1. 程式人生 > >Securing Windows EC2 Instances

Securing Windows EC2 Instances

Amazon Machine Images (AMIs) provide an initial configuration for an EC2 instance, which includes the Windows OS and optional customer-specific customizations, such as applications and security controls. Create an AMI catalog containing customized security configuration baselines to ensure all Windows instances are launched with standard security controls. Security baselines can be baked into an AMI, bootstrapped dynamically when an EC2 instance is launched, or packaged as a product for uniform distribution through AWS Service Catalog portfolios. For more information on AMI configuration options, see the

AWS AMI Design Solution Brief.

Each EC2 instance should adhere to organizational security standards. Do not install any Windows roles and features that are not required, and do install software to protect against malicious code (antivirus, antimalware, exploit mitigation), monitor host-integrity, and perform intrusion detection. Configure security software to monitor and maintain OS security settings, protect the integrity of critical OS files, and alert on deviations from the security baseline. Consider implementing recommended security configuration benchmarks published by Microsoft, the Center for Internet Security (CIS), or the National Institute of Standards and Technology (NIST). Consider using other Microsoft tools for particular application servers, such as the

Best Practice Analyzer for SQL Server.

AWS customers can also run Amazon Inspector assessments to improve the security and compliance of applications deployed on EC2 instances. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices and includes a knowledge base of hundreds of rules mapped to common security compliance standards (e.g., PCI DSS) and vulnerability definitions. Examples of built-in rules include checking if remote root login is enabled, or if vulnerable software versions are installed. These rules are regularly updated by AWS security researchers.

相關推薦

Securing Windows EC2 Instances

Amazon Machine Images (AMIs) provide an initial configuration for an EC2 instance, which includes the Windows OS and optional customer-speci

Understand Static Private IP Addresses for Windows EC2 Instances

You do not need to set a static private IP address on a Windows EC2 instance, but in some cases you may need to use two private IP addresses fo

Resolve Issues with Corrupt or Missing Network Drivers on Windows EC2 Instances

reg load HKLM\AWSTempSoftware D:\Windows\System32\config\SOFTWARE reg add HKLM\AWSTempSoftware\Microsoft\Windows\CurrentVersion\RunOnce /t REG_S

Upgrade PV Drivers for Windows EC2 Instances

Before you begin, make sure you understand these important considerations: When you stop an instance, the data on any i

Securing EC2 Instances

Amazon Machine Images (AMIs) provide an initial configuration for an EC2 instance, which includes the OS and optional customer-specific cust

使用Python boto3上傳Windows EC2實例中的文件至S3存儲桶中

節點管理 ctime fault def part () oca pan tdi 一、創建終端節點 為什麽要創建終端節點,把VPC和S3管理起來呢?如果不將VPC和S3通過終端節點管理起來,那麽VPC中EC2實例訪問S3存儲桶是通過公共網絡的;一旦關聯起來,那麽VPC

Amazon brings predictive scaling to EC2 instances

Amazon Web Services this week is improving its Auto Scaling tool with machine learning, giving it predictive capabilities. The new predictive scaling featu

Stop and Start Amazon EC2 Instances with Data Pipeline

You can use AWS Data Pipeline to programmatically start and stop your EC2 instances at scheduled instances. Data Pipeline uses AWS technologies

Resolve Internet Connectivity Issues for EC2 Instances

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

Create a Cron Job on EC2 Instances in an Elastic Beanstalk Environment

The following procedure adds a cron job that executes at the same moment to all the EC2 instances in your Elastic Beanstalk environment.

Enable and Configure Enhanced Networking for EC2 Instances

Enhanced networking provides higher bandwidth, higher packet-per-second (PPS) performance, and consistently lower inter-instance latencies.

Restore Disabled Network Connectivity to a Windows EC2 Instance

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

Resolve Issues Booting G2 Series RHEL EC2 Instances

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

I need more Amazon EC2 instances, but I've reached my limit

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

Resolve "Server Refused Our Key" Errors When Connecting to EC2 Instances

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

Restrict Access to Launch EC2 Instances from Only Tagged AMIs

{ "Version": "2012-10-17", "Statement": [ { "Sid": "ReadOnlyAccess", "Effect": "Allow", "Act

Use IAM Tags to Restrict EC2 Instances or EBS Volumes

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowToDescribeAll", "Effect": "Allow",

Recover Access to EC2 Instances After Losing SSH Key Pair

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

Learn Recovery Strategies for Terminated EC2 Instances

As part of an EC2 instance termination, the data on any instance store volumes associated with that instance is deleted, and by default, the ro