I'm using Amazon's tools to build a web app. I'm very happy with them, but I have a security concern.
Right now, I'm using multiple EC2 instances, S3, SimpleDB and SQS. In order to authenticate requests to the different services, you include your Access Identifiers (login required).
For example, to upload a file to S3 from an EC2 instance, your EC2 instance needs to have your Access Key ID and your Secret Access Key.
That basically means your username and password need to be in your instances.
If one of my instances were to be compromised, all of my Amazon assets would be compromised. The keys can be used upload/replace S3 and SimpleDB data, start and stop EC2 instances, etc.
How can I minimize the damage of a single compromised host?
My first thought is to get multiple identifiers per account so I can track changes made and quickly revoke the 'hacked' account. Amazon doesn't support more than one set of credentials per account.
My second thought was to create multiple accounts and use ACL's to control access. Unfortunately, not all the services support granting other accounts access to your data. Plus bandwidth is cheaper the more that you use, so having it all go through one account is ideal.
Has anyone dealt with, or at least thought about this problem?
Back