AWS: Security in AWS Identity and Access Management Roles Anywhere

-

 


Cloud security at AWS is the highest priority. As an AWS customer, you benefit from data centers and network architectures that are built to meet the requirements of the most security-sensitive organizations.

Security is a shared responsibility between AWS and you. The shared responsibility model describes this as security of the cloud and security in the cloud:

Security of the cloud – AWS is responsible for protecting the infrastructure that runs AWS services in the AWS Cloud. AWS also provides you with services that you can use securely. Third-party auditors regularly test and verify the effectiveness of our security as part of the AWS Compliance Programs. To learn about the compliance programs that apply to AWS Identity and Access Management Roles Anywhere, see AWS Services in Scope by Compliance Program.

Security in the cloud – Your responsibility is determined by the AWS service that you use. You are also responsible for other factors including the sensitivity of your data, your company’s requirements, and applicable laws and regulations.

Data protection in AWS Identity and Access Management Roles Anywhere

The AWS shared responsibility model applies to data protection in AWS Identity and Access Management Roles Anywhere. As described in this model, AWS is responsible for protecting the global infrastructure that runs all of the AWS Cloud. You are responsible for maintaining control over your content that is hosted on this infrastructure. This content includes the security configuration and management tasks for the AWS services that you use.

For data protection purposes, we recommend that you protect AWS account credentials and set up individual users with AWS IAM Identity Centre (successor to AWS Single Sign-On) or AWS Identity and Access Management (IAM). That way, each user is given only the permissions necessary to fulfil their job duties. We also recommend that you secure your data in the following ways:

Use multi-factor authentication (MFA) with each account.

Use SSL/TLS to communicate with AWS resources. We recommend TLS 1.2 or later.

Set up API and user activity logging with AWS CloudTrail.

Use AWS encryption solutions, along with all default security controls within AWS services.

Use advanced managed security services such as Amazon Macie, which assists in discovering and securing sensitive data that is stored in Amazon S3.

If you require FIPS 140-2 validated cryptographic modules when accessing AWS through a command line interface or an API, use a FIPS endpoint. For more information about the available FIPS endpoints, see Federal Information Processing Standard (FIPS) 140-2.

We strongly recommend that you never put confidential or sensitive information, such as your customers' email addresses, into tags or free-form fields such as a Name field. This includes when you work with IAM Roles Anywhere or other AWS services using the console, API, AWS CLI, or AWS SDKs. Any data that you enter into tags or free-form fields used for names may be used for billing or diagnostic logs. If you provide a URL to an external server, we strongly recommend that you do not include credentials information in the URL to validate your request to that server.

Encryption in transit

IAM Roles Anywhere provides secure and private endpoints for encrypting data in transit. The secure and private endpoints allow AWS to protect the integrity of API requests to IAM Roles Anywhere. AWS requires API calls to be signed by the caller using a secret access key. This requirement is stated in the Signature Version 4 Signing Process (Sigv4).

Key management

Authenticating to IAM Roles Anywhere requires the use of asymmetric (public/private) key pairs. IAM Roles Anywhere does not hold customer private keys. Those remain on customer instances in data centers. Care should be taken to minimize the risk of accidental disclosure.

Use OS file system permissions to restrict read access to the owning user.

Never check keys into source control. Store them separately from source code to reduce the risk of accidentally including them in a change set. If possible, consider the use of a secure storage mechanism.

Inter-network traffic privacy

When accessing AWS APIs and resources from your data center, be aware of how the traffic is routed. Connectivity may occur via Network Address Translation (NAT) at the data center outbound firewall, or it may occur through Virtual Private Network (VPN).


credit:https://docs.aws.amazon.com/

Comments

Post a Comment

Popular posts from this blog

Unlock the Secrets: Your Ultimate Guide to a Happy and Lasting Marriage!

-
Image
Marriage is a God-ordained, covenant relationship between a man and a woman. Getting married is a lifelong commitment that is characterized by faithfulness and sacrificial love. Marriage is both a natural institution and a sacred union because it is rooted in the divine plan of creation. The free consent of the spouses makes a marriage. This bond is lifelong and exclusive. A married couple's shared love should constantly be willing to embrace new experiences. Having been married for 12 years, and if given the chance, I would do it all over again with my wife Evelyn, I would do so without a doubt. We can't claim to have as many experiences as others who have been married for 25 years or more, but after 12 years of marriage, we have learned a few things that have greatly benefited us which we'd like to share in this blog post. Marriage requires some 'ingredients' for it to remain 'juicy' and 'sweet.' These components will not only keep the marriage ali...
Read more

Great ways on how to use positive words over your children

-
Image
  Proverbs 18:21 21 Death and life are in the power of the tongue: and they that love it shall eat the fruit thereof. Words have life. As parents, we must always be mindful of the words we use or say to our children. That is why motivational speakers and self-help books promote positive self-talk and speaking your desires into your life. With this in mind, I strive to be extremely deliberate in my vocabulary and conversations with and around my children. One of the most important things I have learned having 3 of my own children is that they absorb much more than one might think. They hear, process, and internalize conversations around them, especially when the topic relates to them. They are often aware and listening even when adults think that they are unaware, playing or distracted. It is important to recognize the impact of statements made in front of children. When speaking to children, there are a number of things we need to keep in mind. There are many more, but these are ju...
Read more

Quitting? This Is Not a Choice, Achieve Great Success Today

-
Image
Quitting? Not an Option for me. Persistence in doing something despite difficulty or delay in achieving success. Many times in life we are faced with so many challenges and at times the going gets so tough that you just want to quit. I have been there and still go through stuffs till date but one thing I have told myself is that No matter the situation I find myself in at every point in time I will never take my eyes off the prize I have set for myself, that is to become the best in what so ever I set my mind to do. Once you live on this planet Earth you can never be free from Life’s lessons but one thing you must bear in mind is  don’t let your immediate environs & words of discouragement from others suppress you. Just stay focused, be committed to whatever you're doing, and be willing to learn new things every day. I assure you that you shall definitely succeed in the long run . I have come to understand life in my own little way from the experiences I have had.  Honestl...
Read more