AWS Infrastructure Services
In Amazon Infrastructure Services or in other words AWS cloud infrastructure services allow securely building and innovating faster development of a cloud. Amazon Web Services innovation on design and data centers ensure protection from manual mistakes and natural risks. It also implement the controls, build and automated systems that undergo third party audits to confirm security and compliance.
Layers of AWS Data Centers:
In AWS data center physical security begins at the Perimeter Layer. This Layer includes many security features depending on the location as security guards, fencing, security feeds and intrusion detection technology.
- Access is Scrutinized: AWS restricts physical access to people who need to be at a location for a justified business reason. Employees and vendors who have a need to be present at a Amazon data center must first apply for access and provide a valid business justification. The request is reviewed by specially designated personnel, including an area access manager. If access is granted, it is revoked once the necessary work is completed.
- Entry is Controlled and monitored: Entering the Perimeter Layer is a controlled process. Staff in the entry gates with security officers and employ supervisors who monitor officers and visitors via security cameras. When approved individuals are on-site, they are given a badge that requires multi-factor authentication and limits access to pre-approved areas.
- Amazon Data center workers are scrutinized, too: AWS employees who routinely need access to a data center are given permissions to relevant areas of the facility based on job function. Staff lists are routinely reviewed by an area access manager. If an employee doesn’t have an ongoing business need to be at a AWS data center, they have to go through the visitor process.
- Monitoring for Unauthorized Entry: Continuously watching for unauthorized entry by using video surveillance, intrusion detection, and access log monitoring systems. Entrances are secured with sound alarms if a door is forced or held open.
- AWS Security Operations centers Monitors Global Security: AWS Security Operation Centers are located around the world are responsible for monitoring, tracing, and executing security programs for our Amazon data centers. 24/7 support to the on-site data center security teams. Security team with continuous monitoring activities such as tracking access activities, revoking access permissions being available to respond and analyze a potential security incident.
In Infrastructure Layer the Amazon’s data centers are building the equipment and systems that keep it running. Components like HVAC system, back-up power equipment and fire suppression equipments are all part of the Infrastructure Layer. These devices and systems help protect servers and ultimately customer’s data.
- Layer by layer Access review: Access to the Infrastructure Layer is restricted based on business needs. By implementing a layer-by-layer access review the right to enter every layer is not granted by default. Access to any particular layer is only granted if there is a specific need to access that specific layer.
- Maintaining Equipment is a part of regular operations: AWS teams run diagnostics on machines, networks, and backup equipment to ensure they’re always in operations.
- Emergency –Ready Backup Equipment: Electrical power systems are designed to be fully redundant that in the event of uninterrupted power supply, generators can provide backup power for the entire facility. Monitoring system helps to keep temperature and humidity in range to prevent overheating which reduce service outages.
The Data Layer is the area that holds customer data. Protection begins by restricting access and maintaining a separation of privilege for each layer. Deploy threat detection devices for video surveillance and system protocols to safeguarding this layer.
- Technology and people Work Together For added Security: There are some procedures to obtain authorization to enter the Data Layer. This includes the review and approval of a person’s access application by authorized individuals. Meanwhile, threat and electronic intrusion detection systems monitor and automatically trigger alerts of identified threats or suspicious activity. For example, if a door is held or forced open an alarm is triggered. Deploy security cameras and retain footage in alignment with legal and compliance requirements.
- Preventing Physical and Technological Intrusion: Access points to server rooms are fortified with electronic control devices that require multi-factor authorization. Amazon servers can warn employees of any attempts to remove data. In the unlikely event of a breach, the server is automatically disabled.
- Servers and media receive Exacting Attention: Media storage devices in AWS are used to store customers. AWS have strong standards on install, service, and eventually destroy the devices when they are no longer required. Customer data is not removed from AWS until it has been securely decommissioned.
- Third-party Auditors Verify our Procedures and Systems: AWS is audited by external auditors on more than 2,600 requirements throughout the year. When third-party auditors inspect AWS data centers they do a deep dive to confirm the compliance of established rules needed to obtain security certifications. Depending on the compliance program and its requirements, external auditors may interact with AWS employees about how they handle and dispose of media. Auditors may also watch security camera feeds and observe entrances and hallways throughout AWS data center.
The Environmental Layer is for environmental considerations from site selection and construction to operations and sustainability. AWS carefully chooses our data center locations to mitigate environmental risks such as flooding, extreme weather, and seismic activity.
- Prepared for the Unexpected: AWS proactively prepares for potential environmental threats like natural disasters and fire. Installing automatic sensors and responsive equipment. Water-detecting devices can alert employees to problems as automatic pumps work to remove liquid and prevent damage. Similarly, automatic fire detection and suppression equipment reduce risk.
- High Availability through Multiple Availability Zones: Each Availability Zone consists of one or more data centers they are physically separated from one another with fast, private fiber-optic networking and have redundant power and networking. Customers who want the high availability and performance of their applications and they can deploy applications across multiple Availability Zones for fault tolerance and low latency.
- Simulating Disruptions & Measuring Our Response: The AWS Business Continuity Plan is an operations process guide outlining how to avoid and lessen disruptions due to natural disasters with detailed steps to take before, during, and after an event. AWS Staff are trained and ready to rebound from disruptions quickly, which includes a methodical recovery process to minimize further downtime due to errors.
- Go green AWS Cloud: AWS is committed to use 100% renewable energy. Companies majorly move to the AWS Cloud from their on-premises infrastructure by that they typically reduce carbon emissions by 88% because our Amazon data centers can offer environmental economies of scale.
Regions, Availability Zones and Local Zones
Amazon cloud computing resources are hosted in multiple locations around the world, and these locations are composed of AWS Regions and Availability Zones.
AWS Region is in general a separate geographic area in the cloud. Every Amazon EC2 Region is kept isolated from all other Amazon EC2 Regions. This result in the greatest possible fault tolerance and stability.
If an instance is launched, an AMI (Amazon Machine Image) has to be selected which should be in same Region. If the AMI in AWS is in another region & you can also copy the AMI to the region you are using.
When you launch an instance, you can either select an availability zone or use a default one. In a scenario of distributed instances across multiple availability zones, if any one instance fails then instance in another availability zone can handle these requests. The elastic IP addresses AWS can mask any failure of an instance in one availability zone by re-mapping the IP address to an instance in another availability zone.
When an instance is launched, we have an option to choose Local Zone to keep your applications are closer to your end users.
Every one of local zones ensures connectivity to full range of services in the AWS Region such as Amazon Dynamo DB and Amazon S3 (Simple Storage Service) through the same APIs and tool sets. Local Zones are not available in every Region
An edge location is where an end users can access services located at AWS. These locations are mostly in major cities in the world and are used by CDN (CloudFront in AWS) to distribute content to end user to reduce latency.