bg_back bg_back
Vue JS ,

Securing S3, RDS, VPC, EC2

Posted On: May 31, 2022 | min read

  • Share
test

Securing S3 Bucket

S3: When it comes to AWS security, S3 buckets are undeniably the most vulnerable aspect of it all. 

1. Server-Side Encryption:

Amazon S3 to encrypt your data prior to saving it on circles in its server farms and afterward decode. it when you download the data. Server-side encryption can assist with diminishing gamble to your information by encrypting the data with a key that is put away in an unexpected system in comparison to the component that stores.
the actual information.

2. Client-Side Encryption:

Utilizing this kind of encryption, rather than AWS, you encrypt the data prior to sending it to AWS.
When you recover the data from AWS, you really want to decrypt it.

Go to properties

In default encryption, click on Edit, Click on Enable, and choose which you want to implement

Block Public Access

Access Control is the main point of support to assist with fortifying data security. We’ve distinguished five different ways in
which you have some controlled access to your S3 buckets.

Go to permissions

Block All Public Access

Bucket Versioning

Versioning is a method for keeping various variations of an object in the same bucket.

Under properties, Go to Bucket versioning

Click Edit, click Enable, and Save it.

S3 Object Lock

Utilizing S3 Object Lock empowers you to store objects utilizing a “Write Once Read Many” (WORM) model. S3 Object Lock can assist with forestalling unintentional or improper erasure of data.

When you create a bucket, Go to Advanced Settings, click Enable, and Click Create Bucket

Tips: “You can’t enable Object Lock after a bucket has been created.”

Securing RDS

RDS: RDS is one of the most utilized, simple, and strong services of AWS. Just with a few clicks, we
have a well-configured database (MySQL, Microsoft SQL Server, PostgreSQL, and more)

Disable Public Access

Enable Data Encryption

Deletion Protection

Protects the database from being deleted accidentally. While this choice is enabled, you can’t erase the database.

High Availability

Backup Options

Guarantee that RDS data set examples have computerized reinforcements empowered for particular moments of recuperation.

Securing VPC

VPC: Amazon VPC is protected by the AWS global network security procedures that are described in the
Amazon Web Services.

Use multiple Availability Zones. That’s why you have high availability.

Use security groups and network ACLs

Use IAM policies to control access

Use AWS CloudWatch to monitor your VPC

 

Securing EC2

EC2: This rundown of practices will assist you with getting the greatest advantage from Amazon EC2.

EC2 Instance Naming Conventions

Ensure EC2 Instances are using proper naming conventions to follow AWS tagging best practices.

EC2 Instance In VPC
Never use the default VPC.

EC2 Instance Detailed Monitoring

Guarantee that point-by-point checking is enabled for the AWS EC2 that you want to monitor very closely.

Idle EC2 Instance

Identify idle AWS EC2 instances and stop or terminate others in order to optimize AWS costs.

Security Group Name Prefixed With ‘launch-wizard’

Guarantee EC2 security bunches prefixed with “launch-wizard” are not being used to follow AWS security best practices.

Unrestricted HTTP/HTTPS Access

Ensure no security group allows unrestricted inbound access to TCP port 80 (HTTP) or TCP port 443 (HTTPS).

 

Leave a Reply

Your email address will not be published.

Latest Article

apple's lockdown mode

July 8, 2022

wrote

Apple’s New “Lockdown Mode” to Protect Users from Highly Targeted Mercenary Spyware

Read More...
NGINX Installation Guide

September 19, 2022

wrote

The Ultimate NGINX Installation Guide for Ubuntu 20.04

Read More...
#

Subscribe to our newsletter