{"id":8412,"date":"2016-10-06T13:28:30","date_gmt":"2016-10-06T07:58:30","guid":{"rendered":"https:\/\/rationalselling.com\/?p=8412"},"modified":"2022-02-21T18:15:19","modified_gmt":"2022-02-21T12:45:19","slug":"bullet-proof-your-aws-infrastructure","status":"publish","type":"post","link":"https:\/\/www.rationalselling.com\/fr\/bullet-proof-your-aws-infrastructure\/","title":{"rendered":"20 contr\u00f4les de s\u00e9curit\u00e9 pour prot\u00e9ger votre infrastructure AWS contre les balles."},"content":{"rendered":"<p class=\"p1\"><span class=\"s1\">Voici la liste des 20 principaux contr\u00f4les de s\u00e9curit\u00e9 qui doivent \u00eatre effectu\u00e9s r\u00e9guli\u00e8rement pour prot\u00e9ger votre infrastructure AWS :<\/span><\/p>\n<p class=\"p1\"><b>1.les groupes de s\u00e9curit\u00e9<\/b><\/p>\n<p class=\"p1\"><span class=\"s1\">Un groupe de s\u00e9curit\u00e9 agit comme un pare-feu virtuel qui contr\u00f4le le trafic entrant et sortant d'une ou plusieurs instances. Vous associez un groupe de s\u00e9curit\u00e9 au lancement de chaque instance. Comme les donn\u00e9es peuvent avoir un port IP ouvert ou \u00eatre accessibles au public, il existe des risques de violation des donn\u00e9es. Afin d'\u00e9viter l'exposition \u00e0 des failles de s\u00e9curit\u00e9, nous recommandons que seuls les ports associ\u00e9s aux groupes IP et de s\u00e9curit\u00e9 pertinents restent ouverts.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">2.<b>Audit IAM MFA<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Pour ajouter une couche suppl\u00e9mentaire de s\u00e9curit\u00e9 \u00e0 votre compte AWS, il est recommand\u00e9 d'activer l'authentification multi-facteur pour les utilisateurs IAM afin de prot\u00e9ger vos donn\u00e9es critiques des pirates en ligne.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\"><b>3. journal d'acc\u00e8s ELB<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Si vous n'avez pas activ\u00e9 AWS ELB Access pour les \u00e9quilibreurs de charge Elastic, vos donn\u00e9es sont expos\u00e9es \u00e0 certaines menaces. Nous vous recommandons d'activer le journal ELB Access pour une s\u00e9curit\u00e9 renforc\u00e9e.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">4.<b>Protection de la terminaison<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Si la protection contre la r\u00e9siliation de l'API n'est pas activ\u00e9e pour les instances AWS EC2, cela peut entra\u00eener la r\u00e9siliation accidentelle des machines par un processus automatis\u00e9. Il est recommand\u00e9 d'activer la protection contre la r\u00e9siliation pour toutes les instances EC2 critiques fonctionnant dans votre compte cloud AWS.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\"><b>5. audit de s\u00e9curit\u00e9 de l'\u00e9couteur ELB<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Si un \u00e9quilibreur de charge n'a pas d'auditeur qui utilise un protocole s\u00e9curis\u00e9 (HTTPS ou SSL), il constitue une menace pour vos donn\u00e9es. Configurez un ou plusieurs \u00e9couteurs s\u00e9curis\u00e9s pour votre \u00e9quilibreur de charge. Vous devez cr\u00e9er des auditeurs HTTPS ou SSL pour les ELB \u00e0 interface publique.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\"><b>6. cl\u00e9s d'acc\u00e8s IAM non utilis\u00e9es<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Si vous n'avez pas utilis\u00e9 certaines cl\u00e9s d'acc\u00e8s IAM au cours des 30 derniers jours ou depuis leur cr\u00e9ation, nous vous recommandons vivement de les supprimer pour une meilleure s\u00e9curit\u00e9 et pour \u00e9viter de compromettre les cl\u00e9s.\u00a0<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\"><b>7. audit de s\u00e9curit\u00e9 RDS<\/b> (pour VPC SG et pour la liste des ports)<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Pour les instances AWS RDS dont le port DB est ouvert au public ou \u00e0 une s\u00e9rie d'IP, nous recommandons d'ouvrir le port uniquement pour les IP et les groupes de s\u00e9curit\u00e9 requis.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">8.