7 Layers of Security AWS, also known as “Defense in Depth”

Defense in Depth

1. Data Layer: This layer focuses on controlling access to business and customer data, and implementing encryption to protect data. This can involve using services like AWS Idenitity and Access Management(IAM) to manage who can access the data and services like AWS Key Management Service(AKS) for encryption.
2. Application Layer: This layer ensures applications deployed on AWS are secure and free of security vulnerabilites. This may involve practices such as regular patching, code reviews, and using AWS Web application Firewall(WAF).
3. Compute Layer: This layer restricts access to virtual machines, such as AWS EC2 instances, and may involve managing security groups, network ACLs and other access control both on premise and in the cloud.
4. Network Layer: Network Security is crucial to limit communication between resources. AWS provides features like Virtual Private Cloud(VPC), security groups, Network ACLs to help with segmentation and access control.
5. Perimeter Layer: This layer is like the four walls and the roof of a secure house.It includes firewalls, routers and proxy servers.One of the common attacks on this layer is DoS (Denial of Service) attacks or DDoS( Distributed Denial of Service ) attacks, which involves flooding the point of connection to the outside world with unproductive traffic, which brings communication with the Internet to a standstill. Thus it involves, Distribuited denial of service protection to filter out large-scale attacks before they can cause cause denial of service for users. AWS offer services like AWS Shield to protect data against DDoS attacks.
6. Identity and access Layer: This layer involves controlling access to infrastructure and resources. It is managed through IAM in AWS. This layer ensures that only authorized individuals or services can access AWS resources and perform actions.
7. Physical Layer: This layer limits physical access to a datacenter to only authorized personnel.