In today’s IT threat landscape, keeping pace with the attackers and ensuring security is more important than ever. And with the choice of public cloud – especially AWS that features shared responsibility model, AWS users need to pay close attention to few security measures from time to time. For the reason that: the responsibility for anything provisioned on AWS and the apps that run on top of that needs to be taken care, even though AWS takes responsibility of the facilities, physical security of hardware and virtualization infrastructure. To ease things up for the beginners on AWS, we have collated few salient AWS Cloud Security Best Practices that an individual should follow to safeguard his complete infrastructure.
1. Enable MFA for IAM user
One of the most commonly ignored and the most important security measure is enabling the Multifactor Authentication (MFA) for all your IAM users. This adds an extra layer of protection to your AWS account access and negates the possibility of username/password being compromised. Enabling MFA gives you a secure two-step login that ensures the authenticity of a user. You can explore more AWS Cloud Security Best Practices for IAM, here.
2. Termination Protection
EC2 is a key AWS resource in your cloud architecture and any intrusive changes to it can be catastrophic. In order to protect your mission critical EC2 instances, always enable the Termination Protection API. This will prove crucial in avoiding erroneous termination of EC2 instances in your environment.
If you want to empower yourself with every activity that is ongoing in your AWS environment, the best solution is to enable CloudTrail in your environment. CloudTrail is an AWS service that records API calls made on your account and delivers the log files to an S3 bucket. It helps track changes to your resources, user activity, and also ensures your environment is compliant. Most cloud practitioners consider CloudTrail as one of the AWS Cloud Security Best Practices to definitely have in place.
4. Admin Credentials Count
It is recommended not to keep too many IAM admin access keys. Multiple super-users can cause abrupt changes in the environment, which can be harmful for a planned architecture. Hence, a maximum count of 2-3 users depending on environment is considered the ideal number of admin access keys allowed.
5. Old IAM Access Keys
As an admin, you should regularly change/rotate IAM access keys for users in your account. If you have already set required permission for users to rotate access keys themselves, you should change them once in every 60 days to maintain better security paradigm.
6. Security Groups
A Security Group functions as a virtual firewall that controls the inbound and outbound traffic for one or more instances. We associate a security group with the launch of each instance. The Security Group in your environment may have an open IP port or might be open to public access. This may cause a data breach. To avoid exposure to security vulnerabilities, we recommend that only ports that are associated with relevant IP and security groups are kept open.
Through the above basic AWS Cloud Security Best Practices tips you can manage well. However, if you are worried and want to follow industry best practices to secure your AWS cloud, you should try Botmetric’s Cloud Insights for a complete perimeter check of AWS infrastructure with 85+ best practices.
Get Botmetric today! Take up a 14-day trial today, and see how Botmetric auto-diagnoses all the vulnerabilities in your cloud infrastructure, proactively checks for IAM policies applied for access controls, provides smart recommendations, solves issues with single-click, and ensures your data in the cloud is safe and secure.
Tell us what’s your security posture and how you are implementing the critical cloud security controls and tackling the threat landscape for your cloud. Tweet to us. Comment to us on Facebook. Or connect with us on LinkedIn. We’re happy to hear!