<b>Cl\u00e9 d'acc\u00e8s au compte racine<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">L'une des meilleures fa\u00e7ons de prot\u00e9ger votre compte est de ne pas avoir de cl\u00e9 d'acc\u00e8s pour votre compte racine. Cr\u00e9ez un ou plusieurs utilisateurs AWS Identity and Access Management (IAM), donnez-leur les autorisations n\u00e9cessaires.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">9.<b>Audit des r\u00f4les d'administrateur IAM<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Il est risqu\u00e9 d'avoir un seul administrateur IAM pour votre compte AWS. Au lieu de cela, ayez un ou plusieurs utilisateurs IAM AWS, donnez-leur les autorisations, et utilisez ces IAM pour l'interaction quotidienne avec AWS. Essayez \u00e9galement d'utiliser des informations d'identification de s\u00e9curit\u00e9 temporaires (r\u00f4les IAM) plut\u00f4t que des cl\u00e9s d'acc\u00e8s \u00e0 long terme.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">10.<b>Politique de mot de passe IAM<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Lorsque vous d\u00e9finissez une politique de mot de passe pour votre compte AWS, n'oubliez jamais de sp\u00e9cifier les exigences de complexit\u00e9 et la r\u00e9g\u00e9n\u00e9ration obligatoire du mot de passe \u00e0 l'expiration du mot de passe de l'IAM. Ce faisant, vous vous assurez que les informations d'identification de votre compte sont entre de meilleures mains !<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\"><b>11. politique IAM<\/b> (pour les politiques g\u00e9r\u00e9es)<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Si vous avez accord\u00e9 le contr\u00f4le complet de votre compte AWS \u00e0 un seul IAM, il y a une possibilit\u00e9 de violation de donn\u00e9es car l'utilisateur IAM peut acc\u00e9der \u00e0 n'importe quelle ressource \u00e0 tout moment. Vous pouvez \u00e9galement exclure tout utilisateur IAM qui, selon vous, ne doit pas b\u00e9n\u00e9ficier d'un acc\u00e8s complet \u00e0 l'avenir.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">12.<b>CloudTrail<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Pas de Cloudtrail = risques de s\u00e9curit\u00e9 !<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">AWS CloudTrail est un service Web qui enregistre les appels d'API effectu\u00e9s sur votre compte et transmet les fichiers journaux \u00e0 votre seau Amazon S3. Les clients qui souhaitent suivre les modifications apport\u00e9es aux ressources, r\u00e9pondre \u00e0 des questions simples sur l'activit\u00e9 des utilisateurs, d\u00e9montrer la conformit\u00e9, d\u00e9panner ou effectuer des analyses de s\u00e9curit\u00e9 devraient activer CloudTrail.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\"><b>13. nombre d'administrateurs IAM<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Nombre total de comptes administrateurs. S'il y a trop de comptes administrateurs IAM, cela peut entra\u00eener des probl\u00e8mes de s\u00e9curit\u00e9. Il est recommand\u00e9 de ne pas avoir beaucoup d'utilisateurs IAM avec des droits d'administration.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\"><b>14.Expiration du SSL<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Si vous avez t\u00e9l\u00e9charg\u00e9 des certificats SSL sur Amazon Web Services pour ELB (Elastic Load Balancing) ou CloudFront (CDN), vous devez garder un \u0153il sur les dates d'expiration et renouveler les certificats \u00e0 temps pour garantir un service ininterrompu.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">15.<b>Compte racine MFA<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">N'oubliez jamais d'activer le MFA pour votre compte root. La meilleure option serait de donner un acc\u00e8s limit\u00e9 aux seuls IAM privil\u00e9gi\u00e9s.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">16.<b>Groupe de s\u00e9curit\u00e9 non utilis\u00e9<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Si certains groupes de s\u00e9curit\u00e9 ne sont pas utilis\u00e9s ou attach\u00e9s \u00e0 des instances, il est recommand\u00e9 de supprimer ces groupes de s\u00e9curit\u00e9.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">17.