The security of a system is a critical requirement. It would be naive to assume that the systems deployed to production will be used as they were intended to when implementing them. Security is a cross-cutting concern encompassing all aspects of the system, including the infrastructure it is hosted on, the code that powers the business logic, and the operational aspects such as the administrators of the system. It is imperative that developers pay close attention to details when implementing an app.
In this chapter, we will explore how you can design a Serverless app for security and harden it while implementing it.
This chapter will cover the following topics:
- Security concepts pertaining to AWS and their constructs, such as IAM users, roles, and policies
- Recommended practices for securing AWS access
- Mechanisms to harden the infrastructure components...