Security - Discovering Hot Topics Using Machine Learning
IAM rolesAmazon S3YouTube credentialsReddit credentials

Security

When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared model reduces your operational burden because AWS operates, manages, and controls the components including the host operating system, the virtualization layer, and the physical security of the facilities in which the services operate. For more information about AWS security, visit the AWS Cloud Security.

IAM roles

AWS Identity and Access Management (IAM) roles allow customers to assign granular access policies and permissions to services and users in the AWS Cloud. This solution creates IAM roles that grant the solution's AWS Lambda functions access to create Regional resources.

Amazon S3

All Amazon S3 buckets are encrypted with SSE-S3 managed encryption. One of the buckets that stores images from news feeds includes a bucket policy that allows Amazon Rekognition to access the images for analysis.

None of the buckets are available publicly.

We recommend that you create lifecycle policies on the buckets based on your use case and your organization's data management policy standards to ensure that you are not paying for Amazon S3 data storage for the data that is no longer required for the solution.

Note

The Amazon S3 buckets are configured with the retention policy set to Retain.

YouTube credentials

If you configure the solution for YouTube comment ingestion, we recommend that you rotate the API Key for YouTube Data API v3 to match with your password rotation policy. Google Cloud Platform supports regenerating the key, turning off the key, and removing YouTube Data API access for this key. For more information, refer to Retrieve and manage API Key for YouTube Data API v3 authentication.

Reddit credentials

If you configure the solution for ingesting subreddit comments, we recommend that you rotate the refreshToken for the Reddit API to match with your password rotation policy. Reddit's platform supports revoking the token and generating a new one. For more information, refer to Retrieve and manage API credentials for Reddit API authentication.