Security

Design Principle

• Apply security at all layers

• Enable traceability

• Automate response to security events

• Focus on securing our system

• Automate security best practices

Shared Responsibility ModelSecurity in the cloud consists of

• Data protection

  • Data classification by privilege

  • Data encryption at rest / in transit with ELB, EBS, S3, RDS

  • Make use of AWS services like encryption, key management, logging, exceptional resiliency, versioning.

• Privilege management

  • Root account protection (MFA)

  • Make use of AWS NACLs (for IPs but not URLs), IAM, Password Management (like rotation policy).

• Infrastructure protection

  • AWS handles all this but VPC

• Detective controls

  • Make use of CloudTrail, CloudWatch, AWS Config