Join Mark Wilkins for an in-depth discussion in this video Security pillar overview, part of AWS Well-Architected Framework: Security Pillar.
- [Instructor] We know that the well architected framework is trying to help us understand the pros and the cons of any design decisions that we're making when we're starting to build systems to host our applications on AWS. The security pillar, obviously, is a little more focused on security. So we're looking at best practices for architecting our systems as securely as possible at AWS. They follow the format in this manner. First of all, we've got to make it secure. Next, we've got to make it reliable. Then after we've got security and reliability figured out, let's make it as fast as we can. But it always starts with security. So looking at the best practices for architecting your secure system means you have to look at what the recommendations are and decide if you agree. It may not match up with what you're trying to do at AWS, but getting that education is kind of imperative for making the right decision. So we want to protect the information used by our application, that data that's stored in databases, or maybe in an S3 bucket. We also want to protect the computer systems that are doing the processing. Some of those systems might be exposed to the public internet. Hopefully most of them can remain private. And of course the assets or the services that are integrated with our stack, we have to ensure that those services are secure as well. So we have to start looking at the level of risk that we're willing to accept. What is the strategy to minimize the risk while operating in the cloud? If something is going to be perceived as risky, can I mitigate that level of risk? For example, I'm storing data in the cloud, I'm storing it in an S3 bucket. Well, a single S3 bucket, the content is replicated at least six or seven times, stored in three separate physical buildings within a region. Is that enough security for my data? Or should I automatically replicate it to another bucket? So we have to decide on what your level of risk is that you're going to accept when operating in the cloud. And that's what the security pillar is designed to do, to get you to think about what's the best practice for you.
- Design principals
- Identity and Access Management (IAM)
- Protecting AWS credentials
- Identifying threats
- Auditing security
- Infrastructure protection
- Protecting data at rest and in transit
- Responding to security incidents
- Managing incident response