SlideShare a Scribd company logo

Security Boundaries and Functions of Services for Serverless Architectures on AWS - AWS Serverless Web Day

AWS Germany
AWS Germany

Vortrag "Security Boundaries and Functions of Services for Serverless Architectures on AWS" von Bertram Dorn beim AWS Serverless Web Day. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/28QIaxM

Technology
1 of 23
Download to read offline
Security Aspekts on Services for Serverless Architectures Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance
Agenda: • Security in General • Services in Scope • Aspects of Services for Serverless Architectures • API Endpoint Concept • API Calls • Some Service Details
What is AWS? AWS Global Infrastructure Application Services Networking Deployment & Administration DatabaseStorageCompute
Service in Scope I • Architect should not care about AZ setup • Architect should not care about scaling • Architect should not care about availability • Architect should not care about sizing • Architect should not care about serivce side communication • Architect should not take action on service side security
ENTERPRISE APPS DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS Data Warehousing Hadoop/ Spark Streaming Data Collection Machine Learning Elastic Search Virtual Desktops Sharing & Collaboration Corporate Email Backup Queuing & Notifications Workflow Search Email Transcoding One-click App Deployment Identity Sync Single Integrated Console Push Notifications DevOps Resource Management Application Lifecycle Management Containers Triggers Resource Templates TECHNICAL & BUSINESS SUPPORT Account Management Support Professional Services Training & Certification Security & Pricing Reports Partner Ecosystem Solutions Architects MARKETPLACE Business Apps Business Intelligence Databases DevOps Tools NetworkingSecurity Storage Regions Availability Zones Points of Presence INFRASTRUCTURE CORE SERVICES Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS CDN Access Control Identity Management Key Management & Storage Monitoring & Logs Assessment and reporting Resource & Usage Auditing SECURITY & COMPLIANCE Configuration Compliance Web application firewall HYBRID ARCHITECTURE Data Backups Integrated App Deployments Direct Connect Identity Federation Integrated Resource Management Integrated Networking API Gateway IoT Rules Engine Device Shadows Device SDKs Registry Device Gateway Streaming Data Analysis Business Intelligence Mobile Analytics
ENTERPRISE APPS DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS Data Warehousing Hadoop/ Spark Streaming Data Collection Machine Learning Elastic Search Virtual Desktops Sharing & Collaboration Corporate Email Backup Queuing & Notifications Workflow Search Email Transcoding One-click App Deployment Identity Sync Single Integrated Console Push Notifications DevOps Resource Management Application Lifecycle Management Containers Triggers Resource Templates TECHNICAL & BUSINESS SUPPORT Account Management Support Professional Services Training & Certification Security & Pricing Reports Partner Ecosystem Solutions Architects MARKETPLACE Business Apps Business Intelligence Databases DevOps Tools NetworkingSecurity Storage Regions Availability Zones Points of Presence INFRASTRUCTURE CORE SERVICES Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS CDN Access Control Identity Management Key Management & Storage Monitoring & Logs Assessment and reporting Resource & Usage Auditing SECURITY & COMPLIANCE Configuration Compliance Web application firewall HYBRID ARCHITECTURE Data Backups Integrated App Deployments Direct Connect Identity Federation Integrated Resource Management Integrated Networking API Gateway IoT Rules Engine Device Shadows Device SDKs Registry Device Gateway Streaming Data Analysis Business Intelligence Mobile Analytics
AWS Global Footprint US West (N.California) US West (Oregon) GovCloud US East (Virginia) EU West (Ireland) Asia Pacific (Tokyo) Asia Pacific (Singapore) Asia Pacific (Sydney) China (Beijing) São Paulo EU Central (Frankfurt) Korea (Seul) Region An independent collection of AWS resources in a defined geography A solid foundation for meeting location- dependent privacy and compliance requirements
AWS Global Footprint Availability Zone Designed as independent failure zones Physically separated within a typical metropolitan region
Shared Responsibility Cross-service Controls Service-specific Controls Managed by AWS Managed by Customer Security of the Cloud Security in the Cloud Cloud Service Provider Controls Optimized Network/OS/App Controls Request reports at: aws.amazon.com/compliance/#contact ISO 27000 ISO 9001
Service in Scope II • Architect needs to care about IAM • Architect must secuire his access keys • Architect should be aware of service features • Architect should cross check service against compliance setup • Architect must take care of encryption • Knowledge of the service features • Know how to work his own encryption into the architecture
ENTERPRISE APPS DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS Data Warehousing Hadoop/ Spark Streaming Data Collection Machine Learning Elastic Search Virtual Desktops Sharing & Collaboration Corporate Email Backup Queuing & Notifications Workflow Search Email Transcoding One-click App Deployment Identity Sync Single Integrated Console Push Notifications DevOps Resource Management Application Lifecycle Management Containers Triggers Resource Templates TECHNICAL & BUSINESS SUPPORT Account Management Support Professional Services Training & Certification Security & Pricing Reports Partner Ecosystem Solutions Architects MARKETPLACE Business Apps Business Intelligence Databases DevOps Tools NetworkingSecurity Storage Regions Availability Zones Points of Presence INFRASTRUCTURE CORE SERVICES Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS CDN Access Control Identity Management Key Management & Storage Monitoring & Logs Assessment and reporting Resource & Usage Auditing SECURITY & COMPLIANCE Configuration Compliance Web application firewall HYBRID ARCHITECTURE Data Backups Integrated App Deployments Direct Connect Identity Federation Integrated Resource Management Integrated Networking API Gateway IoT Rules Engine Device Shadows Device SDKs Registry Device Gateway Streaming Data Analysis Business Intelligence Mobile Analytics
API • WebInterface • CLI • SDK • API Architect AWS IAM Resource / Application User Amazon S3 Amazon DynamoDB Amazon API Gateway Amazon SES Amazon SQS Application API Features • DDoS Protected • MultiAZ • Available • Encryption in Transport • Authenticated • Logging
Services for Serverless Architectures • Route53 • CloudFront • Lambda • API Gateway • S3 • SNS • SQS • KMS • SWF • ELB • Kinesis • DynamoDB • Elasticsearch • Redshift • RDS Full Flexible Sizing Needed Sizing/Communication
Aws Shared Responsibility • Secure Infrastructure (Physics/Logic/Certification) • Tennant Isolation • Availability • Platform Scaling • In some services: Crypto Options
Amazon S3 • Secure Transport • Sever Side Encryption • Individual Vector for each object • Re-Encryption through copy and versioning • KMS Integration • Customer Managed KEYs • IAM integration • Versioning • MFA Delete • Storage Class • S3 Logging Security related features which need to be instrumented by the Architect
A view on S3 Bucket with Objects Region S3 Bucket with Objects • WebInterface • CLI • SDK • API Admin For instrumentation AWS AWS IAM Command PATH S3 Endpoints Datapath HTTP(s) Bucket Policy Object Policy User Policy S3 Logging Amazon S3
Amazon API Gateway • Secure Transport • Setup of Paths • Secure coding inside the Lambda functions • Client Certificates • CloudWatchLogs Logging Security related features which need to be instrumented by the Architect
A view on API Gateway AWS Region • WebInterface • CLI • SDK • API Admin For instrumentation AWS AWS IAM Command PATH APP GW Endpoints Datapath HTTP(s) CloudWatch Logs Amazon API Gateway Mockups Proxy
AWS Lambda Possibilities which need to be instrumented by the Architect • IAM Role needs to be focussed • Secure Coding • CloudWatchLogs Logging • Well choosen triggers
A view on Lambda AWS Region • WebInterface • CLI • SDK • API Admin For instrumentation AWS AWS IAM Command PATH APP GW Endpoints Datapath HTTP(s) CloudWatch Logs AWS Lambda Other Services
Amazon SES Amazon SQS • IAM Role needs to be focussed • What data dou you send • Subscribers • Take care of logging
A view on Messaging AWS Region • WebInterface • CLI • SDK • API Admin For instrumentation AWS AWS IAM Command PATH APP GW Endpoints Datapath HTTP(s) CloudTrail Other Services Amazon SES Amazon SQS
Thank You Bertram Dorn

