I could do with a bit of list of best practice recommendations for my ec2 instances, security focused but also anything else would be really cool.
Found this thread which is also quite useful:
I set up a EC2 Instance and noticed that my crontab had been hacked to curl some weird url. I had to delete that instance and set up a new one and went through security to see where the mistake was which I found some. so now my security group contains limited access to ssh into the server by specific…
Oldest comments (5)
From a security perspective, start from inside the ec2 instance and work back from there (don't just assume AWS platform configurations such as security groups and NACLs are the answer - although they definately are part of it).
So making sure your OS is patched and under some sort of configuraiton management and reporting, then:
That should keep you busy for a while 😂
Thanks, that's one long list - this is in lightsail btw
No probs, careful with lightsail, it's brilliant for quick start etc but ignorance is bliss if you know what I mean..
Nice list, really good to know
this will be helpful. Also, I would like to understand and learn more about related guidelines.