AWS Security

Get Started. It's Free
or sign up with your email address
Rocket clouds
AWS Security by Mind Map: AWS Security

1. Introduction

1.1. Most flexible and secure cloud computing environments available today

1.2. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely

1.3. Use software-based security tools to monitor and protect the flow of information into and of out your cloud resources

2. Security Advantages of the Cloud

2.1. Instant visibility into your inventory

2.2. Free security tools

2.3. Independent regions provide data privacy compliance

2.4. Significant DDoS protection

2.5. Security economies of scale

2.6. No more duplicate data centers for disaster recovery

2.7. Continuous hardware replacement and upgrade

2.8. Part of your compliance work done

3. Features

3.1. Network Security

3.1.1. Secure network access

3.1.1.1. Customer access points allow secure HTTP access (HTTPS) so that secure communication sessions with your AWS services using SSL/TLS

3.1.2. Built-in firewalls

3.1.2.1. You can control how accessible your Amazon Elastic cloud EC2 instances are by configuring built-in firewall rules

3.1.3. Private subnets

3.1.3.1. The AWS Virtual Private Cloud (VPC) service allows you to add another layer of network security to your instances by creating private subnets

3.1.4. End-to-end encrypted transmission

3.1.4.1. Provides Secure Sockets Layer (SSL)/Transport Layer Security (TLS) support for connections between clients and the load balancer and between the load balancer and your back-end instances

3.1.5. Dedicated connection option

3.1.5.1. The AWS Direct Connect service allows you to establish a dedicated network connection from your premise to AWS

3.1.6. Advanced cipher suites

3.2. Access Control

3.2.1. API request authentication

3.2.1.1. To help protect your resources from unauthorized access

3.2.2. SSH access to your virtual hosts

3.2.3. Unique users

3.2.3.1. AWS Identity and Access Management (IAM) tool allows you to control the level of access your own users and systems

3.2.4. Multi-factor authentication (MFA)

3.2.4.1. Provides built-in support for multi-factor authentication (MFA) for use with your root AWS account

3.2.5. Fine-grained permissions for S3 buckets and objects

3.2.6. Restricted viewer access to private CloudFront content

3.2.7. Temporary IAM security credentials

3.3. Monitoring and Logging

3.3.1. Asset identification and configuration

3.3.2. Security logs

3.3.3. Resource and application monitoring

3.3.4. Fine-grained access logging for S3 buckets

3.3.5. Automated identification of security gaps

3.4. Backup and Replication

3.4.1. EBS data backups

3.4.1.1. Data stored in Amazon EBS volumes is redundantly stored in multiple physical locations within the same availability zone

3.4.2. Automatic snapshots of Redshift data

3.4.2.1. Redshift stores your snapshots for a user-defined period, which can be from one to thirty-five days

3.4.3. RDS database instance replication

3.4.3.1. AWS automatically provisions and maintains a synchronous standby replica of your DB instance in a different Availability Zone

3.4.4. Object versioning in S3

3.4.4.1. Use Versioning to preserve every version of every object stored in an Amazon S3 bucket

3.4.5. Automated and continuous archiving to Glacier

3.4.5.1. Automatically archive the contents of your S3 buckets to AWS’s archival service called Amazon Glacier

3.4.6. Protection from accidental deletion of your S3 objects

3.4.6.1. protect versions using Amazon S3 Versioning's MFA Delete feature

3.4.7. Seamless, secure backups for your on-prem data

3.4.7.1. Use AWS Storage Gateway to transparently back up your data off-site to Amazon S3 in the form of Amazon EBS snapshots

3.5. Data Encryption

3.5.1. Encrypted data storage

3.5.1.1. Encrypted automatically using Advanced Encryption Standard (AES) 256, a secure symmetric-key encryption standard using 256-bit encryption keys.

3.5.2. Centralized key management

3.5.2.1. AWS Key Management Service provides a convenient management option for creating and administering the keys used to encrypt your data at rest

3.5.3. Dedicated, hardware-based crypto key storage

3.5.3.1. AWS CloudHSM provides a highly secure and convenient way to store and manage keys

3.6. Isolated Government Region

3.6.1. The GovCloud region is physically isolated and has logical network isolation from all other AWS regions.

3.6.2. The region provides special endpoints that utilize FIPS 140-2-compliant encryption.

3.6.3. GovCloud credentials can only be used to access the GovCloud region

3.6.4. CloudTrail security logging is automatically turned on for new GovCloud accounts.

3.6.5. The region is ITAR-compliant, and backend support is accessible by US persons only.

4. Resources

4.1. Security products

4.1.1. Amazon Virtual Private Cloud (VPC)

4.1.2. AWS Identity and Access Management (IAM)

4.1.3. AWS CloudHSM

4.1.4. AWS Key Management Service

4.1.5. AWS Direct Connect

4.1.6. AWS GovCloud (US) Region

4.1.7. AWS CloudTrail

4.1.8. AWS Config

4.1.9. Multi-Factor Authentication (MFA)

4.1.10. AWS Marketplace Security Products

4.2. Developer documents

4.2.1. Signing AWS API Requests

4.2.2. Using Encryption in S3

4.2.3. Configuring EC2 Security Groups

4.2.4. Server Access Logging in S3

4.2.5. List of Secure Endpoints

4.2.6. AWS Security Credentials

4.2.7. Turning on CloudTrail Logging