AWSUGKOCHI - September 2019 Meetup Presentation
An Introduction in to AWS Infrastructure Security Best Practices by Shibu Basheer, CTO - Cabot Technology Solutions
5. IAM
● Create individual users
● MFA
● Use groups to assign to assign permissions to users.
● Grant Least Privilege
● Use AWS Managed Policies
● Do not share access keys
● Use Roles for Applications that run in EC2
● Use STS to generate temporary security credentials (apps, web applications)
6.
7. STS
● Security Token Service
● Avoid hard coding access key IDs in code
● Use STS for temporary access to aws services
● STS service will generate temporary accessKeyID, secretAccessKey and
sessionToken
● Cognito
● OpenId connect
8.
9.
10.
11. AWS Organizations
● Manage multiple aws accounts under one account
● Restrict resources
● Billing Entities
● Business Units
● Environments (dev, test, prod)
17. Other Services
● AWS Inspector
○ Security Assessment Service
○ Scan vulnerabilities
● Macie
○ Discover sensitive data stored in your infrastructure
● Guard Duty
○ Threat detection service
○ Uses data from vpc flow logs, cloudtrail logs, and dns
● KMS (Key management Service)
○ Store keys that encrypts your data