Our team successfully met the CIS AWS Foundations Benchmark v1.2.0. It is a set of standards and guidelines proposed by the Center for Internet Security (CIS) that address the protection and security of cloud services in the Amazon Web Services (AWS) environment. The CIS AWS Foundations Benchmark covers various aspects of security, including identity and access management, monitoring and logging, data security, network security, and much more. In our project, we made a series of enhancements to cover this standard:
First of all, all databases used by the system were shifted to Private Subnets. This represents a subnet that is not directly accessible from the Internet. It is typically used to isolate parts of the infrastructure, such as databases or high security applications, that are not intended for public access. The interesting thing here, however, is how programmers will access the databases since they cannot access these Private Subnets. The solution to this problem is the use of a bastion host, which is a specially configured server that is used to access other machines in a secure network infrastructure like the one we use in AWS.
Improvements have been made to the CloudFront infrastructure. Added WAF (Web Application Firewall) protection. It works as a filter that analyzes HTTP and HTTPS requests, and can block different types of attacks.
Multiple logs have been added to provide monitoring of different systems that are used by our application. For example, we can track all requests to the front end and back end. We can track the load on the bases and servers. We can get information about different types of errors and work on fixing them.
Amexis Team