DEV Community

Ayesha Arshad
Ayesha Arshad

Posted on • Originally published at aysharshad.com

Main Principles of Security in AWS Cloud

While discussing the Security of Amazon Web Services which is a collection of over 200 fully managed services. The first thing that needs to be established in this case is that it is a formidable task to secure all of the resources offered by AWS at the moment. Services that are totally different in nature from each other yet overlapping in terms of communication.

Yet it is crucial for AWS Cloud users to understand the fundamental structure of Cloud Security provided by AWS. Only then they can hope to secure their resources.

Rule of Thumb of Security in AWS

Security is not one person's responsibility it is a collective obligation for all. Hence AWS has introduced its Shared Responsibility Model for Security and Compliance. The model states that responsibility to secure AWS Resources must be shared between the following: 

  1. Customer Responsibility
  2. AWS Responsibility

The Triad of AWS Cloud Security

There is no way AWS is going to stop growing its services. And in fact, AWS is also providing a great collection of Security tools as well. Which makes it feel like a great task to secure AWS resources. 

Though the three hell hounds of Security for Amazon Web Services are strong enough to guard your AWS resources. These include:

  1. Identity Access Management (IAM)
  2. Virtual Private Cloud (VPC)
  3. Key Management Service (KMS)

IAM

As the first step is to guard the castle itself. Identity and Management System (IAM) plays a vital role as a permission management tool in controlling access to the AWS Infrastructure. 

You can devise a perfect authentication system for both Users and AWS Resources (acting as API calling entities). Every single resource in AWS is accessible via API. IAM provides you with the ability to secure and authorize these API calls. IAM provides the following features that provide a complete security infrastructure required to secure every API call that can be made to or from AWS Resources:

  1. Users
  2. Groups
  3. Roles
  4. Policies

For a further deep dive into Identity Access Management: Read this Article 

VPC

Network is the most important part to secure your AWS Resources. The data transit needs to be made secure in order to make sure that your resources and your data is secure. Virtual Private Cloud is the Virtual Network that holds your AWS resources.

The network part of VPCs is a separate discussion hence in this article you will only find the security part of the VPC Networking.

For a further deep dive into VPC: Read this Article

KMS

AWS Key Management Service (KMS) helps you encrypt your data at rest. And it provides integration with all of the AWS resources that are going to hold your data.

KMS is capable if encrypting any data unless the service has its own encryption system like S3 which houses its own separate system of encryption specific to its own structure and functionality.

KMS has two main functions:

  1. To Encrypt and Decrypt your data
  2. To guard your Encryption Key

Read More

Discussion (0)