Skip to main content


Showing posts from June, 2019

AWS Security Anti Patterns

The below are a few security anti patterns for AWS cloud which should be avoided when implementing comprehensive cloud security strategy: Security Anti-patterns Categories: - Account Structure - N/w design - Auditing - S/W delivery AntiPattern (Account Structure): Personally owned AWS account - Make sure the Root account (login, MFA) is not tied to a person's email id. Root email id should be tied to team DL - Root MFA must be tied with some sort of official hardware device - Contact info etc must be of office address - No one logs into the account root. Use IAM only. Anti-pattern (Account Structure): AWS account overcrowding - Not all and every services/ teams should be placed under one single account. It becomes very hard to manage policy wise and governance wise - If admin creds for the account is compromise, the blast radius will be more, all the services get compromised - If some of the services are in scope for compliance, and since they are not separated, i