Security Checklist for systems on Amazon Web Services
Security has always been a business concern when moving to the cloud, especially for businesses that store user data such as banking, finance, real estate, and insurance. Therefore, Viet-AWS will share our cloud security checklist for systems on Amazon Web Services (AWS) in the article below.
AWS Shared Responsibility Model
Security and compliance are a shared responsibility between AWS and its customers. This shared model can help reduce the operational burden on customers as AWS operates, manages, and controls components from the server operating system and virtualization layer to the physical security of the facilities. The department is operating the service.
The customers will be in charge of and manage the client operating system (including security updates and patches), other associated application software, and the configuration of the Security Groups and firewall provided by AWS.
The customer should carefully consider the services he/she chooses as the customer’s responsibility will vary with the service in use, the integration of those services into the customer’s IT environment as well as the law. and current regulations.
This nature of shared responsibility also provides flexibility and provides the ability to control customers to enable deployment.
Security in the Shared Responsibility Model
AWS’s Shared Responsibility Model makes it clear that certain aspects of AWS security are in the hands of the business, and businesses must be fully responsible for the security incidents that occur in the management of the business.
Security in the Shared Responsibility Model |
Customer’s Responsibilities |
AWS’s Responsibilities |
---|---|---|
Preventing or detecting when an AWS account has been compromised |
o |
|
Preventing or detecting a privileged or regular AWS user behaving in an insecure manner |
o |
|
Preventing sensitive data from being uploaded to or shared from applications in an inappropriate manner |
o |
|
Configuring AWS services (except AWS Managed Services) in a secure manner |
o |
|
Restricting access to AWS services or custom applications to only those users who require it |
o |
|
Updating guest operating systems and applying security patches |
o |
|
Ensuring AWS and custom applications are being used in a manner compliant with internal and external policies |
o |
o |
Ensuring network security (DoS, man-in-the-middle (MITM), port scanning) |
o |
o |
Configuring AWS Managed Services in a secure manner |
o |
|
Providing physical access control to hardware/software |
o |
|
Providing environmental security assurance against things like mass power outages, earthquakes, floods, and other natural disasters |
o |
|
Database patching |
o |
|
Protecting against AWS zero-day exploits and other vulnerabilities |
o |
|
Business continuity management (availability, incident response) |
o |
To understand more on this model, please read more on the following link: https://aws.amazon.com/compliance/shared-responsibility-model/
AWS Security Checklist
We developed a checklist of best practices and highest priority, which businesses must follow to proactively stop threats. This checklist provides customer recommendations for Security Pillar matching in the AWS Well-Architected Framework.
Security checklist of AWS Identity & Access Management (IAM)
Work Checklist | Check |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Security checklist of Amazon S3
Work Checklist | Check |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Security checklist of Amazon EC2, Amazon VPC, and Amazon EBS
Work Checklist | Check |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Security checklist of AWS CloudTrail
Work Checklist | Check |
|
|
|
|
|
|
|
|
|
|
|
Security checklist of Amazon CloudFront, AWS WAF, and AWS Shield
Work Checklist | Check |
|
|
|
|
|
Security checklist of Amazon RDS
Work Checklist | Check |
|
|
|
|
|
|
|
|
|
|
|
|
|
Security checklist of Amazon Redshift
Work Checklist | Check |
|
|
|
|
|
|
|
|
|
|
|
|
|
Security checklist of AWS Systems Manager
Work Checklist | Check |
|
|
|
Security checklist of Monitoring and Alerts
Work Checklist | Check |
|
|
|
Conclusion
The most important requirement when ensuring a secure infrastructure is complete visibility. Simply put, how can an enterprise take preventive action if it doesn’t even know what’s wrong?
With the use of AWS security checklists recommended for some typical services above, businesses will ensure the most essential elements to keep their infrastructure at risk.