reference deployment

ISMS-P on AWS

Meet compliance requirements and accelerate business transformation

View deployment guide

This Quick Start deploys Personal Information and Information Security Management System (ISMS-P), including security and management services that meet ISMS-P control requirements. It demonstrates how to combine different Amazon Web Services (AWS) services to support general multi-tier web applications.

This Quick Start is for organizations and users who need to create a cloud-based security infrastructure and services that comply with ISMS-P, as required by the Personal Information Protection Act and Act on Promotion of Information and Communications Network Utilization and Information Protection.

This Quick Start solution is designed to implement as many ISMS-P package controls as possible, but may not include all solutions that are recommended.

SK Shieldus logo

This Quick Start was developed by SK Shieldus in collaboration with AWS. SK Shieldus is an AWS Partner.

  •  What you'll build

  • This Quick Start sets up the following:

    • A multi-service Availability Zone (AZ) architecture with management and production virtual private networks (VPC).
    • In the management VPC:
      • AWS-managed network address translation (NAT) gateways to control public network access by the resources in the private subnets.
      • A bastion host in a public subnet that provides system administrator access and connection via Secure Shell (SSH) for troubleshooting Amazon Elastic Compute Cloud (Amazon EC2) instances. The bastion host is assigned an Elastic IP address (EIP).
    • In the production VPC:
      • AWS-managed NAT gateways to control public network access by the resources in the private subnets.
      • Web and application instances with public and private subnets for web, application, and database layers.
      • A redundant Amazon Relational Database Service (Amazon RDS) database in a multi-AZ configuration.
      • Separate Auto Scaling groups for web and application instances to secure high availability, and a three-tier web application (WordPress) that supports load balancing with an Application Load Balancer.
    • Standard security groups for Amazon EC2 instances.
    • Default AWS Identity and Access Management (IAM) configurations that include groups, roles, and instance profiles as well as customizable IAM policies.
    • AWS Key Management Service (AWS KMS) for AWS CloudTrail and Amazon RDS key encryption.
    • Amazon GuardDuty to identify external intrusion threats.
    • Notification policies based on Amazon Simple Notification Service (Amazon SNS) topics to capture Amazon RDS CPU and storage alarms.
    • AWS Config rules to monitor security policies and compliance.
    • AWS WAF for creating response rules (Core Rule, WordPress, Application, SQL database, PHP application) automatically against the top 10 Open Web Application Security Project (OWASP) vulnerabilities.
    • Amazon Simple Storage Service (Amazon S3) buckets for centralized logging.
    • Amazon CloudWatch metric filters and alarms to monitor various aspects of the infrastructure, including the reliability, availability, and performance of Amazon RDS.
    • Amazon CloudWatch alarms to trigger Amazon SNS topics and send email notifications.
    • AWS Systems Manager for managing Amazon Machine Images (AMI) and keeping them current.
    • AWS Secrets Manager for creating and rotating the database password.
    ISMS-P architecture diagram

    Switch to full-screen view

  •  How to deploy

  • To deploy ISMS-P, follow the instructions in the deployment guide. The deployment process takes about 1 hour and includes these steps:

    1. If you don't already have an AWS account, sign up at https://aws.amazon.com, and sign in to your account. 
    2. Launch the Quick Start by selecting the CloudFormation template in the AWS Console. 
    3. Test the deployment.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

    View deployment guide for details
  •  Cost and licenses

  • You are responsible for the cost of the AWS services used while running this Quick Start. There is no additional cost for using the Quick Start.

    This Quick Start does not require a license to deploy ISMS-P.

    The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of the settings, such as the instance type, affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy the Quick Start, we recommend that you enable the AWS Cost and Usage Report. This report delivers billing metrics to an S3 bucket in your account. It provides cost estimates based on usage throughout each month and aggregates the data at the end of the month. For more information about the report, see What are AWS Cost and Usage Reports?