You own a customer-facing application running in AWS on Amazon EKS, with supporting services in Amazon RDS and Amazon S3. The application stores customer policy and claims data, and a recent internal review found that engineers have broad IAM permissions, several workloads still use long-lived credentials, and production changes are difficult to roll back safely. You need to improve the security posture without slowing down normal software delivery.
How would you design the AWS security and infrastructure approach for this environment so that identity, secrets, network access, deployment safety, and monitoring are handled correctly? Be explicit about the AWS services and controls you would use, which threats they mitigate, and how you would verify the design works in production.
AWS identity design with IAM, IAM Identity Center, and IRSASecrets lifecycle with AWS Secrets Manager and KMSEKS network and policy controlsSafe deployment and rollback designConcrete monitoring and incident response