NIST High Impact on AWS

Use this Quick Start to build a cloud architecture that helps support the NIST SP 800-53 high-impact security control baseline, as well as the assessment and authorization frameworks that include the requirements from the high-impact baseline. The deployment includes the following components and features:

• Basic AWS Identity and Access Management (IAM) configuration with custom (IAM) policies, with associated groups, roles, and instance profiles.
  
• Standard, external-facing Amazon Virtual Private Cloud (Amazon VPC) Multi-AZ architecture with separate subnets for different application tiers and private (back-end) subnets for application and database. The Multi-AZ architecture helps ensure high availability.
  
• Amazon Simple Storage Service (Amazon S3) buckets for encrypted web content, logging, and backup data.
• Standard Amazon VPC security groups for Amazon Elastic Compute Cloud (Amazon EC2) instances and load balancers used in the sample application stack. The security groups limit access to only necessary services.
  
• Three-tier Linux web application using Auto Scaling and Elastic Load Balancing, which can be modified and/or bootstrapped with customer application.
• A secured bastion login host to facilitate command-line Secure Shell (SSH) access to Amazon EC2 instances for troubleshooting and systems administration activities.
• Encrypted, Multi-AZ Amazon Relational Database Service (Amazon RDS) MySQL database.
• Logging, monitoring, and alerts using AWS CloudTrail, Amazon CloudWatch, and AWS Config rules (where available).
• Policies for Deep Security proactive host-based protection to include preventing, monitoring, logging, and alerting for anti-malware, web reputation, file integrity, IPS/IDS, and host firewall

For details, see the Quick Start deployment guide.