AWS CloudShell Overview & Why It’s Important

AWS CloudShell Overview & Why It’s Important by Tim Layton @ CloudSecurityLaunchPad.com

AWS CloudShell is a browser-based, pre-authenticated shell that you can launch directly from the AWS Management Console.

Just search for “AWS CloudShell” from the search bar inside your console account.

You can run AWS CLI commands against AWS services using your preferred shell (Bash, PowerShell, or Z shell) and you can do this without needing to download or install command line tools. This can be very helpful in tightly controlled corporate environments where users are not allowed to install code and applications on local systems.

In many corporate environments, CLI can be blocked or not allowed, so CloudShell can be a good and secure option for enabling developers and administrations.

Once you move into any type of real cloud environment, CLI is a tool that you will use on a daily basis.

AWS CloudShell is a browser-based shell that gives you command-line access to your AWS resources in the selected AWS region. AWS CloudShell comes pre-installed with popular tools for resource management and creation.

You have the same credentials as you used to log in to the console.

You get pre-installed tools such as AWS CLI, Python, Node.js and more. You will also receive 1GB of storage free per AWS region and your configuration files are saved in your home directory and available for future sessions.

Security

The AWS CloudShell environment and its users are protected by specific security features such as IAM permissions management, shell session restrictions, and Safe Paste for text input.

Permissions management with IAM

Administrators can grant and deny permissions to AWS CloudShell users using IAM policies. Administrators can also create policies that specify at a granular level the particular actions those users can perform with the shell environment. For more information, see Managing AWS CloudShell access and usage with IAM policies.

Shell session management

Inactive and long-running sessions are automatically stopped and recycled. For more information, see Shell sessions.

Safe Paste for text input

Enabled by default, Safe Paste is a security feature that asks you to verify that multiline text that you’re about to paste into the shell doesn’t contain malicious scripts. For more information, see Using Safe Paste for multiline text.

More info about CloudShell in the AWS documentation.

Get My Free Cloud Security Journal

Tim Layton specializes in demystifying the complexities and technical jargon associated with cloud computing security and risk management for business stakeholders across the enterprise. Tim is a cloud security thought leader defining actionable and defensible strategies to help enterprise stakeholders make risk-based decisions and prioritize investments in the new digital frontier.

Stay Connected With Tim Layton

LinkedIn: www.Linkedin.com/in/TimLaytonCyber

Website: http://CloudSecurityLaunchPad.com

Get My Free Cloud Security Journal


COMMON CYBERSECURITY RISK TERMS DEFINED

Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service. (NIST 800–30)

Threat: potential cause of an unwanted incident, which can result in harm to a system or organization. (ISO 27001)

Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. (NIST 800–30)

Vulnerability: weakness of an asset or control that can be exploited by one or more threats. (ISO 27001)

Likelihood: A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or a set of vulnerabilities. (NIST 800–30)

Likelihood: chance of something happening. (ISO 27001)

Risk: A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. (NIST 800–30)

Risk: effect of uncertainty on objectives. (ISO 27001)

Security Controls: The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. (NIST 800–30)

Compensating Security Control: A management, operational, and/or technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system. (NIST 800–30)

Impact Level: The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability. (NIST 800–30)

Residual Risk: Portion of risk remaining after security measures have been applied. (NIST 800–30)

Security Posture: The security status of an enterprise’s networks, information, and systems based on information assurance resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes. (NIST 800–30)

Get My Free Cloud Security Journal

Tim Layton

Tim Layton specializes in demystifying the complexities and technical jargon associated with cloud computing security and risk management. Tim is a cloud security thought leader defining actionable and defensible strategies to help enterprise stakeholders make risk-based decisions and prioritize investments in the new digital frontier.

Recommended Articles

Leave a Reply

Your email address will not be published. Required fields are marked *