<b>Cryptage RDS<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Le cryptage de votre RDS est une bonne pratique. Si les instances RDS ne sont pas crypt\u00e9es au niveau du stockage de la base de donn\u00e9es, vous pouvez utiliser le cryptage Amazon RDS pour renforcer la protection des donn\u00e9es de vos applications d\u00e9ploy\u00e9es dans le nuage et pour r\u00e9pondre \u00e0 toute exigence de conformit\u00e9 en mati\u00e8re de cryptage des donn\u00e9es au repos.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">18.<b>Anciennes cl\u00e9s d'acc\u00e8s IAM<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">En tant qu'administrateur, nous vous recommandons de modifier r\u00e9guli\u00e8rement les cl\u00e9s d'acc\u00e8s des utilisateurs IAM de votre compte. Si vous avez donn\u00e9 aux utilisateurs les autorisations n\u00e9cessaires, ils peuvent alors faire tourner leurs propres cl\u00e9s d'acc\u00e8s. En attendant, changez les cl\u00e9s d'acc\u00e8s qui ont plus de 60 jours pour renforcer la s\u00e9curit\u00e9 de vos comptes AWS.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">19.<b>Permissions du godet S3<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Par d\u00e9faut, toutes les autorisations de seau S3 sont priv\u00e9es et vous devez donner des autorisations d'acc\u00e8s en lecture\/\u00e9criture aux autres en r\u00e9digeant une politique d'acc\u00e8s. Les autorisations de godet qui accordent l'acc\u00e8s \u00e0 la liste \u00e0 tout le monde peuvent entra\u00eener des frais plus \u00e9lev\u00e9s que pr\u00e9vu si les objets du godet sont list\u00e9s par des utilisateurs non intentionnels \u00e0 une fr\u00e9quence \u00e9lev\u00e9e. Assurez-vous que vous accordez des autorisations d'acc\u00e8s limit\u00e9.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\"><b>20.Expiration du journal de service\u00a0<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Il est conseill\u00e9 d'activer l'expiration des journaux de service pour chacun des compartiments de journalisation afin de s'assurer que vous ne manquez pas les dates d'expiration.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Pour savoir comment <a href=\"https:\/\/www.rationalselling.com\/fr\/cloud-services\/\"><span class=\"s2\">La vente rationnelle<\/span><\/a> peut vous aider \u00e0 mettre en place et \u00e0 s\u00e9curiser votre infrastructure en nuage : Visitez-nous <a href=\"https:\/\/www.rationalselling.com\/fr\/cloud-services\/\"><span class=\"s2\">www.Rationalselling.com<\/span><\/a> ou \u00e9crivez-nous \u00e0 <\/span><span class=\"s3\">info@rationalselling.com<\/span><\/p>\n<p class=\"p2\"><span class=\"s4\">Suivez-nous : <a href=\"https:\/\/www.twitter.com\/rationalselling\"><span class=\"s5\">Twitter<\/span><\/a>,<a href=\"https:\/\/www.facebook.com\/RationalSelling.Sourcing\/\"><span class=\"s5\"> Facebook<\/span><\/a> &amp;<span class=\"s5\"><a href=\"https:\/\/www.linkedin.com\/company\/rational-selling-&amp;-sourcing\/\">\u00a0LinkedIn<\/a><\/span><\/span><\/p>\n<p><span class=\"s1\">\u00a0<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Voici la liste des 20 principaux contr\u00f4les de s\u00e9curit\u00e9 qui doivent \u00eatre effectu\u00e9s r\u00e9guli\u00e8rement pour prot\u00e9ger votre infrastructure AWS : Les groupes de s\u00e9curit\u00e9 Un groupe de s\u00e9curit\u00e9 agit comme un pare-feu virtuel qui contr\u00f4le le trafic entrant et sortant pour un ou plusieurs ... <\/p>","protected":false},"author":8,"featured_media":8413,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"pmpro_default_level":"","footnotes":""},"categories":[6],"tags":[21731,21729,21730,21689,21690],"class_list":["post-8412","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-security-on-aws","tag-building-bulletproof-infrastructure-on-aws","tag-aws-architecture-to-support-your-application","tag-rational-selling","tag-rational-selling-and-sourcing","pmpro-has-access"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>20 Security checks to \u201cBullet Proof\u201d your AWS Infrastructure - Rational Selling &amp; Sourcing<\/title>\n<meta name=\"description\" content=\"A security group acts as a virtual firewall that controls the inbound and outbound traffic for one or more instances. You associate a security group with the launch of each instance. Since the data may have an open IP port or is open to public access, there are chances of data breach. In order to avoid exposure to security vulnerabilities, we recommend that only ports associated with relevant IP and security groups are kept open.