Recommended

Securing Serverless Architectures - AWS Serverless Web Day
Securing Serverless Architectures - AWS Serverless Web DaySecuring Serverless Architectures - AWS Serverless Web Day
Securing Serverless Architectures - AWS Serverless Web DayAWS Germany
 
Connecting to AWS IoT
Connecting to AWS IoTConnecting to AWS IoT
Connecting to AWS IoTAmazon Web Services
 
Securing Serverless Architectures - Pop-up Loft TLV 2017
Securing Serverless Architectures - Pop-up Loft TLV 2017Securing Serverless Architectures - Pop-up Loft TLV 2017
Securing Serverless Architectures - Pop-up Loft TLV 2017Amazon Web Services
 
AWS March 2016 Webinar Series Getting Started with Serverless Architectures
AWS March 2016 Webinar Series Getting Started with Serverless ArchitecturesAWS March 2016 Webinar Series Getting Started with Serverless Architectures
AWS March 2016 Webinar Series Getting Started with Serverless ArchitecturesAmazon Web Services
 
AWS IoT Services Overview- IoT Core, Monitoring, Analytics by Jake Scherrer
AWS IoT Services Overview- IoT Core, Monitoring, Analytics by Jake ScherrerAWS IoT Services Overview- IoT Core, Monitoring, Analytics by Jake Scherrer
AWS IoT Services Overview- IoT Core, Monitoring, Analytics by Jake ScherrerAWS Chicago
 
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017Amazon Web Services
 
Building Serverless Chat Bots - AWS August Webinar Series
Building Serverless Chat Bots - AWS August Webinar SeriesBuilding Serverless Chat Bots - AWS August Webinar Series
Building Serverless Chat Bots - AWS August Webinar SeriesAmazon Web Services
 
AWS re:Invent 2016: Robots: The Fading Line Between Real and Virtual Worlds (...
AWS re:Invent 2016: Robots: The Fading Line Between Real and Virtual Worlds (...AWS re:Invent 2016: Robots: The Fading Line Between Real and Virtual Worlds (...
AWS re:Invent 2016: Robots: The Fading Line Between Real and Virtual Worlds (...Amazon Web Services
 

Recommended

Securing Serverless Architectures - AWS Serverless Web Day
Securing Serverless Architectures - AWS Serverless Web DaySecuring Serverless Architectures - AWS Serverless Web Day
Securing Serverless Architectures - AWS Serverless Web DayAWS Germany
 
