Compute and data security

AWS Security and Cost Management Concepts

Dev Bhosale

Principal Data & Cloud Architect

Securing customer data

Shared responsibility. AWS is responsible for security of the cloud while the customer is responsible for security in the cloud.

  • Protection of customer data is a customer responsibility
  • It is necessary to secure compute, network, and storage
AWS Security and Cost Management Concepts

Compute security strategies

  • Use SSH keys instead of passwords
  • Update OS with latest patches
  • Control access to servers using security groups
  • Use IAM roles instead of stored credentials
  • Use security groups

Compute security: keep credentials secure, update the OS, manage access using security groups, use IAM Roles

AWS Security and Cost Management Concepts

Security groups

security groups

Feature NACL (Network Access Control List) Security Groups
Scope Subnet-level Instance-level
Statefulness Stateless Stateful
Default Rules Denies all unless allowed Allows outbound
Best for Broad network layer control Granular instance
AWS Security and Cost Management Concepts

Data security strategies

Data security strategies: encrypt all data using KMS, or secure S3 buckets

AWS Security and Cost Management Concepts

S3 public access and recovery

Block public access in S3 permissions

  • S3 public access enables anyone to read data
  • Public access can be turned off using a setting
AWS Security and Cost Management Concepts

Encryption at-rest

  • Automatic Encryption
  • Customer-Controlled Keys
  • Compliance & Security

S3 version and archive

AWS Security and Cost Management Concepts

Security resources

Security resources: Knowledge center, security blog, documentation, and security hub

AWS Security and Cost Management Concepts

Let's practice!

AWS Security and Cost Management Concepts

Preparing Video For Download...