AWS security architecture

The security architecture for AWS (Amazon Web Services) encompasses multiple layers and services designed to provide a robust and secure cloud computing environment. Some key components of AWS security architecture include:

1. Identity and Access Management (IAM): IAM enables you to manage user identities and control their access to AWS resources through the use of roles, policies, and permissions.

2. Virtual Private Cloud (VPC): VPC allows you to create a private network within AWS, providing isolation and control over your resources. You can define network subnets, security groups, and network access control lists to enforce security boundaries.

3. Encryption: AWS offers various encryption mechanisms to protect data at rest and in transit. Services like AWS Key Management Service (KMS) allow you to manage encryption keys, while AWS Certificate Manager (ACM) helps you secure communication with SSL/TLS certificates.

4. Network Security: AWS provides several network security features, including security groups and network access control lists (ACLs) to control inbound and outbound traffic, and AWS WAF (Web Application Firewall) for protecting web applications from common exploits and attacks.

5. DDoS Protection: AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards your applications against volumetric, state-exhaustion, and application layer attacks.

6. Logging and Monitoring: AWS CloudTrail enables you to log and monitor API activity, providing visibility into user actions and changes made to your AWS resources. Additionally, services like AWS CloudWatch and AWS GuardDuty help monitor and detect potential security threats and suspicious activities.

Best Practices for Securing Workloads on AWS to build applications across your AWS application stack rapidly and securely

1. Detect and remediate security vulnerabilities early on

2. Reduce open source attack vector for serverless deployments

3. Ensure your container registry has secure images

4. Monitor your EKS workloads for potential risks

5. Prevent misconfigured IaC resources from introducing risk

6. Protect public clients for Amazon Cognito by using an Amazon CloudFront proxy

These are just some of the security measures in place within the AWS security architecture. AWS regularly updates and enhances its security features to address emerging threats and ensure the highest level of security for its customers.

Compiled by: Azizul maqsud

References:

https://go.snyk.io/aws-secure-workloads-cheat-sheet.html?utm_medium=paid-search&utm_source=google&utm_campaign=nb_lg_sc-aws&utm_content=security&utm_term=aws%20cyber%20security&gclid=CjwKCAjwpuajBhBpEiwA_ZtfhaeaV3EuXlZ44h8Yp_FdtGOClL4bO_LiDVPrI60Yq_AATEPmUif-oBoCr7gQAvD_BwE

https://aws.amazon.com/blogs/security/protect-public-clients-for-amazon-cognito-by-using-an-amazon-cloudfront-proxy/