Threat Modeling For AWS: Building A Microservice Architecture


With the adoption of cloud data centers, organizations are now able to scale their applications at reasonable costs. Most cloud platform infrastructures are serverless – meaning IT infrastructure systems are performed by the cloud platform provider. Therefore, security teams focus more on functioning tasks rather than IT operations. As a result, operational processes are reduced, creating security issues and increasing the attack surface.

Threat Modeling for AWS

Threat modeling is the best approach to understand threats and risks unique to your application in cloud-native architectures. When implementing threat modeling for AWS or other serverless cloud environments, a 3-tier architectural pattern is typically utilized. The three tiers are the presentation tier, logic tier, and data tier. The presentation tier operates as the user interface and it’s created by the API gateway. The logic tier drives the application’s behavior and the data tier is where data is stored.

A microservice architecture allows the continuous deployment of larger applications, enabling organizations to constantly develop their technology expansion. In microservices, presentation and logic tiers are usually connected, bringing many benefits to the overall architecture, but they can also increase security concerns.

Learn More: Creating a Basic AWS Cloud Threat Model

Building A Microservice Architecture For An AWS Environment

In a microservice architecture, each request for the application generates an API clone. Moreover, every time an API is processed, a new command of the logic tier is instigated, with the opportunity to process several calls from each API clone.

When threat modeling for AWS, the difference between applications developed for a microservice environment and a deployment environment is insignificant. An application developed for a microservice architecture becomes the deployment environment. Identifying threats and vulnerabilities for that type of application can be different than doing it for traditional applications, requiring a different approach to threat modeling for AWS.

Threat modeling for AWS microservices architecture

Figure 1 shows a threat modeling diagram for AWS deployed in a microservices architecture employing ThreatModeler. This application allows registering and authenticating users, recovering user passwords and providing fundamental feedback of user file uploads.

The presentation tier was presented as cloned AWS API gateways within a public subnet. The AWS-specific architectural components in ThreatModeler are pre-mapped to AWS-specific threats. The logic tier in an AWS serverless environment is formed around their Lambda service. In a microservice deployment, the logic process for each application is described as a separate Lambda function.

When building an AWS threat model, only one Lambda is required for each application to function properly. However, a microservice architecture will call as many clones of each function to serve calls from API gateways.

ThreatModeler provides users with prebuilt architecture components and templates applicable to AWS environments. It can take 10-15 minutes to build the above threat model by employing ThreatModeler.

About ThreatModeler

ThreatModeler is an automated threat modeling tool that strengthens an enterprise’s SDLC by identifying, predicting and defining threats across all applications and devices in the operational IT stack. This automated platform works with all types of computing environments.

To learn more about why ThreatModeler is an excellent choice for your enterprise, request a free evaluation of the ThreatModeler platform or contact us to speak with an application threat modeling expert today.

Leave a Reply

You must be logged in to post a comment.