PRESENTED BY-

PROJECT DESIGN •

Design Solutions to secure cloud

services and applications 42035 Cloud Security Assessment Task 2
Project Design Assessment Task 2 42035 Cloud Security

Table of Contents
1. Introduction....................................................................................................................... 2
2. Executive Summary .......................................................................................................... 2
3. Requirements..................................................................................................................... 3
4. Design Specifications ........................................................................................................ 4
5. Organisational Policies ..................................................................................................... 7
6. Storage Services .. 7
6.1 Amazon Simple Storage Service (Amazon S3)-............................................................................... 7
6.2 Amazon S3 Glacier- ........................................................................................................................... 8
6.3 DynamoDB- ........................................................................................................................................ 9
6.4 Amazon RDS MySQL ..................................................................................................................... 10
6.5 Roles and Functions of AWS Storage Services- ............................................................................ 11
7. Security in AWS .. 12
7.1 CloudTrail ........................................................................................................................................ 12
7.2 Amazon CloudWatch- ..................................................................................................................... 13
7.3 Amazon GuardDuty ........................................................................................................................ 15
7.4 AWS WAF ........................................................................................................................................ 15
7.5 AWS Shield Standard ..................................................................................................................... 15
7.6 Roles and Functions of AWS Security ........................................................................................... 16
8. Network Protection .. 17
8.1 Virtual Private Network (VPC)- .................................................................................................... 17
8.2 Subnets- ............................................................................................................................................ 18
8.3 Security Group- ............................................................................................................................... 19
8.4 Route Tables- ................................................................................................................................... 20
8.5 NAT Gateway- ................................................................................................................................. 21
8.6 NACL- .............................................................................................................................................. 22
8.7 Route Tables (RT)- .......................................................................................................................... 23
8.8 Security Groups- .............................................................................................................................. 25
8.9 Roles and functions of AWS Network Services- ........................................................................... 26
9. Identity and Access Management (IAM) .. 27
9.1 User- .................................................................................................................................................. 27
9.2 Roles- ................................................................................................................................................ 28
9.3 Policy- ............................................................................................................................................... 31
9.4 User Group- ..................................................................................................................................... 32
9.5 MFA-................................................................................................................................................. 32
9.6 Roles and Functions of Amazon IAM services- ............................................................................ 34
10. Service Level Agreements (SLA’s)- ................................................................................ 35
11. Conclusion....................................................................................................................... 36
12. References ....................................................................................................................... 37

P a g e 1 | 39
Project Design Assessment Task 2 42035 Cloud Security

1. Introduction

Stringent regulatory and compliance standards may be particularly difficult in the financial
industry, necessitating financial organisations to become nimbler and utilise dynamic security
capabilities. Financial institutions aim to benefit from the cloud's cost-effectiveness,
scalability, and faster time-to-market for system implementation by overcoming data breaches,
compliance issues, privacy, and data retention and deletion. As financial firms seek to capitalise
on AWS expertise, they will be able to provide their clients with more benefits and capabilities.
In this report, we'll look over some of the AWS capabilities accessible to financial institutions,
as well as how AWS is assisting these businesses in moving to the cloud by utilising its shared
computing and storage services.

2. Executive Summary

With the advancements in technology, protecting the customers’ data and assets has majorly
transformed with access. This report consists of a design specification of a security solution for
a PaaS service model. The functional, non-functional, and regulatory requirements are defined
with respect to the technical specifications. The functional requirements incorporate Amazon’s
security services – MFA, IAM, Intrusion Detection systems. While the non-functional focuses
on Data backup, security audits. Regulatory requirements are defined with respect to the
security solution for a financial organization which includes compliances such as General Data
Protection Regulation, Privacy Act 1988 – ACL.

Further, we have categorised and explained the organisational policies – Authorization and
Management Policy. The detailed implementation process of each component with the roles
and functionalities of the services is elaborated. The Service Level Agreement in AWS
Financial Services compliance and security specialists may also assist clients in developing
scalable, secure cloud platforms that match the organization's security goals, plans, and tactics
while also complying with the most stringent regulatory standards.

