24 June,2022 by Tom Collins
I watched an excellent Youtube hosted video related to AWS Cloud Security. Although it's from 2019 - the fundamental principles remain the same . I've summarized some of the main points. I work mainly in the AWS DBMS space - but understanding AWS Cloud Security is essential to interact with other resources - internal & external to the VPC.
It's a presentation describing patterns of IAM and how to apply in different situations
- AWS identities for non-human callers e.g lambda fanctions,
There are two parts to the equation - Identity & Permissions
Details on how to Learn to read and write IAM policy - base policies on AWS documented patterns. At a basic level:
allow or deny?
What can (or can't ) you do?
What can (or can't ) you do it to?
=> Working across AWS account boundaries ? How do I achieve this situation - for example I want to access an s3 bucket in another account ? Use Resource based policies
=> Use AWS KMS to secure data . It's an AWS managed encryption\decryption service. Multiple AWS services have KMS integration. KMS is based around KMS.Encrypt \ KMS.Decrypt .
AWS s3 manages the encryption key
=> Amazon VPC - Your virtual data center in the cloud - when you deploy cloud infrastructure your VPC is the network that provides connectivity to & from that infrastructure.
Understand - VPC core concepts - subnets & security groups , routing basics and private connectivity capabilities
Click start and watch the full video for all the details
Read more on AWS security related topics
How to drop login on AWS RDS SQL Server without sysadmin using Hashicorp Vault
A simple guide to Transparent Data Encryption in AWS RDS SQL Server
A summary of creating a trust relationship between on-premises domain and AWS Directory Service
Best practices for running Microsoft Active Directory Services on AWS
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |