Security - AWS Edit in the Cloud

Security

When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared responsibility model reduces your operational burden because AWS operates, manages, and controls the components including the host operating system, the virtualization layer, and the physical security of the facilities in which the services operate. For more information about AWS security, visit AWS Cloud Security.

AWS Directory Service

This solution uses AWS Directory Service for user administration and authentication. Amazon FSx works with Microsoft Active Directory (AD) to integrate with your existing Microsoft Windows environments. Active Directory is the Microsoft directory service used to store information about objects on the network and make this information easy for administrators and users to find and use. These objects typically include shared resources such as file servers and network user and computer accounts.

IAM roles

AWS Identity and Access Management (IAM) roles allow customers to assign granular access policies and permissions to services and users on the AWS Cloud. This solution creates a role attached to the EC2 instance with least privilege, allowing access to specific S3 buckets (when applicable).

Security groups

The security groups created in this solution are designed to control and isolate network traffic between specified public IP ranges and the edit host instance. Security groups are also used to control access to Amazon FSx from the edit host. Microsoft Active Directory and Amazon FSx access is also controlled via security group access. For more information, refer to Using Amazon FSx with AWS Directory Service for Microsoft Active Directory.