P a g e 2 | 39
Project Design Assessment Task 2 42035 Cloud Security

3. Requirements

Req. Functional Requirements

No

Req 1 Intrusion detection systems with event logging

Req 2 Protect data in transit, data in rest

Req 3 Restrict malicious application traffic

Req 4 Create Multi-factor authentication

Req 5 Audit, track and monitor API requests.

Req 6 Distributed threat protection to monitor malicious activity and unauthorised

access
Req 7 Create authorisation levels to access resources securely

Req 8 IAM for authorised access

Req
No Non – functional Requirements

Req 1 The application should have multi-zone availability

Req 2 Protection from DOS attacks

Req 3 Load balancing of application to achieve high availability

Req 4 Data back up to avoid data loss

Req 5 The application should use the encrypted medium for communication

Req 6 Security Audit

Req 7 Monitor and notify the user of undesirable actions

P a g e 3 | 39
Project Design Assessment Task 2 42035 Cloud Security

Req Regulatory Requirements

No
Req 1 GDPR – To be compliance with data protection while using AWS services

Req 2 Sarbanes-Oxly Act: Focuses on eliminating organizational frauds and corruption.

Req 3 CCPA – Protecting customers personal data

Req 4 Privacy Act 1988 – ACL: Defines rules and requirements for collecting and
managing personal information and protecting the user’s privacy.

Req 5
PCI DSS Level 1: Established to secure the data of cardholders and credit cards.

Req 6 NIST 800 – 177- Provides exhorted requirements to secure the private controlled
unclassified information.

Req 7
EU Data Protection Directive: Regulation approved by the European Union to
secure the privacy and personal data of the citizens.

4. Design Specifications

Fig 1: AWS Architecture for Financial Application

P a g e 4 | 39
Project Design Assessment Task 2 42035 Cloud Security

For all online financial applications, security is an absolute necessity. Financial application
security is essential for data privacy, customer confidence, and long-term success. The
application design follows the regulations provided by General Data Protection Regulation
(GDPR).
The above Fig1 depicts the financial application architecture, and below are the technical
specifications:

1. Computing Services:
▪ Application is designed to handle the multi-threaded processes to carry out
computational tasks.
▪ AWS Lambda is being used to manage computing resources whenever the
functions are triggered during the API calls in the application.
2. AWS Networking:
▪ The system is designed for multizone availability to achieve high availability
using autoscaling groups which automatically adjusts its capacity to avoid any
server failures.
▪ The Virtual Private Cloud (VPC) is designed with smaller networks as subnets
to optimize network traffic to avoid redundancy and fault tolerance.
▪ Gateway is created as filtering process to avoid risk of theft.
▪ Application is designed to handle the network traffic which consists of inbound
and outbound rules
▪ Security groups have been created to handle inbound and outbound traffic.
▪ Firewall is being used to protect from various web exploits which might affect
the application availability, compromise security.
3. Access controls:
▪ The system should consider the principle of least privilege access control list to
perform identification and authorisation and authentication of users who has
appropriate roles, permissions, and policies to access resources.
▪ An email notification services has been added using AWS SNS to inform
administrator in case of any unauthorised access or during any transaction
failures.
4. Database:
▪ The system is designed to store and process huge amount and complexity of the
data ie., images, audio various other formats.

P a g e 5 | 39
Project Design Assessment Task 2 42035 Cloud Security

▪ The system will allow multiple users to access the data simultaneously and can
handle data loss due to any unusual events.
5. Monitoring:
▪ The system will monitor various risks, compliance, and auditing of user AWS
account and will record the user actions to handle user actions in case of any
inappropriate action.
▪ Threat detection service has been enabled to monitor the malicious activities
and generate security logs for visibility and remediation.

We have divided the design in to four main components which includes security, storage
services, network security and identity and access management.

