An organization has hosted an application on the EC2 instances. There will be multiple users
connecting to the instance for setup and configuration of application. The organization is planning
to implement certain security best practices. Which of the below mentioned pointers will not help
the organization achieve better security arrangement?
A.
Allow only IAM users to connect with the EC2 instances with their own secret access key.
B.
Create a procedure to revoke the access rights of the individual user when they are not required
to connect to EC2 instance anymore for the purpose of application configuration.
C.
Apply the latest patch of OS and always keep it updated.
D.
Disable the password based login for all the users. All the users should use their own keys to
connect with the instance securely.
Explanation:
Since AWS is a public cloud any application hosted on EC2 is prone to hacker attacks. It
becomes extremely important for a user to setup a proper security mechanism on the EC2
instances. A few of the security measures are listed below:
Always keep the OS updated with the latest patch
Always create separate users with in OS if they need to connect with the EC2 instances, create
their keys and disable their password
Create a procedure using which the admin can revoke the access of the user when the business
work on the EC2 instance is completedLock down unnecessary ports
Audit any proprietary applications that the user may be running on the EC2 instance Provide
temporary escalated privileges, such as sudo for users who need to perform occasional privileged
tasks
The IAM is useful when users are required to work with AWS resources and actions, such as
launching an instance. It is not useful to connect (RDP / SSH) with an instance.
http://aws.amazon.com/articles/1233/