Best Practice and Security aspects that we need to look at the onboarding

Hi,

AWS uses heavy internally and also proposes customers to use the Well-Architected Framework for this purpose: https://aws.amazon.com/architecture/well-architected/

As you will notice, it has 6 pillars and 1 of them dedicated to security:

The simplest way to discover the "mandatory, crucial best practices and security concerns" is to conduct review with the WAF tool: https://aws.amazon.com/well-architected-tool/ for the security pillar (and others if you wish)

At the end of the review, you'll get a report detailing what you need to implement / change to comply with those best practices.

I would also suggest to take a look at the wp re. AWS SRA (Security Referennce Architecture): https://d1.awsstatic.com/APG/aws-security-reference-architecture-v4.pdf

It is one of the most important ones that AWS publishes re. security.

Best,

Didier

I certainly understand why you phrased your question this way. You understand that security is important, but it is overwhelming when you are first getting started with AWS. Your question seeks to get to the meat and potatoes and to sidestep what seems like an endless amount of security debate and best practices, many of which are service dependent. I commend you for reaching out to your peers for opinions on how to approach this. Nice work!

I would say, unfortunately, it may not be that simple, and this may be underestimating how critical security work is. Security is perhaps the most important consideration of anything that you do in AWS as an IT professional. Even long-time tenured AWS experts are constantly studying and learning about better approaches to security. You are never "done" with your security work, and it requires constant effort to keep your workloads secure. I still recommend to those starting out in the cloud that they start their training and certification journey with two entry-level IT certificates including Network+ and Security+ by CompTIA. This will independently verify that you have the basics of networking and security down, and serves as a great platform agnostic foundation (not to mention, it is great for your tech career). Next, get AWS certified. The value of this cannot be overemphasized, security is baked into the training and validation process for AWS certification. I personally recommend A Cloud Guru. This is a third party service, and there are others, but it offers considerable training resources for the cloud. I have used it to introduce AWS to brand new cloud engineers at $1B+ organizations, who have the highest standards and are subject to the most rigorous audits. Finally, once you have a familiarity with networking and security, and AWS through a certification program, I suggest you review the AWS security best practice resources available here: https://aws.amazon.com/architecture/security-identity-compliance/. This will help you understand and apply the absolute minimum security standards needed for the cloud. I will add, when you are a SA for a company, you will likely have additional security requirements. In the private sector, for instance, the company may be audited for ISO 27001 and/or SOC 2 (just as examples, there are a long list of security frameworks). This requires taking additional steps in the cloud to meet these standards. The same is true for the public sector. I realize this is not the simple answer you may have been hoping for, but I hope this helps!

I would start by making sure your AWS account is secure. This is a good blog with some key takeaways- https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/

Next, make sure you are following the IAM best practices - https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html?secd_iam7

As you start to build workloads in your account, you can refer to the AWS Well Architected Framework- Security Pillar

There are more best practice resources including blogs and whitepapers here https://aws.amazon.com/architecture/security-identity-compliance/?cards-all.sort-by=item.additionalFields.sortDate&cards-all.sort-order=desc&awsf.content-type=*all&awsf.methodology=*all