AWS Security Essentials covers fundamental AWS Cloud security concepts, including AWS access control, data encryption methods, and how network access to your AWS infrastructure can be secured.
The AWS global infrastructure is designed and managed according to security best practices and a variety of security compliance standards.
Customers can't visit AWS data centers to see how they are secured, but AWS engages with external certifying bodies and independent auditors to provide customers with considerable information regarding the policies, processes, and controls established and operated by AWS.
Data Center Security
The AWS global infrastructure is designed and managed according to security best practices and a variety of security compliance standards. As an AWS customer, one can understand that they are building the solutions supported by one of the most secure computing infrastructures in the world.
Perimeter Layer
AWS data center physical security starts at the perimeter layer which is implemented through the principle of Least privilege, video surveillance, intrusion detection, and other electronic means.
Environmental Layer
AWS carefully chooses its data center locations to mitigate environmental risks like flooding, extreme weather, and seismic activity. Customers requiring high availability and performance can deploy their applications across multiple Availability Zones in the same region for fault tolerance and low latency. To mitigate and prepare for the unexpected, AWS tests their Business Continuity Plan regularly with drills that simulate different scenarios.
Infrastructure Layer
Components like backup power equipment, the HVAC system, and fire suppression equipment are all part of the Infrastructure Layer and help protect servers and ultimately the data.
Data Layer
Even though protecting data is ultimately the responsibility of the organization in the cloud, AWS takes extra precautions to protect the media that your data lives on.
Storage devices are decommissioned by using NIST800-88 techniques to destroy customer data. AWS is audited by external auditors who inspect our data centers and confirm that we are following established rules needed to obtain our security certifications. AWS servers can notify employees of any attempts to remove data. In the unlikely event of a breach, the server is automatically disabled.
In addition, AWS Edge locations provide an additional layer of network infrastructure that increases the ability to absorb DDoS attacks and isolate faults while minimizing availability impact.
The AWS Well-Architected Tool is a framework that raises questions on the workloads whether they meet Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.