How CodeSpaces Was Killed by Security Issues on AWS. The Best Practices to Avoid it.

Amazon Web Services is the lead Cloud Computing provider in the public cloud market. Organizations are rapidly moving their applications to AWS Cloud because of the cost, elasticity, easily accessible and on-demand provisioning and many more features that Amazon introduced step-by-step during the last years.

The computing resources are available from anywhere in the world with a single click on the console or APIs or SDKs. Because of this easy accessibility security becomes a challenge for the Cloud Providers and as well as the Consumers.

Recently, an unauthorized person had gained access to the Code Spaces AWS console and completely deleted their computing resources, data, volumes, snapshots and configurations. Because of this Code Spaces shutdown their operations completely and issued a public notice to all their customers saying that “Code Spaces will not be able to operate beyond this point,” citing the price of resolving the issue, as well as the expected cost of refunding paying customers. This attack put the Code Spaces in an irreversible position both financially and in terms of ongoing credibility.

So in Public Cloud, security becomes a key component to secure your resources. Organizations should employ known security consultants and follow best practices to manage their cloud workloads effectively.

In this article, I am putting some of the best practices that everyone should apply immediately to their organizations AWS account and resources.

  • AWS Console is heavily used to manage the resources by Cloud Administrators and developers. It can be accessed via the browser HTTPS using simple username and password. To protect it further, AWS is supporting the Multi-Factor Authentication (MFA) for second level authentication. To login to AWS console, you have to use the integrated MFA code with the respective user account. This MFA code is dynamically generated by the MFA device:

 

MFA code that is dynamically generated by the MFA device
  • IAM Service allows you to assign the privileges using User Policies. Use the Policy Generator or Custom Policy to assign the privileges rather than using the predefined Policy Templates. Assign the least privileges to users and slowly grant the additional privileges as on when needed.

 

  • Use AWS IAM Policy Simulator to simulate and test the user privileges. This will help you to find whether issued policies are working properly or not.
IAM Policy Simulator
  • If you are using the AWS CLIs or any SDKs within the EC2 environment, launch the EC2 Instances with IAM roles rather than using the AWS Keys to access any of your AWS resources
  • Rotate all your users AWS Access Keys and Passwords periodically
  • Do not open the remote access protocols like SSH and RDP to the Public. Rather use a Bastion Server with MFA or VPN connectivity to reach any of the AWS resources.
  • Enable CloudTrail to log all your API calls via the Console, Command-line or SDKs, which will help you to identify who are accessing the AWS resources and their Identities.
  • Perform security audit periodically on all the AWS Services which is used by your organization and make sure you are following the best practices.
Trusted Advisor

We will cover more about the AWS security in future blog posts. Visit Cloud Academy’s Training Library on Cloud Security to keep your cloud environment secure and compliant.

Avatar

Written by

Praveen Kumar Muppala

I have strong experience on Multiple Unix/Linux flavours, LAMP Stack, Monitoring Systems, Database, NoSQL. I love to explore the new concepts/services in Cloud Computing World. I have written 4 certifications in different flavours of Linux/Unix.


Related Posts

Patrick Navarro
Patrick Navarro
— January 22, 2020

Top 5 AWS Salary Report Findings

At the speed the cloud tech space is developing, it can be hard to keep track of everything that’s happening within the AWS ecosystem. Advances in technology prompt smarter functionality and innovative new products, which in turn give rise to new job roles that have a ripple effect on t...

Read more
  • AWS
  • salary
Alisha Reyes
Alisha Reyes
— January 6, 2020

New on Cloud Academy: Red Hat, Agile, OWASP Labs, Amazon SageMaker Lab, Linux Command Line Lab, SQL, Git Labs, Scrum Master, Azure Architects Lab, and Much More

Happy New Year! We hope you're ready to kick your training in overdrive in 2020 because we have a ton of new content for you. Not only do we have a bunch of new courses, hands-on labs, and lab challenges on AWS, Azure, and Google Cloud, but we also have three new courses on Red Hat, th...

Read more
  • agile
  • AWS
  • Azure
  • Google Cloud Platform
  • Linux
  • OWASP
  • programming
  • red hat
  • scrum
Alisha Reyes
Alisha Reyes
— December 24, 2019

Cloud Academy’s Blog Digest: Azure Best Practices, 6 Reasons You Should Get AWS Certified, Google Cloud Certification Prep, and more

Happy Holidays from Cloud Academy We hope you have a wonderful holiday season filled with family, friends, and plenty of food. Here at Cloud Academy, we are thankful for our amazing customer like you.  Since this time of year can be stressful, we’re sharing a few of our latest article...

