Hardening the Security of Your AWS Environment

Our infrastructure is getting more and more advanced. One of the last areas that deserves a lot more attention is the security.

Security teams used to live in a silo, the same way operations teams once did before the DevOps revolution. Now that applications are running in the cloud and the rate of iteration and deployment frequency has drastically increased, the role of security needs to be moved to the left. Security-related issues need to be caught as early as possible. New movements such as DevSecOps and rugged DevOps were created with the goal of bringing the same concepts that revolutionized the operations world to the security industry. These concepts include increasing the collaboration and communication between security teams and the rest of the engineering organization, treating your security as code, and adding security checks in your CI/CD pipeline. As an engineer implementing a DevOps philosophy, you are in an ideal position to handle aspects of the security as well.

In this chapter, we will take a closer look at how to implement some of the most common security best practices. AWS provides several services and features to help with this. At the application level, you take advantage of a certificate manager to get free SSL certificates for your load balancers and CloudFront distribution. You can take advantage of the encryption key feature within IAM to protect your data at rest or encrypt passwords and backups. What is even more interesting, and will be the focus of this chapter, is the number of tools and services we can rely on to improve the security of our infrastructure.

AWS and other cloud providers use a shared responsibility model. We will first see what this means. Following this, we look at several tools that will help us to audit our security. In the remaining part of the chapter, we will focus on improving the security of our systems. We will first look at better managing users, services, and their permissions.

We will then improve the security of our network and finally, we will learn how to protect against targeted attacks. Therefore, in this chapter we'll be covering the following points:

  • Understanding where to focus your effort
  • Improving the security of the IAM layer
  • Strengthening the security at the network level
  • Protecting against targeted attacks
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset