1. Home
  2. Training Library
  3. Amazon Web Services
  4. Amazon Web Services Courses
  5. Introduction to Security Best Practices for Linux Instances on AWS

Keeping your software up-to-date with security patches

Start course

Launching your EC2 instance is just the first step to becoming an AWS professional: securing your cloud resources is something you just can't ignore. In this course the experienced Linux System Administrator David Clinton will share some common best practices to enhance your infrastructure security.

You'll learn how to manage access to your instances with IAM and Multi Factor Authentication, how to encrypt your storage, how to keep your Linux instance updated with security patches, how to monitor your system and your network to ensure that nobody unauthorized is using your resources, and finally, the basic principles of penetration testing and how to use nmap to ensure that your security group is properly configured.

Who should take this course

This course is aimed even at beginners with little or no experience with cloud security. Some basic knowledge about Linux system administration, TCP/IP, and security topics are recommended.

To increase your knowledge, you may want to check our many AWS courses, in particular the ones introducing EC2 and S3. And why not take the challenge and try out a quiz?


Hi, and welcome to CloudAcademy.com's video series on security in cloud deployments and specifically for Amazon's AWS instances. In this video, we're going to talk about software updates. It's true that the Linux community does a fabulous job of updating and upgrading their software packages and covering any vulnerabilities that have been discovered.

That's not going to do you any good unless you have a regular system for downloading and installing these upgrades. First step as sudo, the root user, is to use the apt-get program to update the list of available software updates. When that's done, when your system now is aware of all the updates, and upgrades and downloads that are available for it use apt-get again this time with dist-upgrade. That is distribution upgrade. This will find all the packages that can be updated.

It'll ask if you if you'd like to update these packages. You'll type "yes." "Y" for yes. And everything will be downloaded and installed for you. The beauty of this system is that any dependencies that are needed or no longer needed will be taken care of. That's if a package requires a number of other software packages and this upgrade will change the requirements.

These requirements will be taken care of under the hood without you having even to be aware of it. Some of these upgrades will require reboots before they take effect. In some cases, you might be running a server online that simply can't be rebooted. If that's your case, you might want to look into installing KSplice Uptrack. That's an Oracle software package that is available for certain use scenarios for free and others that say for fee package. But it allows virtually all upgrades to be applied without having to reboot the server. This could greatly simplify what otherwise would be a very complicated process. I should note finally that if you have packages on your system that you've compiled on your own these will not be automatically updated by the apt-get system. You are responsible to make sure on your own that these packages contain no vulnerabilities.

About the Author
Learning Paths

David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.

Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.

Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.

His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.