As more and more enterprises and organisations move to the cloud, one great concern is how to ensure it is secure. In this post I will highlight five important services that relate to managing security and monitoring of your AWS cloud environment. This won’t be a deep dive but rather give an overview of these services and how they work together.
Virtual Private Cloud (VPC)
In AWS, A VPC is an isolated private cloud to host your servers in. You get to control how those servers are accessed by using Route Tables, Security Groups and Network Access Control Lists to manage the flow of traffic in and out your environment. This in turns gives you full control of how the severs hosted inside your environment can be accessed either internally or by external servers on-premise or otherwise through a VPN connection.
CloudWatch is a service on AWS that automatically collects metrics the infrastructure deployed such as EC2 instances, SQS queues and RDS instances. CloudWatch out of the box collects some type of metrics from every service on AWS. With the data collected by CloudWatch, you can trigger alerts that can send SMS or emails based on certain thresholds or increase the number of EC2 instances in an Auto Scaling group. CloudWatch also provides a dashboard to view these metrics in form of a graph via the Console. All metrics collected by CloudWatch can also be forwarded to 3rd party services such as New Relic and Prometheus for further analysis and action.
CloudTrail serves as the “Big Brother” in AWS. CloudTrail is a service that you can enable per region and it will track all API calls (meaning all actions) that are done by your AWS users or roles. CloudTrail will give you detailed information on who did what and when. All the CloudTrail data is automatically stored in an S3 bucket and also CloudWatch for further analysis but can also be streamed in realtime to 3rd party tools such as an ELK (Elasticsearch, Logstash, Kibana) stack for both analysis and auditing of the environment.
With CloudWatch monitoring your AWS environment and CloudTrail tracking each and every action users make, AWS Config is a service for tracking the state of your environment. Every change made to the resources within your AWS account is recorded. You can also create Config Rules that are evaluated against changes in your resources and the rules can alert you on unwanted changes and possible security issues.
Securing your cloud infrastructure requires a good knowledge of your environment and extensive monitoring and alerting.
At AltoStack, we leverage the innovative capabilities of the cloud to help enterprise and scale-up organisations innovate and grow by providing a much more efficient, fast, secure and simple way to adopt DevOps & Cloud Native Computing.
Our full spectrum of digital transformation and cloud services allow you to take the first steps of your Cloud and DevOps journey and accelerate your company’s digital transformation and empower your business to stay ahead of the competition.