AWS essential(4)-Security

1. Introduction to AWS security

  • Approach to security
    • resilient infrastructure
    • high security
    • strong safeguards
  • Controls
  • AWS products and features
  • Network Security

    • build in firewalls
    • encryption in transit
    • private dedicated connections
    • ddos mitigation
  • Data Encryption

    • encrption capabilities for aws storage/ database
    • key management options
    • hardware based cryptographic key storage options
  • Access Control and management

    • Identity and access management
    • Multifactor authentication
    • integration and federation with corporate directories
  • Monitoring and Logging

    • deep visibility into API calls
    • log aggregation and options
    • alerts

2. The AWS Shared Responsibility Model

Share responsibility for securing data.

AWS responsible of — security of the cloud

  • compute
  • storage
  • databse
  • networking

Customer responsible of —- security in the cloud

  • what to store
  • which aws services
  • location
  • content format

3. AWS Access Control and Management

3.1 IAM overview -

3.1.1 Functions

  • Control access to AWS resources
  • authentication
    • who can access resources
    • use AWS IAM policy
  • Authorization
    • how they can use resources

Manage accesses to:

  • compute
  • storage
  • database
  • application services

3.1.2 Roles

  • User
  • Group
  • Permissions
  • Role

3.1.3 Features

  • Shared access to your AWS account
  • Granular permissions

You can grant different permissions to different people for different resources.

  • secure access to AWS resources for applications that run on Amazon EC2

You can use IAM features to securely provide credentials for applications that run on EC2 instances. These credentials provide permissions for your application to access other AWS resources.

  • Multi-factor authentication(MFA)
  • Identity federation

You can allow users who already have passwords elsewhere—for example, in your corporate network or with an internet identity provider—to get temporary access to your AWS account.

3.1.4 functionalities

  • manage users and their access
  • manage roles and their permissions
  • manage federated users and their permissions

3.2 How IAM works

3.2.1 Elements contained

  • Resources
    • The user, role, group and policy objects that are stored in IAM.
  • Identities
    • The IAM resource objects taht are used to identofy and group.

Understanding how IAM works


文章标题:AWS essential(4)-Security


本文作者:Leilei Chen

发布时间:2020-01-30, 13:05:42

最后更新:2020-02-02, 14:06:57


版权声明: "署名-非商用-相同方式共享 4.0" 转载请保留原文链接及作者。