AWS CLOUD SECURITY BASICS - CLOUD AUTHENTICATION
Published Oct 12, 2024
CLOUD AUTHENTICATION
Hello and welcome!
In this article we are going to review Cloud Security through authentication.
With authentication, it means allowing users to access AWS Cloud Resources through AWS by allowing them to show their identity or using factor that will allow them to prove their identity before they can access cloud resources in account either data, resources or applications.
To prove identity, the users can use following Authentication methods:
- Things They Know
- Things They Are and
- Things They Have.
Let' s dive into further details:
- Things user know includes: Password, Pin, Passphrase et.
- Things user are revolves around biometric methods of identification which can be:
- Physical Biometrics i.e. fingerprint authentication, retina scanning or
- Behavioral biometrics i.e. Typing pattern, Voice recognition.
3. Things User have involves use of phone number, software based authentication and Hardware token based authentication.
- Phone numbers can be used to receive a call or SMS with authentication code.
- Authentication Applications generates one time use codes.
- hardware based token - display one-time use codes periodically and display it on screen.
To achieve Cloud Authentication, AWS provides user with AWS Identity and Access Management service which enables users to access services and resources securely.
Users can use AWS IAM to create users and manage user-groups
AWS IAM uses permissions to allow or deny access to AWS resources.
To effectively allow or deny users to access AWS resources in an account, the principle of least privilege is used to give users or processes minimal access to resources required to accomplish a task.
To strengthen authentication, AWS Multifactor Authentication (AWS- MFA) can be used to provide extra layer of protection on top of username and password. Through MFA, users devices generate codes which is then linked to application for authentication.