This second part of AWS compliance, identity, and security-related services should feel familiar.  These are solutions that nearly everyone needs, and has used, at some point.  Fortunately, these have free tiers and tutorials to help any user get started with them and building them into your environment in the cloud.

Cloud Directory

This is an all-important LDAP related service.  The power that the Amazon service brings to this universal need is the ability to integrate and go across multiple directories instead of a single one at a time.  There is a free tier along with some excellent examples to help you get started.

Guard Duty

This is an attack analytics tool that does not require an installation on your servers.  That alone should be enough to pique your interest if you have ever had to use these applications before.  Although powerful, these applications tend to be a bit of a chore to install and configure.  Guard Duty takes that annoying setup out of the equation and removes all excuses for being proactive with your security

Certificate Manager

Google has made sure we all care about security certificates.  All web applications that are not secured with a certificate are dinged in search scoring.  Therefore, Amazon provides us with a tool for management of those certificates.

Firewall Manager

All of the services and servers we are building in Amazon’s cloud need to be secured by a firewall.  This alone can mean some administrative headaches.  However, Amazon is nice enough to provide us with this service to make that a non-issue.  The Firewall manager tool is easy to use and applies throughout your system.  Thus, you have one central location to manage all of those security decisions.

Secret Manager, HSM, and Key Management Service

These services are not much more than the names imply.  They allow you to manage your keys and secrets (authentication credentials) in a single location and link those to the resources you use as they are needed.  This is highly important when you consider the dynamic nature of the resources we use in the cloud and tracking authentication across those.

Cognito

Your experience includes sites where the authentication is done through Google or Facebook.  This service provides you with a way to easily allow users to register in your directory and manage them.  Note, this is an application level registration and authentication service and not a way for users to be added to your Amazon organization.

Inspector

When you come to the time of needing to get your site audited for security this service is where you should start.  The Inspector service does an assessment based on best practices and security concerns.  Then it provides you with a report about your application.  Therefore, this service provides you with a list of what is correct and what is not compliant.  Use these results to do the best on your upcoming security audit.

 

Rob Broadhead

Rob is a founder of, and frequent contributor to, Develpreneur. This includes the Building Better Developers podcast. He is also a lifetime learner as a developer, designer, and manager of software solutions. Rob is the founder of RB Consulting and has managed to author a book about his family experiences and a few about becoming a better developer. In his free time, he stays busy raising five children (although they have grown into adults). When he has a chance to breathe, he is on the ice playing hockey to relax or working on his ballroom dance skills.

Leave a Reply