Sl Component Roles Functions

No.
1 Security Enables organisation to monitor and secure It allows the
customer accounts and workloads, as well as customers to
detecting threats. manage identities,
access, and
permissions at scale
in a safe manner.
2 Storage Allows the organisation to store and retrieve Allows users to
data from anywhere which indeed helps the save at remote
organisation to achieve high availability and location and access
scalability. anytime through
public network.
3 Access Enables the organisation to provide the A customer can
controls to the users based on their roles access the specific
concerning policy regulations. data based on the
permission granted.

4 Network Allows the organisation to run the Customers may

applications with high level dependability, isolate their cloud
performance, and security. platform, scale up
workload requests,
and even connect
the real network to
private virtual
networks using
AWS networking
services.

P a g e 6 | 39
Project Design Assessment Task 2 42035 Cloud Security

5. Organisational Policies
The organizational policies are used in the organisation since we have all the features enabled
and applies extra control to the AWS accounts organisation.

A. Authorization policy: It aids in centrally managing the security of the organization’s

AWS accounts.
a) Service Control Policies: Security administrators use this policy to establish
controls of IAM roles and users adhere to.
B. Management Policy: It allows central configuration and management of the AWS
services and the features.
a) Tag policies: Specifies standardised tags of the AWS resources used
b) Backup Policies: Deals in managing the backup plans of AWS resources in our
organisation.

6. Storage Services NAME of STUDENT A in the group

Financial organisations gather massive amounts of data from a variety of sources, including
client financial records, transaction data, and customer support interactions like chatlog
transcriptions. AWS provides storage options for data backup, archival, and recovery
procedures. Amazon's storage services are divided into three categories: object, block, and file
storage.

6.1 Amazon Simple Storage Service (Amazon S3)- It allows businesses to capture and
store vast volumes of unstructured data in a highly reliable, secure, durable, and scalable
manner. S3 interacts with AWS services and stores the data returned by them.

Procedure:
1. On AWS Console→navigate to S3.
2. Choose Create Bucket→provide bucket name.
3. Choose the Region→Create.

P a g e 7 | 39
Project Design Assessment Task 2 42035 Cloud Security

4. Choose the bucket to upload an item in Amazon S3→Add Files.

5. Upload the required file.

6.2 Amazon S3 Glacier- For data preservation and long-term backup, Amazon S3 Glacier
is a safe, durable, and low-cost Amazon S3 cloud storage class. Financial institutions can
utilise Amazon S3 Object Lock and Amazon S3 Glacier Vault Lock to help them comply
with the SEC's 17a-4(f) technical data storage standards.

Procedure:
1. Navigate to S3 Glacier in the AWS Console→Region to create a vault.
2. Name the vault.

P a g e 8 | 39
Project Design Assessment Task 2 42035 Cloud Security

3. Event Notifications as Do not enable notifications. Review→submit.

6.3 DynamoDB- It benefits the users for auto-scaling, backup, and restores options
for all internet-based application. By using API gateway and AWS Lambda the data is
being retrieved from tables stored in DynamoDB.

Procedure:
1. Open DynamoDB console in AWS Console→Create Table.

2. Enter the table details→click Create.

P a g e 9 | 39
Project Design Assessment Task 2 42035 Cloud Security

3. We can also write, delete→update data in the table.

6.4 Amazon RDS MySQL- It automates typical database management duties while
providing cost-effective, resizable capacity for an industry-standard relational database.
Financial applications use RDS to save time and money by simplifying administrative
database duties. We will be using the MySQL database engine in our finance application.

Procedure:
1. Navigate to Amazon RDS on AWS Console →choose the region of DB instance.
2. Choose Databases →create database.

