Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Dicoding Developer Coaching #52: Back-End | Segera Amankan Sumber Daya AWS Kamu

Dicoding Developer Coaching #52: Back-End | Segera Amankan Sumber Daya AWS Kamu

Security first! Keamanan adalah aspek penting yang wajib selalu kita pertimbangkan saat mengembangkan aplikasi, tak terkecuali di AWS. Untungnya, AWS telah menyediakan berbagai mekanisme dan layanan yang memungkinkan kita untuk menerapkan keamanan di setiap sumber daya AWS yang kita miliki.

Penasaran apa saja bentuk mekanisme keamanan yang ditawarkan AWS? Simak lebih lengkapnya pada Developer Coaching dengan poin pembahasan seperti berikut:

- Mengapa harus memikirkan keamanan?
- Konsep keamanan di AWS
- Pengenalan AWS IAM
- Implementasi access control di AWS

Dicoding Indonesia

July 27, 2022
Tweet

More Decks by Dicoding Indonesia

Other Decks in Education

Transcript

  1. Segera Amankan Sumber Daya AWS Kamu
    Dicoding Developer Coaching #52
    Fikri Helmi Setiawan
    Curriculum Developer
    REPLACE ME
    (Silakan ubah dengan image yang relevan sesuai materi)

    View full-size slide

  2. Why should we think about
    “Security”?

    View full-size slide

  3. We must put security first, because:
    ● Customer data is very sensitive.
    All of them MUST be kept in safe,
    secure, and reliable manner. If not,
    we broke the compliance and
    violate our customer privacy.
    ● All resources we use to run the
    application is critical. So we MUST
    restrict those resources from
    unauthorized access.

    View full-size slide

  4. The security concept in AWS

    View full-size slide

  5. AWS Shared Responsibility Model
    It’s a fundamental concept, and may be different depends on the services you use
    (managed services, serverless, platform as a service, etc)

    View full-size slide

  6. Security Topics
    ● Encryption is the method by
    which information is
    converted into secret code
    that hides the information's
    true meaning.
    Encryption
    ● Firewall is a network
    security system that
    monitors and controls
    incoming and outgoing
    network traffic based on
    predetermined security
    rules.
    Firewall
    ● Access control is a
    security technique that
    regulates who or what
    can view or use
    resources in a
    computing environment
    Access Control

    View full-size slide

  7. Encryption in AWS
    ● At rest (while it is stored on disks in AWS services)
    ○ Server-side (encryption of data at its destination by the application or service
    that receives it)
    ■ AWS Services-managed -> Automatically encrypt for Amazon EBS,
    Amazon S3, Amazon RDS, Amazon Redshift, Amazon ElastiCache, AWS
    Lambda, and Amazon SageMaker.
    ■ AWS KMS -> AWS services uses KMS keys to encrypt data, using AWS
    managed key or Customer managed key.
    ■ Customer-Provided -> Customer manage the keys locally and AWS
    manages the encryption process.
    ○ Client Side (encrypt data client-side and upload the encrypted data to AWS
    services)
    ■ Use a key stored in AWS Key Management Service (AWS KMS)
    ■ Use a key that you store within your application
    ● In transit (as it travels to and from AWS services)
    ○ We can leverage AWS Certificate Manager to manage SSL/TLS certificates or
    using client-side encryption.

    View full-size slide

  8. Firewall in AWS
    ● Subnet-level using Network ACL
    ○ Layer of security for your VPC
    that acts as a firewall for
    controlling traffic in and out of
    one or more subnets.
    ● Instance-level using Security Group
    ○ Acts as a virtual firewall,
    controlling the traffic that is
    allowed to reach and leave the
    resources that it is associated
    with, such as EC2 instances.

    View full-size slide

  9. Access Control in AWS

    View full-size slide

  10. Authentication and Authorization
    ● Authentication
    ○ When you create your AWS account, you use a combination of an email
    address and a password to verify your identity. If the user types in the correct
    email and password, the system assumes the user is allowed to enter and
    grants them access. This is the process of authentication.
    ● Authorization
    ○ Once you’re inside your AWS account, you might be curious about what
    actions you can take. This is where authorization comes in. Authorization is
    the process of giving users permission to access AWS resources and
    services. Authorization determines whether the user can perform an
    action—whether it be to read, edit, delete, or create resources.

    View full-size slide

  11. Protect the AWS Root User
    When you first create an AWS account, it begin with identity that has complete access
    to all AWS services and resources called the AWS root user.
    To ensure the safety of the root user:
    ● Choose a strong password for the root user.
    ● Never share your root user password or access keys with anyone.
    ● Disable or delete the access keys associated with the root user.
    ● Enable MFA on the root account
    ● Do not use the root user for administrative tasks or everyday tasks. Instead, create
    IAM user with adminstrator access or follow the principle of least privilege (grant
    only the necessary permissions to do a particular job and nothing more).

    View full-size slide

  12. AWS Identity and Access Management
    We can do all those things leveraging AWS Identity and Access Management (IAM).
    ● What is AWS IAM?
    ○ It is a service that enables you to manage access to your AWS account and
    resources, provides a centralized view of authentication and authorization.
    ● IAM User
    ○ Represents a person or service that interacts with AWS.
    ● IAM Group
    ○ A collection of users. All users in the group inherit the permissions assigned
    to the group. This makes it easy to give permissions to multiple users at once.

    View full-size slide

  13. Specific in IAM Policy
    ● To manage access and provide permissions to AWS services and resources, you
    create IAM policies and attach them to IAM users, groups, and roles.
    ● Whenever a user or role makes a request, AWS evaluates the policies associated
    with them.
    ● IAM Policy examples:

    View full-size slide

  14. Demo
    Access Control using AWS IAM

    View full-size slide

  15. Dicoding
    Dicoding
    Dicoding
    Dicoding Indonesia
    Contact us :
    Contact me :
    [email protected]
    REPLACE ME
    (Silakan ubah dengan image yang relevan sesuai materi)

    View full-size slide