Read more
  • AWS
  • azure best practices
  • blog digest
  • Cloud Academy
  • Google Cloud
Avatar
Guy Hummel
— December 12, 2019

Google Cloud Platform Certification: Preparation and Prerequisites

Google Cloud Platform (GCP) has evolved from being a niche player to a serious competitor to Amazon Web Services and Microsoft Azure. In 2019, research firm Gartner placed Google in the Leaders quadrant in its Magic Quadrant for Cloud Infrastructure as a Service for the second consecuti...

Read more
  • AWS
  • Azure
  • Google Cloud Platform
Alisha Reyes
Alisha Reyes
— December 10, 2019

New Lab Challenges: Push Your Skills to the Next Level

Build hands-on experience using real accounts on AWS, Azure, Google Cloud Platform, and more Meaningful cloud skills require more than book knowledge. Hands-on experience is required to translate knowledge into real-world results. We see this time and time again in studies about how pe...

Read more
  • AWS
  • Azure
  • Google Cloud
  • hands-on
  • labs
Alisha Reyes
Alisha Reyes
— December 5, 2019

New on Cloud Academy: AWS Solution Architect Lab Challenge, Azure Hands-on Labs, Foundation Certificate in Cyber Security, and Much More

Now that Thanksgiving is over and the craziness of Black Friday has died down, it's now time for the busiest season of the year. Whether you're a last-minute shopper or you already have your shopping done, the holidays bring so much more excitement than any other time of year. Since our...

Read more
  • AWS
  • AWS solution architect
  • AZ-203
  • Azure
  • cyber security
  • FCCS
  • Foundation Certificate in Cyber Security
  • Google Cloud Platform
  • Kubernetes
Avatar
Cloud Academy Team
— December 4, 2019

Understanding Enterprise Cloud Migration

What is enterprise cloud migration? Cloud migration is about moving your data, applications, and even infrastructure from your on-premises computers or infrastructure to a virtual pool of on-demand, shared resources that offer compute, storage, and network services at scale. Why d...

Read more
  • AWS
  • Azure
  • Data Migration
Wendy Dessler
Wendy Dessler
— November 27, 2019

6 Reasons Why You Should Get an AWS Certification This Year

In the past decade, the rise of cloud computing has been undeniable. Businesses of all sizes are moving their infrastructure and applications to the cloud. This is partly because the cloud allows businesses and their employees to access important information from just about anywhere. ...

Read more
  • AWS
  • Certifications
  • certified
Avatar
Andrea Colangelo
— November 26, 2019

AWS Regions and Availability Zones: The Simplest Explanation You Will Ever Find Around

The basics of AWS Regions and Availability Zones We’re going to treat this article as a sort of AWS 101 — it’ll be a quick primer on AWS Regions and Availability Zones that will be useful for understanding the basics of how AWS infrastructure is organized. We’ll define each section,...

Read more
  • AWS
Avatar
Dzenan Dzevlan
— November 20, 2019

Application Load Balancer vs. Classic Load Balancer

What is an Elastic Load Balancer? This post covers basics of what an Elastic Load Balancer is, and two of its examples: Application Load Balancers and Classic Load Balancers. For additional information — including a comparison that explains Network Load Balancers — check out our post o...

Read more
  • ALB
  • Application Load Balancer
  • AWS
  • Elastic Load Balancer
  • ELB
Albert Qian
Albert Qian
— November 13, 2019

Advantages and Disadvantages of Microservices Architecture

What are microservices? Let's start our discussion by setting a foundation of what microservices are. Microservices are a way of breaking large software projects into loosely coupled modules, which communicate with each other through simple Application Programming Interfaces (APIs). ...

Read more
  • AWS
  • Docker
  • Kubernetes
  • Microservices
Nisar Ahmad
Nisar Ahmad
— November 12, 2019

Kubernetes Services: AWS vs. Azure vs. Google Cloud

Kubernetes is a popular open-source container orchestration platform that allows us to deploy and manage multi-container applications at scale. Businesses are rapidly adopting this revolutionary technology to modernize their applications. Cloud service providers — such as Amazon Web Ser...

Read more
  • AWS
  • Azure
  • Google Cloud
  • Kubernetes