stored can have client-side encryption (encrypt data before sending) or server-side encryption (encrypt data after it has been received by the service)Incident Response
Besides all the efforts of protecting data, an incident still might happen, so every business should have an incident response plan to be able to take action at any time. AWS provides several tools and methods to keep you prepared:
1. API for Automation - automate routine tasks to be performed when incident response should take action2. Forensics on Data Volume - EBS snapshots to see the state of the disk3. Cloud Formation - to quickly create new, trusted environment in which to conduct a deeper investigation, deploy pre-configured instances in this isolated environment that contains all the necessary tools forensic teams need to determine the cause of the incident4. Step Functions - to coordinate multiple AWS services into server-less workflows to build and update applications quicklyDDoS Mitigation
AWS provides a defense-in-depth model against DDoS attacks. This can be done with 3 tools:
1. Route 53 - connects user requests to infrastructure running on AWS2. CloudFront - a web service that speeds up distribution of your static and dynamic web content, such as . html, . css, . js, and image files, to your users. It delivers your content through a worldwide network of data centers called edge locations.3. AWS Shield - which is a DDoS protection service that safeguards applications that run on AWSAnother very important tool in DDoS mitigation is:
AWS WAF - which is tool that helps protect web applications from common web exploits that could affect application availability. Web App Firewall gives control on which traffic to allow or block by defining customizable web security rules.This is a quick overview of the kind of security you can implement in AWS and the tools and resources provided.
More information on AWS Security can be found on their official page.
Subscribe to FAUN topics and get your weekly curated email of the must-read tech stories, news, and tutorials 🗞️
Follow us on Twitter 🐦 and Facebook 👥 and Instagram 📷 and join our Facebook and Linkedin Groups 💬
