Other Security Aspects
- Identity and Access Management (IAM) – Create users, groups, and roles, and use permissions to allow and deny their access to AWS resources such as EC2, RDS, and VPC. IAM enables you to grant unique credentials to every user within your AWS Account, allowing individual access only to the AWS services and resources required. It is also compatible with Active Directory.
- Virtual Private Clouds (VPCs) – It enables provisioning of compute resources, like EC2 instances and RDS, in isolated virtual networks with total control of inbound and outbound network traffic.
- Security Groups and Network ACL’s – Enforce firewall rules controlling incoming and outgoing traffic at the instance level. Restrict traffic by protocol type (TCP, UDP, ICMP), IP address, and port.
- Data Encryption – It is made available for EBS, S3, RDS and Glacier service. It encrypts data using AES-256.
- Direct Connect – It establishes a private virtual interface between on-premise network and Amazon VPC.
- AWS Cloud Trail – It gives a log of API calls made against your account resources, include those by the AWS Management Console, SDKs, and command line tools.
Are you an AWS SysOps Administrator Associate?Take a Quiz