111 Simple Yet Important Tips to Secure AWS Deployments
With cloud security constantly improving and the volume of data growing exponentially, companies of all sizes are increasingly migrating applications and workloads to the cloud. In fact, Gartner Research recently predicted that the worldwide public cloud services market will grow from $209 billion in 2016 to $247 billion in 2017. As cloud computing continues to gain traction in the enterprise, it’s important to be aware of the security challenges associated with cloud environments, in particular, Amazon Web Services. AWS currently owns about 31 percent of the overall global cloud services market. In this eWEEK slide show, using industry information from Jaime Blasco, VP and chief scientist at AlienVault, we present 11 simple yet important tips to help organizations secure their AWS environments.
2Lock Down Your Root Account Credentials
Root account credentials provide users with full access to the resources in the account. As a best practice, delete the root account access keys and create an Identity and Access Management (IAM) admin user instead. In addition, enable multifactor authentication (MFA) for another layer of protection.
3Use Security Groups
AWS CloudTrail is an effective way to monitor your AWS environment as it logs every event related to your AWS infrastructure, including Application Program Interface (API) calls and changes made from the AWS Console, SDKs or command line tools. This level of detail related to your AWS account activity can be overwhelming from a security perspective, so it’s beneficial to leverage a security solution that has out-of-the-box correlation and alerting capabilities for CloudTrail events.
5Assign IAM Roles and Temporary Credentials
Identity and Access Management (IAM) roles can be very granular, e.g., you can use IAM roles to define permission levels for different resources and applications that run on Elastic Compute Cloud (EC2) instances. Assigning an IAM role to an EC2 instance eliminates the need for your applications to use AWS credentials to make API requests.
6Use Virtual Private Cloud (VPC)
An Amazon VPC is a virtual network that runs in your AWS account. It is isolated from other resources and does not route you to the internet by default, which presents key advantages from a security perspective. You can also apply security groups and access control lists to reduce the attack surface.
7Implement a Bastion Host
A bastion host provides access to Linux instances deployed in a private subnet of your Virtual Private Cloud, removing the need to expose the Secure Shell (SSH) service of your Linux instances and centralizing SSH access to every system. This reduces your attack surface and simplifies access control, auditing and monitoring of SSH access.
8Scan for Vulnerabilities
9Protect EC2 Instances Against Accidental Termination
10Activate Relational Database Service (RDS) Encryption
11Use Load Balancers
12Activate Virtual Private Cloud (VPC) Flow Logs
VPC Flow Logs can be created from a network interface, a subnet or the VPC itself, providing visibility into network traffic going through your VPCs, including the source and destination address, source and destination port, number of packets, bytes, duration and whether or not the traffic was accepted or rejected. This information can be used to detect suspicious traffic, check for Indicators of Compromise (IOCs) and help during an incident response or a forensic analysis after an incident.