AAI

5.1 Methods to Secure AI Systems on AWS

0
Shares
0
0
0
0
  • Shared Responsibility Model:
    • AWS and the customer share security duties.
    • AWS: Secures infrastructure (data centers, hardware, networking).
    • Customer: Secures the configuration and use of AWS services, ensuring data security, encryption, and compliance.
  • AI Model Deployment:
    • Amazon EC2: Customer is responsible for managing the OS, security patches, scaling, and security of applications.
    • SageMaker Serverless Inferencing: Fully managed by AWS with minimal customer management required.
  • AWS Identity and Access Management (IAM):
    • IAM: Manages permissions for AWS resources.
    • Allows creation of users, assignment of permissions, and management of multi-factor authentication (MFA).
    • IAM integrates with AWS services, ensuring secure access.
  • Root User Security:
    • Initial AWS account uses a root user with full access.
    • Best practices:
      • Use strong passwords and enable MFA.
      • Avoid using root user for regular tasks; create IAM users for everyday actions.
      • Secure and do not share root credentials.
  • Multi-Factor Authentication (MFA):
    • MFA adds an extra layer of security, preventing unauthorized access even if the password is compromised.
    • AWS recommends enabling MFA right after account creation.
  • IAM User Management:
    • Create individual IAM users for each person needing AWS access.
    • Assign unique security credentials to users, and avoid credential sharing to maintain visibility into actions.
    • Default permissions for new IAM users are none. Permissions must be explicitly granted.

IAM Policies and Roles in AWS

  • IAM Policy:
    • A JSON document that grants or denies permissions to AWS services/resources.
    • Best Practice: Use the principle of least privilege (only grant permissions needed).
  • IAM Groups:
    • Groups of IAM users, which simplify permission management.
    • Policies assigned to a group apply to all members.
    • Organize users by roles (e.g., developers, testers, admins).
    • Best Practice: Attach policies to groups, not individual users.
  • IAM Roles:
    • Temporary access for AWS services or users.
    • Provides temporary security credentials that expire.
    • Roles have an associated trust policy to determine who can assume them.
  • Types of Policies:
    • Identity-based policies: Attached to users, groups, or roles.
    • Resource-based policies: Applied directly to resources (e.g., S3 buckets).
    • If either policy allows an action, it’s granted; an explicit deny overrides any allow.
0 Shares:
Share 0
Tweet 0
Pin it 0

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like