Elastic Compute Capacity

Elastic Cloud Compute

Elastic Compute Cloud

Elastic Compute 2

EC2

S3

RDS

VPC

Configuring third-party applications

Maintaining physical hardware

Securing application access and data

Managing security patches and upgrades of guest operating systems

Use Amazon Cloud Directory

Audit AWS Identity and Access Management (IAM) roles

Enable multi-factor authentication (MFA)

Enable AWS CloudTrail

AWS VPC

AWS CloudTrail

AWS IAM

AWS API

All users should have the same baseline permissions granted to them to use basic AWS services.

Users should be granted permission to access only resources they need to do their assigned job.

Users should submit all access requests in written form so that there is a paper trail of who needs access to different AWS resources.

Users should always have a little more permission than they need.

Whitelist all internet traffic for all the 3 instances

Whitelist inbound connection from office ips for Development and Test instances.

Whitelist all internet traffic for Production instance.

Whitelist inbound connection from office ips for Development, Test and Production instances.

Whitelist only HTTP and HTTPS inbound internet traffic for Production instance.

Restrict all inbound traffic from internet to all 3 instances