Security and Compliance - Modern Application Development on AWS

Security and Compliance

When you build your system in the AWS Cloud, we recommend that you always start with security and compliance. Securing the whole application lifecycle enables organizations to address security threats without sacrificing speed of innovation. For example:

  • Authentication – Control access to your system with permission settings that prevent malicious access. AWS administrators can sign in to the AWS Console with AWS Identity and Access Management (IAM) credentials, or through integrations with Microsoft Active Directory or a SAML Identity Provider. Applications built on AWS can leverage Amazon Cognito to allow end users to authenticate and access resources.

  • Authorization – Implement role-based access control with flexible policies that restrict the use of resources without overly complicated administration. IAM provides granular authorization policies for any AWS resources.

  • Auditing and Governance – Evaluate the behavior of workloads and make sure that they conform to compliance requirements and your organization’s standards. AWS CloudTrail can audit interactions with AWS APIs and log aggregation with Amazon CloudWatch enables you to audit your applications. AWS Config can make sure that AWS resources are configured to align with your organization’s standards.

  • Validation – Test all aspects of application functionality, and make sure that it works as intended. Automate validation as much as possible with continuous integration and continuous delivery (CI/CD).

Modern applications should be thoroughly and frequently tested, however, this must not reduce development velocity. Similarly, you should limit developer permissions, but you should not revoke the access that they require. Build your security into the entire application lifecycle, and automate and continuously reevaluate your security processes and standards.