DEV Community

Alec Dutcher
Alec Dutcher

Posted on

Security Best Practices - AWS Well-Architected Framework Study Guide

Return to Well-Architected Framework Guide

Security

  • Apply overarching best practices to every area of security
  • Stay up to date with AWS and industry recommendations and threat intelligence
  • Automate security processes, testing, and validation
  • Ask:
    • How do you securely operate your workload?

Identity and Access Management

  • Ensure only authorized and authenticated users and components are able to access resources, and only intended manner
  • Define principals (accounts, users, roles, and services that can perform actions in your account)
  • Build out policies aligned with these principals, and implement strong credential management
  • Apply least-privileged access approach
  • Ask:
    • How do you manage identities for people and machines?
    • How do you manage permissions for people and machines?

Detection

  • Use detective controls to identify potential security threats or incidents
  • Use internal auditing to ensure that practices meet policies and requirements
  • Set automated alerting notifications based on defined conditions
  • Ask:
    • How do you detect and investigate security events?

Infrastructure Protection

  • Control methodologies necessary for best practices and organizational or regulatory obligations
  • Implement stateful and stateless packet inspection
  • Use Amazon Virtual Private Cloud (Amazon VPC) to create a private, secured, and scalable environment
  • Enforce boundary protection
  • Monitor points of ingress and egress
  • Engage in comprehensive logging, monitoring, and alerting
  • Ask:
    • How do you protect your network resources?
    • How do you protect your compute resources?

Data Protection

  • Use data classification to categorize organizational data based on levels of sensitivity
  • Encrypt data and manage keys, including regular key rotation
  • Perform detailed logging that contains important content, such as file access and changes
  • Use versioning to protect against accidental overwrites, deletes, and similar harm
  • Ask:
    • How do you classify your data?
    • How do you protect your data at rest?
    • How do you protect your data in transit?

Incident Response

  • Put processes in place to respond to and mitigate the potential impact of security incidents
  • Routinely practicing incident response through game days
  • Ensure that you have a way to quickly grant access for your security team
  • Practice the following:
    • Detailed logging
    • Automate event processing and response
    • Pre-provision tooling and a “clean room” to carry out forensics in a safe, isolated environment
  • Ask:
    • How do you anticipate, respond to, and recover from incidents?

Return to Well-Architected Framework Guide

Top comments (0)