Which security measures fall into AWS’s responsibility?

By:
On:
In: SOA-C01
Tagged:
With: 0 Comments
You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational DataBase Service (RDS) MySQL.

Which security measures fall into AWS’s responsibility?

Protect the EC2 instances against unsolicited access by enforcing the principle of least-privilege access

Protect against IP spoofing or packet sniffing

Assure all communication between EC2 instances and ELB is encrypted

Install latest security patches on ELB. RDS and EC2 instances

Explanations:

Enforcing least-privilege access is the responsibility of the customer, not AWS. Customers must configure IAM roles and policies.

AWS is responsible for network security, including preventing IP spoofing and packet sniffing at the infrastructure level.

Ensuring encryption of communication between EC2 instances and ELB is the responsibility of the customer, using SSL/TLS.

Patching EC2 instances is the responsibility of the customer, while AWS manages patching for the ELB and RDS service infrastructure.

Leave a Reply

Your email address will not be published. Required fields are marked *

12 + three =