I'm looking for guidance on setting up basic security practices for my web application project. I have a decent understanding of AWS security concepts but could really use feedback on my current approach. I'm relatively new to network and DevOps, so any resources and critiques would be appreciated.
For my project, I'm creating a web app that generates plots and charts from data provided by a third-party vendor via API. The data is stored in a PostgreSQL RDS database, and there's no sensitive information or strict regulatory compliance involved.
Currently, my basic, and admittedly not ideal, setup involves a single EC2 instance in a public subnet that handles everything, including sensitive API keys. I'm aware this could lead to security risks, like having everything open to the internet.
I'm considering a more robust architecture with multiple EC2 instances, dividing responsibilities across different instances (e.g., one for web serving, another for API calls, and others for handling sensitive data through AWS Secrets Manager). I'd like to implement HTTPS with an ALB and explore using AWS Cognito for authentication. I'd love your input on these ideas—am I on the right track? Any suggestions for improvement or common pitfalls to watch out for?
3 Answers
Scanning your AWS account or using tools like Terraform can really help pinpoint security gaps. Tools that assess vulnerabilities or threats are definitely worth looking into!
I recommend checking out Checkov as a solid static analysis tool (SAST). Also, implementing Conformance Packs based on NIST and CIS guidelines can provide additional layers of compliance and security. They’re pretty helpful!
Engaging with a solutions or security architect could be beneficial, especially as your project scales. Simple answers won't capture the complexity of good security practices. It's a worthy investment!
Totally understand—there's so much to think about, and I appreciate any tips like these to build my knowledge.