AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
root360' responsibility will be determined by the AWS Cloud services that are taken in managed service. This includes configuration work the of root360 as part of their security responsibilities.
Integration of secure global AWS infrastructure using
Availability Zones and
AWS Load Balancers with implemented
PCI-DSS readiness of several AWS Cloud services
Secure access strategy for multiple AWS accounts
Strong authorization policies for IAM users, groups, and roles e.g. use of instance profiles (IAM Roles) for EC2 instances
Protection of stored data by using standard encryption for e.g. S3, EBS, RDS
Protection of transferred data by enabling HTTPS by default
Only allowing encrypted OpenSSH access to each environment via a dedicated Bastion host.
Communication out of or into the cloud environment is through controlled security groups and network access control lists (NACL)
Permanently protected operating systems through strict security patch management policy based on master AMI (Amazon Machine Image) from OS vendors with long term support (Ubuntu 20.04 LTS or newer LTS version)
AWS Load Balancers with implemented detection and prevention techniques
Network-side separation of externally reachable and unreachable systems
Restrictive firewall rules between services
Restrictive network ACLs between network segments
PCI-DSS readiness (see https://root360.atlassian.net/wiki/spaces/KB/pages/2014351453)