Compute and data security

Concetti di sicurezza e gestione dei costi su AWS

Dev Bhosale

Principal Data & Cloud Architect

Securing customer data

Shared responsibility. AWS is responsible for security of the cloud while the customer is responsible for security in the cloud.

  • Protection of customer data is a customer responsibility
  • It is necessary to secure compute, network, and storage
Concetti di sicurezza e gestione dei costi su AWS

Compute security strategies

  • Use SSH keys instead of passwords
  • Update OS with latest patches
  • Control access to servers using security groups
  • Use IAM roles instead of stored credentials
  • Use security groups

Compute security: keep credentials secure, update the OS, manage access using security groups, use IAM Roles

Concetti di sicurezza e gestione dei costi su AWS

Security groups

security groups

Feature NACL (Network Access Control List) Security Groups
Scope Subnet-level Instance-level
Statefulness Stateless Stateful
Default Rules Denies all unless allowed Allows outbound
Best for Broad network layer control Granular instance
Concetti di sicurezza e gestione dei costi su AWS

Data security strategies

Data security strategies: encrypt all data using KMS, or secure S3 buckets

Concetti di sicurezza e gestione dei costi su AWS

S3 public access and recovery

Block public access in S3 permissions

  • S3 public access enables anyone to read data
  • Public access can be turned off using a setting
Concetti di sicurezza e gestione dei costi su AWS

Encryption at-rest

  • Automatic Encryption
  • Customer-Controlled Keys
  • Compliance & Security

S3 version and archive

Concetti di sicurezza e gestione dei costi su AWS

Security resources

Security resources: Knowledge center, security blog, documentation, and security hub

Concetti di sicurezza e gestione dei costi su AWS

Let's practice!

Concetti di sicurezza e gestione dei costi su AWS

Preparing Video For Download...