{"id":4172,"date":"2015-11-03T10:06:58","date_gmt":"2015-11-03T16:06:58","guid":{"rendered":"http:\/\/www.poweradmin.com\/blog\/?p=4172"},"modified":"2015-09-29T10:18:33","modified_gmt":"2015-09-29T15:18:33","slug":"hosting-secure-websites-on-amazon-aws","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/hosting-secure-websites-on-amazon-aws\/","title":{"rendered":"Hosting Secure Websites on Amazon AWS"},"content":{"rendered":"

\"Amazon<\/a><\/p>\n

Amazon Web Services (AWS) is currently the market leader in hosted cloud provision. But you might not be aware that it can also be a hosting platform for your websites. This article considers how to set up a site using AWS \u2013 and how it can be kept secure.<\/span><\/p>\n

AWS and S3<\/b><\/span><\/h2>\n

You\u2019ll first need to set up <\/a>an Amazon Web Services account \u2013 either by logging in with your details if you\u2019re an existing Amazon user, or by registering with your personal and credit card information on the new user registration form at the AWS website<\/a>.<\/span><\/p>\n

Once you\u2019ve selected a support plan (there\u2019s a Basic free package, then it\u2019s \u201cpay as you go\u201d), you\u2019ll gain access to the AWS Management Console, and its various options.<\/span><\/p>\n

For basic website hosting, you\u2019ll need to click on Amazon\u2019s Simple Storage Service, otherwise known as S3. This is a storage area for virtually any kind of file, and a base from which you can publish Web pages.<\/span><\/p>\n

Stick Them in the Bucket<\/b><\/span><\/h2>\n

S3 files must be uploaded to your Bucket, which is Amazon\u2019s Web-based file folder. When you click the link to Create Folder you will reserve a space on the AWS servers to upload data to.<\/span><\/p>\n

Each file you upload (HTML, picture, or whatever) will have a unique IP address. But you won\u2019t be able to view them outside the Management Console in your browser unless you set their access to Public. And you won\u2019t have a website until you give AWS the go-ahead.<\/span><\/p>\n

Give them Static<\/b><\/span><\/h2>\n

To make your website visible, you\u2019ll have to Make Public all the files you upload, and set the Properties of your S3 Bucket to Static Website Hosting. Standard designations like index.html for your homepage and 404.html for error pages apply.<\/span><\/p>\n

Static websites may consist of documents formatted as HTML, JavaScript, and CSS. Scripts like PHP or Rails aren\u2019t supported on Amazon\u2019s S3 servers.<\/span><\/p>\n

Also Dynamics<\/b><\/span><\/h2>\n

Beyond the Basic plan, there\u2019s scope for hosting Web-based applications and dynamic sites using both static and streaming (video, audio, etc.) content. Amazon CloudFront is the division of AWS in question, and it integrates closely with S3 and business intelligence analytics tools like Amazon Elastic Compute Cloud (Amazon EC2).<\/span><\/p>\n

On-board Security Measures<\/b><\/span><\/h2>\n

For larger static and dynamic sites, Amazon\u2019s Elastic Compute Cloud (EC2) uses a \u201cSecurity Groups\u201d feature to filter incoming network traffic. It\u2019s essentially a firewall, behind which you specify the encryption protocols, port assignments and IP address ranges that are allowed access to your EC2 instances. One or more security groups <\/a>may be allocated to each instance.<\/span><\/p>\n

For data storage, Amazon S3 is your repository for redundant objects \u2013 usually static or rarely altered files like text, and images. Videos and multimedia may be streamed or edge cached through interaction with Amazon CloudFront.<\/span><\/p>\n

\"website<\/a><\/p>\n

Amazon Elastic Block Storage (EBS) attaches virtual volumes to EC2 instances, which act like mountable storage drives. Things like application logs and database partitions may be archived here, beyond the life of an EC2 instance. And snapshots of EBS volumes may be taken, then stored in Amazon S3.<\/span><\/p>\n

Data held in Amazon EBS volumes, S3 storage, and Amazon SimpleDB is stored at multiple locations for redundancy, at no additional charge to customers.<\/span><\/p>\n

AWS implements proactive monitoring via several automated online tools, to help maintain site availability and performance levels. Data centres are protected by both physical measures (security fencing, CCTV etc.) and strict access controls.<\/span><\/p>\n

AWS IAM or AWS Identity and Access Management lets customers designate multiple users within their account, and assign unique security credentials to them, before they can gain access to AWS services. This does away with the need to share encryption keys or passwords, and lets admins decide how and when to grant users access rights.<\/span><\/p>\n

AWS Multi-Factor Authentication or AWS MFA provides an additional layer of access control, and is specifically targeted at your Account Settings and the management of the services to which you subscribe. It\u2019s an option requiring a dynamic six-digit code to be entered with your standard login details before access is granted to your AWS account.<\/span><\/p>\n

In addition to Application Programming Interface (API) and Secure Sockets Layer (SSL)-protected endpoints, the AWS network works in compliance with several global security standards and third-party certifications.<\/span><\/p>\n

Your Responsibility<\/b><\/span><\/h2>\n

That said, Amazon goes to some lengths to ensure that customers take some responsibility for security matters on their cloud network, and are playing their own part. AWS assumes what it calls a shared responsibility model when you move your IT infrastructure<\/a> (or even just your website files) onto AWS.<\/span><\/p>\n

In real terms this means that you (the customer) are responsible for maintaining and managing the guest or client operating system and software provided by AWS in respect of your account and site. That includes updating and patching, as well as properly configuring the security group firewall provided by AWS.<\/span><\/p>\n

A Mindset for Secure Sites Under AWS<\/b><\/span><\/h2>\n

Bear in mind these factors, which set AWS cloud hosting apart from most traditional models \u2013 especially if you\u2019re thinking of hosting applications on Amazon\u2019s cloud<\/a>:<\/span><\/p>\n

There are firewalls, all over the place. <\/b>Every host under AWS is in a state of lock-down. Especially in Amazon EC2 (where Security Groups can be created for each type of host in your network\/website architecture), there are a lot of hoops to go through, and protocols to observe.<\/span><\/p>\n

EC2 hosts are NOT static. <\/b>They change and expire, all the time. Applications constructed for AWS should be designed knowing that an Amazon EBS volume will be lost should an EC2 instance fail. Flexibility should be your watchword.<\/span><\/p>\n

Availability Zones = Multiple Data Centres<\/b>. The Availability Zones set up under EC2 are dispersed both geographically and logically, and should be used to spread your data around so as to ensure your website is continuous available, and that information is backed up and up to date.<\/span><\/p>\n

Remain aware of these limitations and opportunities, and your hosting experience in the Amazon cloud should be a smooth one.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Amazon Web Services (AWS) is currently the market leader in hosted cloud provision. But you might not be aware that it can also be a hosting platform for your websites. This article considers how to set up a site using AWS \u2013 and how it can be kept secure. AWS and S3 You\u2019ll first need […]<\/p>\n","protected":false},"author":8,"featured_media":4166,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,6],"tags":[],"class_list":["post-4172","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-it","category-tech"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/4172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/comments?post=4172"}],"version-history":[{"count":3,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/4172\/revisions"}],"predecessor-version":[{"id":4174,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/4172\/revisions\/4174"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media\/4166"}],"wp:attachment":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media?parent=4172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/categories?post=4172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/tags?post=4172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}