Network Security
Amazon Virtual Private Cloud (VPC)
- Use separate VPCs for different environments (like development, testing, and production) to keep resources isolated and minimise potential security issues.
- Connect VPCs securely using VPC peering or AWS Direct Connect for communication between them or with on-premises networks.
- Split your VPC into subnets based on security needs and the type of resources they contain.
- Keep sensitive resources like databases or internal applications in private subnets to block internet access.
- For resources that need internet connectivity, like web servers, use public subnets, but apply access controls to limit who can reach them.
Network Access Control Lists (ACLs) and Security Groups
- Use Network ACLs to control traffic in and out of subnets based on IP addresses, ports, and protocols.
- Only allow necessary traffic and block everything else by default.
- Regularly review and adjust ACL rules to match security needs.
- Use Security Groups to manage traffic for individual instances based on their roles.
- Give each instance only the permissions it needs to do its job.
- Keep security group rules updated as security needs change to reduce risks.
AWS Security Best Practices
The AWS Simple Storage Service (S3) is a cloud service provided by Amazon Web Services (AWS) to store your data securely. You can access this service through your IAM role or root user account. In this article, we’ll see different security measures to protect your data from fraudulent access using AWS Security Best Practices. Please note that, due to the extensive nature of security practices, we’ll cover a selection of key measures in this article.