亞馬遜雲安全20條規則

• 加密全部網絡通訊；
• 只使用加密的文件系統；
• 高強度加密您放在S3上全部文件；
• 絕對不能讓解密的密鑰進入雲，除非用於解密進程；
• 除了用於解密文件系統的密鑰外，絕對不能在AMI中放置用戶的認證證書；

• 在實例啓動時解密用戶的文件系統；

• Shell訪問時絕對永遠不能使用簡單的用戶名/密碼認證方式；
• Sudo訪問時不須要密碼；
• 設計你的系統，使你的應用程序不依賴於特定的AMI結構；
•  按期把你的數據從亞馬遜雲中完整備份出來，而且在其餘地方安全保管；
•  每一個EC2實例只運行一個服務；
•  只打開實例中的服務所需的最少的端口；
•  設置你的實例時指定源IP地址；僅對HTTP / HTTPS等開放全局訪問；
•  把敏感數據和非敏感數據存放在不一樣的數據庫中，而且在不一樣的安全組中；
•  自動化安全的尷尬—不可靠，但有時還得用；
•  安裝基於主機的入侵檢測系統，如OSSEC；
•  充分利用系統強化工具，如巴士底獄Linux；
•  若是你懷疑被黑客入侵，則趕忙備份根文件系統、快照塊卷，並關閉該實例。您能夠稍後在一個沒有被入侵的系統上取證研究；
•  設計一個程序能夠給AMI打安全補丁，只需簡單地重啓你的實例；
•  最重要的是：編寫安全的Web應用程序。

(譯自 Twenty Rules for Amazon Cloud Security)

1. Encrypt all network traffic.

2. Use only encrypted file systems for block devices and non-root local devices.

1. Encrypt everything you put in S3 using strong encryption.

2. Never allow decryption keys to enter the cloud—unless and only for the duration of an actual decryption activity.

3. Include NO authentication credentials in your AMIs except a key for decrypting the file system key.

4. Pass in your file system key encrypted at instance start-up.

5. Do not allow password-based authentication for shell access. Ever.

6. Do not require passwords for sudo access.

7. Design your systems so that you do not rely on a particular AMI structure for your application to function.

8. Regularly pull full backups out of Amazon and store them securely elsewhere.

9. Run only one service per EC2 instance.

10. Open only the minimum ports necessary to support the services on an instance.

11. Specify source addresses when setting up your instance; only allow global access for global services like HTTP/HTTPS.

12. Segment out sensitive data from non-sensitive data into separate databases in separate security groups when hosting an application with highly sensitive data.

13. Automate your security embarrassments.

14. Install a host-based intrusion detection system like OSSEC.

15. Leverage system hardening tools like Bastille Linux.

16. If you suspect a compromise, backup the root file system, snapshot your block volumes, and shut down the instance. You can perform forensics on an uncompromised system later.

17. Design things so you can roll out a security patch to an AMI and simply relaunch your instances.

18. Above all else, write secure web applications.