Meltdown, Spectre and Linux on AWS: Security vs. performance

0

The Meltdown and Spectre story continues. Even though Amazon Web Services’ (AWS) response shows that they’ve already patched and protected their infrastructure you still have work to do. AWS’ Shared Responsibility Model means that you are responsible for patching the operating system running on your EC2 instances, and this is where things get … complicated.

If you want the TL;DR from all this, here are a few general rules to follow:

  1. Run your EC2 instances using the most recent AMI that you can which uses the HVM virtualisation mode
  2. Patch your operating systems to make sure you have the Meltdown fixes applied
  3. Update to more recent EC2 instance families
  4. Run the latest Linux kernel you can to ensure you have PCID support

Read full news article on JAXenter