/
AWS: Security Resources & Guidance

AWS: Security Resources & Guidance

Owned by Cyd
Apr 25, 2025

AWS provides a native threat detection service called Amazon GuardDuty, which continuously monitors your account and workloads for malicious activity and delivers detailed security findings for visibility and remediation. You may receive notifications from the Office of Information Assurance (OIA) to remediate these security events. For help understanding these findings, please review Understanding Amazon GuardDuty findings.

Each AWS account has been set up with access to Nutanix Flow Security Central. This security monitoring tool is licensed by the University and made available to you at no cost. You should have received an invitation or “Welcome” email from Nutanix (if not, reach out to research-it@ucsd.edu); follow the link in that email to set your password and gain access. Please log into My Nutanix regularly to look for any security issues that should be addressed. Note that it may take up to 48 hours for AWS activity to be reflected.

From the University of California system-wide information security policy BFB-IS-3: Electronic Information Securityversion control is required for production source code and configurations. Access to source code and configurations classified as Protection Level 3 or higher must be restricted to authorized users. For more information on Protection Levels: Classification of Information and IT Resources.

One of the most common security breaches is leaked credentials on public version control systems (e.g., GitHub). Please ensure users do not put unencrypted access keys in their code. When on-boarding users, provide information about the risks associated with leaked credentials, such as crypto mining. This can be extremely costly, and potentially unrecoverable.

If suspicious behavior and vulnerabilities are discovered, OIA may block, shutdown, or terminate cloud resources. OIA will send notices that may include warnings that noncompliance will result in blocked access. However, in severe circumstances, access may be blocked without warning (e.g., if crypto mining is detected).