Security is one of the most critical areas of using the cloud, and it should always be your top priority! It's important to get it right, because good security practices reinforce themselves, leading to a virtuous cycle of capabilities and control.
There are many tools and AWS services to ensure that your cloud-based infrastructure is even more secure than the resources in your own data center. Some administrators might be skeptical about that statement, but consider the fact that AWS employs thousands of security experts to make sure that all avenues of attack have been carefully considered. The scrutiny that AWS gets from large enterprises and governments is much more attention than is ever paid to individual data centers, so you can rest assured that it is possible to create extremely secure environments on AWS.
That said, it is equally possible to create architectures that are wide open to the public if you aren't careful, so it pays to spend a healthy amount of time studying the subjects that will be introduced in this chapter. Don't be the administrator that leaves customer data lying around in a public S3 bucket, or the developer who checks the password into a source code repository!
AWS Identity and Access Management (IAM) is the backbone of security in AWS. It provides incredibly granular levels of permissions to allow (and deny) specific users access to your resources, so many of our discussions about security revolve around IAM.
In this chapter, we will cover the following topics:
- Administering users with IAM
- Deploying Simple Active Directory service
- Creating instance roles
- Using cross-account roles
- Storing secrets
- Protecting applications from DDoS
- Configuring AWS WAF
- Setting up intrusion detection
By mastering these topics, you will have a solid foundation with which to move forward, creating secure applications in the cloud that guarantee the privacy of your customer data.