Exploring Security related offerings by AWS Cloud

AWS protects our application/web application from Distributed Denial of Service (DDoS) attacks. (Disturbing normal traffic of a server by overwhelming it with a flood of Internet traffic coming from different sources.) Besides, it protects and cover the following AWS services:

• Amazon Route 53
• Amazon CloudFront
• AWS Global Accelerator
• Amazon Elastic Compute Cloud (EC2) instances
• Elastic Load Balancers (ELB)

AWS have shield offering of 2 types:

• AWS Shield Standard
• It is of Zero Cost, and it is automatically enabled.
• It protects against common infrastructure (layer 3 and 4) DDoS attacks.
• Paid service
• It provides Enhanced protection for Amazon EC2, Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Amazon Route 53
• It provides 24x7 access to the AWS DDoS Response Team (DRT)
• It protects our AWS bill from usage spikes as a result of a DDoS attack

AWS WAF - Web Application Firewall

• AWS WAF protects your web applications from OWASP (Open Web Application Security Project) Top 10 security aspects, exploits andCVE(Common Vulnerabilities and Exposures (CVE).
• The OWASP Top 10 is a list of standard awareness guide/document published for the interest of developers and web application security experts. It represents the information of most critical security risks to web applications.

ref:- https://owasp.org/www-project-top-ten/

• It consists of a list of broadly agreed "most critical security risks to web applications". examples : SQL injection attack, cross-site scripting attack, cryptographic failures etc.
• AWS WAF Can be deployed on Amazon CloudFront, Application Load Balancer, Amazon API Gateway. It works on Web traffic filtering : block attacks, Filter traffic based on IP addresses, geolocations, HTTP headers and body.
• We can set Customize rules & trigger real-time alerts (CloudWatch Alarms).

AWS Secrets Manager

• This AWS service helps to Rotate, Manage and retrieve credentials, API keys, and other secrets for our applications and get easily integrated with other aws services.
• It integrates with KMS(encryption), Amazon RDS, Amazon Redshift , and Amazon DocumentDB.
• It can Rotate secrets automatically without impacting applications.

Amazon Macie

• It is Fully managed data security and data privacy service.
• It Automatically discover, classify, and protect sensitive data in Amazon S3 buckets.
• It Uses machine learning and Recognizes sensitive data when migrating data to AWS we can use S3 for staging and run macie to discover secure data.
• example:- personally identifiable information or intellectual property. It also provides dashboards and alerts
• It also gives visibility into how data is being accessed or moved.

AWS Single Sign On

• It is a Cloud-based single sign-on (SSO) service provided by AWS.
• It centrally manages SSO access to all of your AWS accounts.
• It can integrate with Microsoft Active Directory.
• It provides deep integration with AWS Organizations (Centrally manage access to multiple AWS accounts).

We are a prominent ERP development company that provides end-to-end ERP software solutions to enhance business productivity. Our custom ERP development services enable enterprises to streamline their complex operations and boost productivity by implementing next-gen technologies. For more information, contact us at [email protected].