3. Choose MySQL in configuration → choose Free tier for DB instance size.

4. Keep DB instance identifier and Master username default.
5. Select Auto Generate a password →create database.

P a g e 10 | 39
Project Design Assessment Task 2 42035 Cloud Security

6.5 Roles and Functions of AWS Storage Services-

Logo AWS Services Roles Functions

Offers object storage Allows customers to
via web service, append metadata
which is designed to tags, transfer, and
store and retrieve store data across S3
Amazon Simple any quantity of data Storage Classes.
Storage Service(S3) irrespective of the
location.

Provides online file Customers may

storage web solution preserve their data
Amazon S3 Glacier for data preservation for a longer period at
and backup. a low cost

Designed for the Benefits the user

execution of high- from auto-scaling,
performance in-memory caching,
applications at any backup, and
scale with multi- restoration.
DynamoDB region replication,
in-memory caching,
and data export
tools.

P a g e 11 | 39
Project Design Assessment Task 2 42035 Cloud Security

Provides two SSD- It offers the

backed storage for customers scalable
SQL database. It capacity at a low
assists with data cost while
transfer, backup, automating time-
RDS MySQL recovery. consuming
administrative
operations.

7. Security in AWS NAME of STUDENT B in the group

The exposure of the financial sector to cyber hazards may increase, resulting in operational
interruptions and data breaches. Every financial application is critical to the development of a
cyber-resilient financial sector. Since they mostly deal with payment transactions security plays
a crucial role. We have used the following services to provide security:

7.1 CloudTrail- This is used to keep track of AWS account activities, including actions
performed by the user via the AWS Console. AWS CloudTrail logs API calls made on the
account and sends them to an S3 bucket users designate. Whenever an IAM user makes a
modification in CloudTrail the logs are stored into S3 bucket then CloudWatch detects an
event, which activates an AWS Lambda function, then posts the change event to an SNS
topic, and sends an email alert.

Procedure:

1. Navigate to CloudTrail in AWS Console.

2. Create CloudTrail→Name as Management-Events-Trail.
3. Create a new S3 bucket for storage allocation→disable log-file encryption.

P a g e 12 | 39
Project Design Assessment Task 2 42035 Cloud Security

4. Select the required events for logs→choose the read and write logs under API activity

5. Review→create CloudTrail

7.2 Amazon CloudWatch- Is used to help the users with actionable insights of data for
application monitoring, optimise resource utilisation. It coordinates with SNS to send Email
notifications to the users, Permissions are provided by IAM to CloudWatch to access the
AWS resources i.e., CloudWatch metric data.

P a g e 13 | 39
Project Design Assessment Task 2 42035 Cloud Security

Procedure:

1. Navigate to IAM in AWS Console

2. Choose to create roles
3. Select AWS Service→Use case EC2

4. Attach CloudWatchAgentServerPolicy

5. Provide the role name→create a role

P a g e 14 | 39
Project Design Assessment Task 2 42035 Cloud Security

6. Attach the IAM role created to the EC2 instance:

a. Unified CloudWatch agent should be downloaded and installed on EC2
instance
b. The Agent configuration file should be created
c. Start the CloudWatch agent

7.3 Amazon GuardDuty- Is used as a threat detection service to monitor malicious

activity. It monitors the VPC flow logs and sends the threat list to CloudWatch events, and
it triggers the lambda function for the SNS topic to send an email alert.

Procedure:

1. Enable GuardDuty in AWS Console.

2. Choose Findings export options under settings→Create a new bucket.
3. Encrypt the findings using KMS→Create a symmetric key.
4. Review and edit the policy.
5. Return to the S3→Choose the key created as key alias and save.
6. Setup GuardDuty finding alerts by SNS.

7.4 AWS WAF- Is used to monitor and block malicious http/s traffic on web applications.
It is used with cloudFront distributions to allow/block web requests.

Procedure:
1. Navigate to WAF in AWS Console→create web ACL
2. Choose CloudFront distributions for the Resource type
3. Add a string match rule→provide the conditions to match the string and AWS
managed rules rule group
4. Set the priority for rules→configure the metrics
5. Complete ACL configuration

7.5 AWS Shield Standard- Is a managed solution that protects applications that run on
AWS from Distributed Denial of Service (DDoS) assaults. AWS Shield Standard is
activated by default for all AWS customers at no extra charge.

