AWS Well-Architected Framework: Security Design Principles for AWS Solutions

Not a Security Design Principle in AWS Well-Architected Framework

Question

In the AWS Well-Architected Framework, which of the following is NOT a Security design principle to design solutions in AWS?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: A.

Security needs to be applied at all network layers, like edge of network, VPC, all instances & application with the VPC.

Applying Security controls at the edge of the network is not an efficient security control & against security design principles.

As per AWS Well-Architected Framework, the following are the design principles for security in the cloud:

· Implement a strong identity foundation.

· Enable traceability.

· Apply security at all layers.

· Automate security best practices.

· Protect data in transit and at rest.

· Keep people away from data.

· Prepare for security events.

Options B, C, & D are incorrect as these are part of security design principles that need to be followed while implementing security controls in the cloud.

For more information on Security Design Principle with AWS Well-Architected Framework, refer to the following URL:

https://docs.aws.amazon.com/wellarchitected/latest/framework/sec-design.html

The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. The framework is organized around five pillars: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.

Among these five pillars, the Security pillar focuses on protecting information and systems. It consists of several design principles that help architects and operators identify and mitigate potential security risks. The four design principles of the Security pillar in the AWS Well-Architected Framework are:

  1. Apply a risk-based approach to security: This principle encourages organizations to identify and prioritize their most critical assets and then apply appropriate security measures based on the level of risk.

  2. Protect data in transit and at rest: This principle emphasizes the importance of encrypting data both in transit and at rest to protect it from unauthorized access and ensure its confidentiality.

  3. Enable traceability: This principle encourages organizations to implement tools and processes that enable them to track and audit user and system activities, detect and respond to security incidents, and comply with regulations and standards.

  4. Implement a strong identity foundation: This principle emphasizes the importance of using a centralized and robust identity and access management (IAM) system to control access to resources and data and enforce least privilege.

Therefore, the answer to the question is A. Apply Security only at the edge of the network. This statement is incorrect and not a design principle of the Security pillar in the AWS Well-Architected Framework. Security should be applied at multiple layers of the network and infrastructure, including the application layer, data layer, and host layer, to provide defense in depth and mitigate various attack vectors.