Security considerations
Arara Solutions operates under a strict “zero access” policy, meaning we have no access to instances launched by our customers using our provided Amazon Machine Images (AMIs). We do not store passwords or install any software that would grant us access to these instances in any way. The default password is generated during the initial boot process and is set to the EC2 Instance ID. This process occurs entirely within the customer’s account, and Arara Solutions does not have access to this confidential information.
Once the instance is running, security and compliance are shared responsibilities between AWS and the customer. To learn more, please visit: https://aws.amazon.com/compliance/shared-responsibility-model/.
To enhance your security posture, we also recommend the following:
-
Change the default password immediately after launching the instance.
-
Restrict access to your instances by configuring Security Groups to allow connections only from trusted IP addresses.
-
Enable KMS encryption for your EBS volumes.
-
Regularly update the operating system to apply the latest security updates and patches.
-
Schedule regular snapshots of your instance to ensure quick restoration in the event of data loss.