Guardians of the Cloud: Top 10 Best AWS Security Practices

Guardians of the Cloud: Top 10 Best AWS Security Practices

Introduction

AWS is the most widely used Cloud Platform, followed by Microsoft Azure and Google’s GCP. With AWS, you can create a full-blown, scalable, and reliable infrastructure. AWS can be utilized for all types of businesses in one way or another, making it extremely flexible. For instance, it can serve as your database with RDS and DynamoDB, function as storage with S3 and EFS, or even host your servers using EC2, among many other possibilities. Thus, securing your AWS account becomes exceedingly important. In this regard, I’ve compiled several best practices to enhance the security of your AWS account, along with guidelines recommended by Amazon themselves.

Security Practices

  1. Use your Root account to create an IAM user with Administrative access and never use your Root Account for anything else.

  2. Create IAM user Groups and add permissions required on a group level Rather than on a user level Follow the Least Privilege Policy, Thus avoiding the accidental misuse of AWS resources.

  3. Create an IAM policy that demands the users enable MFA to access any resources and also enable a Password Rotation Policy. and also restrict them based on the regions they need to access

  4. Enable Cloud Trail to Monitor the Activities of the users

  5. Create Budget Limit alerts to ensure there are no sudden spikes in expenses that indicate someone has accidentally or maliciously running resources in your account

  6. Never use AWS access or secret key anywhere else as AWS has introduced IAM roles anywhere which can purpose as your keys

  7. Never have your S3 bucket Public use Cloudfront to get your S3 objects

  8. Use VPC endpoints to connect to other AWS resources as it offers a private connection

  9. Access your EC2 instances using AWS Systems Manager thus eliminating the use of 3rd party software such as putty and the use of SSH keys as they can compromise the server security

  10. Deploy all your resources in a Private Subnet thus nullifying access to the internet thus restricting others from accessing.

All these steps are recommended by AWS themselves I learned about them and more ways to secure an AWS account and best practices for each resource from a Tech event conducted by the Amazon AWS team. If you want to know more or want to add any more points to these share your thoughts in the comments section

Happy Coding !!!