Blogs

AWS Security Features

The Amazon Web Services (AWS) in terms of security follow a shared responsibility model. So, the security ‘of’ the cloud is on the shoulders of AWS, whereas you and your organization’s development team have to look after the security “in” the cloud. Hence, the protection of the infrastructure of the cloud, including hardware, software, and networking falls under the territory of AWS. All the other security objectives, including access to your AWS resources and the security of your application, is your responsibility. The following is an overview of four of the most common AWS security features you’ll need to keep your cloud secure.

1. S3 Security

S3 stands for Amazon’s Simple Storage Service, which is responsible for providing data storage with a high level of availability & durability. Just like all AWS services, the S3 by default denies access from most sources. Only the bucket and object owners (the AWS account owner) have read/write access by default. Hence, it becomes important to lock your S3 buckets so that no unauthorized users are able to view, upload, or delete your files. Contrary to other services, there are several ways of adding permissions to S3, like:

  • Firstly, by giving IAM roles to your hand-picked users within your AWS account. They can be used to specify what the users are allowed to do, and how many of them have access to it?
  • Usage of Bucket Policies to lock down a single bucket. There is an option of adding permissions to either the individual users or the entire AWS accounts. Bucket policies can be helpful if some files in your application are public and some are private.
  • Use of Access Control Lists (ACL) to gain access for AWS accounts & not the individual users. These become very helpful when your company is in possession of & uses several AWS accounts or if any other organization needs access to your files.

2. Identity Access Management (IAM)

The IAM is a free-of-cost element of the AWS that allows you to control & manage- ‘what users have access to what services and resources. By default, access to resources is generally denied, so you will have to grant users permissions in IAM. Permissions are incredibly comminuted and allow you to specify the particular file or resources that a user can access, what the things are that they can do with the file and the work conditions that have to be present for the permissions to get activated – like, using a specific IP address to access AWS. Here are some best practices you should consider with IAM:

  • Granting few privileges- Granting the users only the permissions they need to perform the tasks, and nothing more. This is very beneficial, as you can always grant more permissions, but you cannot obtain the databases that were deleted or removed because you made everyone an admin.
  • Creation of groups- A group can be defined as a lump or collection of users that allows you to specify the various permissions for the concerned users. Because of this, tracking who has what permissions becomes very easy, plus you can add permissions to several users at once. For example, a group called Mismo AWS could be given full control over the AWS, while the other group, i.e., AWS Developers, in this case, may only be given access to Lambda and S3.
  • Enable multi-factor authentication, or MFA, for all users. MFA means that, for a user to sign in, they will have to enter the passcode followed by an additional code that is sent to them through a secondary device, like a smartphone. This is very useful as, even if a user’s password is compromised, their account will not be accessible.

3. Cloud Trail

Your applications are not directly affected by CloudTrail, but it is essentially a tool used for tracking the activity of the users, compliance demonstration, and executing the security analysis. The review activity can also be searched through the logs created by CloudTrail. Overall, it is present by default, so you can view the logs as long as you have an AWS account. CloudTrail is very useful in determining whether your security configuration is sufficient or not? You can view the following from CloudTrail logs:

  • The various updates to AWS services.
  • The IP address source of the API calls.
  • Which account created, deleted, or even modified the different AWS resources.

You can monitor and protect your organization’s digital assets with the built-in features of AWS. You have the power to determine which security features to employ and who has access to them. Your data gets stored securely on the cloud, & your organization’s unique security requirements are still under your control.

4. Security Groups

Elastic Cloud Compute also called EC2, instances are the actual servers on which the applications are run. Each server operates from a Virtual Private Cloud (VPC), a virtual network that you have control over. These VPCs have. There are many security groups in VPCs, which may or may not allow the entry of traffic.

In these security groups, you get to choose the traffic that can enter both in and out of your VPC. Security groups, however, are stateful, so if you allowed ‘in’ a request, its response is allowed ‘out’. By default, traffic is denied, so everything gets rejected if it is not specifically allowed ‘in’. It is quite common for all the traffic to be allowed for Outbound traffic (because you are the one who is sending it), but it is important to cut down on the type of inbound traffic that you allow. You can also specify the types of requests (like HTTP, SSH, etc.), the port range, & the source of traffic through these security groups.

For more of such blogs click here.

