[AWS Architecture Patterns] Security

Need to enable custom domain name and encryption in transit for an application running behind an Application Load Balancer?

Use AWS Route 53 to create an Alias record to the ALB's DNS name and attach an SSL/TLS certificate issued by Amazon Certificate Manager (ACM).

 

Company records customer information in CSV in an S3 bucket and must ont store PII data?

Use Macie to scan the S3 bucket for any PII data.

 

For compliance reasons all S3 buckets must have encryption enabled and any non-compliant buckets must be auto remediated?

Use AWS Config to check the encryption status of the buckets and use auto remediation to enable encyprtion as requried.

 

EC2 instances must be checked against CIS benchmarks every 7 days?

Install Amazon Inspector agent and configure a host assessment every 7 days.

 

Webiste running on EC2 instances behind and ALB must be protected against well known web exploits?

Create a Web ACL in AWS WAF to protect against web exploits against web exploits and attach to the ALB.

 

Need to block access to an application running on an ALB from connections originating in a specific list of countries?

Create a Web ACL in AWS WAF with a geographic match and block traffic that matches the list of countries.

 

Partten matching for 100 requests per 5 mins, block it