Steps to Use AMIs in a Secure Manner If you look in AWS Marketplace or even search from the EC2 Launch page, you will see that there are lots of AMIs to choose from. Many of these AMIs are provided by community members or third-party providers. How are you to know that the AMI that […]

Backing Up Amazon EC2 Instances If you want to back up your instance for either point-in-time recovery purposes or to use in a launch configuration with autoscaling, you need to create an AMI. Follow these steps to create an AMI: $ a ws ec2 run-instances \ –image-id ami-0f3c9c466bb525749 \ –instance-type t3.micro \ –region us-east-2 Note […]

Amazon Elastic Compute Cloud (EC2) Amazon’s EC2 allows you to create a virtual server to perform any number of tasks in the cloud, and EC2 allows a whole array of customization options. You can use many operating systems to meet your application needs, including both varieties of the Microsoft Windows operating system and multiple versions […]

Service Control Policies AWS gives you a tool in the IAM space to manage the permissions of that organization along with any child OUs when grouping your accounts into organizations and OUs. That tool is Service Control Policies or SCPs. SCPs allow you to provide a baseline of governance across the accounts they are applied […]

Categories of Behavior The controls provided by AWS Control Tower are broken down into three distinct categories: preventative, detective, and proactive. These are called categories of behavior: Categories of Guidance There are also three different levels of controls: mandatory, strongly recommended, and elective controls. These are called categories of guidance: Security Considerations for Control Tower […]

Fundamental AWS Services Now that you understand the shared responsibility model, it’s time to look at some essential services that are used throughout the environments and accounts in which you will be working. These essential services are compute services such as Elastic Cloud Compute (EC2), the global Domain Name System (DNS) service of Route 53, […]

Auditors and the Shared Responsibility Model Many industries require you to show compliance in your cloud environment as it relates to industrial controls. Using and understanding the shared security model will help you and your auditors understand which controls you, as the customer, are responsible for and which ones are the responsibility of AWS, the […]

Shared Responsibility Model Example for Container Services Consider the example of RDS. In this case, customers do not have access to the underlying operating system that the RDS databases are running on. As such, customers cannot patch the operating system. This security task has been shifted from the customer to AWS. In addition, platform and […]

Shared Responsibility Model Example for Infrastructure Services When you spin up an EC2 instance in your AWS account, you are able to choose a region from all the available geographic regions AWS offers to have your instance come up in. There is no need to order a server or rack, stack it, secure it in […]

Shared Responsibility Model for Infrastructure Services The shared model for infrastructure services is the most common model that AWS engineers and users are familiar with today. It is represented in Figure 1.2 and covers IaaS services such as Amazon Elastic Compute Cloud (EC2): Figure 1.3: Shared responsibility model for infrastructure services So, within this infrastructure, […]