Connecting to AWS IoT
Connecting to AWS IoTConnecting to AWS IoT
Connecting to AWS IoTAmazon Web Services
 
Securing Serverless Architectures - Pop-up Loft TLV 2017
Securing Serverless Architectures - Pop-up Loft TLV 2017Securing Serverless Architectures - Pop-up Loft TLV 2017
Securing Serverless Architectures - Pop-up Loft TLV 2017Amazon Web Services
 
AWS March 2016 Webinar Series Getting Started with Serverless Architectures
AWS March 2016 Webinar Series Getting Started with Serverless ArchitecturesAWS March 2016 Webinar Series Getting Started with Serverless Architectures
AWS March 2016 Webinar Series Getting Started with Serverless ArchitecturesAmazon Web Services
 
AWS IoT Services Overview- IoT Core, Monitoring, Analytics by Jake Scherrer
AWS IoT Services Overview- IoT Core, Monitoring, Analytics by Jake ScherrerAWS IoT Services Overview- IoT Core, Monitoring, Analytics by Jake Scherrer
AWS IoT Services Overview- IoT Core, Monitoring, Analytics by Jake ScherrerAWS Chicago
 
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017Amazon Web Services
 
Building Serverless Chat Bots - AWS August Webinar Series
Building Serverless Chat Bots - AWS August Webinar SeriesBuilding Serverless Chat Bots - AWS August Webinar Series
Building Serverless Chat Bots - AWS August Webinar SeriesAmazon Web Services
 
AWS re:Invent 2016: Robots: The Fading Line Between Real and Virtual Worlds (...
AWS re:Invent 2016: Robots: The Fading Line Between Real and Virtual Worlds (...AWS re:Invent 2016: Robots: The Fading Line Between Real and Virtual Worlds (...
AWS re:Invent 2016: Robots: The Fading Line Between Real and Virtual Worlds (...Amazon Web Services
 
Build high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWSBuild high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWSShiva Narayanaswamy
 
Serverless CQRS in Azure!
Serverless CQRS in Azure!Serverless CQRS in Azure!
Serverless CQRS in Azure!BizTalk360
 
AWS API Gateway - AJUG August 2018
AWS API Gateway - AJUG August 2018AWS API Gateway - AJUG August 2018
AWS API Gateway - AJUG August 2018Yoel Spotts
 
Build a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS Lambda
Build a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS LambdaBuild a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS Lambda
Build a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS LambdaAmazon Web Services
 
AWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for DevelopersAWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for DevelopersAmazon Web Services
 
Developing Applications with the IoT Button - March 2017 AWS Online Tech Talks
Developing Applications with the IoT Button - March 2017 AWS Online Tech TalksDeveloping Applications with the IoT Button - March 2017 AWS Online Tech Talks
Developing Applications with the IoT Button - March 2017 AWS Online Tech TalksAmazon Web Services
 
Building Secure Mobile APIs
Building Secure Mobile APIsBuilding Secure Mobile APIs
Building Secure Mobile APIsAmazon Web Services
 
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"Chris Munns
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoTAmazon Web Services
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud SecurityAmazon Web Services
 
React Fast by Processing Streaming Data in Real-Time
React Fast by Processing Streaming Data in Real-TimeReact Fast by Processing Streaming Data in Real-Time
React Fast by Processing Streaming Data in Real-TimeAmazon Web Services
 
House Temperature Monitoring using AWS IoT And Raspberry Pi
House Temperature Monitoring using AWS IoT And Raspberry PiHouse Temperature Monitoring using AWS IoT And Raspberry Pi
House Temperature Monitoring using AWS IoT And Raspberry PiRoberto Falconi
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
 
AWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAmazon Web Services
 
AWS Service Drill Downs
AWS Service Drill DownsAWS Service Drill Downs
AWS Service Drill DownsAmazon Web Services
 
AWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAmazon Web Services
 
From Monolith to Microservices - Containerized Microservices on AWS - April 2...
From Monolith to Microservices - Containerized Microservices on AWS - April 2...From Monolith to Microservices - Containerized Microservices on AWS - April 2...
From Monolith to Microservices - Containerized Microservices on AWS - April 2...Amazon Web Services
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Amazon Web Services
 
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIsAmazon Web Services
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTAmazon Web Services
 
Lambda and serverless - DevOps North East Jan 2017
Lambda and serverless - DevOps North East Jan 2017Lambda and serverless - DevOps North East Jan 2017
Lambda and serverless - DevOps North East Jan 2017Mike Shutlar
 
Leveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web Day
Leveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web DayLeveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web Day
Leveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web DayAWS Germany
 

More Related Content

What's hot

Build high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWSBuild high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWSShiva Narayanaswamy
 
Serverless CQRS in Azure!
Serverless CQRS in Azure!Serverless CQRS in Azure!
Serverless CQRS in Azure!BizTalk360
 
AWS API Gateway - AJUG August 2018
AWS API Gateway - AJUG August 2018AWS API Gateway - AJUG August 2018
AWS API Gateway - AJUG August 2018Yoel Spotts
 
Build a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS Lambda
Build a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS LambdaBuild a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS Lambda
Build a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS LambdaAmazon Web Services
 
AWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for DevelopersAWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for DevelopersAmazon Web Services
 
Developing Applications with the IoT Button - March 2017 AWS Online Tech Talks
Developing Applications with the IoT Button - March 2017 AWS Online Tech TalksDeveloping Applications with the IoT Button - March 2017 AWS Online Tech Talks
Developing Applications with the IoT Button - March 2017 AWS Online Tech TalksAmazon Web Services
 
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"Chris Munns
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud SecurityAmazon Web Services
 
React Fast by Processing Streaming Data in Real-Time
React Fast by Processing Streaming Data in Real-TimeReact Fast by Processing Streaming Data in Real-Time
React Fast by Processing Streaming Data in Real-TimeAmazon Web Services
 
House Temperature Monitoring using AWS IoT And Raspberry Pi
House Temperature Monitoring using AWS IoT And Raspberry PiHouse Temperature Monitoring using AWS IoT And Raspberry Pi
House Temperature Monitoring using AWS IoT And Raspberry PiRoberto Falconi
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
 
AWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAmazon Web Services
 
AWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAmazon Web Services
 
From Monolith to Microservices - Containerized Microservices on AWS - April 2...
From Monolith to Microservices - Containerized Microservices on AWS - April 2...From Monolith to Microservices - Containerized Microservices on AWS - April 2...
From Monolith to Microservices - Containerized Microservices on AWS - April 2...Amazon Web Services
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Amazon Web Services
 
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIsAmazon Web Services
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTAmazon Web Services
 

What's hot (20)

Build high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWSBuild high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWS
 
Serverless CQRS in Azure!
Serverless CQRS in Azure!Serverless CQRS in Azure!
Serverless CQRS in Azure!
 
AWS API Gateway - AJUG August 2018
AWS API Gateway - AJUG August 2018AWS API Gateway - AJUG August 2018
AWS API Gateway - AJUG August 2018
 
Build a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS Lambda
Build a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS LambdaBuild a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS Lambda
Build a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS Lambda
 
AWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for DevelopersAWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for Developers
 
Developing Applications with the IoT Button - March 2017 AWS Online Tech Talks
Developing Applications with the IoT Button - March 2017 AWS Online Tech TalksDeveloping Applications with the IoT Button - March 2017 AWS Online Tech Talks
Developing Applications with the IoT Button - March 2017 AWS Online Tech Talks
 
Building Secure Mobile APIs
Building Secure Mobile APIsBuilding Secure Mobile APIs
Building Secure Mobile APIs
 
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security
 
React Fast by Processing Streaming Data in Real-Time
React Fast by Processing Streaming Data in Real-TimeReact Fast by Processing Streaming Data in Real-Time
React Fast by Processing Streaming Data in Real-Time
 
House Temperature Monitoring using AWS IoT And Raspberry Pi
House Temperature Monitoring using AWS IoT And Raspberry PiHouse Temperature Monitoring using AWS IoT And Raspberry Pi
House Temperature Monitoring using AWS IoT And Raspberry Pi
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
 
AWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by Design
 
AWS Service Drill Downs
AWS Service Drill DownsAWS Service Drill Downs
AWS Service Drill Downs
 
AWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoT
 
From Monolith to Microservices - Containerized Microservices on AWS - April 2...
From Monolith to Microservices - Containerized Microservices on AWS - April 2...From Monolith to Microservices - Containerized Microservices on AWS - April 2...
From Monolith to Microservices - Containerized Microservices on AWS - April 2...
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
 
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoT
 

Viewers also liked

Lambda and serverless - DevOps North East Jan 2017
Lambda and serverless - DevOps North East Jan 2017Lambda and serverless - DevOps North East Jan 2017
Lambda and serverless - DevOps North East Jan 2017Mike Shutlar
 
Leveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web Day
Leveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web DayLeveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web Day
Leveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web DayAWS Germany
 
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesVorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesDefconRussia
 
Programming Amazon Web Services for Beginners (1)
Programming Amazon Web Services for Beginners (1)Programming Amazon Web Services for Beginners (1)
Programming Amazon Web Services for Beginners (1)Markus Klems
 
Serverless Frameworks on AWS
Serverless Frameworks on AWSServerless Frameworks on AWS
Serverless Frameworks on AWSJulien SIMON
 
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...Amazon Web Services
 
Securing Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsSecuring Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsAmazon Web Services
 
Building Web Scale Applications with AWS
Building Web Scale Applications with AWSBuilding Web Scale Applications with AWS
Building Web Scale Applications with AWSAmazon Web Services
 
AWS re:Invent 2016: Operating Your Production API (SVR402)
AWS re:Invent 2016: Operating Your Production API (SVR402)AWS re:Invent 2016: Operating Your Production API (SVR402)
AWS re:Invent 2016: Operating Your Production API (SVR402)Amazon Web Services
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014Amazon Web Services
 
Building Serverless APIs on AWS
Building Serverless APIs on AWSBuilding Serverless APIs on AWS
Building Serverless APIs on AWSJulien SIMON
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyJason Suttie
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017kieranjacobsen
 
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...Amazon Web Services
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriOWASP Delhi
 

Viewers also liked (20)

Lambda and serverless - DevOps North East Jan 2017
Lambda and serverless - DevOps North East Jan 2017Lambda and serverless - DevOps North East Jan 2017
Lambda and serverless - DevOps North East Jan 2017
 
Leveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web Day
Leveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web DayLeveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web Day
Leveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web Day
 
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesVorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
 
Programming Amazon Web Services for Beginners (1)
Programming Amazon Web Services for Beginners (1)Programming Amazon Web Services for Beginners (1)
Programming Amazon Web Services for Beginners (1)
 
Serverless Frameworks on AWS
Serverless Frameworks on AWSServerless Frameworks on AWS
Serverless Frameworks on AWS
 
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...
 
