As part of some work I recently undertook, I developed a number of “cheat sheets” which are often introduced into trade studies to try and apply a “like for like” comparison across competing services.  Amazon Web Services is a comprehensive ecosystem of cloud services, and there are many different service names and capabilities.  What follows is a breakdown of some of the more common/popular services and a brief description.

Amazon Web Services

In Australia, some of Amazon’s services have been accredited by the Australian Signals Directorate (ASD) to comply to security controls and practices which align to the Information Security Manual (ISM).  This process is referred to as InfoSec Registered Assessors Program (IRAP) and is a rigorous process designed to test every aspect of a solution or service provider.  It is roughly analogous to the USA’s FedRamp process which applies the National Institute of Standards and Technology (NIST) standards.

Amazon Web Services are listed on the ASD’s certified cloud services list:

ASD IRAP Certification – AWS

https://acsc.gov.au/infosec/irap/certified_clouds.htm

[July 2018]

Amazon Web Services

EBS, EC2, IAM, S3 and VPC

Unclassified DLM

EBS = Amazon Elastic Block Store (EBS)

EC2 = Amazon Elastic Compute Cloud (Amazon EC2)

IAM = AWS Identity and Access Management (IAM)

S3 = Amazon Simple Storage Service

VPC = Amazon Virtual Private Cloud (VPC)

Amazon EBS

Amazon EBS (Elastic Block Store) is a virtualized storage service that offers highly available, high performance storage for EC2.

Amazon Elastic Compute Cloud

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud.

AWS Identity and Access Management

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely.

Amazon Simple Storage Service

Amazon S3 is “Storage for the Internet” and provides simple web services interfaces that can be used to store and retrieve any amount of data, at any time, from anywhere on the Web.

Amazon Virtual Private Cloud

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

AWS Cloud Security

https://aws.amazon.com/security/

Cloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations.

An advantage of the AWS cloud is that it allows customers to scale and innovate, while maintaining a secure environment. Customers pay only for the services they use, meaning that you can have the security you need, but without the upfront expenses, and at a lower cost than in an on-premises environment.

AWS Identity and Access Management (IAM)

https://aws.amazon.com/iam/

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your users.

Amazon WorkDocs

Secure file collaboration and management, simplified

https://aws.amazon.com/workdocs/

Amazon WorkDocs is a secure, fully managed, file collaboration and management service, with an extensible SDK, that runs on AWS.

With Amazon WorkDocs, all your files are stored on one service. Users can share files, provide rich feedback, and access their files on WorkDocs from any device. WorkDocs encrypts data in transit and at rest, and offers powerful management controls, active directory integration, and near real-time visibility into file and user actions. The WorkDocs SDK allows you to use the same AWS tools you are already familiar with to integrate WorkDocs with AWS products and services, your existing solutions, third-party applications, or build your own. You don’t have to worry about deploying updates, or patching software, and can scale users and storage up or down with a few clicks. WorkDocs offers low, pay-as-you-go pricing for users and storage, and no charge for API calls. There are no upfront commitments or long-term contracts.

Hybrid Cloud Architectures with AWS

https://aws.amazon.com/enterprise/hybrid/

Hybrid cloud architecture is the integration of on-premises resources with cloud resources.

For most organizations with on-premises technology investments, operating in a hybrid architecture is a necessary part of cloud adoption. Migrating legacy IT systems takes time. Therefore, selecting a cloud provider who can help you implement a thoughtful hybrid strategy, without requiring costly new investments in on-premises hardware and software, is important to simplify operations and more easily achieve your business goals.

Data Integration

AWS Storage Gateway

The AWS Storage Gateway service seamlessly enables hybrid cloud storage between on-premises environments and the AWS Cloud.

Amazon RDS

Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud.

Amazon S3

Amazon Simple Storage Service (Amazon S3), provides developers and IT teams with secure, durable, highly-scalable cloud storage.

AWS Snowball

AWS Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS Cloud.

Integrated Networking

Amazon VPC

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

AWS Direct Connect

AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS.

Integrated Identity and Access

AWS IAM

AWS Identity and Access Management (IAM) can grant your employees and applications access to the AWS Management Console and AWS service APIs using your existing identity systems.

AWS Directory Service

AWS Directory Service for Microsoft Active Directory (Enterprise Edition) enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud.

Integrated Devices and Edge Systems

AWS Greengrass

AWS Greengrass is software that lets you run local compute, messaging & data caching for connected devices in a secure way.

AWS Snowball Edge

AWS Snowball Edge is a 100TB data transfer device with on-board storage and compute capabilities.

AWS Key Management Service (KMS)

https://aws.amazon.com/kms/

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses FIPS 140-2 validated hardware security modules to protect the security of your keys. AWS Key Management Service is integrated with most other AWS services to help you protect the data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.

How to Help Protect Sensitive Data with AWS Key Management Service (AWS KMS)

https://aws.amazon.com/blogs/security/how-to-help-protect-sensitive-data-with-aws-kms/

Effectively manage encryption keys.

Protecting Data Using Client-Side Encryption

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html