Book Image

AWS: Security Best Practices on AWS

By : Albert Anthony
Book Image

AWS: Security Best Practices on AWS

By: Albert Anthony

Overview of this book

With organizations moving their workloads, applications, and infrastructure to the cloud at an unprecedented pace, security of all these resources has been a paradigm shift for all those who are responsible for security; experts, novices, and apprentices alike. This book focuses on using native AWS security features and managed AWS services to help you achieve continuous security. Starting with an introduction to Virtual Private Cloud (VPC) to secure your AWS VPC, you will quickly explore various components that make up VPC such as subnets, security groups, various gateways, and many more. You will also learn to protect data in the AWS platform for various AWS services by encrypting and decrypting data in AWS. You will also learn to secure web and mobile applications in AWS cloud. This book is ideal for all IT professionals, system administrators, security analysts, solution architects, and chief information security officers who are responsible for securing workloads in AWS for their organizations. This book is embedded with useful assessments that will help you revise the concepts you have learned in this book. This book is repurposed for this specific learning experience from material from Packt's Mastering AWS Security, written by Albert Anthony.
Table of Contents (9 chapters)

Chapter 1. AWS Virtual Private Cloud

Amazon Virtual Private Cloud or VPC, as it is popularly known, is a logically separated, isolated, and secure virtual network on the cloud, where you provision your infrastructure, such as Amazon RDS instances and Amazon EC2 instances. It is a core component of networking services on AWS cloud.

A VPC is dedicated to your AWS account. You can have one or more VPCs in your AWS account to logically isolate your resources from each other. By default, any resource provisioned in a VPC is not accessible by the internet unless you allow it through AWS-provided firewalls. A VPC spans an AWS region.

VPC is essentially your secure private cloud within AWS public cloud. It is specifically designed for users who require an extra layer of security to protect their resources on the cloud. It segregates your resources with other resources within your AWS account. You can define your network topology as per your requirements, such as if you want some of your resources hidden from public or if you want resources to be accessible from the internet.

Getting the design of your VPC right is absolutely critical for having a secure, fault-tolerant, and scalable architecture.

It resembles a traditional network in a physical data center in many ways, for example, having similar components such as subnets, routes, and firewalls; however, it is a software-defined network that performs the job of data centers, switches, and routers. It is primarily used to transport huge volume of packets into, out of, and across AWS regions in an optimized and secured way along with segregating your resources as per their access and connectivity requirements. And because of these features, VPC does not need most of the traditional networking and data center gear.

VPC gives you granular control to define what traffic flows in or out of your VPC.