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rationalselling.com\/fr\/bullet-proof-your-aws-infrastructure\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"20 Security checks to \u201cBullet Proof\u201d your AWS Infrastructure - Rational Selling &amp; Sourcing\" \/>\n<meta property=\"og:description\" content=\"A security group acts as a virtual firewall that controls the inbound and outbound traffic for one or more instances. You associate a security group with the launch of each instance. Since the data may have an open IP port or is open to public access, there are chances of data breach. In order to avoid exposure to security vulnerabilities, we recommend that only ports associated with relevant IP and security groups are kept open.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rationalselling.com\/fr\/bullet-proof-your-aws-infrastructure\/\" \/>\n<meta property=\"og:site_name\" content=\"Rational Selling &amp; Sourcing\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/RationalSelling.Sourcing\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-10-06T07:58:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-21T12:45:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/aws2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Julio Salgado\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@rationalselling\" \/>\n<meta name=\"twitter:site\" content=\"@rationalselling\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Julio Salgado\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/\"},\"author\":{\"name\":\"Julio Salgado\",\"@id\":\"https:\/\/www.rationalselling.com\/#\/schema\/person\/d4075cceeedc73011360f2e78733d69c\"},\"headline\":\"20 Security checks to \u201cBullet Proof\u201d your AWS Infrastructure\",\"datePublished\":\"2016-10-06T07:58:30+00:00\",\"dateModified\":\"2022-02-21T12:45:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/\"},\"wordCount\":938,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.rationalselling.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/aws2.png\",\"keywords\":[\"Security on AWS\",\"Building Bulletproof Infrastructure on AWS\",\"AWS Architecture to Support Your Application\",\"rational Selling\",\"Rational Selling and Sourcing\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/\",\"url\":\"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/\",\"name\":\"20 Security checks to \u201cBullet Proof\u201d your AWS Infrastructure - Rational Selling &amp; Sourcing\",\"isPartOf\":{\"@id\":\"https:\/\/www.rationalselling.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/aws2.png\",\"datePublished\":\"2016-10-06T07:58:30+00:00\",\"dateModified\":\"2022-02-21T12:45:19+00:00\",\"description\":\"A security group acts as a virtual firewall that controls the inbound and outbound traffic for one or more instances. You associate a security group with the launch of each instance. Since the data may have an open IP port or is open to public access, there are chances of data breach. In order to avoid exposure to security vulnerabilities, we recommend that only ports associated with relevant IP and security groups are kept open.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#primaryimage\",\"url\":\"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/aws2.png\",\"contentUrl\":\"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/aws2.png\",\"width\":300,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.rationalselling.com\/fr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"20 Security checks to \u201cBullet Proof\u201d your AWS Infrastructure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.rationalselling.com\/#website\",\"url\":\"https:\/\/www.rationalselling.com\/\",\"name\":\"Rational Selling &amp; Sourcing\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.rationalselling.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.rationalselling.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.rationalselling.com\/#organization\",\"name\":\"Rational Selling & Sourcing\",\"url\":\"https:\/\/www.rationalselling.