Quest: Protect Data at Rest

Authors

• Ben Potter, Security Lead, Well-Architected

About this Guide

This guide will help you improve your security in the AWS Well-Architected area of Data Protection. The skills you learn will help you secure your workloads in alignment with the AWS Well-Architected Framework.

Prerequisites

• An AWS account that you are able to use for testing, that is not used for production or other purposes. NOTE: You will be billed for any applicable AWS resources used if you complete this lab that are not covered in the AWS Free Tier.

Create a Data Bunker Account

Introduction

In this lab we will create a secure data bunker. A data bunker is a secure account which will hold important security data in a secure location. Ensure that only members of your security team have access to this account. In this lab we will create a new security account, create a secure S3 bucket in that account and then turn on CloudTrail for our organisation to send these logs to the bucket in the secure data account. You may want to also think about what other data you need in there such as secure backups.

Start the Lab!

Further Learning

• S3: Protecting Data Using Server-Side Encryption with AWS KMS–Managed Keys
• Opt-in to Default Encryption for New EBS Volumes