Securing AWS Cloud Services

  1. Home
  2. Securing AWS Cloud Services

Amazon Web Services EC2 Instances have been created from a public AMI use a public/private key pair instead of a password for signing in via SSH. In instance the public key is embedded, and we use the private key to sign in securely without using a password. After we create own AMIs, we can choose other mechanisms to log in securely to the new instances.

AWS Key Management Service (AWS KMS) Security

Amazon Web Services KMS provides a simple web interface in the AWS Management Console, AWS CLI, and RESTful APIs to access an elastic, multi-tenant, Hardened Security Appliance (HSA).

We can establish our own HSA-based cryptographic contexts under the master keys. These keys are accessible only on the HSAs, and they can be used to perform HSA-resident cryptographic operations, including the issuance of application data keys (encrypted under our master key). We can create multiple master keys, each represented with an HS-based Customer Master Key (CMK) identified by its key ID.

In order to meet the given requirements Amazon Web Services KMS has been designed keeping in mind the following features –

  • Durability
  • Quorum-based access
  • Access control
  • Low-latency and high throughput
  • Regional independence
  • Secure source of random numbers
  • Audit

Amazon Web Services CloudHSM Security

Amazon Web Services CloudHSM service offers dedicated access to a Hardware Security Module (HSM) appliance designed to provide secure cryptographic key storage and operations in an intrusion-resistant, tamper-evident device. The cryptographic keys used for data encryption are generated, stored and managed by we so that they are accessible by we only.

Menu