AWS security best practices for non-security professionals
First, we need to understand what makes a system secure.
To say that something got hacked we need to break one of the 3 diagonals of the CIA triad (Confidentiality, Integrity, Availability)
Preventing sensitive information from unauthorized access attempts.
Ex: Data leakage
Maintaining the consistency, accuracy, and trustworthiness of data over its entire lifecycle. Data must not be changed by not authorized people
Ex: A student changing his grades in the university database
Information should be consistently and readily accessible for authorized parties (Data can be accessed when we want to)
Ex: DDOS attack
(distributed denial-of-service which occurs when someone tries to visit a website with a lot of devices until the server can’t handle that and crashes and the data becomes unavailable)
Now that we know what is a secure system let’s see what is AWS Security? and how it protects the Confidentiality, Integrity, and Availability of your application
AWS Security Practices
1. Implementing strong password policies
- Create password requirements that use symbols, numbers, letters, and capital letters
- Schedule credential resets (every 6 months or so)
2. Implementing 2 Factor Authentication
- like physical keys, apps like google-authenticator
3. Don’t hard code secrets
4. Use managed IAM policies
5. Follow the AWS News blog
6. Activate all the AWS security controls and services
7. Always use Encryption
8. Keep the Least Privilege Principle in mind
9. Regular data backups
10. Test security (Pentests)
AWS Security Specialist Certification
I really recommend taking the AWS Security Specialist exam because:
- It will teach you how to build and implement solutions that enhance the security of AWS instances.
More info about the exam:
Length: 170 minutes to complete the exam
Cost: 300 USD
Visit Exam pricing for additional cost information.
Format: 65 questions; either multiple choice or multiple response questions