Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Can I securely lock down my AWS instances and AMIs I distribute?
3 points by EGreg 6 months ago | hide | past | favorite | 1 comment
I am planning to teach a 10-part course where others will learn how to open a business, get AWS credits and host our open-source software platform on AWS in their own account, and generate revenue for services such as hosting and supporting community software, community moderation, translation, event organizing, promotion, photography, matchmaking, etc. etc.

By the way, if you'd be interested in joining the course, comment below and let me know. For anyone who's curious, it's described here: https://qbix.com/ecosystem#Current-Ecosystem

Anyway, so I would like to package up the entire solution as an Amazon AMI and put it in their marketplace, with licensing etc.

I don't want the people hosting to be able to SSH in, or even Connect via the Amazon console. This is to ensure security for the end-customer, meaning the database, files and other information on that instance would be physically on an RDS volume connected to that EC2 instance in Amazon's data center, while the account owner would not have access to that RDS volume because presumably it would be encrypted by the EC2 machine.

How to best prevent unauthorized access, what can I guarantee in terms of privacy to our users, even when third parties launch EC2 instances based on our AMI?

I can use sbin/nologin to disable the login shell completely for the root user and the users that will be accessing the files. I envision there being a nologin user which periodically checks various git endpoints (such as github) for new changesets and scripts whose hashes have been crypto signed by at least 2 participants in our ecosystem in charge of auditing the scripts (their private keys are a bit like Certificate Authorities).

The scripts would be executed on the machine, but no one (except with physical access to the machine and its RAM at Amazon's data centers and exceeding their authority) would be able to exfiltrate any private data, without going through our web app.

I can also totally disable the ssh service from running, so people can't ssh into the machine for any user. How do I disable the Amazon Connect console also?

And how can I best ensure whole-disk encryption, or at least partial encryption, by the locked-down EC2 instance on RDS, to prevent exfiltration of the data on it?

Or should I just go with Amazon Aurora and have the password / credentials be generated by the EC2 instance and not be available anywhere else? And store the files as BLOBs in that database?

Can people familiar with Amazon Web Services chime in here? I would like to provide some guarantees to our end-users, the Communities and Members, that their information would be private and not accessible by the other parties (except party 3 below). It looks like this:

  1. Qbix (the core developers)
  2. Plugins (plugin developers)
  3. Hosting (Amazon, Google, etc.)
  4. Resellers (customers of Amazon) 
      provide services to communities
  5. Communities (customers of the Resellers)
  6. Members (the end-user, pays communities)



I see Amazon offers encryption on-disk as well: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncry...

Can they themselves break into the box?

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharing-...




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: