New AWS Offerings: Security Security was the main focus of several new Amazon Web Services Inc. (AWS), offerings that were announced last week at the AWS Summit in San Francisco. Security is a constant concern for AWS and its corporate customers. However, security has been given more attention due to recent data breaches and a spate of well-publicized revelations of wide-open, unencrypted data storages housed in AWS Cloud. Here are some security announcements that were made last week.
After last year’s string security company announcements, Amazon EFS AWS has increased its encryption guidance. Encryption is still a focal point, as demonstrated by new encryption-in-transit functionality announced for the Amazon Elastic File System, designed for cloud-native applications requiring shared access to file-based storage. This new functionality, combined with the existing support for encrypting data stored, provides even greater protection, according to Jeff Barr, a spokesperson. He said that EFS is now more useful thanks to the addition of support for data encryption in transit. When used with the existing support to encryption of data at rest, it is now possible to protect your stored files with a defense-in depth security strategy. An EFS mount helper is a new tool that makes it easier to access the new capabilities. It creates a Transport Layer Security tunnel to EFS and allows users to mount file systems based upon their IDs. The tool works on Amazon Linux. However, users can clone Utilities to Amazon Elastic File System repository to create their own RPM package manager (RPM). The mounting tool and encryption in transit can be used separately, although they are complementary.
AWS Secrets Manager allows users to better manage their AWS secrets such as passwords, API keys, passwords, OAuth or other credentials, and databases. Randall Hunt, AWS’s blog author, stated that while this is possible for single machines and applications, it is much more difficult when you leverage scaled-out, distributed microservices. Hunt stated that AWS Secrets Manager is now available. It allows you to store and retrieve secrets via API or AWS Command Line Interface (CLI). You can also rotate your credentials using built-in or custom AWS Lambda function. AWS users will need to provide specific infrastructure for these tasks without Secrets Manager. This can lead to increased costs and system complexity. However, the new tool comes with additional costs. Secrets pricing is $0.40 per secret per month and $0.05 per 10,000 API call. The service is available in many AWS regions around the world.
AWS Firewall manager This new tool was created in response to customers’ requests for central management of AWS security services within their Web application portfolios. It bridges the gap between distributed control’s agility in responding to local needs and central control which allows for oversight of global initiatives across multiple teams. Barr stated that it allows them to host applications in any region and use multiple AWS accounts. However, they retain centralized control over security settings and profiles. “Developers and innovators have the freedom to develop, while security personnel can respond globally and quickly to actual threats and attacks. These are the prerequisites for the new offering:
AWS Organizations — AWS Organizations must be used by an organization to manage accounts. All features must be enabled.