Review the general requirements for deploying
Cyber Recovery to
Amazon Web Services (AWS). Follow
Amazon Web Services (AWS) best practices to ensure proper security.
Create an AWS account
To deploy
Cyber Recovery to AWS, you must have an AWS account. To set up an account, go to
Getting Started with AWS.
NOTE:Ensure that the AWS account includes the AWS user with privileges to create resources.
Identity and access management
AWS recommends that you create an identity and access management (IAM) user or role for authenticating with AWS. Never use root credentials to deploy a CloudFormation template. The IAM user must be allowed to perform AWS CloudFormation actions.
The following links provide more information about AWS best practices:
Amazon recommends that you enable AWS CloudTrail logs to enable governance, compliance, and operational and risk auditing of your AWS account. AWS CloudTrail enables you to do the following:
View the event history of your AWS account activity, including AWS Management Console actions, AWS SDKs, CLI, and other AWS services. This event history helps to simplify security analysis, resource change tracking, and troubleshooting.
Identify the initiator of actions, resources involved, and event timing.
Amazon recommends that you enable S3 server access logging, which provides detailed records for requests that are made to an Amazon S3 bucket. Server access logs are useful for many applications. For example, access log information is useful for security and access audits.
Use VPC Flow logs for information about the IP traffic between the network interfaces in your VPC. For more information, see
Logging IP traffic using VPC Flow Logs.
AWS service limits and restrictions
The following links provide more information about AWS service limits and restrictions: