Dicoding Developer Coaching #52: Back-End | Segera Amankan Sumber Daya AWS Kamu

Transcript

1. Segera Amankan Sumber Daya AWS Kamu Dicoding Developer Coaching #52

   Fikri Helmi Setiawan Curriculum Developer REPLACE ME (Silakan ubah dengan image yang relevan sesuai materi)

2. Why should we think about “Security”?

3. We must put security first, because: • Customer data is

   very sensitive. All of them MUST be kept in safe, secure, and reliable manner. If not, we broke the compliance and violate our customer privacy. • All resources we use to run the application is critical. So we MUST restrict those resources from unauthorized access.

4. The security concept in AWS

5. AWS Shared Responsibility Model It’s a fundamental concept, and may

   be different depends on the services you use (managed services, serverless, platform as a service, etc)

6. Security Topics • Encryption is the method by which information

   is converted into secret code that hides the information's true meaning. Encryption • Firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Firewall • Access control is a security technique that regulates who or what can view or use resources in a computing environment Access Control

7. Encryption in AWS • At rest (while it is stored

   on disks in AWS services) ◦ Server-side (encryption of data at its destination by the application or service that receives it) ▪ AWS Services-managed -> Automatically encrypt for Amazon EBS, Amazon S3, Amazon RDS, Amazon Redshift, Amazon ElastiCache, AWS Lambda, and Amazon SageMaker. ▪ AWS KMS -> AWS services uses KMS keys to encrypt data, using AWS managed key or Customer managed key. ▪ Customer-Provided -> Customer manage the keys locally and AWS manages the encryption process. ◦ Client Side (encrypt data client-side and upload the encrypted data to AWS services) ▪ Use a key stored in AWS Key Management Service (AWS KMS) ▪ Use a key that you store within your application • In transit (as it travels to and from AWS services) ◦ We can leverage AWS Certificate Manager to manage SSL/TLS certificates or using client-side encryption.

8. Firewall in AWS • Subnet-level using Network ACL ◦ Layer

   of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. • Instance-level using Security Group ◦ Acts as a virtual firewall, controlling the traffic that is allowed to reach and leave the resources that it is associated with, such as EC2 instances.

9. Access Control in AWS

10. Authentication and Authorization • Authentication ◦ When you create your

    AWS account, you use a combination of an email address and a password to verify your identity. If the user types in the correct email and password, the system assumes the user is allowed to enter and grants them access. This is the process of authentication. • Authorization ◦ Once you’re inside your AWS account, you might be curious about what actions you can take. This is where authorization comes in. Authorization is the process of giving users permission to access AWS resources and services. Authorization determines whether the user can perform an action—whether it be to read, edit, delete, or create resources.

11. Protect the AWS Root User When you first create an

    AWS account, it begin with identity that has complete access to all AWS services and resources called the AWS root user. To ensure the safety of the root user: • Choose a strong password for the root user. • Never share your root user password or access keys with anyone. • Disable or delete the access keys associated with the root user. • Enable MFA on the root account • Do not use the root user for administrative tasks or everyday tasks. Instead, create IAM user with adminstrator access or follow the principle of least privilege (grant only the necessary permissions to do a particular job and nothing more).

12. AWS Identity and Access Management We can do all those

    things leveraging AWS Identity and Access Management (IAM). • What is AWS IAM? ◦ It is a service that enables you to manage access to your AWS account and resources, provides a centralized view of authentication and authorization. • IAM User ◦ Represents a person or service that interacts with AWS. • IAM Group ◦ A collection of users. All users in the group inherit the permissions assigned to the group. This makes it easy to give permissions to multiple users at once.

13. Specific in IAM Policy • To manage access and provide

    permissions to AWS services and resources, you create IAM policies and attach them to IAM users, groups, and roles. • Whenever a user or role makes a request, AWS evaluates the policies associated with them. • IAM Policy examples:

14. Demo Access Control using AWS IAM

15. Dicoding Dicoding Dicoding Dicoding Indonesia Contact us : Contact me

    : [email protected] REPLACE ME (Silakan ubah dengan image yang relevan sesuai materi)