How to Secure AWS Resources : S3, RDS, VPC and EC2

❂ Securing S3 Bucket

When it comes to AWS security, S3 buckets are undeniably the most vulnerable aspect of it all.

1. Server-Side Encryption:

Amazon S3 to encrypt your data prior to saving it on circles in its server farms and afterward decode. it when you download the data. Server-side encryption can assist with diminishing gamble to your information by encrypting the data with a key that is put away in an unexpected system in comparison to the component that stores.

the actual information.

2. Client-Side Encryption:

Utilizing this kind of encryption, rather than AWS, you encrypt the data prior to sending it to AWS.

When you recover the data from AWS, you really want to decrypt it.

Go to properties

In default encryption, click on Edit, Click on Enable, and choose which you want to implement

Block Public Access

Access Control is the main point of support to assist with fortifying data security. We’ve distinguished five different ways in

which you have some controlled access to your S3 buckets.

Go to permissions.

Block All Public Access

Bucket Versioning

Versioning is a method for keeping various variations of an object in the same bucket.

Under properties, Go to Bucket versioning

Click Edit, click Enable, and Save it.

S3 Object Lock

Utilizing S3 Object Lock empowers you to store objects utilizing a “Write Once Read Many” (WORM) model. S3 Object Lock can assist with forestalling unintentional or improper erasure of data.

When you create a bucket, Go to Advanced Settings, click Enable, and Click Create Bucket

Tips: “You can’t enable Object Lock after a bucket has been created.”

❂ Securing RDS

RDS: RDS is one of the most utilized, simple, and strong services of AWS. Just with a few clicks, we

have a well-configured database (MySQL, Microsoft SQL Server, PostgreSQL, and more)

Disable Public Access

Enable Data Encryption

Deletion Protection

Protects the database from being deleted accidentally. While this choice is enabled, you can’t erase the database.

High Availability

Backup Options

Guarantee that RDS data set examples have computerized reinforcements empowered for particular moments of recuperation.

❂ Securing VPC

Amazon VPC is protected by the AWS global network security procedures that are described in the

Amazon Web Services.

Use multiple Availability Zones. That’s why you have high availability.

Use security groups and network ACLs

Use IAM policies to control access

https://docs.aws.amazon.com/vpc/latest/userguide/security-iam.html

Use AWS CloudWatch to monitor your VPC

❂ Securing EC2

This rundown of practices will assist you with getting the greatest advantage from Amazon EC2.

EC2 Instance Naming Conventions

Ensure EC2 Instances are using proper naming conventions to follow AWS tagging best practices.

EC2 Instance In VPC

Never use the default VPC.

EC2 Instance Detailed Monitoring

Guarantee that point-by-point checking is enabled for the AWS EC2 that you want to monitor very closely.

Idle EC2 Instance

Identify idle AWS EC2 instances and stop or terminate others in order to optimize AWS costs.

Security Group Name Prefixed With ‘launch-wizard’

Guarantee EC2 security bunches prefixed with “launch-wizard” are not being used to follow AWS security best practices.

Unrestricted SSH access

Ensure no security group allows unrestricted inbound access to TCP port 80 (HTTP) or TCP port 443 (HTTPS).