S3: When it comes to AWS security, S3 buckets are undeniably the most vulnerable aspect of it all.
1. Server-Side Encryption:
Amazon S3 to encrypt your data prior to saving it on circles in its server farms and afterward decode. it when you download the data. Server-side encryption can assist with diminishing gamble to your information by encrypting the data with a key that is put away in an unexpected system in comparison to the component that stores.
the actual information.
2. Client-Side Encryption:
Utilizing this kind of encryption, rather than AWS, you encrypt the data prior to sending it to AWS.
When you recover the data from AWS, you really want to decrypt it.
Go to properties
In default encryption, click on Edit, Click on Enable, and choose which you want to implement
Block Public Access
Access Control is the main point of support to assist with fortifying data security. We’ve distinguished five different ways in
which you have some controlled access to your S3 buckets.
Go to permissions
Block All Public Access
Versioning is a method for keeping various variations of an object in the same bucket.
Under properties, Go to Bucket versioning
Click Edit, click Enable, and Save it.
S3 Object Lock
Utilizing S3 Object Lock empowers you to store objects utilizing a “Write Once Read Many” (WORM) model. S3 Object Lock can assist with forestalling unintentional or improper erasure of data.
When you create a bucket, Go to Advanced Settings, click Enable, and Click Create Bucket
Tips: “You can’t enable Object Lock after a bucket has been created.”
RDS: RDS is one of the most utilized, simple, and strong services of AWS. Just with a few clicks, we
have a well-configured database (MySQL, Microsoft SQL Server, PostgreSQL, and more)
Disable Public Access
Enable Data Encryption
Protects the database from being deleted accidentally. While this choice is enabled, you can’t erase the database.
Guarantee that RDS data set examples have computerized reinforcements empowered for particular moments of recuperation.
VPC: Amazon VPC is protected by the AWS global network security procedures that are described in the
Amazon Web Services.
Use multiple Availability Zones. That’s why you have high availability.
Use security groups and network ACLs
Use IAM policies to control access
Use AWS CloudWatch to monitor your VPC
EC2: This rundown of practices will assist you with getting the greatest advantage from Amazon EC2.
EC2 Instance Naming Conventions
Ensure EC2 Instances are using proper naming conventions to follow AWS tagging best practices.
EC2 Instance In VPC
Never use the default VPC.
EC2 Instance Detailed Monitoring
Guarantee that point-by-point checking is enabled for the AWS EC2 that you want to monitor very closely.
Idle EC2 Instance
Identify idle AWS EC2 instances and stop or terminate others in order to optimize AWS costs.
Security Group Name Prefixed With ‘launch-wizard’
Guarantee EC2 security bunches prefixed with “launch-wizard” are not being used to follow AWS security best practices.
Unrestricted HTTP/HTTPS Access
Ensure no security group allows unrestricted inbound access to TCP port 80 (HTTP) or TCP port 443 (HTTPS).