AWS EC2 Security Best Practices

Please share it on

Amazon EC2 best security practice methods to follow

AWS EC2 – Security Group

The Security Group in AWS Ec2 is acting as a firewall. By default security group block all ports. You need to specify the port numbers in the security group to open. It is a good security practice to open ports for a specific network instead of open network (0.0.0.0/0)
By this method you can block unwanted access from unwanted networks.

AWS EC2 – SSH service

In AWS EC2 instances are connected using ssh service. So it is very important to open ssh port number in the security group. By default ssh is using 22 port number. There are many types of ssh attacks are there and one of the common attack is Brute force attack. In order to avoid these types of attacks, restrict the ssh service to certian IP or network using security group. Also follow the methods

1. Change the default ssh port number “22” to some other free port. let’s say “7865” (update the same port number in the security group)

2. Disable password authentication mechanism

3. Create a username with alphanumeric characters. let’s say “S3th15H”. Avoid common usernames like “ubuntu, oracle, test, user, admin” etc.,security

4. Enable ssh to certain ip or network.

5. Disable “root” user login

AWS EC2 – IAM users

Don’t share your AWS Console administrator privileges to all unless it is required. Create users and groups in IAM and restrict the EC2 services and opertions based on users and groups by using IAM policies and permissions.

AWS Ec2 – Security Key

Keep the ssh security key safe and dont share it with everyone unless required.

AWS Ec2 – Termination Protection

Enable the termination protection while launching the instance or after launching the instance. You can enable it by simply right click on the instance and select “Change Termination Protection”.

AWS EC2 – Create Alarms

It is recommended to create Alarms for all the ec2 instances. The status checks are the results of automated tests performed by EC2 on every running instance that detect hardware and software issues. You will get alet mail in your mail box if something wrong.

AWS – Cloudwatch

Use cloudwatch metrics monitor the EC2 instance resources.

Please share it on

Leave a Reply

Your email address will not be published. Required fields are marked *