Chapter 6. Securing your system: IAM, security groups, and VPC
This chapter covers
- Who is responsible for security?
- Keeping your software up to date
- Controlling access to your AWS account with users and roles
- Keeping your traffic under control with security groups
- Using CloudFormation to create a private network
If security is a wall, you’ll need a lot of bricks to build that wall as shown in figure 6.1. This chapter focuses on the four most important bricks to secure your systems on AWS:
1. Installing software updates—New security vulnerabilities are found in software every day. Software vendors release updates to fix those vulnerabilities and it’s your job to install those updates as quickly as possible after they’re released. Otherwise your system will be an easy victim for hackers.
2. Restricting access to your AWS account—This becomes even more important if you aren’t the only one accessing your AWS account (if coworkers and scripts are also accessing it). A buggy script could easily terminate all your EC2 instances instead of only the one you intended. Granting only the permissions you need is key to securing your AWS resources from accidental or intended disastrous actions.
3. Controlling network traffic to and from your EC2 instances—You only want ports to be accessible if they must be. If you run a web server, the only ports you need to open to the outside world are port 80 for HTTP traffic and 443 for HTTPS traffic. Close down all the other ports!