Securing AWS Cloud Services
Amazon Web Services EC2 Instances have been created from a public AMI use a public/private key pair instead of a password for signing in via SSH. In instance the public key is embedded, and we use the private key to sign in securely without using a password. After we create own AMIs, we can choose other mechanisms to log in securely to the new instances.
AWS Key Management Service (AWS KMS) Security
Amazon Web Services KMS provides a simple web interface in the AWS Management Console, AWS CLI, and RESTful APIs to access an elastic, multi-tenant, Hardened Security Appliance (HSA).
We can establish our own HSA-based cryptographic contexts under the master keys. These keys are accessible only on the HSAs, and they can be used to perform HSA-resident cryptographic operations, including the issuance of application data keys (encrypted under our master key). We can create multiple master keys, each represented with an HS-based Customer Master Key (CMK) identified by its key ID.
In order to meet the given requirements Amazon Web Services KMS has been designed keeping in mind the following features –
- Durability
- Quorum-based access
- Access control
- Low-latency and high throughput
- Regional independence
- Secure source of random numbers
- Audit
Amazon Web Services CloudHSM Security
Amazon Web Services CloudHSM service offers dedicated access to a Hardware Security Module (HSM) appliance designed to provide secure cryptographic key storage and operations in an intrusion-resistant, tamper-evident device. The cryptographic keys used for data encryption are generated, stored and managed by we so that they are accessible by we only.