Securing Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsSecuring Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOps
 
Building Web Scale Applications with AWS
Building Web Scale Applications with AWSBuilding Web Scale Applications with AWS
Building Web Scale Applications with AWS
 
AWS re:Invent 2016: Operating Your Production API (SVR402)
AWS re:Invent 2016: Operating Your Production API (SVR402)AWS re:Invent 2016: Operating Your Production API (SVR402)
AWS re:Invent 2016: Operating Your Production API (SVR402)
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
 
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
 
Building Serverless APIs on AWS
Building Serverless APIs on AWSBuilding Serverless APIs on AWS
Building Serverless APIs on AWS
 
AWS Serverless Workshop
AWS Serverless WorkshopAWS Serverless Workshop
AWS Serverless Workshop
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017
 
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit Giri
 

Similar to Security Boundaries and Functions of Services for Serverless Architectures on AWS - AWS Serverless Web Day

AWS Initiate Berlin - Security Sessions - Mitigating Cyber Risks.pdf
AWS Initiate Berlin - Security Sessions - Mitigating Cyber Risks.pdfAWS Initiate Berlin - Security Sessions - Mitigating Cyber Risks.pdf
AWS Initiate Berlin - Security Sessions - Mitigating Cyber Risks.pdfAmazon Web Services
 
SMC301 The State of Serverless Computing
SMC301 The State of Serverless ComputingSMC301 The State of Serverless Computing
SMC301 The State of Serverless ComputingAmazon Web Services
 
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...Amazon Web Services
 
Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - TorontoAmazon Web Services
 
How to build and deploy serverless apps - AWS Summit Cape Town 2018
How to build and deploy serverless apps - AWS Summit Cape Town 2018How to build and deploy serverless apps - AWS Summit Cape Town 2018
How to build and deploy serverless apps - AWS Summit Cape Town 2018Amazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Amazon Web Services
 
Operating and Managing Hybrid Cloud on AWS
Operating and Managing Hybrid Cloud on AWSOperating and Managing Hybrid Cloud on AWS
Operating and Managing Hybrid Cloud on AWSTom Laszewski
 
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...Amazon Web Services
 
The State of Serverless Computing | AWS Public Sector Summit 2017
The State of Serverless Computing | AWS Public Sector Summit 2017The State of Serverless Computing | AWS Public Sector Summit 2017
The State of Serverless Computing | AWS Public Sector Summit 2017Amazon Web Services
 
re:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWS
re:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWSre:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWS
re:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWSAnuj Dewangan
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial ServicesAmazon Web Services
 
Build an app on aws for your first 10 million users (2)
Build an app on aws for your first 10 million users (2)Build an app on aws for your first 10 million users (2)
Build an app on aws for your first 10 million users (2)AWS Vietnam Community
 
Introducing “Well-Architected” For Developers - Technical 101
Introducing “Well-Architected” For Developers - Technical 101Introducing “Well-Architected” For Developers - Technical 101
Introducing “Well-Architected” For Developers - Technical 101Amazon Web Services
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...Amazon Web Services Korea
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersAmazon Web Services
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersAmazon Web Services
 
Secure your critical workload on AWS
Secure your critical workload on AWSSecure your critical workload on AWS
Secure your critical workload on AWSAmazon Web Services
 

Similar to Security Boundaries and Functions of Services for Serverless Architectures on AWS - AWS Serverless Web Day (20)

AWS Initiate Berlin - Security Sessions - Mitigating Cyber Risks.pdf
AWS Initiate Berlin - Security Sessions - Mitigating Cyber Risks.pdfAWS Initiate Berlin - Security Sessions - Mitigating Cyber Risks.pdf
AWS Initiate Berlin - Security Sessions - Mitigating Cyber Risks.pdf
 
SMC301 The State of Serverless Computing
SMC301 The State of Serverless ComputingSMC301 The State of Serverless Computing
SMC301 The State of Serverless Computing
 
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
 
Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
How to build and deploy serverless apps - AWS Summit Cape Town 2018
How to build and deploy serverless apps - AWS Summit Cape Town 2018How to build and deploy serverless apps - AWS Summit Cape Town 2018
How to build and deploy serverless apps - AWS Summit Cape Town 2018
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
 
Operating and Managing Hybrid Cloud on AWS
Operating and Managing Hybrid Cloud on AWSOperating and Managing Hybrid Cloud on AWS
Operating and Managing Hybrid Cloud on AWS
 
