- Approach to security
- resilient infrastructure
- high security
- strong safeguards
- AWS products and features
- build in firewalls
- encryption in transit
- private dedicated connections
- ddos mitigation
- encrption capabilities for aws storage/ database
- key management options
- hardware based cryptographic key storage options
Access Control and management
- Identity and access management
- Multifactor authentication
- integration and federation with corporate directories
Monitoring and Logging
- deep visibility into API calls
- log aggregation and options
Share responsibility for securing data.
AWS responsible of — security of the cloud
Customer responsible of —- security in the cloud
- what to store
- which aws services
- content format
- Control access to AWS resources
- who can access resources
- use AWS IAM policy
- how they can use resources
Manage accesses to:
- application services
- Shared access to your AWS account
- Granular permissions
You can grant different permissions to different people for different resources.
- secure access to AWS resources for applications that run on Amazon EC2
You can use IAM features to securely provide credentials for applications that run on EC2 instances. These credentials provide permissions for your application to access other AWS resources.
- Multi-factor authentication(MFA)
- Identity federation
You can allow users who already have passwords elsewhere—for example, in your corporate network or with an internet identity provider—to get temporary access to your AWS account.
- manage users and their access
- manage roles and their permissions
- manage federated users and their permissions
- The user, role, group and policy objects that are stored in IAM.
- The IAM resource objects taht are used to identofy and group.
版权声明: "署名-非商用-相同方式共享 4.0" 转载请保留原文链接及作者。