Moderately difficult to implement

Moderately difficult to implement best practices to improve your AWS Cyber resilience

Moderately difficult to implement best practices to improve Cyber resilience of your AWS Infrastructure

Monitoring and logging

Monitor and log AWS resource activity using AWS CloudTrail, Amazon CloudWatch, and Amazon S3.

Impact on CIA: Low confidentiality impact, high integrity impact, and medium availability impact.

How to Monitor and log AWS resource activity using AWS CloudTrail, Amazon CloudWatch, and Amazon S3?

To monitor and log activity of Amazon Web Services (AWS) resources using AWS CloudTrail, Amazon CloudWatch, and Amazon S3, you can follow these steps:

  1. Enabling AWS CloudTrail:
      • Sign in to the AWS Management Console and navigate to the AWS CloudTrail console.
      • Choose "Create Trail."
      • Fill in the details for the trail and choose "Create Trail."
      • You can specify which AWS regions to log, and you can also enable multi-region logging.
      • Once the trail is created, AWS CloudTrail will automatically log all activity for the specified AWS resources.
  1. Monitoring activity with Amazon CloudWatch:
      • Sign in to the AWS Management Console and navigate to the Amazon CloudWatch console.
      • Choose "Logs" from the navigation panel.
      • Choose "Create Log Group."
      • Fill in the details for the log group and choose "Create Log Group."
      • You can also create a metric filter and a dashboard to visualize the log data in Amazon CloudWatch.
  1. Storing log data in Amazon S3:
      • To store the log data, you can configure your AWS CloudTrail trail to deliver log data to an Amazon S3 bucket.
      • Sign in to the AWS Management Console and navigate to the AWS CloudTrail console.
      • Choose the desired trail.
      • Go to the "Delivery" tab and choose "Edit."
      • Choose "S3" as the delivery destination.
      • Fill in the details for the S3 bucket and choose "Update."
      • AWS CloudTrail will automatically store the log data in the specified S3 bucket.

By monitoring and logging activity of your AWS resources, you can have a clear understanding of what actions are taken and by whom, and you can use this information to help diagnose and troubleshoot any issues that may arise.

Here is a video on how to do it.

 

Network security

Implement network security best practices using AWS VPC, security groups, and network ACLs.

Impact on CIA: High confidentiality and integrity impact, and medium availability impact.

How to Implement network security best practices using AWS VPC, security groups, and network ACLs?

Implementing network security best practices using Amazon Virtual Private Cloud (VPC), security groups, and network access control lists (ACLs) can be done as follows:

  1. Setting up an AWS VPC:
      • Sign in to the AWS Management Console and navigate to the Amazon VPC console.
      • Choose "Create VPC."
      • Fill in the details for the VPC and choose "Create."
      • You can then create subnets within the VPC and configure a route table.
  1. Creating security groups:
      • Sign in to the AWS Management Console and navigate to the Amazon EC2 console.
      • Choose "Security Groups" from the navigation panel.
      • Choose "Create Security Group."
      • Fill in the details for the security group and choose "Create."
      • You can then add inbound and outbound rules to the security group to control the traffic allowed to and from the resources associated with the security group.
  1. Configuring network ACLs:
      • Sign in to the AWS Management Console and navigate to the Amazon VPC console.
      • Choose the desired VPC.
      • Choose "Network ACLs" from the navigation panel.
      • Choose "Create Network ACL."
      • Fill in the details for the network ACL and choose "Create."
      • You can then add inbound and outbound rules to the network ACL to control the traffic allowed to and from the subnets associated with the network ACL.

By implementing VPC, security groups, and network ACLs, you can have fine-grained control over the network traffic to and from your AWS resources, and you can help ensure that your data and systems are protected.

Here is a Video that will help you setup AWS VPC.

 

Auto-scaling

Automatically scale your infrastructure based on demand using AWS Auto Scaling.

Impact on CIA: Low confidentiality impact, medium integrity impact, and high availability impact.

How to Automatically scale your infrastructure based on demand using AWS Auto Scaling?

To automatically scale your infrastructure based on demand using Amazon Web Services (AWS) Auto Scaling, you can follow these steps:

  1. Create an Amazon EC2 launch configuration:
      • Sign in to the AWS Management Console and navigate to the EC2 Auto Scaling console.
      • Choose "Launch Configurations" from the navigation panel.
      • Choose "Create Launch Configuration."
      • Choose an Amazon Machine Image (AMI) to use for your instances, select the instance type, and configure the rest of the instance details as desired.
      • Choose "Create Launch Configuration."
  1. Create an auto scaling group:
      • Sign in to the AWS Management Console and navigate to the EC2 Auto Scaling console.
      • Choose "Auto Scaling Groups" from the navigation panel.
      • Choose "Create Auto Scaling Group."
      • Fill in the details for the auto scaling group, including the launch configuration created in step 1, the desired number of instances, and the subnets for the instances to be launched in.
      • Choose "Create Auto Scaling Group."
  1. Configure scaling policies:
      • Sign in to the AWS Management Console and navigate to the EC2 Auto Scaling console.
      • Choose the desired auto scaling group.
      • Choose "Scaling Policies" from the navigation panel.
      • Choose "Create Policy."
      • Fill in the details for the policy, including the desired scaling action (e.g., increase the number of instances), the trigger for the scaling action (e.g., if average CPU utilization is above a certain threshold), and the desired effect of the policy (e.g., increase the number of instances by 2).
      • Choose "Create."

With these steps, you have set up an auto scaling infrastructure that will automatically add or remove instances based on demand, helping to ensure that you have the resources you need to meet your customers' needs.

Here is a video that can help you set up Auto scaling

 
 
 
 
 
Did this answer your question?
😞
😐
🤩

Last updated on August 6, 2021