No Comments

Comments On "AWS Security Features"

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Blogs

Oct

04

2023

Microsoft update: Chat with users with Teams personal accounts

Chat with Teams will extend collaboration support by enabling Teams users to chat with team members outside their work network

Dec

01

2022

AWS vs Azure

The cloud service providers AWS and Azure are truly miraculous helping millions across the globe creating a virtual space with

Apr

25

2022

The need for a hybrid solution – Azure Stack HCI

Microsoft’s Azure Stack HCI is a hyper-converged infrastructure with virtualization, software-defined networking, and more. What separates it from the rest

Jan

10

2022

Azure Virtual Desktop vs Windows 365

Azure Virtual Desktop (AVD) is a Desktop as a Service (DaaS) solution offered on Microsoft Azure, previously named Windows Virtual

Nov

16

2021

AWS Update:- Amazon EC2 now supports access to Red Hat Knowledgebase

Starting today, customers running subscriptions included Red Hat Enterprise Linux on Amazon EC2 can seamlessly access Red Hat Knowledgebase at

Nov

16

2021

AWS Update:- Amazon SNS now supports token-based authentication for APNs mobile push notifications

For sending mobile push notifications to Apple devices, Amazon Simple Notification Service (Amazon SNS) now enables token-based authentication. You may

Nov

16

2021

AWS Update:- Amazon ECS now adds container instance health information

Customers may now see the health of their compute infrastructure using Amazon Elastic Container Service (Amazon ECS). The customers running their

Nov

16

2021

Microsoft 365 Update:- Viva Connections is now generally available!

Viva Connections, part of Microsoft Viva, is your entry point to a modern employee experience. You get an all-in-one experience with the customized

Nov

16

2021

Microsoft 365 Update:- Meeting Activities in Teams Audit Log

Meeting Activities have been added to the Microsoft Teams audit log to help organizations respond more effectively to security events, forensic investigations,

Nov

16

2021

Microsoft 365 Update:- Microsoft is retiring Security Policy Advisor in the Microsoft 365 Apps admin center

Beginning November 8, 2021, Microsoft will stop supporting Security Policy Advisor. It is recommended that you use the Office cloud policy

Nov

15

2021

Azure Update:- Global Disaster Recovery via Azure Site Recovery

Azure Site Recovery is a Cloud-driven, highly innovative, and automated disaster recovery solution (DRaaS). Azure’s native platform capabilities for high

Nov

15

2021

Azure Update:- Screen Capture Protection for Azure Virtual Desktop

Azure Virtual Desktop is a service running in the cloud that enables your users to access the data, applications, and

Nov

15

2021

Azure Update:- Immutable Storage with versioning for Blob storage

Azure blob storage is massively scalable and secure object storage for cloud-native workloads, archives, data lakes, high-performance computing and machine

Nov

10

2021

How is Cloud transforming Industries?

Cloud technology has been impactful in transforming business. From cost savings to easy collaboration, the usage of the Cloud has

Sept

27

2021

4 Tips for Protection Against Unsafe Emails

Earlier, the spotting of malicious content in emails was quite an easy task. However, due to the rise in technology,

Sept

24

2021

How is hybrid cloud useful for midsize/large businesses?

A hybrid cloud can be defined as a cloud computing environment that utilizes a combination of on-premises private cloud and

Sept

22

2021

How to Protect Your Data from a Ransomware Attack

What is a Ransomware attack? It can be defined as a malware attack that is carried out deliberately to encrypt

Aug

24

2021

Build superpower apps, with no code-Power apps

PowerApps is a tool that allows you to create custom apps, leveraging many of the features of the Office 365

Aug

11

2021

Why do you need a Modern Workplace – M365?

Microsoft 365, a world of enhanced productivity and collaboration that drives a team to achieve more together, is a complete

July

02

2021

Microsoft Teams Updates (June 2021)

In this blog, we will be discussing the various Microsoft Teams updates in the month of June. Meeting Updates: During

June

22

2021

Microsoft rebrands Windows Virtual Desktop as Azure Virtual Desktop

Microsoft’s virtual desktop infrastructure platform has been rebranded under the Azure name and notified of new security and management capabilities

May

07

2021

How Startups can succeed with Cloud Computing?

