AWS Fundamentals: AWS Cloud-Native

Posted on by Hridyesh singh bisht

Security in AWS :

The idea is, at AWS, they talk about security as a partnership. There are things AWS is responsible for and things you are responsible to do, in order to keep your application safe and secure in the cloud. Take a look at your application not as a single object, but as a collection of pieces that together make up the parts of your app

Amazon provide the security elements to you and your auditors where compliance is needed. When you’re running EC2 on AWS, and you launch EC2 when you choose an AMI with an operating system, that guest operating system is a 100 percent in your control. This becomes the dividing line.

All of your user data, is controlled by you. This means, it’s your responsibility to think about things like, do you want encryption? AWS offers a wide range of encryption tools, whether it’s simply a bring-your-own-encryption to automatic server-side encryption on S3 and EBS. Or perhaps, you’d like a more robust managed keys, using AWS CloudHSM or KMS, the Key Management Service. That allows you to retain high level controls even when you’ve got security like a FIPS 140-2 compliance.

Think about RDS, the Relational Database Service, but in those cases, AWS is responsible for installing and maintaining, and keeping all the patches up to date. You or your DBA, doesn’t have to worry about the operating system or the application. In fact, there’s a different dividing line for RDS. You though, still maintain 100 percent control over the data itself, over the schema, over user access. Am I encrypted or not? Who has access to read it?

Just because you’re running on AWS servers, does not give us any visibility at all into your data. If you don’t trust that, don’t worry about trust, that’s what encryption’s all about. With enough encryption, you don’t have to worry about who else is running inside the cloud or anywhere else in the world.

AWS responsibility

Security of the Cloud: Amazon is responsible for protecting the infrastructure that runs all of the services that are offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

Customer responsibility

Security in the Cloud: Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities.

For more details about the Shared Responsibility Model, see: https://aws.amazon.com/compliance/shared-responsibility-model/

Cost Management :

To optimize costs, you want to establish best practices for cost management, and use tools to monitor and analyze costs over time. AWS offers multiple cost management tools through the AWS Management Console.

  1. The AWS Cost Explorer is a service that helps you easily visualize and understand costs and usage. AWS Cost Explorer also allows you to create reports
  2. AWS Budgets allows you to create alerts when your costs or usage exceeds a threshold over a specific time period. You define the time period, whether it be a week, month, or year, and you also define your thresholds. When you exceed the threshold, a notification can be sent out. So, you can begin to look into where you can start to reduce costs.
  3. AWS Trusted Advisor not only helps you reduce cost, but it also can help you increase performance, increase security, and optimize your AWS environment. Trusted Advisor is a powerful tool to help you identify areas of improvement in your account. we have a few different categories of things that Trusted Advisor can help you with. We have
    1. Cost Optimization
    2. Performance
    3. Security
    4. Fault Tolerance
    5. Service Limits.

Sources used to write this blog,

  1. https://www.coursera.org/learn/aws-fundamentals-going-cloud-native/home/welcome
  2. https://aws.amazon.com/training/
  3. https://docs.aws.amazon.com/index.html?nc2=h_ql_doc

Next blog in the series : https://programmerprodigy.code.blog/2020/06/03/aws-fundamentals-addressing-security-risk/

Pages: 1 2 3 4 5

One thought on “AWS Fundamentals: AWS Cloud-Native

  1. Pingback: AWS Fundamentals: Addressing Security Risk – Programmer Prodigy

Leave a comment

Unknown's avatar

Published by Hridyesh singh bisht

Hridyesh Bisht is a Technical Knowledge Specialist at Suse, where he focuses on creating technical documentation, designing training courses, and building GitHub Actions to automate processes. He also analyzes and visualizes user feedback and metrics to enhance documentation and training materials. Hridyesh is actively involved in open-source projects, including contributing to AsyncAPI under the Google Season of Docs 2023 program. He developed detailed documentation and training content and delivered a talk at the AsyncAPI conference. Hridyesh is currently contributing to SigNoz(An open source data monitoring tool). Hridyesh believes that "Engineering is the closest thing to magic in the world." He thrives on contributing to technical communities as a developer, technical writer, and speaker, sharing knowledge and fostering a community. A former AWS Community Builder for nearly three years, he also organizes meetups for the Doon Technical Community to connect and empower local tech enthusiasts.