Getting security wrong on your AWS Organisations and Accounts is one of the biggest mistakes organisations regret, it cut Revenue; Reputation or kills the Business or the Business Unit.
Everyone is online 24 hours and your AWS accounts and platforms are accessible 24 hours to be probed and tested for exploits flaws vulnerability misconfigurations and vulnerable attack vectors.
AWS has well documented best practices supported by many products and services and a huge marketplace with many solutions available to protect, fortify and detract security threats.
When planning to write this article our focus was to make an introduction and practical article, still, security is such a BIG focus we couldn’t make it smaller than a 3 part security article, let us dive into it.
AWS Shared Responsibility Model
AWS Shared Responsibility Model sets the boundaries of responsibility between AWS and its customers, you must grasp the boundaries, connectivity; physical access and building security and safety of all the hardware inside the buildings plus the APIs and services built by AWS are Amazon Web Services responsibility, your AWS Organisation and Accounts access and security plus the platforms and applications built are your responsibility.
Your penthouse contents and access are your responsibility, and the building security access maintenance and upkeep is the management or landlord's responsibility.
Let’s break down AWS Security by Access, Observability, Network and Data Protection.
AWS provides you with access points to your Organisation and Accounts, the Web Console and the API and both require you to authenticate.
Communication is done over SSL/TLS (encrypted in transit), your challenge is to ensure proper credentials management is implemented and maintained.
Compromised credentials will expose your platforms to attackers who could take control, break or encrypt (ransomware) your platforms, and that is why good practices are well known and documented, some of our suggestions.
Let’s now look at the Observability in our next article. We will look at how to monitor and act on Security using AWS ready services and best practices in Part 2 of the AWS Security introduction.
Feel free to read more on Security from our website at https://boldlink.io/articles/
AWS DevOps Consultancy, Boldlink@boldlink