Security and infrastructure deployment are more than the responsibility of operations and security teams as the industry moves towards DevSecOps culture. Developers today are keen to include security and operations activities in order to understand the best application for them. This blog will discuss how AWS services can help achieve this goal.
TABLE OF CONTENTS
1. IAM (Identity and Access Management). Multi-Factor Authentication (MFA)3. Strategy for using IAM in your Infrastructure AWS Shield5. AWS WAF6. Strategy to secure your Application and Network7. Conclusion8. CloudThat1. IAM (Identity and Access Management).
AWS IAM, a web service provided by AWS, allows us to securely manage AWS resources’ access. IAM is also used to authenticate and authorise users to access resources. For more information, check out this blog on 8 Best Practices in Identity and Access Management (IAM).
We will create an AWS Account for the first time by creating an AWS account root user. This root user has full access all AWS resources and services. Login with the email address or password you used to create the AWS account will allow you to access this root user. It is best to not use the AWS root user for any of our daily tasks, including administrative tasks. Instead, we follow the best practice of only using a root user to create our first IAM account.
IAM offers the following features:
Access to your AWS account via shared access
Amazon EC2 applications can be secured for secure access
Multi-factor authentication (MFA)
Federation of identity
Use it free of charge
2. Multi-factor Authentication (MFA)
AWS MFA adds an extra layer of security to the AWS Credentials. MFA enabled users can log into their AWS account via AWS Management Console. The AWS MFA device that they have registered generates an authentication code. Users will need to enter their username and password. These multiple authentication factors increase the security of our AWS account and the AWS resources that we have created. MFA can be enabled for both the AWS account as well as for an individual IAM user you have created in your AWS account. MFA is free.
3. IAM Strategy in Your Infrastructure
We will create IAM groups based upon the roles of users such as Admins, Developers and Testers to ensure that the appropriate permissions are granted to users to access AWS resources.
An IAM group is a group of IAM users. IAM Groups allow you to specify permissions for multiple users. This makes it easier to manage permissions for users based on their group. You can create a group called Admins, and grant the permissions required by administrators to that group. All users in this group will automatically have the permissions that were assigned to them. A new user may need administrator privileges. You can add the user to the Admins Group and assign the appropriate permissions. You can also remove a user from an IAM group to change their role in your organization and add them to the appropriate IAM group.
IAM policies will control the permissions of IAM groups and their users. These policies can be either AWS managed policies or Customer managed policies. AWS-managed policy are policies that are created and owned by AWS, while we manage customer-managed policies. We can use IAM Policies to create permissions for IAM users or groups. They will have access to AWS resources based on their IAM policies. We can, for example, grant access to the Development Server to users who are not already logged in.