Security

Design Principle

  • Apply security at all layers

  • Enable traceability

  • Automate response to security events

  • Focus on securing our system

  • Automate security best practices

Shared Responsibility ModelSecurity in the cloud consists of

  • Data protection

    • Data classification by privilege

    • Data encryption at rest / in transit with ELB, EBS, S3, RDS

    • Make use of AWS services like encryption, key management, logging, exceptional resiliency, versioning.

  • Privilege management

    • Root account protection (MFA)

    • Make use of AWS NACLs (for IPs but not URLs), IAM, Password Management (like rotation policy).

  • Infrastructure protection

    • AWS handles all this but VPC

  • Detective controls

    • Make use of CloudTrail, CloudWatch, AWS Config

PreviousWell Architect FrameworkNextReliability

Last updated

Was this helpful?