Life Sciences

Navigating GDPR Compliance on AWS

Issue link:

Contents of this Issue


Page 16 of 31

Amazon Web Services Navigating GDPR Compliance on AWS 12 Geo-Restrictions You can use geo-restrictions—also known as geoblocking—to prevent users in specific geographic locations from accessing content that you're distributing through an Amazon CloudFront web distribution. There are two options for using geo-restrictions: • CloudFront geo-restriction feature – Select this option to restrict access to all of the files that are associated with a CloudFront distribution, and to restrict access at the country level. • Third-party geolocation service – Select this option to restrict access to a subset of the files that are associated with a distribution, or to restrict access at a finer level of granularity than the country level. Beyond these two options, geo-limiting capabilities exist for newly launched Regions. While AWS Regions introduced before March 20, 2019 are enabled by default. Regions introduced after March 20, 2019, such as Asia Pacific (Hong Kong) and Middle East (Bahrain), are disabled by default. You must enable these Regions before you can use them. If an AWS Region is disabled by default, you can use the AWS Management Console to enable and disable the Region. Enabling and disabling AWS Regions allows you to control whether users in your AWS account can access resources in that Region.5 Control Access to Web Applications and Mobile Apps AWS provides service for managing data access control within their applications. If you need to add user login and access control features to your web applications and mobile apps, you can use Amazon Cognito. Amazon Cognito User Pools provide a secure user directory that scales to hundreds of millions of users. To protect the identity of the users, you can add multi-factor authentication (MFA) to your user pools. You can also use adaptive authentication, which uses a risk-based model to predict when you might need another authentication factor. With Amazon Cognito, you can see who accessed your resources and where the access originated (mobile app or web application). You can use this information to create security policies that allow or deny access to a resource based on the type of access origin (mobile app or web application).

Articles in this issue

view archives of Life Sciences - Navigating GDPR Compliance on AWS