Security - Real-Time Web Analytics with Kinesis Data Analytics


When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared model can reduce your operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. For more information about security on AWS, visit the AWS Security Center.

Security Group

The security group created in this solution is designed to control and isolate network traffic to the web server Amazon Elastic Compute Cloud (Amazon EC2) instance. The security group allows only traffic from port 80 to the web server.

AWS Systems Manager

The Real-Time Web Analytics with Kinesis Data Analytics beacon web servers are configured to be managed by AWS Systems Manager. By default, AWS Systems Manager pushes the AWS patch baseline to beacon servers once per day. For more information about how to automate beacon server management using Run Command, see AWS Systems Manager Run Command.

HTTPS Websites

This solution deploys an Application Load Balancer to route web client traffic to the beacon servers. For HTTPS websites, we recommend that you leverage HTTPS listeners and create certificates with AWS Certificate Manager (ACM) and deploy it to your load balancer. For more information, see the AWS Certificate Manager User Guide. You will also need to enable port 443 ingress traffic on your ALB security group.

Amazon CloudFront

This solution deploys a static website hosted in an Amazon S3 bucket. To help reduce latency and improve security, this solution includes an Amazon CloudFront distribution with an origin access identity, which is a special CloudFront user that helps restrict access to the solution’s website bucket contents. For more information, see Restricting Access to Amazon S3 Content by Using an Origin Access Identity.