P a g e 15 | 39
Project Design Assessment Task 2 42035 Cloud Security

7.6 Roles and Functions of AWS Security-

Logo AWS Services Roles Functions

Customers can
AWS CloudTrail manage AWS user's A customer will
account governance
receive a notification
and compliance,
operational in case of
monitoring, and risk
unauthorised access.
auditing.

The Organisation can Helps the customers

detect and filter out to protect their web
threats that might applications or APIs
AWS WAF
compromise against web exploits
applications to
DDOS attacks.

The organisation can Allows customers to

detect networks and get automatic inline
AWS Shield
apply algorithm mitigations to
Standard
techniques to detect minimise application
malicious data latency and
downtime

AWS CloudWatch Aids organisation to Permits customer to

collect operational monitor
and monitoring data applications,
to get a unified view services and notify
of the resources and perform
automated actions

Organisation can Permits users to

protect their monitor, analyse,
AWS GuardDuty
workloads, AWS

P a g e 16 | 39
Project Design Assessment Task 2 42035 Cloud Security

accounts and data and process data

stored. source

8. Network Protection NAME of STUDENT C in the group

These services allow you to impose rigid security policies at every network point in the
organization. The advancements in technology – virtual infrastructures, remote operations,
shared storage, have hauled the motive of financial organisations from simply handling the
money to managing the data and the IT networks.

8.1 VPC- Is logically alienated from the other virtual networks and provides access over
virtual network, security, connectivity, and resource allocation. Using VPC AWS resources
such as Amazon EC2 instances can be launched; subnets can be created, routing tables and
security groups can be configured and linked, and specific IP address range can be defined.

Procedure:

1. Navigate to VPC in AWS Console

2. Create VPC by adding a standard name

3. Enter the IPv4 CIDR /16 block address and avoid using IPv6 CIDR block

4. Select the tenancy as default→create the VPC

P a g e 17 | 39
Project Design Assessment Task 2 42035 Cloud Security

8.2 Subnets- It is a specific range of IP address under VPC in a particular availability zone.

Procedure:

1. Select VPC in AWS Console→navigate to Subnets

2. Create a subnet→select the respective VPC ID.

3. Name the subnet→select the availability zone.

4. Mention the IPv4 CIDR block→create the subnet.

P a g e 18 | 39
Project Design Assessment Task 2 42035 Cloud Security

8.3 Security Group- It is a virtual barrier for the incoming and outgoing traffic controlled
by the AWS instance.

Procedure:

1. Select VPC in AWS Console→Navigate to Security Groups.

2. Create a security group→name the group.

3. Select the respective VPC ID→define the inbound and outbound rules.

4. Create the security group.

P a g e 19 | 39
Project Design Assessment Task 2 42035 Cloud Security

8.4 Route Tables- It is a set of rules that directs the network packets to their destination.

Procedure:

1. Select VPC in AWS Console→navigate to Route tables.

2. Create route table→provide desired name.

3. Associate desired subnet to the route table.

4. Select the respective VPC→create the Route table.

P a g e 20 | 39
Project Design Assessment Task 2 42035 Cloud Security

8.5 NAT Gateway- It allows private subnets to access Internet and denies external internet
connection requests.

Procedure:

1. Select VPC in AWS Console→navigate to NAT gateway.

2. Create NAT gateway→provide name.

3. Select the respective subnet→keep the connectivity type–Public.

4. Select the desired Elastic IP allocation ID→create the NAT gateway.

P a g e 21 | 39
Project Design Assessment Task 2 42035 Cloud Security

8.6 NACL- It is a network level security, that controls traffic according to the set of
inbound and outbound rules.

Procedure:

