Page tree
Skip to end of metadata
Go to start of metadata

Resources on AWS security, security for AWS platforms like EC2, S3 and RDS, AWS monitoring, AWS configuration and security Groups, AWS firewall solutions, and more.

Table of Contents:

Below we have compiled publicly available sources from around the world that present views on AWS Security.

AWS Security Overview

Amazon Web Services (AWS) is one of the largest providers of Infrastructure as a Service. Its core service is the Elastic Compute Cloud (EC2), which provides compute resources on demand which are priced per hour, but there are now dozens of additional cloud services offered by AWS, including S3, a file storage service, the Relational Database Service which allows running SQL databases on demand, RedShift which is a high-performance data warehouse, and more. Because Amazon is a public cloud and users are running their applications and data remotely, outside their internal data centers, security is a primary concern.

On this wiki, we have collected the best resources from around the world covering the following aspects of AWS security:

  • Security best practices for AWS users.
  • Security related activities on AWS - including monitoring, secure access and SSH, compliance, configuration and security groups, and more.
  • Security-related technologies and services Amazon provides - such as VPC, AWS WAF, Amazon IAM, CloudFormation, CloudTrail, CloudHSM, and more.
  • How to secure specific AWS platforms and products - S3, RDS, RedShift, EDS, SES, SQS, AWS Auto Scaling, and more.

Key Topics in AWS Security

  • Security for AWS PlatformsSecuring the various computing services provided by Amazon Web Services requires a complex combination of technologies and best practices. In this section you'll find resources from around the web on securing specific services on AWS, including Amazon S3, Amazon RDS, Amazon RedShift, EBS, SES, SQS, and more.
    • S3 SecurityResources on how to secure and harden Amazon S3 (Simple Storage Service), an online file storage web service offered by Amazon Web Services. 
    • RDS SecurityResources on how to secure and harden the Amazon Relational Database Service (Amazon RDS), which enables Amazon users to set up, operate, and scale relational databases like MySQL and SQL Server in the cloud. 
    • RedShift SecurityResources on how to secure and harden Amazon Redshift, a fully managed, petabyte-scale data warehouse service on the AWS cloud.
    • Amazon EBS SecurityResources on how to secure and harden Amazon Elastic Block Store (EBS), which provides persistent block level storage volumes for use with Amazon EC2 instances.
    • Amazon SES SecurityResources on how to secure and harden the Amazon Simple Email Service (Amazon SES), a cost-effective email service built on the AWS cloud.
    • Amazon SQS SecurityResources on how to secure and harden Amazon Message Queuing Service (SQS), which helps users of AWS decouple the components of their cloud applications. 
    • Amazon SNS SecurityResources on how to secure and harden the Amazon Simple Notification Service (SNS), a push messaging service that pushes notifications from Amazon cloud apps to mobile devices and distributed services.
    • AWS Auto Scaling SecurityResources on how to secure and harden Amazon's Auto Scaling service, which helps AWS users maintain application availability by dynamically scaling EC2 capacity up or down.
    • Amazon Elastic MapReduce SecurityResources on how to secure and harden Amazon Elastic MapReduce (EMR), a web service that uses Hadoop, an open-source framework, to process vast amounts of data.
  • AWS MonitoringResources on monitoring AWS applications and deployments, including best practices and specialized monitoring tools for the Amazon cloud.
  • AWS Secure Access and SSHResources on how to securely access Amazon Web Services machines, using SSH keys and other methods, and security best practices for remote access on the Amazon cloud.
  • AWS ComplianceResources on compliance with regulations and industry standards on the AWS cloud - HIPAA compliance, ISO 27001 compliance, PCI compliance, and more.
  • AWS Security GroupsResources on defining security groups on AWS services like EC2, VPC and RDS. Security groups act as a virtual firewall that controls the traffic for one or more Amazon instances.
  • AWS FirewallResources on how to setup a firewall on AWS, and tools that enable firewall capabilities on the Amazon cloud. For Amazon's WAF (Web Application Firewall) product, see our AWS WAF page (coming soon).
  • AWS Security-Related Products and FeaturesResources about security products and features provided as part of the Amazon Web Services cloud platform.

