- Newest
- Most votes
- Most comments
Please review Security Pillar of AWS Well-Architected Framework - The focus of this paper is the security pillar of the AWS Well-Architected Framework. It provides guidance to help you apply best practices, current recommendations in the design, delivery, and maintenance of secure AWS workloads. https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html
Very important, Always create EC2 instance privately, meaning in inbound, it should be accessible from interval server only within AWS and no one should be abled to access it directly.
- Plus, Always use proper security for bucket and never keep it public unless its required.
- If you are an Admin user and want to create another user then never give full permission to that user and give only required permission
- Apart from security group inbound rules, you can also use Network ACLs which is high level of security to control traffic so incase if security group missed any filter then Network ACLs can again filter out the traffic.
There are many things to describe security for AWS console and AWS well architecture frame work some are listed
- VPC must b private
- Subnet with private and public multi AZ with using NAT gateway
- if using RDS it should be private and only can accessible with private VPC or linked resources with private VPV and if you want to connect it remotely so use open vpn
- Always user and make roles and policy to use any AWS service in side of any other Aws service
And many more you can see in this given link https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/security.html
Hi! Great question.
This is a long and complex answer as there are many best security practices for operating securely in AWS. Keep in mind there's no comprehensive checklist, more recommendations and best practices that will help you in your secure cloud journey!
This AWS Whitepaper is a great read on security responsibility and the shared responsibility model: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-and-compliance.html
For starters (and the well-architected framework,
- https://aws.amazon.com/architecture/security-identity-compliance/
- This covers security categories such as Identity and Access Management, Detection, Infrastructure Protection, Data Protection, Compliance, and Incident Response.
- Furthermore, each service should have a security section that's worth a read. For example, Lambda: https://docs.aws.amazon.com/lambda/latest/dg/lambda-security.html
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
I understand, only web server can be accessed from outside. The rest should be accessed from the webcli