Security - Server Fleet Management at Scale


When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared model can reduce your operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. For more information about security on AWS, visit the AWS Security Center.

Amazon S3 Bucket Encryption

The Amazon Simple Storage Service (Amazon S3) bucket created by this solution requires objects to be encrypted prior to being stored in the bucket. The objects must be encrypted by the AWS Key Management Service (AWS KMS) encryption key this solution creates.

Amazon Inspector Findings

When Amazon Inspector runs assessments on your instances, it may produce critical, high, important, or informational findings. We recommend that you review these findings with your organization’s security team and remediate the findings according to your organization’s security policies.

IAM Service Roles

AWS Identity and Access Management (IAM) roles enable customers to assign granular access policies and permissions to services and users on the AWS Cloud. This solution creates optional IAM roles with least-privilege access that contain the permissions needed to perform the tasks required by their respective functions. We recommend that you review the role policies and further restrict them as needed once the deployment is up and running.

Security Group

If you choose to deploy the sample server fleet, this solution creates a security group that is designed to control and isolate network traffic for the sample instances. We recommend that you review the security group and further restrict access as needed once the deployment is up and running.