Security of Servers

Let us look at best practices to secure your servers in AWS cloud:

  • Use IAM roles for EC2: Always use IAM roles instead of IAM users for applications running on your EC2 instances. Assign a role to your EC2 instance for accessing other AWS services. This way, credentials for the role will not be stored in your EC2 instance like they are in case of an IAM user.
  • Use ELB: Put all your EC2 instances behind AWS ELB when applicable. In this configuration, you will shield your instances from receiving traffic directly from the internet and they will receive traffic only from the AWS ELB.
  • Security group configuration: A security group is a virtual firewall for your instance. It is imperative to configure it to secure your instances. Avoid allow all traffic, that is, opening up all ports for CIDR range of 0.0.0.0/0 in your security group. Instead, allow a limited range of IP addresses to access your EC2 instances. Similarly, for your web servers, allow traffic only on port 80 and port 443 for HTTP and HTTPS traffic.
  • Use Web Application Firewall (WAF): Use WAF and AWS shields to mitigate the risk of Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks. WAF lets you monitor traffic for your web application. It features deep packet inspection of all web traffic for your instances and allows you to take proactive action. You can set rules in WAF to blacklist IP addresses serving unwanted traffic to your web application.
  • Secured access: Configure access for your servers using IAM. Use roles, federated access, or IAM users based on access requirements. Ensure that .pem files are password protected on all machines that need access to instances. Rotate credentials such as access keys that are required to access your instances. Use Secure Token Service (STS) for granting temporary credentials instead of using IAM user credentials.
  • Backup and recovery: Use snapshots to back up all data and configuration stored on your servers. Create Amazon Machine Image (AMI) for your instance to use in the event of a disaster to recover your instance. Ensure that you are regularly testing the backup and recovery process for your servers.
  • EC2 termination protection: Always enable termination protection for your mission-critical EC2 instances so your instances do not get accidentally deleted through an API request or through the AWS Management Console.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.101.81