Security - Operations Conductor


When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared model can reduce your operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. For more information about security on AWS, visit the AWS Security Center.

IAM Roles

AWS Identity and Access Management (IAM) roles enable customers to assign granular access policies and permissions to services and users on the AWS Cloud. The solution creates IAM roles including roles that grant the solution’s AWS Lambda functions access to the other AWS services used in this solution. In addition to Lambda function roles, the primary account will assume roles to control resources in secondary accounts or regions, and the roles will be provisioned by the secondary AWS CloudFormation template.

HTTP Security Headers

HTTP security headers for the solution’s web console are configured with the Lambda@Edge function. The included HTTP security headers are Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, and Referrer-Policy. To customize HTTP security headers, you can modify <your-stack-name>-Lambda-Edge AWS Lambda function in the N. Virginia region.

When you delete the solution stack, you must delete the Lambda@Edge function manually. For more information, see Deleting Lambda@Edge Functions and Replicas in the Amazon CloudFront Developer Guide.