πŸ’‘

This post was written 3 years ago, it may be out of date, my opinion might have changed, and/or the writing may be embarrassingly bad. Read with caution.

Security in the AWS Well-Architected Framework

Fall/2021 – 3 min read

An overview of the AWS Well-Architected Frameworks' Security pillar.

Security is one of the five pillars of the AWS Well-Architected Framework. The framework describes the principles and techniques required to make informed trade-offs when you’re building in the AWS Cloud.

I’ve taught thousands of builders how to build better using the framework on the A Cloud Guru platform. Be sure to check out my course, β€œMastering The Well-Architected Framework”

This πŸ‘‡ Twitter thread dives deeper into the Security pillar of the framework…

Tweet 1/12 πŸ‘‡ Next tweet

yesterday, we took a look at the Operational Excellence pillar of the @awscloud Well-Architected Framework today, my personal favourite, the Security Pillar 🧡☁️ #cloud #devops

@marknca tweeted at 23-Nov-2021, 20:21

Tweet 2/12 πŸ‘‡ Next tweet πŸ‘† Start

this thread is available unrolled at https://markn.ca/2021/security-in-the-aws-well-architected-framework/ ...and yesterdays is up at https://markn.ca/2021/operational-excellence-in-the-aws-well-architected-framework/ 🧡☁️ #cloud #devops

@marknca tweeted at 23-Nov-2021, 20:21

Tweet 3/12 πŸ‘‡ Next tweet πŸ‘† Start

one of the reasons I ❀️ the Well-Architected Framework so much is that it presents #security in CONTEXT it's not an isolated activity but one that must be considers next to the other four pillars. you need to find a balance here...the framework helps 🧡☁️ #cloud #devops

@marknca tweeted at 23-Nov-2021, 20:21

Tweet 4/12 πŸ‘‡ Next tweet πŸ‘† Start

there are formal definitions of the various types of security (cyber, information, physical, & operational) but I like the catch all: To make sure that your systems work as intended and ONLY as intended 🧡☁️ #cloud #devops

@marknca tweeted at 23-Nov-2021, 20:21

Tweet 5/12 πŸ‘‡ Next tweet πŸ‘† Start

... it's πŸ‘† simple to understand in that context. all of these processes and controls we put in place are there to make sure that things work the way to expect and ONLY that way that covers everything from attacks to mistakes. also, it's more positive 🧡☁️ #cloud #devops

@marknca tweeted at 23-Nov-2021, 20:21

Tweet 6/12 πŸ‘‡ Next tweet πŸ‘† Start

...I cannot stand the conflict/FUD oriented view of security. yes there are malicious actors out there but security is so much more than that besides, if you're only ever trying to STOP things, you won't see the other advantages, like building reslience 🧡☁️ #cloud #devops

@marknca tweeted at 23-Nov-2021, 20:21

Tweet 7/12 πŸ‘‡ Next tweet πŸ‘† Start

so, the Framework does use a formal definition (my rant aside). it states that security is, "the ability to protect data, systems, and assets to take advantage of cloud technologies." yawn 😴 🧡☁️ #cloud #devops

@marknca tweeted at 23-Nov-2021, 20:21

Tweet 8/12 πŸ‘‡ Next tweet πŸ‘† Start

this pillar is broken down into five areas: - identity & access - detective controls - infrastructure protection - data protection - incident response 🧡☁️ #cloud #devops

@marknca tweeted at 23-Nov-2021, 20:21

Tweet 9/12 πŸ‘‡ Next tweet πŸ‘† Start

in simple terms, those areas end up being: - identity & access == who can do what, when? - detective controls == is this normal? - infrastructure protection == boundaries & chokepoints 🧡☁️ #cloud #devops

@marknca tweeted at 23-Nov-2021, 20:21

Tweet 10/12 πŸ‘‡ Next tweet πŸ‘† Start

... - data protection == classification, management, & encryption - incident response == πŸ’©+fan, time to contain & restore 🧡☁️ #cloud #devops

@marknca tweeted at 23-Nov-2021, 20:21

Tweet 11/12 πŸ‘‡ Next tweet πŸ‘† Start

like every pillar, this one has some key principles: - identities have the least amount of privileges required - know who did what, when - security is a part of everything - automate all tasks - encrypt at rest & in transit - prepare for the worst 🧡☁️ #cloud #devops

@marknca tweeted at 23-Nov-2021, 20:21

Tweet 12/12 πŸ‘‡ Next tweet πŸ‘† Start

you can read the whole Security pillar here: https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html there's a lot more in that document and in the references. but, like anything in the framework, Gamedays and practice will help you understand these concepts the best /🧡☁️ #cloud #devops

@marknca tweeted at 23-Nov-2021, 20:21

πŸ‘† Start