Follow sqlserver-dba.com

Subscribe to RSS feed  Follow @jackvamvas - Twitter

*Use the Comments section for questions

SQLServer-DBA.com Links

Dba_db2_button

dba-ninja.com

SQL Server DBA Jobs

The fundamentals of AWS Cloud Security

24 June,2022 by Tom Collins

AWS re:Inforce 2019: The Fundamentals of AWS Cloud Security (FND209-R)

I watched an excellent Youtube hosted video related to AWS Cloud Security. Although it's from 2019 - the fundamental principles remain the same . I've summarized some of the main points. I work mainly in the AWS DBMS space - but understanding AWS Cloud Security is essential to interact with other resources - internal  & external to the VPC.

It's a presentation describing patterns of IAM  and how to apply in different situations

  • Although there is a large surface area there are some basic Fundamental Patterns which can be repeated .
  • If you learn a few patterns you can reuse and apply to most situations 
  • the three pillars are : permissions management - data encryption - network security controls 
  • IAM (I = Authentication , AM = Authorization)  Every AWS Service uses IAM to authenticate and authorize API calls                                                                                                                                  -   can uses identities in  different ways example : interchangeable with principal , federated identity           

                               -  AWS identities for non-human callers  e.g lambda fanctions, 

        There are  two parts to the equation - Identity & Permissions    

         Details on how to Learn to read and write IAM policy  - base policies on AWS documented patterns. At a basic level:

                  allow or deny?

                  What can (or can't ) you do?

                  What can (or can't ) you do it to?

 => Working across AWS account boundaries ? How do I achieve this situation - for example I want to access an s3 bucket in another account ? Use   Resource based policies

=>  Use AWS KMS to secure data . It's an AWS managed encryption\decryption service. Multiple AWS services have KMS integration. KMS is based around KMS.Encrypt \ KMS.Decrypt .

AWS s3 manages the encryption key 

=> Amazon VPC - Your virtual data center in the cloud - when you deploy cloud infrastructure your VPC is the network that provides connectivity to & from that infrastructure.

Understand - VPC core concepts - subnets  & security groups , routing basics and private connectivity capabilities

 

 Click start and watch the full video for all the details              

            

 

 

 

Read more on AWS security related topics

How to drop login on AWS RDS SQL Server without sysadmin using Hashicorp Vault

A simple guide to Transparent Data Encryption in AWS RDS SQL Server

A summary of creating a trust relationship between on-premises domain and AWS Directory Service

Best practices for running Microsoft Active Directory Services on AWS


Author: Tom Collins (http://www.sqlserver-dba.com)


Share:

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on The fundamentals of AWS Cloud Security


sqlserver-dba.com | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer