Arara Solutions operates in a strict “zero access” mode, in which we do not possess any access to instances launched by our customers utilizing our provided Amazon Machine Images (AMIs). Furthermore, we do not retain any passwords and do not install any software that would enable us to access instances in any manner. The default password is established during the initial boot-up process and is set to match the EC2 Instance Id, this process occurs within the customer’s account and Arara Solutions does not have access to this confidential information.
Once the instance is running, Security and Compliance is a shared responsabilit between AWS and the customer. Please follow this link to learn more: https://aws.amazon.com/compliance/shared-responsibility-model/
To improve your security posture, we also recommend:
Change the default password as soon as possible after the instance is launched.
Lock down your Security Groups, allowing only access to your instances only from the IPs that you recognize.
Use KMS encryption in our EBS Volumes.
Regularly update the operating system to install security updates / patches.
Perform regular snapshots of your instance, for restoration in case of data loss.