5 Securing your system: IAM, security groups, and VPC
This chapter covers
Who is responsible for security?
Keeping your software up-to-date
Controlling access to your AWS account with users and roles
Keeping your traffic under control with security groups
Using CloudFormation to create a private network
If security is a wall, you’ll need a lot of bricks to build that wall, as shown in figure 5.1. This chapter focuses on the following four most important bricks to secure your systems on AWS:
5.1 Who’s responsible for security?
5.2 Keeping the operating system up-to-date
5.3 Securing your AWS account
5.3.1 Securing your AWS account’s root user
5.3.2 AWS Identity and Access Management (IAM)
5.3.3 Defining permissions with an IAM identity policy
5.3.4 Users for authentication and groups to organize users
5.3.5 Authenticating AWS resources with roles
5.4 Controlling network traffic to and from your virtual machine
5.4.1 Controlling traffic to virtual machines with security groups
5.4.2 Allowing ICMP traffic
5.4.3 Allowing HTTP traffic
5.4.4 Allowing HTTP traffic from a specific source IP address
5.4.5 Allowing HTTP traffic from a source security group
5.5 Creating a private network in the cloud: Amazon Virtual Private Cloud (VPC)
5.5.1 Creating the VPC and an internet gateway (IGW)