In a world governed by many different security regulations and standards, compliance is essential. Using AWS allows you to meet the requirements of almost every regulatory agency around the globe.
In this article, we will first take a look at the shared responsibility model, which enables organizations to determine which part of compliance processes is their responsibility and which is the responsibility of AWS.
This knowledge helps you better plan your compliance strategy. In the second part of the text, we will introduce you to AWS tools that help you efficiently implement compliance policy in your organization.
The Shared Responsibility model
In essence, the cloud’s security and compliance is a shared responsibility between AWS and your company. As AWS puts it, they are responsible for the security OF the cloud, whereas you’re responsible for the security IN the cloud.
Take a look at this infographic provided by Amazon:
As you can see, AWS operates, manages, and controls all the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer’s responsibility lies within customer data, data encryption, network traffic protection, and firewall configuration.
That’s quite a lot to take care of. However, AWS provides you with tools and solutions that help you manage everything properly and ensure your resources’ full security and compliance.
How to ensure compliance and security of your AWS cloud
In short, tags are used to assign metadata to various resources stored in the AWS cloud. Each tag is a simple label consisting of a customer-defined key and an optional value. Since there can be a lot of them in one cloud, tags make it significantly easier to manage cloud resources. And yes, these tools can then be used to ensure the security and compliance of your cloud. What happens when you do not tag your resources?
Without a coherent tagging policy, you have little knowledge about your resources and what purpose they serve. And without this knowledge, how can you make sure that your resources are compliant? That’s why we recommend implementing a tagging solution to all clients we work with – says Maciej Cetler, CTO at Tameshi.
A dedicated tagging solution allows you to monitor all the resources that can be tagged and perform different activities related to them, such as:
- Correcting tags
- Creating tickets in Jira
- Disabling specific resources
- Setting various notifications
Tagging allows you to take immediate remediation actions.
Another important benefit is that you can manage your resources for cost optimizations.
Additionally, with our help, you can monitor all the resources within your organization without the need to switch between different accounts.
That’s what you should be most interested in. AWS Config is a tool provided by AWS that enables your company to assess, audit, and evaluate all the configurations of your AWS resources. This tool is primarily used to monitor the configurations of your resources and evaluate them.
With AWS Config, you can quickly review every change in your resource configurations, examine relations between different AWS resources, and analyze the history of configuration changes. You are also able to compare your current configuration against the existing guidelines.
Config provides a set of predefined AWS managed rules to verify your resources’ compliance with general best practices. These can be modified and customized to meet the internal policy of your organization.
In general, Session Manager is used for managing sessions (a session is simply a connection made to an instance). This way, you can manage your cloud resources:
- Amazon Elastic Compute Cloud (Amazon EC2) instances
- On-premises instances
- Virtual Machines
One of the most important features of Session Manager is logging and auditing session activity, keeping a record of connections made to your instances and commands that were run on them. So if a member of your #ITteam needs to perform any task that requires connecting to an instance, the Session Manager verifies his ID and whether he is allowed access to this instance. You are also notified when the user starts and ends the session. – explains Maciej Cetler.
Thanks to AWS Systems Manager Session Manager (that’s the full name of this solution), you get:
- Centralized access control to instances using IAM policies
- No open inbound ports and no need to manage bastion hosts or SSH keys
- One-click access to instances from the console and AWS CLI
- Logging and auditing session activity to meet the internal and third-party requirements
As AWS Advanced Consulting Partner, Tameshi has all the necessary resources and knowledge to help you achieve and maintain the required security and compliance level with specific regulations you have to follow.
Working on compliance with an experienced partner entails some vital benefits:
- Full control of resources across small, medium-sized, and even large AWS organizations
- Laying the foundations for further, more advanced processes around governance and compliance
- Taking the first step towards reducing cloud infrastructure costs to a minimum possible level
If you are interested and want to find out more–feel free to reach out to us with any questions.