AWS protects our application/web application from Distributed Denial of Service (DDoS) attacks. (Disturbing normal traffic of a server by overwhelming it with a flood of Internet traffic coming from different sources.) Besides, it protects and cover the following AWS services:
- Amazon Route 53
- Amazon CloudFront
- AWS Global Accelerator
- Amazon Elastic Compute Cloud (EC2) instances
- Elastic Load Balancers (ELB)
AWS have shield offering of 2 types:
- AWS Shield Standard
- It is of Zero Cost, and it is automatically enabled.
- It protects against common infrastructure (layer 3 and 4) DDoS attacks.
- Paid service
- It provides Enhanced protection for Amazon EC2, Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Amazon Route 53
- It provides 24x7 access to the AWS DDoS Response Team (DRT)
- It protects our AWS bill from usage spikes as a result of a DDoS attack
AWS WAF - Web Application Firewall
- AWS WAF protects your web applications from OWASP (Open Web Application Security Project) Top 10 security aspects, exploits andCVE(Common Vulnerabilities and Exposures (CVE).
- The OWASP Top 10 is a list of standard awareness guide/document published for the interest of developers and web application security experts. It represents the information of most critical security risks to web applications.
ref:- https://owasp.org/www-project-top-ten/
- It consists of a list of broadly agreed "most critical security risks to web applications". examples : SQL injection attack, cross-site scripting attack, cryptographic failures etc.
- AWS WAF Can be deployed on Amazon CloudFront, Application Load Balancer, Amazon API Gateway. It works on Web traffic filtering : block attacks, Filter traffic based on IP addresses, geolocations, HTTP headers and body.
- We can set Customize rules & trigger real-time alerts (CloudWatch Alarms).
AWS Secrets Manager
- This AWS service helps to Rotate, Manage and retrieve credentials, API keys, and other secrets for our applications and get easily integrated with other aws services.
- It integrates with KMS(encryption), Amazon RDS, Amazon Redshift , and Amazon DocumentDB.
- It can Rotate secrets automatically without impacting applications.
Amazon Macie
- It is Fully managed data security and data privacy service.
- It Automatically discover, classify, and protect sensitive data in Amazon S3 buckets.
- It Uses machine learning and Recognizes sensitive data when migrating data to AWS we can use S3 for staging and run macie to discover secure data.
- example:- personally identifiable information or intellectual property. It also provides dashboards and alerts
- It also gives visibility into how data is being accessed or moved.
AWS Single Sign On
- It is a Cloud-based single sign-on (SSO) service provided by AWS.
- It centrally manages SSO access to all of your AWS accounts.
- It can integrate with Microsoft Active Directory.
- It provides deep integration with AWS Organizations (Centrally manage access to multiple AWS accounts).
We are a prominent ERP development company that provides end-to-end ERP software solutions to enhance business productivity. Our custom ERP development services enable enterprises to streamline their complex operations and boost productivity by implementing next-gen technologies. For more information, contact us at [email protected].