Security - Centralized Network Inspection on AWS

Security

When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared responsibility model reduces your operational burden because AWS operates, manages, and controls the components including the host operating system, the virtualization layer, and the physical security of the facilities in which the services operate. For more information about AWS security, visit AWS Cloud Security.

IAM roles

AWS Identity and Access Management (IAM) roles allow customers to assign granular access policies and permissions to services and users on the AWS Cloud.

AWS Key Management Service

This solution creates two AWS Key Management Service (AWS KMS) encryption keys:

  • One of the keys is used to encrypt objects in the S3 artifact and source code buckets, and CodeBuild projects.

  • The second key is used to encrypt the Network Firewall log destinations, which depends on whether you select Amazon CloudWatch or Amazon S3 bucket for the Select the type of log destination for the Network Firewall parameter.

By default, only IAM roles provisioned by this solution have permission to perform encrypt or decrypt operations with this key. Automatic key rotation is enabled by default.