Ensuring cloud security is a very stressful and daunting task for any IT professional. Of course, most cloud providers like AWS have built-in measures to ensure basic security levels. However, since your public cloud is used by countless employees, things can easily get out of hand.
It is recommended to use a reliable AWS architecture diagram tool to generate your diagrams. In doing so, you will not waste time creating your diagrams and will be able to focus your energy on security.
Follow our 5 easy steps to ensuring cloud security while using your AWS diagrams.
Since keeping up with your AWS diagrams and data security is a tedious task, you might tend to skip steps and only generate diagrams you feel are necessary. However, most security issues are due to things that are ignored. To ensure to view all misconfigurations, you need to generate complete AWS architecture diagrams are your cloud infrastructure.
As an example, you need to see which of your Elastic Network Interfaces are located in a specific subnet and see which Elastic Network Interface connects to which EC2 Instances. If you cannot see all the connections between your Elastic Network Interfaces and EC2 instances, you might not discover that an Elastic Network Interfaces with bad configuration. That is a potential threat that exposes your EC2 instance to the internet.
In order to keep your information well organized, try generating AWS diagrams that give you all of the information needed in one place. Having powerful diagrams with information on every shape with a click of a button is ideal. You can then refer to your technical documentation later instead of having to navigate between both documents at the same time.
With the example below, you can see which ports/protocols are open on a specific subnet directly in the diagram. This is the quickest way to view misuse of a specific subnet and identify if a port like Remote Desktop or SSH is open and could potentially be used to connect to your EC2 Instances.
Once again, instead of continually referring to your lengthy technical documentation, follow the warning icons attached to your AWS components. By doing so, you will understand misconfigurations and security issues quickly and be able to react accordingly.
One of the most important aspects of cloud security is to ensure that you do not ‘drift’ from your initial architectural design. This well-known issue is called Architecture Drift. Meaning you can design a very secure AWS architecture, however, the configuration is changed over time.
To ensure this issue doesn’t cause a security dilemma, you need to be able to view the changes made in your infrastructure. As an example, in the AWS diagram below, you can see that a Lambda function’s Runtime has changed.
The change should have been validated by a security team because they need to ensure the Runtime used is approved by your Architecture Review Board. This ensures that no well-known security issues threaten your Lambda function. This could particularly be the case for an unwanted version downgrade.
Once you completed the verification of your architecture diagrams, you then need to see those diagrams within your technical documentation. Diagrams are very important and are a great tool to ensure cloud security, however, they are not enough.
Viewing the diagrams inside your cloud reports can greatly improve your understanding of your cloud landscape and enables you to quickly visualize the details within your cloud architecture.
By using both your AWS architecture diagrams and your technical documentation, you will be able to make important decisions based on the most accurate and updated information.