Security - Multi-Region Infrastructure Deployment

Security

When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared model can reduce your operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. For more information about security on AWS, visit the AWS Security Center.

IAM Roles

AWS Identity and Access Management (IAM) roles enable customers to assign granular access policies and permissions to services and users on the AWS Cloud. This solution creates IAM roles that grants the AWS Lambda function access to the other AWS services used in this solution.

AWS Systems Manager parameters

This solution uses AWS Systems Manager parameters to store the AWS CodePipeline stage environment artifacts. All parameters are secure strings.

AWS Secrets Manager secret

This solution requires you to store your GitHub username and GitHub access token in AWS Secrets Manager. This solution retrieves the GitHub credential to pull the source code from your GitHub repository.

Note

Since this solution cannot rotate the GitHub access token automatically, the customer is responsible for rotating the GitHub access token.