Exploring Security related offerings by AWS Cloud

Posted By : Avinash Singh | 29-Nov-2021

AWS

Loading...

AWS protects our application/web application from Distributed Denial of Service (DDoS) attacks. (Disturbing normal traffic of a server by overwhelming it with a flood of Internet traffic coming from different sources.) Besides, it protects and cover the following AWS services:

  • Amazon Route 53
  • Amazon CloudFront
  • AWS Global Accelerator
  • Amazon Elastic Compute Cloud (EC2) instances
  • Elastic Load Balancers (ELB)

AWS have shield offering of 2 types:

  • AWS Shield Standard
  • It is of Zero Cost, and it is automatically enabled.
  • It protects against common infrastructure (layer 3 and 4) DDoS attacks.
  • Paid service
  • It provides Enhanced protection for Amazon EC2, Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Amazon Route 53
  • It provides 24x7 access to the AWS DDoS Response Team (DRT)
  • It protects our AWS bill from usage spikes as a result of a DDoS attack

AWS WAF - Web Application Firewall

  • AWS WAF protects your web applications from OWASP (Open Web Application Security Project) Top 10 security aspects, exploits andCVE(Common Vulnerabilities and Exposures (CVE).
  • The OWASP Top 10 is a list of standard awareness guide/document published for the interest of developers and web application security experts. It represents the information of most critical security risks to web applications.

ref:- https://owasp.org/www-project-top-ten/

  • It consists of a list of broadly agreed "most critical security risks to web applications". examples : SQL injection attack, cross-site scripting attack, cryptographic failures etc.
  • AWS WAF Can be deployed on Amazon CloudFront, Application Load Balancer, Amazon API Gateway. It works on Web traffic filtering : block attacks, Filter traffic based on IP addresses, geolocations, HTTP headers and body.
  • We can set Customize rules & trigger real-time alerts (CloudWatch Alarms).

AWS Secrets Manager

  • This AWS service helps to Rotate, Manage and retrieve credentials, API keys, and other secrets for our applications and get easily integrated with other aws services.
  • It integrates with KMS(encryption), Amazon RDS, Amazon Redshift , and Amazon DocumentDB.
  • It can Rotate secrets automatically without impacting applications.


Amazon Macie

  • It is Fully managed data security and data privacy service.
  • It Automatically discover, classify, and protect sensitive data in Amazon S3 buckets.
  • It Uses machine learning and Recognizes sensitive data when migrating data to AWS we can use S3 for staging and run macie to discover secure data.
  • example:- personally identifiable information or intellectual property. It also provides dashboards and alerts
  • It also gives visibility into how data is being accessed or moved.


AWS Single Sign On

  • It is a Cloud-based single sign-on (SSO) service provided by AWS.
  • It centrally manages SSO access to all of your AWS accounts.
  • It can integrate with Microsoft Active Directory.
  • It provides deep integration with AWS Organizations (Centrally manage access to multiple AWS accounts).

We are a prominent ERP development company that provides end-to-end ERP software solutions to enhance business productivity. Our custom ERP development services enable enterprises to streamline their complex operations and boost productivity by implementing next-gen technologies. For more information, contact us at [email protected].