Startups are an enjoyable but demanding professional experience. A host of entrepreneurially dedicated professionals pursue their passion and dive into

May

04

2021

Azure AD SSO & AWS – Connecting the Rivals

Being part of Mismo Systems, I am fortunate enough to get to work on a diverse set of projects. Few

May

04

2021

A quick look at the 4 Most Used Services on Microsoft Azure

1. Azure Compute Azure compute is an on-demand computing service for running cloud-based applications. Azure compute service can be divided broadly into three

May

01

2021

Cloud Security – A shared responsibility

We see all businesses small or big, consuming cloud technology in one or another way. The pandemic has increased the

Apr

18

2021

Breakout Rooms and Its Usage – Microsoft Teams

In this blog, we are going to discuss a feature provided by Microsoft teams known as Breakout rooms. Also, we

Apr

12

2021

Is Cloud cheaper than On-premises Data Centres?

Cloud has bloomed over the last decade, according to Goldman’s analysts almost 23% of IT workloads now live on Public

Apr

04

2021

Amazon CloudFront

Amazon CloudFront is a brisk Content Delivery Network (CDN) service that safely transfers data, videos, applications, and Application Programming Interface

Apr

04

2021

Hosting with Transparency, Compliance, and Security

We help customers host applications on the cloud, this includes accounting systems including Tally, ERP software including SAP, and Navision.

Apr

04

2021

Future of Cloud Computing

Cloud computing has established itself as the inevitable future when it comes to IT services. This picture becomes much clearer

Apr

04

2021

AWS Security Features

The Amazon Web Services (AWS) in terms of security follow a shared responsibility model. So, the security ‘of’ the cloud is on

Mar

14

2021

Azure vs AWS

It’s Azure vs AWS!! Read this blog to know the major differences between Azure & AWS. What is Azure? Microsoft

Mar

04

2021

Amazon FSx – How can it help you?

The Amazon FSx has a very efficient way of deploying and running traditional file servers in the cloud that is

Mar

04

2021

What is Budget in Azure and how can you set the Budget?

Budget in Azure to manage and monitor the spending or consumed cost for Azure services. We can apply budget on

Feb

23

2021

DevOps with AWS

What is CI CD? Continuous Integration Developers work on the code which is stored in a code repository.  Code repository

Feb

09

2021

Azure Firewall

Azure Firewall is a managed, cloud-based network security service that protects your Azure virtual network resources. You can centrally create,

Feb

04

2021

AWS Directory Service: The Amazon Cloud Active Directory!

The AWS Directory Service provides several ways to use the Microsoft Active Directory (AD) with other AWS utilities. Information regarding

Feb

03

2021

Package Manager for Microsoft Intune Administrators – Part 1

Deploying applications to end-user Windows machines has never been easier if you are a Microsoft Intune administrator. Earlier what used

Feb

02

2021

Major Cloud Concerns – Do corporate agents, cyber hackers, and governments have access to my data if it is in the cloud?

This is one of the major cloud concerns for many companies, but it is irrational. Your IT team manages access,

Jan

04

2021

How Global admin can give someone’s OneDrive access to another user?

Please follow the below steps to use this feature. Go to Admin Center https://admin.microsoft.com/ > User>Active Users> Search Name>Click on User Profile.

Dec

04

2020

Microsoft Secure Score

Microsoft Secure Score is a security analytics tool that provides better security configuration and security features. It applies a numerical

Dec

04

2020

Top 10 Elements of The Cloud

In this blog I will be talking about the Top 10 elements of Cloud. Virtual Network: Create a logically isolated section

Nov

04

2020

AWS CodePipeline

AWS CodePipeline is an Amazon Web Services tool that automates the app deployment process, enabling the developer to easily create,

Nov

03

2020

How Cloud Computing Can Improve Your Business?

Cloud computing provides users with access to files, applications, data, and services from their Internet-connected devices, such as smartphones, laptops,

Sept

04

2020

Visio Tabs in Microsoft Teams

Visio Tabs in Microsoft Teams allows team members in a dedicated space to access resources and information in a channel

Aug

04

2020

Cloud or On-prem? – All you need to know about moving to Office 365

Protection and uptime are usual for Office 365 in the cloud. Companies are generating data at an utterly impressive pace

Feb

09

2019

Remove Azure AAD Connect

Let’s see the steps to disable AD Sync, remove AAD connect and move to cloud-only administration. 1. Download Azure Active