AWS security best practices for non-security professionals

First, we need to understand what makes a system secure?

To say that something got hacked we need to break one of the 3 diagonals of the CIA triad (Confidentiality, Integrity, Availability)

A triangle with three corners: Confidentiality, Integrity, and Availability

Confidentiality

Preventing sensitive information from unauthorized access attempts.

Ex: Data leakage

Integrity:

Maintaining the consistency, accuracy, and trustworthiness of data over its entire lifecycle. Data must not be changed by not authorized people

Ex: A student changing his grades in the university database

Availability:

Information should be consistently and readily accessible for authorized parties (Data can be accessed when we want to)

Ex: DDOS attack

(distributed denial-of-service which occurs when someone tries to visit a website with a lot of devices until the server can’t handle that and crashes and the data becomes unavailable)

Now that we know what is a secure system let’s see what is AWS Security? and how it protects the Confidentiality, Integrity, and Availability of your application

What is AWS Security?

AWS Security Practices

1. Implementing strong password policies

  • Create password requirements that use symbols, numbers, letters, and capital letters
  • Schedule credential resets (every 6 months or so)

2. Implementing 2 Factor Authentication

  • like physical keys, apps like google-authenticator

3. Don’t hard code secrets

4. Use managed IAM policies

5. Follow the AWS News blog

6. Activate all the AWS security controls and services

7. Always use Encryption

8. Keep the Least Privilege Principle in mind

9. Regular data backups

10. Test security (Pentests)

Extra Resources

AWS Security Specialist Certification

AWS Certified Security - Specialty badge

I really recommend taking the AWS Security Specialist exam because:

  • It will teach you how to build and implement solutions that enhance the security of AWS instances.

More info about the exam:

Length: 170 minutes to complete the exam
Cost: 300 USD
Visit Exam pricing for additional cost information.

Format: 65 questions; either multiple choice or multiple response questions

Security best practices the AWS Well-Architected way

AWS Security Maturity Roadmap 2021

https://summitroute.com/blog/2021/01/12/2021_aws_security_maturity_roadmap_2021/

So You Inherited an AWS Account blog by Matt Fuller

https://medium.com/swlh/so-you-inherited-an-aws-account-e5fe6550607d

Leave a Comment