Guiding Principles for building Zero Trust on AWS
Where possible, use identity and network capabilities together
Identity and network controls in AWS can oftentimes complement and augment one another to help you accomplish your specific security objectives. Identity-centric controls offer very strong, flexible, and fine-grained access controls. Network-centric controls enable you to easily establish well understood perimeters within which identity-centric controls can operate. Ideally, these controls should be aware of and augment one another.
Work backwards from your specific use cases
There are a number of common use cases, such as workforce mobility, software-to-software communications, and digital transformation projects that can benefit from the enhanced security provided by Zero Trust. It is important to work backwards from each of the specific use cases that apply to your organization in order to determine the optimal Zero Trust patterns, tools, and approaches that achieve meaningful security advancements.
Apply Zero Trust to your systems and data in accordance with their value
You should think of Zero Trust concepts as additive to your existing security controls. By applying Zero Trust concepts in accordance with the organizational value of the system and data being protected, you can ensure that the benefits to your business are commensurate with the effort.
Zero Trust principles at work within AWS
Signing AWS API requests
Every day, each and every AWS customer interacts confidently and securely with AWS, making billions of AWS API calls over a diverse set of public and private networks. Each one of these signed API requests is individually authenticated and authorized every single time at rates of millions of requests per second globally. The use of network-level encryption using Transport Layer Security (TLS) combined with powerful cryptographic capabilities of the AWS Signature v4 signing process secures these requests without any regard to the trustworthiness of the underlying network.
AWS service-to-service interactions
When individual AWS services need to call each other, they rely on the same security mechanisms that you use as a customer. For example, the Amazon EC2 Auto Scaling service uses a service-linked role in your account to receive short term credentials and call the Amazon Elastic Compute Cloud (Amazon EC2) APIs on your behalf in response to scaling needs. These calls are authenticated and authorized by AWS Identity and Access Management (IAM), just as your calls to AWS services are. Strong identity-centric controls form the basis of the security model between AWS services.
Zero Trust for IoT
AWS IoT provides the foundational components of Zero Trust to a technology domain where unauthenticated, unencrypted network messaging over the open internet was previously the norm. All traffic between your connected IoT devices and the AWS IoT services is sent over Transport Layer Security (TLS) using modern device authentication including certificate-based mutual TLS. In addition, AWS added TLS support to FreeRTOS bringing key foundational components of Zero Trust to a whole class of microcontrollers and embedded systems.