So this blogpost has been sitting in my drafts for indeed a very long time. And I am definitely late to the party, but hopefully the write up is still of some help to someone.

Securing any cloud environment, for that matter, is a vast topic & it would be difficult to cover it all in one single blogpost. Hence, I would try to break it down as per a generic approach that I usually take when trying to think of solutions around any given problem. Also, we would try to have the blogpost designed with 2 things in mind:

  • we would approach it one step at a time
  • we would try to keep our solutions as unblocking as possible for our devs

A few things that I have learnt, sort of the hard way & I am very grateful for this learning, is:

  1. to identify the actual root cause of the problem
  2. to measure what matters  (excellent read IMHO)
  3. collaborate (wherever & whenever possible) with devs & systems teams. It makes a security engineer's job a breeze & solutions worthwhile !

For this post we would not focus on identification of the root cause of the problem, since this post is directed towards securing your cloud infra & of course because I would like to keep this post more technical than philosophical. We would assume that we have a problem statement at hand that needs to be solved.

For this post and (hopefully) a few follow up ones, we would focus on securing AWS, one step at a time. AWS itself has plenty of resources & securing AWS essentially means securing each of these resources, of course depending on what resources you are using out of these. It does not make a lot of sense to try securing s3, for example, if you're not really using it at all.

Problem statement: Secure AWS infrastructure

If we want to solve the above problem, we would break up the problem into smaller sub problems/objectives.

Objectives:

  1. Secure AWS S3
  2. Secure Ec2 instances
  3. Secure IAM
  4. Secure EKS

The above is a very limited list. But for now, let us focus on them alone and one at a time.

Credits:

  • @makash for the constant motivation
  • @amolnaik4 for guidance around thought process
  • @AjeyGore for introduction to measure what matters