Further Reading

  • Cloud Security Practices and EducationResources about how to secure cloud computing systems and learn about cloud security.
    • Business Continuity and Disaster Recovery on the CloudBusiness continuity and disaster recovery is of high priority for every organization, disruptions can cause damage to a company's operation and reputation.
    • Cloud Security Best PracticesResources on how to improve security for cloud-based systems.
    • Cloud Security TrainingA list of resources regarding cloud security training. Cloud security training provides you with experience identifying and resolving security issues specific to public and private cloud services.
    • Cloud Storage and Cloud Backup SecurityResources on cloud storage and cloud backup security, and how to protect companies and individuals data integrity.
    • Compliance and Auditing on the CloudResources on compliance to government regulations and standards, and on performing auditing in cloud-based systems.
    • SecOpsAn overview of security operations (SecOps) practices, strategies and professional services, in relation to cloud security. 
  • Cloud Computing Risks and ThreatsResources on how to identify, deal with and prevent specific cloud security threats and attacks including DDoS, API vulnerability, Shadow IT and traffic hijacking.
    • Cloud Data BreachesResources on cloud data breaches and unauthorized data viewing, its implication and ways of prevention. 
    • Cloud Data LossResources on cloud data loss risks and prevention.
    • Account HijackingResources on account hijacking attacks in the context of cloud security.
    • Traffic HijackingResources on traffic hijacking threats and and the ways to defend against them.
    • API VulnerabilitiesResources on API security vulnerabilities in the context of cloud computing and cloud services.
    • Cloud Services AbuseAn overview of cloud computing services abuse and unauthorized use of cloud systems.
    • Shadow ITResources on traffic shadow IT practices, its extent, cost and implications on internet security.
  • AWS SecurityResources on AWS security, security for AWS platforms like EC2, S3 and RDS, AWS monitoring, AWS configuration and security Groups, AWS firewall solutions, and more.
    • Security for AWS PlatformsSecuring the various computing services provided by Amazon Web Services requires a complex combination of technologies and best practices. In this section you'll find resources from around the web on securing specific services on AWS, including Amazon S3, Amazon RDS, Amazon RedShift, EBS, SES, SQS, and more.
    • AWS MonitoringResources on monitoring AWS applications and deployments, including best practices and specialized monitoring tools for the Amazon cloud.
    • AWS Secure Access and SSHResources on how to securely access Amazon Web Services machines, using SSH keys and other methods, and security best practices for remote access on the Amazon cloud.
    • AWS ComplianceResources on compliance with regulations and industry standards on the AWS cloud - HIPAA compliance, ISO 27001 compliance, PCI compliance, and more.
    • AWS Security GroupsResources on defining security groups on AWS services like EC2, VPC and RDS. Security groups act as a virtual firewall that controls the traffic for one or more Amazon instances.
    • AWS FirewallResources on how to setup a firewall on AWS, and tools that enable firewall capabilities on the Amazon cloud. For Amazon's WAF (Web Application Firewall) product, see our AWS WAF page (coming soon).
    • AWS Security-Related Products and FeaturesResources about security products and features provided as part of the Amazon Web Services cloud platform.
  • Windows Azure SecurityResources about security for Windows Azure, the cloud platform provided by Microsoft, including security measures provided by the Azure platform, how to use them, and additional security best practices for users of Windows Azure.
    • Azure Security-Related ProductsResources about security products offered by Microsoft as part of Windows Azure.
    • Azure MonitoringResources about Azure monitoring, which refers to monitoring the Azure cloud. Azure monitoring includes several aspects, such as log file analysis, defining/collecting metrics, and providing diagnostic for root cause analysis or troubleshooting.
    • Azure Secure Access and SSHResources about Azure secure access and SSH, which discusses how to securely access, provision, or migrate virtual machines on the Microsoft Azure cloud using the SSH protocol.
    • Azure ComplianceResources on Azure compliance, which refers to the methods in which the Microsoft Azure cloud complies with common policies, regulations, certificates, and attestations. Microsoft shares third-party verification results with its customers, and supports the CDSA, CJIS, and CSA CMM certificates.
    • Azure FirewallResources on Azure firewall, which refers to the methods of protecting services or applications on the Microsoft Azure cloud using a firewall. Firewall options for the Azure cloud include pre-packaged operating system firewalls or third-party firewalls offered as cloud services.
    • Azure EncryptionResources on how to encrypt data and manage encryption on the Microsoft Azure cloud.
    • Setting up SSL on AzureResources on how to set up HTTPS and SSL on the Microsoft Azure cloud platform.
  • List of Cloud Security Tools and ServicesResources about tools and services specifically built to enable security in cloud computing environments.
    • Cloud Application, Server and Network SecurityResources about tools and services used to protect applications, servers or networks facilitated by cloud computing.
    • Cloud Antivirus and Threats PreventionResources about cloud antivirus, a solution in which antivirus processes are conducted on cloud servers instead of a user's PC, and threat prevention, the practice of preventing systems (mainly in IT organizations) from being infected by viruses or protecting the systems from cyber attacks.
    • Cloud Identity and Access Management ToolsResources about cloud identity and access management tools, which are tools used for facilitating the management of electronic identities.
    • Cloud Data and CDN Security ToolsResources about cloud data and Content Delivery Network (CDN) security tools, which are tools used to protect data stored on cloud servers, and user-related data used for CDN functions (such as geolocation or content delivery server data).
    • Cloud MonitoringResources about cloud monitoring, a process that includes monitoring, management and review of workflows or processes of an IT asset or infrastructure that is cloud-based. Cloud monitoring aims to make sure that the relevant cloud platform is performing properly.
  • Cloud Security TechnologiesResources about the technologies used to achieve cloud security - the practice of protecting data, applications, infrastructure and human interactions facilitated by cloud computing.
    • Cloud FirewallResources about cloud firewall, a firewall that is managed on cloud servers rather than being offered as a local hardware appliance or software solution. A cloud firewall supports distributed environments, where users and applications operate from various locations and sources.
    • CASBResources about Cloud Access Security Broker (CASB), a software tool that acts as an enforcement point for security policies. A CASB is placed between cloud service consumers and providers and allows organizations to extend their security policies beyond the organization, by adding or combining policies as cloud-based resources are accessed.
    • Cloud Data EncryptionResources about cloud data encryption, the practice of protecting sensitive data stored on cloud servers and securing the data leaving a network. Cloud data encryption also aims to prevent unauthorized access to private data.
    • Cloud Application SecurityResources about cloud application security, the practice of protecting cloud applications, which aims to address security issues faced both by the organization providing the cloud service and by its customers.
    • Cloud Backup and RecoveryResources about cloud backup and recovery, a security strategy according to which records and data are copied to a cloud server, where they are maintained and can be recovered if necessary.
    • Using Configuration Management for Cloud SecurityResources about using configuration management - the practice of providing information about the delivery method of services - for cloud security. Configuration management for cloud security refers to practicing different levels of configuration management on cloud-related services such as SaaS, PaaS, or IaaS.

Dome9: AWS Network Security and Identity Protection Made Simple

Visualize. Remediate. Enforce.

Start Free Trial

Visualize. Remediate. Enforce.

Bulletproof Security for AWS

  • No labels