Amazon’s four tips to make sure your cloud is secure
By Brandon Butler, Network World | August 01st, 2014
AWS makes four Trusted Advisor features free.
Amazon Web Services has a program named Trusted Advisor that provides customers with advice on the best way to use the company’s IaaS cloud services. Today, the company made four checks that Trusted Advisor performs free for all users.
Trusted Advisor has 33 tests that it performs on customers’ AWS cloud deployments, and it adds to those occasionally. These range from setting up notifications from Trusted Advisor, to setting access management policies, reviewing recent changes and usage, ensuring AWS virtual machines are appropriately sized to providing visual breakdowns of AWS usage.
Today the company made four of its basic Trusted Advisor checks available for free. These include:
Service Limit Checks
This program notifies users when more than 80% of a resource is being used. The advantage is it will prevent certain services from going down because they are over-capacity. It basically is a way to ensure your programs and applications are more fault tolerant and highly available, and now AWS provides the service for free.
The more interesting, and potentially valuable tool, is for AWS to tell customers if they have unused resources. AWS provides this in paid support plans, and third-party providers like Cloudyn and Cloud Cruiser provide these more granular-level services too.
AWS says this service will warn customers of “overly permissive” instances within Elastic Compute Cloud virtual machines. Basically this means that if an EC2 instance is not secured and can be changed easily without appropriate credentials needed, then Trusted Advisor will warn you. This is aimed to prevent malicious activity and hacking, denial of service and loss of data, AWS says.
IAM Use Check
Similar to the Unrestricted Checks, this service will warn customers if only basic account-level credentials are securing AWS resources. The company has another service named Identity and Access Management (IAM) which allows customers to set up user groups, policies and roles. Doing so will prevent anyone who accesses a user’s account from making changes; the user would need not only account access but predetermined IAM access to make changes as well.
MFA on Root Check
The last free tool is another security service that checks to make sure customers are using multi-factor authentication (MFA) in their AWS services. MFA typically requires not only a user’s password, but a secondary authentication as well, which is usually supplied by another device, such as a mobile phone.
These four services are fairly basic best practices for using AWS’s cloud. And now, in the AWS management console when a customer logs into their account they can choose to see these alerts telling them if any of the above best practices are not in place.
Customers can subscribe to higher-level service plans from AWS too, including a developer plan for $49 a month; a business plan starting at $100 and an enterprise plan starting at $15,000. Higher support levels come with more in-depth advisory services from Amazon, including 24-7 support for customers to speak with AWS engineers.