Over a million developers have joined DZone.

5 Simple Tips to Improve Your AWS Security

· DevOps Zone

The DevOps zone is brought to you in partnership with Sonatype Nexus. The Nexus suite helps scale your DevOps delivery with continuous component intelligence integrated into development tools, including Eclipse, IntelliJ, Jenkins, Bamboo, SonarQube and more. Schedule a demo today

A key advantage of AWS is that it is dynamic and can be scaled according to need. That advantage, however, can cause security nightmares. With that in mind, here are 5 easy tips to insure that you keep up your end of the bargain.

1.  Use ‘least privileging’ when permissioning. What does this mean? It means use either the templates AWS provides or create your own to insure that users are not given more access than
they require. This is especially critical when considering programs that are gaining API access. Do not over permission and carefully control privileges.

2.  Create strong IAM policies and continually monitor them. AWS allows MFA. Use it for privileged accounts.Similarly, create and enforce policies to insure that passwords are appropriately complex and secure for all accounts. Ensure that your security groups are properly configured and permissioned.

3.  Secure your S3 buckets. At CloudCheckr, we conducted a random review of 400 accounts and found that over 30% of all users had S3 buckets with ‘view’, ‘edit’, or ‘upload/delete’ permissions set to everyone. This allows malicious users easy access.

4.  Monitor your resource usage. Effective security requires vigilance. You should set CloudWatch alerts and pay attention to your regular utilization metrics. CloudWatch offers basic utilization metrics that are appropriate for small deployments. Advanced users typically require more in-depth analytics that looks deeper into utilization and extends beyond CloudWatch’s 2 week reporting period. These solutions are available from a variety of 3rd party providers. Without comprehensive analytics and awareness, it is far more
difficult to accurately assess CloudWatch alerts and detect unusual activity.

5.  Track changes to your deployment. Given AWS’ dynamic nature, even a medium size deployment undergoes numerous changes on a daily basis. Each change needs to be monitored to insure that proper configuration, IAM, and security protocols are followed. The tracking can be done either manually or with an automated tool.


Following these 5 tips will quickly and dramatically improve your security posture. The issues raised represent the most common issues surrounding AWS usage. The list is not, however, the last word on security. There are, of course, a multitude of other concerns that must be followed.

Unlisted, but perhaps most importantly, security requires vigilance. AWS presents a dynamic environment and its users need to adapt to that reality. This means that you should be monitoring and reviewing your deployment, its resources, and its changes regularly. Whether conducted manually or through an automated solution, this review is essential to maintaining your security posture.

The DevOps zone is brought to you in partnership with Sonatype Nexus. Use the Nexus Suite to automate your software supply chain and ensure you're using the highest quality open source components at every step of the development lifecycle. Get Nexus today


The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}