Access for configuration management Application access firewall rules

Application security considerations

Application security includes considering what permissions the application will need to run, what firewall rules, what IAM roles should be enabled for access to the application.

To better understand general AWS security, see Best Practices for Security, Identity, & Compliance.

Access for configuration management

AWS Managed Services (AMS) seeks to provide you with a headache-free infrastructure so you don’t have to worry about security issues, patching issues, backup issues, etc. To do that, AMS recommends minimal IAM roles allowing only a specific group or a master server, if using an application deployment tool, access to the instances running your application.

Application access firewall rules

Just like the operating system (OS), all application access should be governed using Active Directory (AD) groups. Using Amazon Relational Database Service (Amazon RDS) as an example, you must break the mirror (replication) to add a new user. The best approach is to create a group in AD and add it at database creation time. Having the groups in your AMS AD means that you can create CTs for application access. For information on the official grouping strategy for AD, see Using Group Nesting Strategy – AD Best Practices for Group Strategy.

To learn more about domain trees and parent/child domains, see How Domains and Forests Work.

The following rules illustrate a solution appropriate for a multi-domain forest trust with users located in child domains.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AMS Resource Scheduler best practices

Windows Instances