Amazon Web Services - Minimum Security requirements

Often an organization comes across project teams that comprise solution architects, developers and DevOps engineers trying to make use of the power of the public cloud to solve the business problem.

The only goal for them is to solve the business problem at the same time to embrace and innovate the fancy word "Cloud". Now the cloud means a lot to different kinds of people from architects to CIOs. Nevertheless, security is always a big concern.

I always suggest the organization that I help in the cloud security to have a proper strategy before moving to the cloud. The reality is always a bitter truth that not everyone considers spending effort, money and time designing a strategy.

But being an Enterprise Security Architect, I always had to design the security to match and challenge the solution design to comply with the organization's security capabilities. Not only that, but I must also consider making effective use of security features that the cloud provides "out of the box".

Like everyone there is always a starting trouble, a question of "Where do I start?". This is the reason for designing the below security control and engineering document that anyone can make use to get started with. It is more or less specific to Amazon Web Services.

This sheet is spread into multiple categories such as

1. Identity and Access Management
2. Security monitoring
3. AWS Platform Security 
4. Cryptographic Key Management
5. Filesystem
6. DNS Security & More...

This is an artifact only to begin with. You can use this as a baseline and develop further based on your AWS project requirements and design.

Please do share your feedback and comments. You can download the full version of the file here. Thank you!