0 votes
1 view
in AWS by (12.3k points)

I'm using Amazon's tools to build a web app. I'm very happy with them, but I have a security concern.

Right now, I'm using multiple EC2 instances, S3, SimpleDB and SQS. In order to authenticate requests to the different services, you include your Access Identifiers (login required).

For example, to upload a file to S3 from an EC2 instance, your EC2 instance needs to have your Access Key ID and your Secret Access Key.

That basically means your username and password need to be in your instances.

If one of my instances were to be compromised, all of my Amazon assets would be compromised. The keys can be used upload/replace S3 and SimpleDB data, start and stop EC2 instances, etc.

How can I minimize the damage of a single compromised host?

My first thought is to get multiple identifiers per account so I can track changes made and quickly revoke the 'hacked' account. Amazon doesn't support more than one set of credentials per account.

My second thought was to create multiple accounts and use ACL's to control access. Unfortunately, not all the services support granting other accounts access to your data. Plus bandwidth is cheaper the more that you use, so having it all go through one account is ideal.

Has anyone dealt with, or at least thought about this problem?

1 Answer

0 votes
by (18.6k points)

You can try having just a single, super-locked down 'authentication server'. That way the secret key only exists on this one server and other servers will have to ask it for permission. You will be able to assign your own keys to various servers and also lock it down by IP address as well. So, in case the server gets compromised, you can simply revoke its key from the 'authentication server'.

Welcome to Intellipaat Community. Get your technical queries answered by top developers !