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.rationalselling.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/RS-logo-new.png\",\"contentUrl\":\"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/RS-logo-new.png\",\"width\":293,\"height\":43,\"caption\":\"Rational Selling & Sourcing\"},\"image\":{\"@id\":\"https:\/\/www.rationalselling.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/RationalSelling.Sourcing\/\",\"https:\/\/x.com\/rationalselling\",\"https:\/\/www.linkedin.com\/company\/rational-selling-amp-sourcing\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.rationalselling.com\/#\/schema\/person\/d4075cceeedc73011360f2e78733d69c\",\"name\":\"Julio Salgado\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/7f59cf14ac3b294bd621635b1e6e5439ee97f577e16dec9f5528ba3720406380?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7f59cf14ac3b294bd621635b1e6e5439ee97f577e16dec9f5528ba3720406380?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7f59cf14ac3b294bd621635b1e6e5439ee97f577e16dec9f5528ba3720406380?s=96&d=mm&r=g\",\"caption\":\"Julio Salgado\"},\"url\":\"https:\/\/www.rationalselling.com\/fr\/author\/jcsalgado\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"20 Security checks to \u201cBullet Proof\u201d your AWS Infrastructure - Rational Selling &amp; Sourcing","description":"Un groupe de s\u00e9curit\u00e9 agit comme un pare-feu virtuel qui contr\u00f4le le trafic entrant et sortant d'une ou plusieurs instances. Vous associez un groupe de s\u00e9curit\u00e9 au lancement de chaque instance. Comme les donn\u00e9es peuvent avoir un port IP ouvert ou \u00eatre accessibles au public, il existe des risques de violation des donn\u00e9es. Afin d'\u00e9viter l'exposition \u00e0 des failles de s\u00e9curit\u00e9, nous recommandons que seuls les ports associ\u00e9s aux groupes IP et de s\u00e9curit\u00e9 pertinents restent ouverts.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rationalselling.com\/fr\/bullet-proof-your-aws-infrastructure\/","og_locale":"fr_FR","og_type":"article","og_title":"20 Security checks to \u201cBullet Proof\u201d your AWS Infrastructure - Rational Selling &amp; Sourcing","og_description":"A security group acts as a virtual firewall that controls the inbound and outbound traffic for one or more instances. You associate a security group with the launch of each instance. Since the data may have an open IP port or is open to public access, there are chances of data breach. In order to avoid exposure to security vulnerabilities, we recommend that only ports associated with relevant IP and security groups are kept open.","og_url":"https:\/\/www.rationalselling.com\/fr\/bullet-proof-your-aws-infrastructure\/","og_site_name":"Rational Selling &amp; Sourcing","article_publisher":"https:\/\/www.facebook.com\/RationalSelling.Sourcing\/","article_published_time":"2016-10-06T07:58:30+00:00","article_modified_time":"2022-02-21T12:45:19+00:00","og_image":[{"width":300,"height":300,"url":"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/aws2.png","type":"image\/png"}],"author":"Julio Salgado","twitter_card":"summary_large_image","twitter_creator":"@rationalselling","twitter_site":"@rationalselling","twitter_misc":{"\u00c9crit par":"Julio Salgado","Dur\u00e9e de lecture estim\u00e9e":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#article","isPartOf":{"@id":"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/"},"author":{"name":"Julio Salgado","@id":"https:\/\/www.rationalselling.com\/#\/schema\/person\/d4075cceeedc73011360f2e78733d69c"},"headline":"20 Security checks to \u201cBullet Proof\u201d your AWS Infrastructure","datePublished":"2016-10-06T07:58:30+00:00","dateModified":"2022-02-21T12:45:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/"},"wordCount":938,"commentCount":0,"publisher":{"@id":"https:\/\/www.rationalselling.com\/#organization"},"image":{"@id":"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/aws2.png","keywords":["Security on AWS","Building Bulletproof Infrastructure on AWS","AWS Architecture to Support Your Application","rational Selling","Rational Selling and Sourcing"],"articleSection":["Blog"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/","url":"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/","name":"20 Security checks to \u201cBullet Proof\u201d your AWS Infrastructure - Rational Selling &amp; Sourcing","isPartOf":{"@id":"https:\/\/www.rationalselling.