AWS Security is very complicated... or very simple - it's all how you architect it!

1

AWS WAF

For network protection, clearly define and separate publicly facing services from internal services. Your public access points are some of your most vulnerable spots - make sure to properly secure all paths and routes in. AWS offers many forward facing services to offer you additional protection, amongst them Amazon Route53 (it's not just to host your domain names, it's a lot more!), Amazon CloudFront, Elastic Load Balancers, AWS WAF and AWS Shield. Virtual Private Networks (VPCs) within AWS can also be protected using a combination of solutions such as network access control lists (NACL), security groups, routing tables, NAT gateways or Egress-Only gateways for IPv6 networks.

#Web Application Security #Security Monitoring #Identity And Access Management 27 social mentions

2

AWS Shield

For network protection, clearly define and separate publicly facing services from internal services. Your public access points are some of your most vulnerable spots - make sure to properly secure all paths and routes in. AWS offers many forward facing services to offer you additional protection, amongst them Amazon Route53 (it's not just to host your domain names, it's a lot more!), Amazon CloudFront, Elastic Load Balancers, AWS WAF and AWS Shield. Virtual Private Networks (VPCs) within AWS can also be protected using a combination of solutions such as network access control lists (NACL), security groups, routing tables, NAT gateways or Egress-Only gateways for IPv6 networks.

#Web Application Security #Network & Admin #CDN 10 social mentions

3

Amazon Macie

Implement data classification procedures and techniques to separate data based on sensitivity, workload, compliance, retention. AWS Macie can help to automatically discover, classify and protect sensitive data stored in AWS. S3 lifecycle policies and Object Lock can automate retention and compliance. Developing tagging schema will help with categorizing, managing and accessing your S3 data. Use tokenization and encryption to protect sensitive data.

#Cloud Hosting #CDN #Object Storage 8 social mentions

4

Amazon Key Management Service

Data at rest is precisely what it sounds like - static data persisted to storage. Other than securing access to your data with proper controls we have already mentioned, it may be necessary to encrypt it as well. You can choose to encrypt it before committing it to storage (Client Side Encryption) or you can let AWS help you, using S3 bucket encryption, AWS Key Management System (KMS) or if you're operating in a heavily regulated environment - CloudHSM.

#Network & Admin #Security & Privacy #Password Management 34 social mentions

5

AWS Config

In AWS, your best friend is AWS Config - you can use a sets of AWS defined or custom rules to ensure your resources comply with best practices. Depending on your setting, AWS Config can inform you about non-compliance event and do nothing, but also with the help of Lambda Function it can automatically remediate non-compliant resources. AWS Security Hub can continuously monitor your security posture and send findings to Amazon EventBridge (CloudWatch Events) for remediation.

#Cloud Infrastructure #Cloud Monitoring #Website Monitoring 17 social mentions

6

AWS CloudHSM

Data at rest is precisely what it sounds like - static data persisted to storage. Other than securing access to your data with proper controls we have already mentioned, it may be necessary to encrypt it as well. You can choose to encrypt it before committing it to storage (Client Side Encryption) or you can let AWS help you, using S3 bucket encryption, AWS Key Management System (KMS) or if you're operating in a heavily regulated environment - CloudHSM.

#Security & Privacy #Network & Admin #Password Management 5 social mentions

7

AWS CloudFormation

And last but not least - AWS CloudFormation can help your security automation in various ways. Storing Infrastructure as code makes for easy auditing and change management, and in the event of an incident, can help you quickly redeploy your infrastructure and resume operations, reducing downtime and loss of business.

#DevOps Tools #Continuous Integration #Continuous Deployment 113 social mentions

8

AWS Certificate Manager

Data in transit moves from one location to another - often via insecure public networks. To ensure it's not compromised, it must be encrypted. Encrypt your traffic with SSL/TLS and let AWS Certificate Manager reduce the burden of managing, purchasing, issuing and deploying your public and private certificates.

#Identity And Access Management #Network & Admin #Two Factor Authentication 23 social mentions