Increase Security in your AWS Environment

This technology center will provide detailed guidance to help you increase the security of your AWS environment across the AWS management platform, EC2 instances that you create in that environment as well as the applications that you host on those instances.  The net benefits are:

Here are the main topics covered in this TechCenter:

• Secure AWS Service Management
• Privileged Access for EC2 Instances
• Enterprise Access for Hosted Apps
• Automating AWS EC2 Instance Creation and Management

Secure AWS Service Management

Secure your AWS Accounts

Centrify enables you to vault the password for your AWS root accounts and enforce MFA for break-glass access.

1. Learn how to secure your AWS Accounts by vaulting the AWS root account password, establishing role-based access controls, requiring MFA before shared account usage from Centrify portal.
   • Read the Tech Blog: A Playbook to secure your Amazon AWS Infrastructure using Centrify and Active Directory
   • Watch these videos: https://www.youtube.com/watch?list=PL6FKnqrWmi-xE-GbvWpGlKWF2-6sTu4na&v=V_vt_I9MwYM
2. Learn how to use Service Now for request access to your AWS root account:
   • Read the Tech Blog: AWS Shared Responsibility - Securing the Amazon Account
   • Watch the video: https://www.youtube.com/watch?v=cWUh60FRdOQ

Federated Access for AWS Management

Centrify extends your existing privileged access security solution by federating access from your existing directory service (Active Directory, LDAP, Centrify Cloud or Google G Suite Directory) to the AWS Management Console and API Interfaces. This enables you to seamlessly control access to roles within AWS IAM to enforce least privileges across AWS Services.

1. Learn how to setup federation for Active Directory login and Role-based privileges within AWS IAM.
   • Read the Tech Blog: A Playbook to secure your Amazon AWS Infrastructure using Centrify and Active Directory
   • Watch the overview video: https://youtu.be/NMIuVq342Ik
   • Watch this video on initial Federation: https://youtu.be/HTdJAFDGjxo
   • Watch this video on setting up Role-based privileges within AWS IAM: https://youtu.be/LZ_NXsCuq_s
   • Watch this video on using AD groups for Role-based access to AWS IAM: https://youtu.be/btFLrMzE3eA
   • Watch this video to setup Request-Access and MFA before Federated login to AWS: https://youtu.be/foX1VEBjP9Q

Privileged Access for EC2 Instances

Centrify extends enterprise authentication to EC2 instances by brokering identities from your existing directory (AD, LDAP, cloud or Google) to centralize authentication while enforcing least privilege policies for your EC2 instances – controlling who can login, adding multi-factor authentication, granting privileges based on role and auditing all privileged access activity.

1. Learn how to automate the integrate of Linux Instances into Active Directory via Chef and OpsWorks to control user login and privileges.
   • Read the Blog on various options for extending your Active Directory to computers running in AWS. http://blog.centrify.com/active-directory-active-hybrid-it/ 
   • Read the Tech Blog:A Playbook to secure your Amazon AWS Infrastructure using Centrify and Active Directory 
   • Watch the video: https://youtu.be/nHZzAxz_s9I
2. Learn how to setup and use Centrify Privilege Service to manage shared accounts,
   • Read the Tech Blog: A Playbook to secure your Amazon AWS Infrastructure using Centrify and Active Directory
   • Watch this video to verify your environment: https://youtu.be/5B_asPI11ZE
   • Watch this video to verify your environment: https://youtu.be/5B_asPI11ZE
   • Watch this video to install a Centrify Connector: https://youtu.be/yvDnVG7E3Ic
   • Watch this video to install Centrify audit server: https://youtu.be/yrTiqjgWeZ4
   • Watch these videos to configure Roles within Privilege Service: https://youtu.be/8TGwSOiHHvk and https://youtu.be/YakN182BDSk
   • Watch this video to configure Request-based Access to resources: https://youtu.be/gn45WWirNQw
   • Watch this video for App to App Password Management (AAPM): https://youtu.be/9rEaMrgB7z0 and https://youtu.be/YakN182BDSk
   • Watch this video to manage AD accounts: https://youtu.be/hSwmKwUhhuQ
   • Watch this vide on Session Management, Capture and Replay: https://youtu.be/hTuulnjN_mM
   • Watch this video on Dashboards and Reports: https://youtu.be/zIY4NFUQI3M
   • Watch this video to setup strong authentication and MFA: https://youtu.be/fUb-lzFz6Nk
3. Learn how to setup and use Centrify Identity Broker for Linux
   • Read the Tech Blog: AWS Shared Responsibility - Securing Linux Systems using Centrify's new Identity Broker
4. Learn how to setup MFA for Windows EC2 Instance login
   • Read the Tech Blog: AWS Shared Responsibility - Login MFA for Windows AMIs
   • Watch the video: https://youtu.be/Te1wrR7vIbc
5. Learn how to secure privileged access to AWS RDS for SQL Server
   • Read the Tech Blog: AWS Shared Responsibility - Securing Amazon RDS Instances
   • Watch the video: https://youtu.be/EXHSqxiAYHc
6. Learn how to use CloudWatch to monitor Centrify AuditTrail data
   • for Linux EC2 Instances: [Labs] Using Centrify Audit Trail for UNIX/Linux with AWS CloudWatch
   • for Windows EC2 Instances: [Labs] Using Centrify Audit Trail for Windows with AWS CloudWatch

Enterprise Access for Hosted Apps

Centrify extends enterprise identities to hosted applications with federated authentication for employees, business partners and customers. This solution also enforces MFA and Smart Card authentication to satisfy stringent security requirements, and prove compliance where required. And additionally, it can minimize the attack surface by securing remote access to applications running on EC2 instances without a VPN

1. Learn how to integrate SAML into your C#, Ruby on Rails, Python, Java or PHP-based applications using the right
   • Centrify toolkit for your application: Centrify Developer Program – Authentication and User Management

Automating AWS EC2 Instance Creation and Management

Centrify Server Suite and Privilege Service are used to secure privileged access to resources. DevOps has become the dominant solution for software management and configuration in hybrid clouds.    Here are some resources available for you to leverage these frameworks in AWS

Centrify Server Suite (CentrifyDC) and Privilege Service (CentrifyCC) clients

• AWS AutoScaling Group Scripts:  https://github.com/centrify/AWS-AutoScalingGroup
• AWS OpsWorks (Chef 12):  https://github.com/centrify/AWS-OpsWorks
• AWS Automation:  https://github.com/centrify/AWS-Automation

Videos

• https://youtu.be/5z7WPa9bSAs

Additional Information

• TechBlog: Establishing Identity Assurance in AWS (Web Console, EC2 and PowerShell) using Centrify
• TechBlog: Securing AWS WorkSpaces with Centrify MFA