Can We Improve How IDT Stored Secrets in AWS in 2017?
In late 2017, IDT did an AWS “This is My Architecture” video. The video talks about how they managed secret information in their AWS environment.
Now, a few years later, I react to that video and see what’s stood the test of time, what could be done simpler given today’s technology, and generally critique the design against the AWS Well-Architected Framework.
The AWS Well-Architected Framework
The AWS Well-Architected Framework is designed to help you and your team make informed trade offs while building in the AWS Cloud. It’s built on six pillars;
- Operational Excellence
- Cost Optimization
- Performance Efficiency
There pillars cover the primary concerns of building and running any solution. And as much as we’d all love to have everything, that’s just not possible.
…enter the framework.
It’ll help you strike the right balance for your goals to make sure that your build is the best it can be now and moving forward.
I often get asked why I talk about building in the cloud and architectural choices so often…aren’t I a security person?
Yes, I do focus on security and architecture is a critical part of that.
There’s really two types of security design work. The first is when you’re handed something and need to make sure the risks of that technology matches the risk appetite of the users.
The second type is when you’re building the technology. This is where making choices informed by security early in the process can have profound effects. You’re no longer bolting security on but building it in by design.
That’s why I talk about architecture and building so much. It’s where we all can have the largest possible security impact!
This video—and the ones that will come after—looks at a specific set of design decisions and how they balance the concerns of the AWS Well-Architected Framework…where security is one of the six pillars.
At the time, IDT was using Hashicorp Consul to manage configurations in their environment. As a part of that, they had sensitive information (like API access credentials) stored with that information.
Consul allowed them to control distribution and access to that data in an effective manner. The challenge I have with the design (though understandable at the time) is the combination of sensitive and non-sensitive (or “not-as-sensitive”) information. That management approach generally leads to some challenges down the road.
A clear separation is usually a better approach. It allows for stricter permissions to be put in place for the sensitive information. This could strike a better balance between the application of least privilege and keeping operational overhead low.
Learn more in the reaction video 👆.
Btw, I’ve updated my course, “Mastering The AWS Well-Architected Framework” on A Cloud Guru. If you want a solid walk through of the ideas behind the framework and how to apply it to your work in the AWS Cloud, check it out!