digg

Facebook Connect Join Digg About

20 Rules for Amazon Cloud Security

broadcast.oreilly.com Is the Amazon Cloud secure? Anyone not asking that question is not doing their due diligence. But how do you separate the real issues you need to worry about from the fear that pundits are using to grab eyeballs for their articles and blogs? The short answer is: Yes! The Amazon Cloud is secure and you can securely deploy web applications....

Who dugg this? Made popular Dec 3, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

14 Comments

show profanity settings
expand all
  • peterinjapan, on 12/03/2008, -0/+4FYI, moving our image hosting to Amazon S3 has saves us like $2500 a month in bandwidth. When it goes down it sucks, but that's what our backup server is for.

  • ihavebeenseen, on 12/03/2008, -0/+4Not a lot of AWS users on Digg or eveybody is busy patching up those holes before the boss reads this.
  • darkzealot89, on 12/03/2008, -0/+3I encrypt everything I put up on the S3 service using AES 256-bit encryption strength. I use S3 for mostly storage, but this list is a must read for any web developer considering any Amazon Cloud service.
  • 3Den, on 12/03/2008, -0/+3"Do not allow password-based authentication for shell access. Ever."

    Yes, key-based authentication is better in most cases, but how is this specific to amazon's services or cloud computing in general?

    "# Do not require passwords for sudo access."

    Why not? If remote ssh can only happen via keys, then requiring a password for sudo just adds a layer, it doesn't expose anything.

    "# Run only one service per EC2 instance."

    Running multiple services increases potential exposure of other services if one service is breached - but whether this is a bad idea or not completey depends on the services in question and what the impact ofa breach would be. There are many scenarios where shared services are just fine.

    and finally
    "# Never allow decryption keys to enter the cloud—unless and only for the duration of an actual decryption activity."
    conflicts directly with
    "# Include NO authentication credentials in your AMIs except a key for decrypting the file system key.
    # Pass in your file system key encrypted at instance start-up."

  • PecanHead, on 12/03/2008, -0/+2Uh, that's kind of the point of their web services.
  • diggdatt, on 12/03/2008, -0/+2I read an article briefly that says you better do backups if you put stuff on their. Amazon doesn't backup for you.
    I wish I had a site busy enough to use S3 for files.
  • rmxz, on 12/03/2008, -0/+2This guy missed some obvious ones:

    * Only use AMIs you have reason to trust. Your own risk management policies will determine if that means (a) only ones you build yourselves and/or (b) ones that come from big companies like Microsoft, Oracle are trusted. AMIs from some random guy - no matter how nice his pre-installed ubuntu is - are probably not something you should trust unless you did background checks on that random guy.

    * Make use of their (very nice) firewall -- and set up a 3-tier architecture with their firewall between the tiers.

    Other than that --- it's really no different than any hosting facility. All his points about keys and encryption apply just as well to physical servers co-located somewhere. If you're afraid of someone stealing your disks (whether physical or amazon images), encrypt them...
  • inactive, on 12/03/2008, -0/+2Dang. I want to start a file sharing like Rapidshare. I wonder if Amazon scales...
  • johnny81, on 02/13/2009, -0/+0http://www.linkbuilderz.com/
  • ath1337, on 12/03/2008, -3/+3wtf is Amazon Cloud?
  • wilburnmullen4, on 12/09/2008, -0/+0http://digitalplr.info/plr/plr-club.html
  • FTAFILESn3, on 02/07/2009, -0/+0FTA Satellite TV Forum, Free to Air Satellite, http://www.ftaprofessionals.tv Satellite Key, Dishnetwork Key, FTA Receiver, Viewsat, Coolsat, Pansat, fta satellite, http://www.ftavip.com fta file, satellite tv dish network, Fortec Files, Viewsat Files, Viewsat Keys, Coolsat Files, http://www.ftafire.com Coolsat Keys, Dishnet Files, Dishnet keys, Bev Keys, Bev Key, Bev Files, http://www.ftasite.com Pansat Files, Pansat Keys, SonicView Files, SonicView Keys, CaptiveWorks Files, CaptiveWorks Keys, http://www.freefta.info Fta Files, Fta Keys, Fta Receiver, http://www.ftastore.info Fix, Downloads, Firmware, Free Satellite, Free to Air
  • robdiggity, on 12/03/2008, -5/+3"Is the Amazon Cloud secure? Anyone not asking that question is not doing their due diligence."

    ...or not using the Amazon Cloud, and therefore not giving a *****. Nothing like a little hyperbole to start your day.
  • YouAreDead, on 12/03/2008, -9/+2spam

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.