EC2 provides two common methods for making configuration changes:
- Manually using the AWS Console
- Automatically using the AWS Application Programming Interface (API)
AWS provides distinct security features. There is a summary of the security features used with EC2
- Virtual Private Cloud (VPC): Separates every instance running on the physical server from every other instance. Theoretically, no one can access someone else’s instance.
- Network Access Control Lists (ACLs) (Optional): Acts as a firewall to control both incoming and outgoing requests at the subnet level.
- Identity and Access Management (IAM) Users and Permissions: Controls the level of access granted to individual users and user groups. You can both allow and deny access to specific resources managed by EC2.
- Security Groups: Acts as a firewall to control both incoming and outgoing requests at the instance level. Each instance can have up to five security groups, each of which can have different permissions. This security feature provides finer-grained control over access than Network ACLs, but you must also maintain it for each instance, rather than for the virtual machine as a whole.
- Hardware Security Device: Relies on a hardware-based security device that you install to control security between your on-premises network and the AWS cloud.
No comments:
Post a Comment