1. Select VPC in AWS Console→navigate to Network ACLs.

2. Create a network ACL→provide name.

3. Select the respective VPC→create the network ACL.

P a g e 22 | 39
Project Design Assessment Task 2 42035 Cloud Security

8.7 Route Tables (RT)-

1. Main RT

Destination Route

10.0.0.0/16 local

0.0.0.0/0 nat-gateway-id

2. Gateway RT

Destination Route

P a g e 23 | 39
Project Design Assessment Task 2 42035 Cloud Security

0.0.0.0/0 igw-id

3. Custom RT

Destination Route

10.0.0.0/16 local

0.0.0.0/0 igw-id

4. Public subnet RT 1A

Destination Route

10.0.0.0/24 local

0.0.0.0/0 igw-id

5. Public subnet RT 2A

Destination Route

10.0.3.0/24 local

0.0.0.0/0 igw-id

6. Private subnet RT 1A

Destination Route

10.0.1.0/24 local

0.0.0.0/0 nat-gateway-id

P a g e 24 | 39
Project Design Assessment Task 2 42035 Cloud Security

7. Private subnet RT 1B

Destination Route

10.0.2.0/24 local

0.0.0.0/0 nat-gateway-id

8. Private subnet RT 2A

Destination Route

10.0.4.0/24 local

0.0.0.0/0 nat-gateway-id

9. Private subnet RT 2B

Destination Route

10.0.5.0/24 local

0.0.0.0/0 nat-gateway-id

8.8 Security Groups-

P a g e 25 | 39
Project Design Assessment Task 2 42035 Cloud Security

8.9 Roles and functions of AWS Network Services-

Logo AWS Roles Functions

Services

Amazon VPC Provides a Provides

logically isolated customers with
customizable access to a
virtual network to remote private
launch AWS cloud where
services. they can store
data, visit
websites, etc.
securely.

Elastic Load It handles the It allows

balancing changing load of multiple users
incoming to concurrently
application traffic access the
over different services and
targets in multiple provides
availability zones. reliable
applications to
the customers.

Amazon API It permits Provides

Gateway developers to optimal API for
perform operations each customer.
and protect the
APIs at all levels.

P a g e 26 | 39
Project Design Assessment Task 2 42035 Cloud Security

9. Identity and Access Management (IAM) NAME of STUDENT D in the group

IAM delineates and administers the user roles and access rights of a single user in the network
and the situations in which the users are granted or denied of the privileges. IAM permissions
are used by CloudWatch to access AWS resources and check the IAM logs.

9.1 User- It is an entity representing the person/ application that access AWS services.

Procedure:
1. Go to IAM and navigate to User.
2. Select Add user→add a username.
3. Select the AWS credential type – Password.
4. Select the Custom password→set a password.
5. Untick password reset option.

6. Add the user to the desired user group and set no permission boundaries.

P a g e 27 | 39
Project Design Assessment Task 2 42035 Cloud Security

7. Create User.

9.2 Roles- It is an AWS user identity tagged with specific access permissions according to
their roles.

Procedure:
1. Go to IAM and navigate to Roles.
2. Create role→Another AWS account entity.
3. Enter the account ID of the other user→require MFA.

P a g e 28 | 39
Project Design Assessment Task 2 42035 Cloud Security

4. Attach policy→tick role without permission boundary.

P a g e 29 | 39
Project Design Assessment Task 2 42035 Cloud Security

5. Enter role name→Create Role.

Fig 2: Role Hierarchy

P a g e 30 | 39
Project Design Assessment Task 2 42035 Cloud Security

9.3 Policy- Define the permissions required by resources or entities.

Procedure:
1. Go to IAM and navigate to Policies.
2. Select the policy→Action→Attach.

3. Select the User/Role/Group.

4. Create Policy.

P a g e 31 | 39
Project Design Assessment Task 2 42035 Cloud Security

9.4 User Group-

Procedure:
1. Go to IAM→navigate to User groups.
2. Create group→enter user group name.
3. Select the users to attach to the user group.
4. Select the policies to be attached to the user group.
5. Create group.

9.5 MFA-

Procedure:
1. Go to IAM and navigate to User.
2. Select the user to assign MFA→security credentials tab.
3. Assigned MFA device→Manage→Virtual MFA device.

P a g e 32 | 39
Project Design Assessment Task 2 42035 Cloud Security

4. Install app on device→scan QR code.

5. Enter 2 MFA codes→Assign MFA.

P a g e 33 | 39
Project Design Assessment Task 2 42035 Cloud Security

9.6 Roles and Functions of Amazon IAM services-

Logo AWS Services Roles Functions

IAM
It allows a It provides enhanced
secured access to security and granular
the AWS control of access to
resources and the users.
services.

Multi-Factor It is an extra layer Enables protection

Authentication of protection from unauthorized
other than users access to
username and networks, database,
password. etc.

P a g e 34 | 39
Project Design Assessment Task 2 42035 Cloud Security

10.Service Level Agreements (SLA’s)-

The aim of defining SLAs is that it sets clear and measurable guidelines and provides recourse
for unmet service obligations which is very crucial for a financial organisation. Following are
the SLA’s used in our application:
Application SLA’s:

1. Amazon Cognito SLA

2. Amazon Compute SLA
3. Amazon EC2 SLA
4. Amazon ElastiCache SLA
5. Amazon Messaging (SNS) SLA
6. AWS Lambda SLA

Storage SLA’s:

1. Amazon RDS SLA

2. Amazon S3 SLA
3. Amazon DynamoDB SLA
4. AWS Backup SLA

Security SLA’s:

1. Amazon GuardDuty SLA

2. AWS CloudTrail SLA

3. AWS WAF SLA
4. Amazon CloudFront SLA
5. Amazon CloudWatch SLA

Network SLA’s:

1. Amazon VPC NAT Gateway SLA

2. Amazon API Gateway SLA

3. Amazon Elastic Load Balancing SLA

P a g e 35 | 39
Project Design Assessment Task 2 42035 Cloud Security

11. Conclusion

Financial organisations recognise the need for safe, compliant cloud solutions in the highly
competitive and tightly regulated financial industry, where the benefits of the cloud outweigh
the risk of security failures and reputational harm. Firms may use various AWS cloud services
to guarantee that backups are safe, that data is kept in various places to provide adequate backup
and AWS disaster recovery service, and that monitoring, and backup status notifications are
maintained.

While the financial industry has been hesitant to accept new technology in the past, the realities
of the industry now mean that they are beginning to see the numerous advantages that the cloud
can provide. Finally, these businesses have realised that going to the cloud is no longer a
choice-it's a need.

P a g e 36 | 39
Project Design Assessment Task 2 42035 Cloud Security

12. References

1. Amazon Web Services, Inc. 2021. Fast NoSQL Key-Value Database – Amazon
DynamoDB – Amazon Web Services. [online] Available at:
<https://aws.amazon.com/dynamodb/> [Accessed 10 October 2021].

2. Amazon Web Services. 2021. How financial institutions modernize record

retention on AWS | Amazon Web Services. [online] Available at:
<https://aws.amazon.com/blogs/industries/how-financial-services-institutions-
modernize-record-retention-on-aws/> [Accessed 10 October 2021].

3. Amazon Web Services, Inc. 2021. IAM - Multi-factor Authentication. [online]

Available at: <https://aws.amazon.com/iam/features/mfa/> [Accessed 10
October 2021].

4. Amazon Web Services, Inc. 2021. Install and configure the unified CloudWatch
agent to push metrics and logs from an EC2 instance to CloudWatch. [online]
Available at: <https://aws.amazon.com/premiumsupport/knowledge-
center/cloudwatch-push-metrics-unified-agent/> [Accessed 10 October 2021].

5. Amazon Web Services, Inc. 2021. AWS Identity & Access Management –
Amazon Web Services. [online] Available at: <https://aws.amazon.com/iam/>
[Accessed 10 October 2021].

