Security first! Keamanan adalah aspek penting yang wajib selalu kita pertimbangkan saat mengembangkan aplikasi, tak terkecuali di AWS. Untungnya, AWS telah menyediakan berbagai mekanisme dan layanan yang memungkinkan kita untuk menerapkan keamanan di setiap sumber daya AWS yang kita miliki.
Penasaran apa saja bentuk mekanisme keamanan yang ditawarkan AWS? Simak lebih lengkapnya pada Developer Coaching dengan poin pembahasan seperti berikut:
- Mengapa harus memikirkan keamanan?
- Konsep keamanan di AWS
- Pengenalan AWS IAM
- Implementasi access control di AWS
Segera Amankan Sumber Daya AWS Kamu
Dicoding Developer Coaching #52
Fikri Helmi Setiawan
(Silakan ubah dengan image yang relevan sesuai materi)
Why should we think about
We must put security first, because:
● Customer data is very sensitive.
All of them MUST be kept in safe,
secure, and reliable manner. If not,
we broke the compliance and
violate our customer privacy.
● All resources we use to run the
application is critical. So we MUST
restrict those resources from
The security concept in AWS
AWS Shared Responsibility Model
It’s a fundamental concept, and may be different depends on the services you use
(managed services, serverless, platform as a service, etc)
● Encryption is the method by
which information is
converted into secret code
that hides the information's
● Firewall is a network
security system that
monitors and controls
incoming and outgoing
network traffic based on
● Access control is a
security technique that
regulates who or what
can view or use
resources in a
Encryption in AWS
● At rest (while it is stored on disks in AWS services)
○ Server-side (encryption of data at its destination by the application or service
that receives it)
■ AWS Services-managed -> Automatically encrypt for Amazon EBS,
Amazon S3, Amazon RDS, Amazon Redshift, Amazon ElastiCache, AWS
Lambda, and Amazon SageMaker.
■ AWS KMS -> AWS services uses KMS keys to encrypt data, using AWS
managed key or Customer managed key.
■ Customer-Provided -> Customer manage the keys locally and AWS
manages the encryption process.
○ Client Side (encrypt data client-side and upload the encrypted data to AWS
■ Use a key stored in AWS Key Management Service (AWS KMS)
■ Use a key that you store within your application
● In transit (as it travels to and from AWS services)
○ We can leverage AWS Certificate Manager to manage SSL/TLS certificates or
using client-side encryption.
Firewall in AWS
● Subnet-level using Network ACL
○ Layer of security for your VPC
that acts as a firewall for
controlling traffic in and out of
one or more subnets.
● Instance-level using Security Group
○ Acts as a virtual firewall,
controlling the traffic that is
allowed to reach and leave the
resources that it is associated
with, such as EC2 instances.
Access Control in AWS
Authentication and Authorization
○ When you create your AWS account, you use a combination of an email
address and a password to verify your identity. If the user types in the correct
email and password, the system assumes the user is allowed to enter and
grants them access. This is the process of authentication.
○ Once you’re inside your AWS account, you might be curious about what
actions you can take. This is where authorization comes in. Authorization is
the process of giving users permission to access AWS resources and
services. Authorization determines whether the user can perform an
action—whether it be to read, edit, delete, or create resources.
Protect the AWS Root User
When you first create an AWS account, it begin with identity that has complete access
to all AWS services and resources called the AWS root user.
To ensure the safety of the root user:
● Choose a strong password for the root user.
● Never share your root user password or access keys with anyone.
● Disable or delete the access keys associated with the root user.
● Enable MFA on the root account
● Do not use the root user for administrative tasks or everyday tasks. Instead, create
IAM user with adminstrator access or follow the principle of least privilege (grant
only the necessary permissions to do a particular job and nothing more).
AWS Identity and Access Management
We can do all those things leveraging AWS Identity and Access Management (IAM).
● What is AWS IAM?
○ It is a service that enables you to manage access to your AWS account and
resources, provides a centralized view of authentication and authorization.
● IAM User
○ Represents a person or service that interacts with AWS.
● IAM Group
○ A collection of users. All users in the group inherit the permissions assigned
to the group. This makes it easy to give permissions to multiple users at once.
Specific in IAM Policy
● To manage access and provide permissions to AWS services and resources, you
create IAM policies and attach them to IAM users, groups, and roles.
● Whenever a user or role makes a request, AWS evaluates the policies associated
● IAM Policy examples:
Access Control using AWS IAM