It is no news that Cloud Computing technology has come to stay. With the skepticism that existed in its early days, it has stood the test of time and is now the de-facto for application infrastructure for businesses all over the world. There are three major flavors of delivering Cloud Computing technologies and they are: This means the technology will be available on the public internet and is accessible by anyone who has an internet connection Public Cloud: This means that the cloud services are not publicly available on the internet. This type of cloud delivery is used by special agencies such as government, financial, and telecommunications institutions. Private Cloud: This is a combination of public and private cloud. Some companies deploy both offerings to meet compliance and regulatory requirements. Hybrid Cloud: But as interesting as the cloud may be, there are many security implications that trail its innovation. According to , a cloud misconfiguration in January 2022, caused the exposure of 400GB of personal data to the public internet. also reported that over 22 billion records were exposed in 2021 due to security breaches. There are certain edge points in an AWS account that we should pay close attention to which will help to protect the account. These edge points include: TechNewsWorld SecurityMagazine IAM S3 Security Groups AWS in the Cloud AWS has been in the cloud space for over a decade now and they offer both public and private cloud delivery. They have also been recognized as number one for in Cloud IAAS according to the . AWS boasts of hundreds of services for Compute, Storage, Containers, Database, Networking, Blockchain, Media Services, Productivity Tools and more. Anyone can practically deploy an app in AWS with little or no prior knowledge of the vast services and capabilities of AWS Cloud. a decade Gartner rating But in performing these deployments either as an enthusiast, intermediate or an expert, security of the AWS account is essential. This will protect the account from malicious actors taking over it, or performing malicious activities. I shall be mentioning 5 key services/activities that should be carried out immediately an AWS account is created. The Five Essential Activities to Secure your AWS Account Enable MFA for Root and All Users Multi-factor Authentication or 2-Factor Authentication (2FA), is an extra layer of security that is sure to reduce security risk. This creates an extra layer of validation to ensure that the access to your AWS account is secured. MFA is configured in the . This shows the steps to configure MFA in your AWS account. When MFA is not activated in an AWS account, it is easy for a malicious actor to access the AWS account with only the password. IAM Management Console documentation Close All Security Groups Security groups are firewalls to different compute and databases services in AWS. They ensure that only allowed IP addresses and ports can perform Ingress and Egress requests on the attached resource. So the best practice in using security groups, is to ensure that it is not opened to the public internet. What this means is that the port allowed for Inbound rules should not be open to all port ranges and the Source IP should not be 0.0.0.0/0, as shown in the diagram below. Only allowed IP Addresses and ports should be listed in the Inbound section of the security group configuration. When security groups are open to the internet, it exposes , to unsolicited network access and brute force attacks. EC2 Instances RDS Instances Never Allow Public S3 Buckets In Facebook had to contact Amazon to close public S3 buckets that were part of a security breach that happened to Facebook. When you create a bucket AWS makes it private by default. There are situations where users might want to make a bucket public to give access to objects in the bucket, this is not a secured way to allow access to objects in an S3 bucket. S3 is built with sophisticated security configurations to give fine-grained access to services or applications outside of AWS. Some of which are: 2021 Origin Access Identity (OAI) Signed URLs and Cookies Bucket Policy Access Control List (ACL) AWS PrivateLink for S3 IAM Password Policy Password is enforced by default for every user in AWS. But to ensure that the password created is secured enough, there needs to be a password policy that ensures that users do not create in-secure passwords. There have been situations where users create passwords using just the word , or their name or something quite easy for attackers to guess using brute-force or password generators. The password policy ensures that any password created contains elements such as special characters and numbers which helps to improve the security of the password. This shows how to configure password policies in IAM. password documentation Use Roles instead of Access/Secret Key When integrating AWS with a third-party service, there is a chance that the service would require you to generate an Access Key and Secret Key from AWS IAM Console. While this is a fast and easy way to give third-party applications access to AWS, it comes with its downsides. Such as: Forgetting to Rotate Keys Periodically. Keys having unlimited access to all resources in the AWS account. Keys not properly kept in a secured location. A more secured way to give access to third-party services in AWS is to use . IAM roles does not require Access and Secret Keys to give access to third-party services. AWS has also recently extended the capabilities of IAM roles by introducing . This means you can integrate IAM roles for services in your OnPrem services or Non-AWS servers to allow access to AWS services. IAM Roles IAM Roles Anywhere Conclusion The security of your AWS account has a direct relationship with business revenue, business continuity and security of data integrity. It is also the core responsibility of the user of the account to ensure that AWS services and access follow best security practices at all times. Security is a continuous process and not a one-time operation. Also published . here

Amazon

Facebook

2022 - HackerNoon Contributor of the Year - Internet

Buy My Book

My Hero Page

Nominated for 2022 - HackerNoon Contributor of the Year - Internet

Too Long; Didn't Read

Questions about cloud security? Get answers here.

Tips To Secure Your AWS Account

Too Long; Didn't Read

Companies Mentioned

Ewere Diagboya

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

Tips To Secure Your AWS Account

Too Long; Didn't Read

Companies Mentioned

Ewere Diagboya

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES