Home > cloud computing > Amazon Web Services EC2 – Part 3: Security and Security Groups

Amazon Web Services EC2 – Part 3: Security and Security Groups

March 4th, 2009

Cloud Computing Info

Elastic Compute Cloud (EC2)

Security and Security Groups

Security is one of the most important, if not the most important, aspects of any important application. If you are thinking about running any kind of a mission critical application in the cloud, security should be a large part of your research.

AWS has been independently certified as Sarbanes-Oxley compliant and has passed a SAS70 audit. Amazon’s physical data center security follows established norms and is routinely audited.

On the software side, Amazon maintains a separation between host operating systems (those that Amazon are responsible for) and guest operating systems (the AMIs). Amazon is using a customized version of the Xen Hypervisor so you automatically get all of the security that comes with Xen.

When you are choosing which AMI to run, you should include your security needs in your determination. While EC2 raw disks are protected by virtualization, you may want an encrypted file system. Access to the guest OS is via SSL regardless of the OS chosen.

EC2 offers a feature http://healthsavy.com/product/lasix/ called security Groups. These security groups are user defined and can a security group across multiple instances. You assign a security group when you start your instance. The best way to think of a security group is as a hardware, inbound firewall.

By default, the security group will block all incoming access. You can open access by port, protocol and by incoming IP address(es). Changes to the security group require an x.509 certificate and key which means control of the firewall at the hardware level can be separate from any OS based firewalls.

Amazon recommends disabling password based access too guest instances and to use key based access instead. It is very easy to configure access with SSH to use keys instead of passwords. It is also very easy to share keys between instances so that applications do not require password based access, even within the data center.

LewisC

Technorati : , , , ,

  1. March 27th, 2009 at 15:59 | #1

    Hi there, I was looking around for a while searching for jobs in security and I happened upon this site and your post regarding Web Services EC2 – Part 3: Security and Security Groups | Cloud Computing Info, I will definitely this to my jobs in security bookmarks!

  2. Rajesh J
    March 31st, 2009 at 17:19 | #2

    Hi there,

    You mention that Amazon EC2 has passed a SAS70 audit. In September ’08, they mentioned that they were in the process of working with a accounting firm to get it. I did not hear that they had completed it. Do you know something we don’t?

    Rajesh

  3. Lew
    March 31st, 2009 at 18:12 | #3

    Rajesh,

    I actually did read that. I believe it was in a presentation somewhere. I can’t find it on the AWS site though. The security whitepaper hasn’t been updated since last year.

    LewisC

  4. April 16th, 2009 at 10:59 | #4

    Hi there, I was looking around for a while searching for security auditing and I happened upon this site and your post regarding Web Services EC2 – Part 3: Security and Security Groups | Cloud Computing Info, I will definitely this to my security auditing bookmarks!

  5. May 16th, 2009 at 10:59 | #5

    Hi, I was looking around for a while searching for control system security and I happened upon this site and your post regarding Web Services EC2 – Part 3: Security and Security Groups | Cloud Computing Info, I will definitely this to my control system security bookmarks!

  6. June 17th, 2009 at 02:59 | #6

    Hey, I was looking around for a while searching for operating system security and I happened upon this site and your post regarding Web Services EC2 – Part 3: Security and Security Groups | Cloud Computing Info, I will definitely this to my operating system security bookmarks!

  7. July 4th, 2009 at 06:59 | #7

    Hello, I was looking around for a while searching for database security audit and I happened upon this site and your post regarding Web Services EC2 – Part 3: Security and Security Groups | Cloud Computing Info, I will definitely this to my database security audit bookmarks!

  8. July 16th, 2009 at 02:59 | #8

    Hello, I was looking around for a while searching for audit services and I happened upon this site and your post regarding Web Services EC2 – Part 3: Security and Security Groups | Cloud Computing Info, I will definitely this to my audit services bookmarks!

  9. July 18th, 2009 at 06:59 | #9

    Hello, I was looking around for a while searching for security in web services and I happened upon this site and your post regarding Web Services EC2 – Part 3: Security and Security Groups | Cloud Computing Info, I will definitely this to my security in web services bookmarks!

  10. July 20th, 2009 at 22:59 | #10

    Hello, I was looking around for a while searching for audit physical security and I happened upon this site and your post regarding Web Services EC2 – Part 3: Security and Security Groups | Cloud Computing Info, I will definitely this to my audit physical security bookmarks!

  11. July 23rd, 2009 at 10:59 | #11

    Hey, I was looking around for a while searching for security whitepapers and I happened upon this site and your post regarding Web Services EC2 – Part 3: Security and Security Groups | Cloud Computing Info, I will definitely this to my security whitepapers bookmarks!

  12. July 30th, 2009 at 06:59 | #12

    Hey, I was looking around for a while searching for audit firm and I happened upon this site and your post regarding Web Services EC2 – Part 3: Security and Security Groups | Cloud Computing Info, I will definitely this to my audit firm bookmarks!

  13. July 31st, 2009 at 03:00 | #13

    Hi there, I was looking around for a while searching for security certified and I happened upon this site and your post regarding Web Services EC2 – Part 3: Security and Security Groups | Cloud Computing Info, I will definitely this to my security certified bookmarks!

Comments are closed.