Payment Card Industry Data Security Standards or PCI DSS, are a set of 12 requirements with over 300 controls which apply to any organization which stores, processes or transmits credit card data. Today, I will attempt to add some clarity around PCI compliance within AWS.
Concepts and practices were sourced from the referenced document below and here I will break it down further. I do suggest you first read the Architecting for PCI DSS Scoping and Segmentation on AWS and come back to enhance your understanding of the methods being applied and its rationale.
For a quick primer on PCI-DSS, please refer to the council's overview PDF.Referenced from: https://d1.awsstatic.com/whitepapers/pci-dss-scoping-on-aws.pdf
Infrastructure Services
Infrastructure services such as EC2 require the most amount of effort from a PCI compliance perspective based on the AWS Shared Responsibility Model.
Other services are categorized as ‘Abstracted’ or ‘Containerized’ (not to be confused with containers such as Docker or such services as Fargate thoughencompassed by this category).
Examples are EC2 instances which require host based firewalls, configuration and patch management, OS level logging, and an assurance of non-vendor defaults such as the usageCIS bench-marking (using AWS AMIs should be sufficient).
Kubernetes on EC2
Like EC2, ECS and EKS are all deemed ‘Infrastructure’ based services. These ..
Support the originator by clicking the read the rest link below.