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
 
The State of Serverless Computing | AWS Public Sector Summit 2017
The State of Serverless Computing | AWS Public Sector Summit 2017The State of Serverless Computing | AWS Public Sector Summit 2017
The State of Serverless Computing | AWS Public Sector Summit 2017
 
re:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWS
re:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWSre:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWS
re:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWS
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
Build an app on aws for your first 10 million users (2)
Build an app on aws for your first 10 million users (2)Build an app on aws for your first 10 million users (2)
Build an app on aws for your first 10 million users (2)
 
Introducing “Well-Architected” For Developers - Technical 101
Introducing “Well-Architected” For Developers - Technical 101Introducing “Well-Architected” For Developers - Technical 101
Introducing “Well-Architected” For Developers - Technical 101
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million Users
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million Users
 
Secure your critical workload on AWS
Secure your critical workload on AWSSecure your critical workload on AWS
Secure your critical workload on AWS
 

More from AWS Germany

Analytics Web Day | From Theory to Practice: Big Data Stories from the Field
Analytics Web Day | From Theory to Practice: Big Data Stories from the FieldAnalytics Web Day | From Theory to Practice: Big Data Stories from the Field
Analytics Web Day | From Theory to Practice: Big Data Stories from the FieldAWS Germany
 
Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...
Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...
Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...AWS Germany
 
Modern Applications Web Day | Impress Your Friends with Your First Serverless...
Modern Applications Web Day | Impress Your Friends with Your First Serverless...Modern Applications Web Day | Impress Your Friends with Your First Serverless...
Modern Applications Web Day | Impress Your Friends with Your First Serverless...AWS Germany
 
Modern Applications Web Day | Manage Your Infrastructure and Configuration on...
Modern Applications Web Day | Manage Your Infrastructure and Configuration on...Modern Applications Web Day | Manage Your Infrastructure and Configuration on...
Modern Applications Web Day | Manage Your Infrastructure and Configuration on...AWS Germany
 
Modern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSModern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSAWS Germany
 
Modern Applications Web Day | Continuous Delivery to Amazon EKS with Spinnaker
Modern Applications Web Day | Continuous Delivery to Amazon EKS with SpinnakerModern Applications Web Day | Continuous Delivery to Amazon EKS with Spinnaker
Modern Applications Web Day | Continuous Delivery to Amazon EKS with SpinnakerAWS Germany
 
Building Smart Home skills for Alexa
Building Smart Home skills for AlexaBuilding Smart Home skills for Alexa
Building Smart Home skills for AlexaAWS Germany
 
Hotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructure
Hotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructureHotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructure
Hotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructureAWS Germany
 
Wild Rydes with Big Data/Kinesis focus: AWS Serverless Workshop
Wild Rydes with Big Data/Kinesis focus: AWS Serverless WorkshopWild Rydes with Big Data/Kinesis focus: AWS Serverless Workshop
Wild Rydes with Big Data/Kinesis focus: AWS Serverless WorkshopAWS Germany
 
Log Analytics with AWS
Log Analytics with AWSLog Analytics with AWS
Log Analytics with AWSAWS Germany
 
Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS
Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS
Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS AWS Germany
 
AWS Programme für Nonprofits
AWS Programme für NonprofitsAWS Programme für Nonprofits
AWS Programme für NonprofitsAWS Germany
 
Microservices and Data Design
Microservices and Data DesignMicroservices and Data Design
Microservices and Data DesignAWS Germany
 
Serverless vs. Developers – the real crash
Serverless vs. Developers – the real crashServerless vs. Developers – the real crash
Serverless vs. Developers – the real crashAWS Germany
 
Query your data in S3 with SQL and optimize for cost and performance
Query your data in S3 with SQL and optimize for cost and performanceQuery your data in S3 with SQL and optimize for cost and performance
Query your data in S3 with SQL and optimize for cost and performanceAWS Germany
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultAWS Germany
 
Scale to Infinity with ECS
Scale to Infinity with ECSScale to Infinity with ECS
Scale to Infinity with ECSAWS Germany
 
Containers on AWS - State of the Union
Containers on AWS - State of the UnionContainers on AWS - State of the Union
Containers on AWS - State of the UnionAWS Germany
 
Deploying and Scaling Your First Cloud Application with Amazon Lightsail
Deploying and Scaling Your First Cloud Application with Amazon LightsailDeploying and Scaling Your First Cloud Application with Amazon Lightsail
Deploying and Scaling Your First Cloud Application with Amazon LightsailAWS Germany
 

More from AWS Germany (20)

Analytics Web Day | From Theory to Practice: Big Data Stories from the Field
Analytics Web Day | From Theory to Practice: Big Data Stories from the FieldAnalytics Web Day | From Theory to Practice: Big Data Stories from the Field
Analytics Web Day | From Theory to Practice: Big Data Stories from the Field
 
Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...
Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...
Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...
 
Modern Applications Web Day | Impress Your Friends with Your First Serverless...
Modern Applications Web Day | Impress Your Friends with Your First Serverless...Modern Applications Web Day | Impress Your Friends with Your First Serverless...
Modern Applications Web Day | Impress Your Friends with Your First Serverless...
 
Modern Applications Web Day | Manage Your Infrastructure and Configuration on...
Modern Applications Web Day | Manage Your Infrastructure and Configuration on...Modern Applications Web Day | Manage Your Infrastructure and Configuration on...
Modern Applications Web Day | Manage Your Infrastructure and Configuration on...
 
Modern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSModern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWS
 
Modern Applications Web Day | Continuous Delivery to Amazon EKS with Spinnaker
Modern Applications Web Day | Continuous Delivery to Amazon EKS with SpinnakerModern Applications Web Day | Continuous Delivery to Amazon EKS with Spinnaker
Modern Applications Web Day | Continuous Delivery to Amazon EKS with Spinnaker
 
Building Smart Home skills for Alexa
Building Smart Home skills for AlexaBuilding Smart Home skills for Alexa
Building Smart Home skills for Alexa
 
Hotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructure
Hotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructureHotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructure
Hotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructure
 
Wild Rydes with Big Data/Kinesis focus: AWS Serverless Workshop
Wild Rydes with Big Data/Kinesis focus: AWS Serverless WorkshopWild Rydes with Big Data/Kinesis focus: AWS Serverless Workshop
Wild Rydes with Big Data/Kinesis focus: AWS Serverless Workshop
 
Log Analytics with AWS
Log Analytics with AWSLog Analytics with AWS
Log Analytics with AWS
 
Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS
Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS
Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS
 
AWS Programme für Nonprofits
AWS Programme für NonprofitsAWS Programme für Nonprofits
AWS Programme für Nonprofits
 
Microservices and Data Design
Microservices and Data DesignMicroservices and Data Design
Microservices and Data Design
 
Serverless vs. Developers – the real crash
Serverless vs. Developers – the real crashServerless vs. Developers – the real crash
Serverless vs. Developers – the real crash
 
Query your data in S3 with SQL and optimize for cost and performance
Query your data in S3 with SQL and optimize for cost and performanceQuery your data in S3 with SQL and optimize for cost and performance
Query your data in S3 with SQL and optimize for cost and performance
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
 
EKS Workshop
EKS Workshop EKS Workshop
EKS Workshop
 
Scale to Infinity with ECS
Scale to Infinity with ECSScale to Infinity with ECS
Scale to Infinity with ECS
 
Containers on AWS - State of the Union
Containers on AWS - State of the UnionContainers on AWS - State of the Union
Containers on AWS - State of the Union
 
Deploying and Scaling Your First Cloud Application with Amazon Lightsail
Deploying and Scaling Your First Cloud Application with Amazon LightsailDeploying and Scaling Your First Cloud Application with Amazon Lightsail
Deploying and Scaling Your First Cloud Application with Amazon Lightsail
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Security Boundaries and Functions of Services for Serverless Architectures on AWS - AWS Serverless Web Day

