Creating a secure and compliant AWS environment needs to combine a multi-layer approach with a variety of building blocks and controls available in AWS’s ecosystem. Below are 7 key items for your cloud security posture management checklist – plus see our updated 2022 Security Whitepaper for more details and resources!
Use SSO or IDMS, with MFA. Enforce password policies, and different roles & policies for the creation & deletion of resources.
Design a scalable VPC with a layered subnet architecture to accommodate multiple public and private subnets. Use NACLs to control the type of traffic allowed in any subnet. Limit the use of public IPs.
Use hardened AMIs - from the AWS Marketplace, or your own. Use Security Groups at the instance level to control access to known services from trusted users on known hosts. Use encryption everywhere you can – both for data at rest (S3 buckets, EBS and EFS volumes) and data in motion (using TLS endpoints).
Use automated tools like Terraform combined with configuration management tools like Ansible, Helm, etc. to build and maintain your environment.
Use best-of-breed third-party security and management tools available in AWS’s ecosystem.
Use AWS constructs like CloudTrail, Config, Trusted Advisory Reports, and Billing Alarms in addition to other CMP, logging and monitoring tools.
Use snapshots. Store a copy off-region or in a separate account.
Learn more and see all our security resources at our Cloud Security Posture Hub, or look through our Case Studies for ideas and inspiration.
Questions? We can help! Reach out to us today.
If you’re dealing with complex infrastructure, security requirements, deployment speeds, or looking for cost efficiencies, contact us today for a no-obligation brainstorm.
Solutions
© Copyright 2024 – Tgix – All Rights Reserved