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#primaryimage"},"image":{"@id":"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/aws2.png","datePublished":"2016-10-06T07:58:30+00:00","dateModified":"2022-02-21T12:45:19+00:00","description":"Un groupe de s\u00e9curit\u00e9 agit comme un pare-feu virtuel qui contr\u00f4le le trafic entrant et sortant d'une ou plusieurs instances. Vous associez un groupe de s\u00e9curit\u00e9 au lancement de chaque instance. Comme les donn\u00e9es peuvent avoir un port IP ouvert ou \u00eatre accessibles au public, il existe des risques de violation des donn\u00e9es. Afin d'\u00e9viter l'exposition \u00e0 des failles de s\u00e9curit\u00e9, nous recommandons que seuls les ports associ\u00e9s aux groupes IP et de s\u00e9curit\u00e9 pertinents restent ouverts.","breadcrumb":{"@id":"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#primaryimage","url":"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/aws2.png","contentUrl":"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/aws2.png","width":300,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/www.rationalselling.com\/de\/bullet-proof-your-aws-infrastructure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.rationalselling.com\/fr\/"},{"@type":"ListItem","position":2,"name":"20 Security checks to \u201cBullet Proof\u201d your AWS Infrastructure"}]},{"@type":"WebSite","@id":"https:\/\/www.rationalselling.com\/#website","url":"https:\/\/www.rationalselling.com\/","name":"Vente et approvisionnement rationnels","description":"","publisher":{"@id":"https:\/\/www.rationalselling.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rationalselling.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.rationalselling.com\/#organization","name":"Rational Selling & Sourcing","url":"https:\/\/www.rationalselling.com\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.rationalselling.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/RS-logo-new.png","contentUrl":"https:\/\/www.rationalselling.com\/wp-content\/uploads\/2016\/12\/RS-logo-new.png","width":293,"height":43,"caption":"Rational Selling & Sourcing"},"image":{"@id":"https:\/\/www.rationalselling.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/RationalSelling.Sourcing\/","https:\/\/x.com\/rationalselling","https:\/\/www.linkedin.com\/company\/rational-selling-amp-sourcing\/"]},{"@type":"Person","@id":"https:\/\/www.rationalselling.com\/#\/schema\/person\/d4075cceeedc73011360f2e78733d69c","name":"Julio Salgado","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/7f59cf14ac3b294bd621635b1e6e5439ee97f577e16dec9f5528ba3720406380?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7f59cf14ac3b294bd621635b1e6e5439ee97f577e16dec9f5528ba3720406380?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7f59cf14ac3b294bd621635b1e6e5439ee97f577e16dec9f5528ba3720406380?s=96&d=mm&r=g","caption":"Julio Salgado"},"url":"https:\/\/www.rationalselling.com\/fr\/author\/jcsalgado\/"}]}},"_links":{"self":[{"href":"https:\/\/www.rationalselling.com\/fr\/wp-json\/wp\/v2\/posts\/8412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rationalselling.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rationalselling.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rationalselling.com\/fr\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rationalselling.com\/fr\/wp-json\/wp\/v2\/comments?post=8412"}],"version-history":[{"count":0,"href":"https:\/\/www.rationalselling.com\/fr\/wp-json\/wp\/v2\/posts\/8412\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rationalselling.com\/fr\/wp-json\/wp\/v2\/media\/8413"}],"wp:attachment":[{"href":"https:\/\/www.rationalselling.com\/fr\/wp-json\/wp\/v2\/media?parent=8412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rationalselling.com\/fr\/wp-json\/wp\/v2\/categories?post=8412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rationalselling.com\/fr\/wp-json\/wp\/v2\/tags?post=8412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}