Security - Instance Scheduler on AWS


When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared responsibility model reduces your operational burden because AWS operates, manages, and controls the components including the host operating system, the virtualization layer, and the physical security of the facilities in which the services operate. For more information about AWS security, visit AWS Cloud Security.

AWS Key Management System

The solution creates an AWS managed Custom Master Key (CMK), which is used to configure server-side encryption for the SNS topic and the DynamoDB tables.

Amazon Identity Access Management

The solution’s Lambda function requires permissions to start/stop both EC2 and RDS instances, modify instance attributes, update tags for the instances among other permissions. All the necessary permissions are provided by the solution to Lambda service role created as part of the solution template.

Additionally, the Lambda service role also has access to get/put SSM parameters, access to CloudWatch log groups, KMS key encryption/decryption, and publish messages to SNS topic. For detailed information about each permission provided to the service role, refer to CloudFormation templates.