前言
文章主要记录对AWS中的服务安全,主要是对IAM的认识与实践。注意的是文章并不提供Step-by-Step的基础性介绍,更多地关注怎么用架构师的思维来认识、学习和运用相关的服务。
AWS Shared Security Responsibility Model
AWS遵循共享安全责任模型,也就是如下图所示,AWS负责底层基础设施的安全,用户则负责他所部署在AWS上的应用与数据的安全。
图1: AWS Shared Security Responsibility Model
AWS的服务: 安全
图2:AWS安全服务
值得注意的是,AWS的安全控制并不仅仅依靠IAM,如下图所示:
图3:IAM示例
AWS中安全的四个组成部分:
1. 数据保护(Data protection)
SEC 1. How are you encrypting and protecting your data at rest?
SEC 2. How are you encrypting and protecting your data in transit?
2. 权限管理(Privilege management)
SEC 3. How are you protecting access to and use of the AWS root account credentials?
SEC 4. How are you defining roles and responsibilities of system users to control human access to the AWS Management Console and APIs?
SEC 5. How are you limiting automated access (such as from applications, scripts, or third-party tools or services) to AWS resources?
SEC 6. How are you managing keys and credentials?
3. 基础设施保护(Infrastructure protection)
SEC 7. How are you enforcing network and host-level boundary protection?
SEC 8. How are you enforcing AWS service level protection?
SEC 9. How are you protecting the integrity of the operating systems on your Amazon EC2 instances?
4. 侦查性控制(Detective controls)
SEC 10. How are you capturing and analyzing AWS logs?
重要的资源链接:
https://aws.amazon.com/documentation/
http://aws.amazon.com/faqs/
http://aws.amazon.com/whitepapers/
http://aws.amazon.com/architecture/
https://aws.amazon.com/security/
网友评论