Reputation: 759
I have recently started development using Amazon web services. I built a sample application using the examples which worked well. I had assumed (wrongly) that was the only user that could navigate to the URL's since, I was logged in with my amazon credentials.
Apparently anyone can access the site without logging in to amazon - not something I want.
I have started looking at AWS Userguide Security
which is a start, I am looking for articles/web sites which will guide me through implementation of a secure web site hosted on amazon.
Upvotes: 0
Views: 105
Reputation: 1145
Amazon credentials have nothing to do with the Web Application you have crafted. Here are 2 options for you:
Introduce Authentication concept to your application: anything from simple http basic authentication (using standard Apachee / IIS modules. see Apachee docs) to full blown users management, secured password storage, cookies, password change/reset flows etc...
Alternatively, you can use Dome9 to block your web application at the network level and then grant yourself (or other users) 'Access Leases' using Dome9 portal.
Disclaimer: I'm a Dome9'er
Upvotes: 1