6. Amazon Web Services, Inc. 2021. IAM - Manage Roles. [online] Available at:
<https://aws.amazon.com/iam/features/manage-roles/> [Accessed 10 October
2021].

7. Docs.aws.amazon.com. 2021. Step 2: Create a Vault in Amazon S3 Glacier –

Amazon S3 Glacier. [online] Available at:
<https://docs.aws.amazon.com/amazonglacier/latest/dev/getting-started-
create-vault.html> [Accessed 10 October 2021].

8. Docs.aws.amazon.com. 2021. Step 1: Create an Amazon S3 Bucket - AWS

Quick Start Guide: Back Up Your Files to Amazon Simple Storage Service.

P a g e 37 | 39
Project Design Assessment Task 2 42035 Cloud Security

[online] Available at:

<https://docs.aws.amazon.com/quickstarts/latest/s3backup/step-1-create-
bucket.html> [Accessed 10 October 2021].

9. Docs.aws.amazon.com. 2021. Creating custom responses to GuardDuty

findings with Amazon CloudWatch Events - Amazon GuardDuty. [online]
Available at:
<https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloud
watch.html> [Accessed 10 October 2021].

10. Docs.aws.amazon.com. 2021. Getting started with AWS CloudTrail tutorial –

AWS CloudTrail. [online] Available at:
<https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-
tutorial.html> [Accessed 10 October 2021].

11. Docs.aws.amazon.com. 2021. Getting Started with DynamoDB - Amazon

DynamoDB. [online] Available at:
<https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Gettin
gStartedDynamoDB.html> [Accessed 10 October 2021].

12. Docs.aws.amazon.com. 2021. Getting started with AWS WAF - AWS WAF,
AWS Firewall Manager, and AWS Shield Advanced. [online] Available at:
<https://docs.aws.amazon.com/waf/latest/developerguide/getting-
started.html> [Accessed 10 October 2021].

13. Docs.aws.amazon.com. 2021. VPCs and subnets - Amazon Virtual Private

Cloud. [online] Available at:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
[Accessed 10 October 2021].

14. Docs.aws.amazon.com. 2021. Tutorial: Creating a VPC with Public and

Private Subnets for Your Clusters - Amazon Elastic Container Service. [online]
Available at:

P a g e 38 | 39
Project Design Assessment Task 2 42035 Cloud Security

<https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-
public-private-vpc.html> [Accessed 10 October 2021].

15. Docs.aws.amazon.com. 2021. What are Policies? - AWS RoboMaker. [online]

Available at:
<https://docs.aws.amazon.com/robomaker/latest/dg/auth_access_what-are-
policies.html> [Accessed 10 October 2021].

16. Docs.oracle.com. 2021. NAT Gateway. [online] Available at:

<https://docs.oracle.com/en-
us/iaas/Content/Network/Tasks/NATgateway.htm> [Accessed 10 October
2021].

17. Docs.aws.amazon.com. 2021. Security groups for your VPC - Amazon Virtual
Private Cloud. [online] Available at:
<https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.htm
l> [Accessed 10 October 2021].

18. Fugue.co. 2021. Cloud Network Security 101: AWS Security Groups vs NACLs.
[online] Available at: <https://www.fugue.co/blog/cloud-network-security-
101-aws-security-groups-vs-nacls> [Accessed 10 October 2021].

19. Medium. 2021. Creating AWS CloudFront Distribution with S3 Origin.

[online] Available at: <https://medium.com/tensult/creating-aws-cloudfront-
distribution-with-s3-origin-ee47b8122727> [Accessed 10 October 2021].

20. N2WS. 2021. The Financial Industry in the AWS Cloud - N2WS. [online]
Available at: <https://n2ws.com/blog/aws-disaster-recovery/financial-industry-
amazon-cloud> [Accessed 10 October 2021].

P a g e 39 | 39