adam121 - Fotolia
Amazon Web Services released its Elastic File System to provide flexible storage for Amazon workloads, allowing storage capacity to grow or shrink as data is added or removed. Multiple workloads can also share EFS instances, providing common storage for applications.
Elastic File System (EFS) is designed for security -- minimizing the workloads and users who can access each EFS instance. For example, EFS restricts access to selected Elastic Compute Cloud (EC2) instances that reside in an Amazon Virtual Private Cloud (VPC).
A VPC allows users to define a logical network within the cloud where admins can deploy AWS resources like EC2 instances. IT teams can configure VPCs with user-selected IP addresses, subnets, routing tables and gateways to create a completely unique network that can be more difficult for attackers to find in the first place. It is possible to use VPCs to create public-facing networks that are isolated from critical back-end services. VPC security groups and network access control lists are also used to restrict network access to EFS instances.
Amazon EFS handles read, write and execute permissions down to the group and user levels; this can restrict access to specific directories or even individual files. The addition of AWS Identity and Access Management services ensures secure authentication for each user and connects users with authorized cloud resources.
Finally, AWS EFS is integrated with AWS CloudTrail, which provides detailed reports on API calls for the account made through the AWS Management Console, AWS Command Line Interface (CLI), AWS CloudFormation or AWS Software Development Kits. Log data includes details such as who called the API, call times, source IP addresses and so on. Log data can then be used to assess security, track changed resources and even help ensure compliance or audits in the cloud.
AWS EFS can be managed using a variety of platforms including the Web-based AWS Management Console, the AWS CLI and the Amazon EFS API. This allows developers to integrate EFS into software development. These management platforms allow administrators to create and delete EFS instances, configure access to the EFS instances, report details on AWS resources and manage security for users and groups.
The management method you choose depends on your particular preferences and workflow habits. For example, a business trying to automate or standardize EFS activities might prefer running scripts through the CLI, while software developers might opt to create unique tools using APIs. Each option will yield the same level of control and provide the same reporting.
Amazon Elastic File System roadmap details revealed
AWS logging tools provide extra security
Dig Deeper on AWS security
Related Q&A from Stephen J. Bigelow
Learn how load balancing in the cloud differs from a traditional network traffic distribution, and explore services available from AWS, Google and ... Continue Reading
Access management is critical to securing the cloud. Understand the differences between AWS IAM roles and users to properly restrict access to AWS ... Continue Reading
Containers have rapidly come into focus as a popular option for deploying applications, but they have limitations and are fundamentally different ... Continue Reading