  • 1. Security Aspekts on Services for Serverless Architectures Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance
  • 2. Agenda: • Security in General • Services in Scope • Aspects of Services for Serverless Architectures • API Endpoint Concept • API Calls • Some Service Details
  • 3. What is AWS? AWS Global Infrastructure Application Services Networking Deployment & Administration DatabaseStorageCompute
  • 4. Service in Scope I • Architect should not care about AZ setup • Architect should not care about scaling • Architect should not care about availability • Architect should not care about sizing • Architect should not care about serivce side communication • Architect should not take action on service side security
  • 5. ENTERPRISE APPS DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS Data Warehousing Hadoop/ Spark Streaming Data Collection Machine Learning Elastic Search Virtual Desktops Sharing & Collaboration Corporate Email Backup Queuing & Notifications Workflow Search Email Transcoding One-click App Deployment Identity Sync Single Integrated Console Push Notifications DevOps Resource Management Application Lifecycle Management Containers Triggers Resource Templates TECHNICAL & BUSINESS SUPPORT Account Management Support Professional Services Training & Certification Security & Pricing Reports Partner Ecosystem Solutions Architects MARKETPLACE Business Apps Business Intelligence Databases DevOps Tools NetworkingSecurity Storage Regions Availability Zones Points of Presence INFRASTRUCTURE CORE SERVICES Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS CDN Access Control Identity Management Key Management & Storage Monitoring & Logs Assessment and reporting Resource & Usage Auditing SECURITY & COMPLIANCE Configuration Compliance Web application firewall HYBRID ARCHITECTURE Data Backups Integrated App Deployments Direct Connect Identity Federation Integrated Resource Management Integrated Networking API Gateway IoT Rules Engine Device Shadows Device SDKs Registry Device Gateway Streaming Data Analysis Business Intelligence Mobile Analytics
  • 6. ENTERPRISE APPS DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS Data Warehousing Hadoop/ Spark Streaming Data Collection Machine Learning Elastic Search Virtual Desktops Sharing & Collaboration Corporate Email Backup Queuing & Notifications Workflow Search Email Transcoding One-click App Deployment Identity Sync Single Integrated Console Push Notifications DevOps Resource Management Application Lifecycle Management Containers Triggers Resource Templates TECHNICAL & BUSINESS SUPPORT Account Management Support Professional Services Training & Certification Security & Pricing Reports Partner Ecosystem Solutions Architects MARKETPLACE Business Apps Business Intelligence Databases DevOps Tools NetworkingSecurity Storage Regions Availability Zones Points of Presence INFRASTRUCTURE CORE SERVICES Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS CDN Access Control Identity Management Key Management & Storage Monitoring & Logs Assessment and reporting Resource & Usage Auditing SECURITY & COMPLIANCE Configuration Compliance Web application firewall HYBRID ARCHITECTURE Data Backups Integrated App Deployments Direct Connect Identity Federation Integrated Resource Management Integrated Networking API Gateway IoT Rules Engine Device Shadows Device SDKs Registry Device Gateway Streaming Data Analysis Business Intelligence Mobile Analytics
  • 7. AWS Global Footprint US West (N.California) US West (Oregon) GovCloud US East (Virginia) EU West (Ireland) Asia Pacific (Tokyo) Asia Pacific (Singapore) Asia Pacific (Sydney) China (Beijing) São Paulo EU Central (Frankfurt) Korea (Seul) Region An independent collection of AWS resources in a defined geography A solid foundation for meeting location- dependent privacy and compliance requirements
  • 8. AWS Global Footprint Availability Zone Designed as independent failure zones Physically separated within a typical metropolitan region
  • 9. Shared Responsibility Cross-service Controls Service-specific Controls Managed by AWS Managed by Customer Security of the Cloud Security in the Cloud Cloud Service Provider Controls Optimized Network/OS/App Controls Request reports at: aws.amazon.com/compliance/#contact ISO 27000 ISO 9001
  • 10. Service in Scope II • Architect needs to care about IAM • Architect must secuire his access keys • Architect should be aware of service features • Architect should cross check service against compliance setup • Architect must take care of encryption • Knowledge of the service features • Know how to work his own encryption into the architecture
  • 11. ENTERPRISE APPS DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS Data Warehousing Hadoop/ Spark Streaming Data Collection Machine Learning Elastic Search Virtual Desktops Sharing & Collaboration Corporate Email Backup Queuing & Notifications Workflow Search Email Transcoding One-click App Deployment Identity Sync Single Integrated Console Push Notifications DevOps Resource Management Application Lifecycle Management Containers Triggers Resource Templates TECHNICAL & BUSINESS SUPPORT Account Management Support Professional Services Training & Certification Security & Pricing Reports Partner Ecosystem Solutions Architects MARKETPLACE Business Apps Business Intelligence Databases DevOps Tools NetworkingSecurity Storage Regions Availability Zones Points of Presence INFRASTRUCTURE CORE SERVICES Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS CDN Access Control Identity Management Key Management & Storage Monitoring & Logs Assessment and reporting Resource & Usage Auditing SECURITY & COMPLIANCE Configuration Compliance Web application firewall HYBRID ARCHITECTURE Data Backups Integrated App Deployments Direct Connect Identity Federation Integrated Resource Management Integrated Networking API Gateway IoT Rules Engine Device Shadows Device SDKs Registry Device Gateway Streaming Data Analysis Business Intelligence Mobile Analytics
  • 12. API • WebInterface • CLI • SDK • API Architect AWS IAM Resource / Application User Amazon S3 Amazon DynamoDB Amazon API Gateway Amazon SES Amazon SQS Application API Features • DDoS Protected • MultiAZ • Available • Encryption in Transport • Authenticated • Logging
  • 13. Services for Serverless Architectures • Route53 • CloudFront • Lambda • API Gateway • S3 • SNS • SQS • KMS • SWF • ELB • Kinesis • DynamoDB • Elasticsearch • Redshift • RDS Full Flexible Sizing Needed Sizing/Communication
  • 14. Aws Shared Responsibility • Secure Infrastructure (Physics/Logic/Certification) • Tennant Isolation • Availability • Platform Scaling • In some services: Crypto Options
  • 15. Amazon S3 • Secure Transport • Sever Side Encryption • Individual Vector for each object • Re-Encryption through copy and versioning • KMS Integration • Customer Managed KEYs • IAM integration • Versioning • MFA Delete • Storage Class • S3 Logging Security related features which need to be instrumented by the Architect
  • 16. A view on S3 Bucket with Objects Region S3 Bucket with Objects • WebInterface • CLI • SDK • API Admin For instrumentation AWS AWS IAM Command PATH S3 Endpoints Datapath HTTP(s) Bucket Policy Object Policy User Policy S3 Logging Amazon S3
  • 17. Amazon API Gateway • Secure Transport • Setup of Paths • Secure coding inside the Lambda functions • Client Certificates • CloudWatchLogs Logging Security related features which need to be instrumented by the Architect
  • 18. A view on API Gateway AWS Region • WebInterface • CLI • SDK • API Admin For instrumentation AWS AWS IAM Command PATH APP GW Endpoints Datapath HTTP(s) CloudWatch Logs Amazon API Gateway Mockups Proxy
  • 19. AWS Lambda Possibilities which need to be instrumented by the Architect • IAM Role needs to be focussed • Secure Coding • CloudWatchLogs Logging • Well choosen triggers
  • 20. A view on Lambda AWS Region • WebInterface • CLI • SDK • API Admin For instrumentation AWS AWS IAM Command PATH APP GW Endpoints Datapath HTTP(s) CloudWatch Logs AWS Lambda Other Services
  • 21. Amazon SES Amazon SQS • IAM Role needs to be focussed • What data dou you send • Subscribers • Take care of logging
  • 22. A view on Messaging AWS Region • WebInterface • CLI • SDK • API Admin For instrumentation AWS AWS IAM Command PATH APP GW Endpoints Datapath HTTP(s) CloudTrail Other Services Amazon SES Amazon SQS