The compliance, identity, and security services of AWS covers a large number of offerings. Therefore, we will review these in a multi-part series of episodes. The power and infrastructure provided by choosing AWS for your cloud provider become apparent with these tools. We have a lot to cover in this first part.
Access and Identity Management
This should be the first step in your use of the AWS services. AIM is a framework or set of features to help you define users, permissions, roles, and manage them. Nearly every function points back to AIM as the way to set up and configure access as well as security for that service. If you do not have at least a fundamental understanding of AIM, then you should start there before looking further in the security-related services.
No one likes to log in to every application they launch. Thus, single sign-on is practically a must for any organization that requires users to access multiple applications on a regular basis. Unfortunately, that covers nearly every organization in the modern landscape. Never fear, Amazon understands that need and has made single sign-on relatively easy to implement and embrace for all of your AWS solutions.
The Artifact offering is a repository more than a service. This is where you go to get the Amazon official documentation about their platform, SLAs, and recent audit reports. Most small companies will not have need of these documents. However, a security audit will require these to be available, and it never hurts to review them, so you know exactly how secure and reliable AWS is.
This is not the group out of Marvel comics. The Shield service has a standard offering that is free and helps guard your systems from distributed denial of service attacks (DDOS). The paid version includes analytics and reporting to help you assess and defend against attempted attacks. This is an excellent service for those of us that always worry about how secure and protected our systems are.
The AI and machine learning features that Amazon has embraced are starting to result in a bevy of new services. Macie is one such service. This tool helps you search and classify your data to help avoid releasing personally identified information (PII) to external sources that should not access it. If you are trying to assess how vital PII protection needs to be to your organization, then this is an excellent place to start that research.
The directory services offering is your path to moving Active Directory out to the cloud. For better or worse, AD is a part of most organizations’ access and permissions management. Amazon recognizes this and provides this service to help you keep all that work as you move to the cloud.
Another of the security services that is easily understood from its name alone, Organizations provides you with the ability to relate AWS accounts to each other. This makes it easier to share permissions and also to roll up billing as needed. It is free to use and worth a look as your AWS needs grow.
Web Application Firewall (WAF)
This is an application level service to protect your solutions with a firewall. Rather than lock down access on a server basis, this works with the dynamic nature of cloud systems to allow you to secure offerings at the best level to manage.