Security in the AWS Well-Architected Framework
Security is one of the five pillars of the AWS Well-Architected Framework. The framework describes the principles and techniques required to make informed trade-offs when you’re building in the AWS Cloud.
I’ve taught thousands of builders how to build better using the framework on the A Cloud Guru platform. Be sure to check out my course, “Mastering The Well-Architected Framework”
This ๐ Twitter thread dives deeper into the Security pillar of the framework…
today, my personal favourite, the Security Pillar
๐งตโ๏ธ #cloud #devops
@marknca tweeted at 23-Nov-2021, 20:21
Tweet 2/12 ๐ Next tweet ๐ Start
…and yesterdays is up at https://markn.ca/2021/operational-excellence-in-the-aws-well-architected-framework/
๐งตโ๏ธ #cloud #devops
@marknca tweeted at 23-Nov-2021, 20:21
Tweet 3/12 ๐ Next tweet ๐ Start
it’s not an isolated activity but one that must be considers next to the other four pillars. you need to find a balance here…the framework helps
๐งตโ๏ธ #cloud #devops
@marknca tweeted at 23-Nov-2021, 20:21
Tweet 4/12 ๐ Next tweet ๐ Start
To make sure that your systems work as intended and ONLY as intended
๐งตโ๏ธ #cloud #devops
@marknca tweeted at 23-Nov-2021, 20:21
Tweet 5/12 ๐ Next tweet ๐ Start
that covers everything from attacks to mistakes. also, it’s more positive
๐งตโ๏ธ #cloud #devops
@marknca tweeted at 23-Nov-2021, 20:21
Tweet 6/12 ๐ Next tweet ๐ Start
besides, if you’re only ever trying to STOP things, you won’t see the other advantages, like building reslience
๐งตโ๏ธ #cloud #devops
@marknca tweeted at 23-Nov-2021, 20:21
Tweet 7/12 ๐ Next tweet ๐ Start
yawn ๐ด
๐งตโ๏ธ #cloud #devops
@marknca tweeted at 23-Nov-2021, 20:21
Tweet 8/12 ๐ Next tweet ๐ Start
- identity & access
- detective controls
- infrastructure protection
- data protection
- incident response
๐งตโ๏ธ #cloud #devops
@marknca tweeted at 23-Nov-2021, 20:21
Tweet 9/12 ๐ Next tweet ๐ Start
-
identity & access == who can do what, when?
-
detective controls == is this normal?
-
infrastructure protection == boundaries & chokepoints
๐งตโ๏ธ #cloud #devops
@marknca tweeted at 23-Nov-2021, 20:21
Tweet 10/12 ๐ Next tweet ๐ Start
-
data protection == classification, management, & encryption
-
incident response == ๐ฉ+fan, time to contain & restore
๐งตโ๏ธ #cloud #devops
@marknca tweeted at 23-Nov-2021, 20:21
Tweet 11/12 ๐ Next tweet ๐ Start
- identities have the least amount of privileges required
- know who did what, when
- security is a part of everything
- automate all tasks
- encrypt at rest & in transit
- prepare for the worst
๐งตโ๏ธ #cloud #devops
@marknca tweeted at 23-Nov-2021, 20:21
Tweet 12/12 ๐ Next tweet ๐ Start
there’s a lot more in that document and in the references. but, like anything in the framework, Gamedays and practice will help you understand these concepts the best
/๐งตโ๏ธ #cloud #devops
@marknca tweeted at 23-Nov-2021, 20:21