Security - Discovering Hot Topics using Machine Learning


When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared model reduces your operational burden because AWS operates, manages, and controls the components including the host operating system, the virtualization layer, and the physical security of the facilities in which the services operate. For more information about AWS security, visit the AWS Cloud Security.

IAM roles

AWS Identity and Access Management (IAM) roles allow customers to assign granular access policies and permissions to services and users in the AWS Cloud. This solution creates IAM roles that grant the solution’s AWS Lambda functions access to create Regional resources.

Amazon S3

All Amazon S3 buckets are encrypted with SSE-S3 managed encryption. One of the buckets that stores images from Twitter feeds includes a bucket policy that allows Amazon Rekognition to access the images for analysis.

None of the buckets are available publicly.

We recommend that you create lifecycle policies on the buckets based on your use case and your organization’s data management policy standards to ensure that you are not paying for S3 data storage for the data that is no longer required for the solution.

Note: The S3 buckets are configured with the retention policy set to Retain.

Twitter credentials

We recommended that you rotate the credentials for the Twitter bearer token to match your enterprise’s password rotation policy. Twitter supports APIs to retrieve and invalidate tokens. Refer to Retrieve a bearer token for Twitter API authentication section in this guide for more information about how to invalidate, regenerate a fresh bearer token, and update Systems Manager Parameter Store.