AMI security considerations
Disable unsecure applications:-
Disable services and protocols that use clear text authentication.
Minimize exposure:-
Disable non-essential network services on startup.
Disable default services like file sharing, print spooler, and RPC if not needed.
Protect credentials when baking AMIs :-
Delete all AWS and third-party credentials from disk and configuration files.
Delete all user SSH public and private key pairs.
Remove and disable passwords for all user accounts.
Comments
Post a Comment