• Save
Security in the AWS Cloud - Steve Riley
Upcoming SlideShare
Loading in...5
×
 

Security in the AWS Cloud - Steve Riley

on

  • 1,646 views

 

Statistics

Views

Total Views
1,646
Views on SlideShare
1,645
Embed Views
1

Actions

Likes
2
Downloads
0
Comments
0

1 Embed 1

http://www.brijj.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Security in the AWS Cloud - Steve Riley Security in the AWS Cloud - Steve Riley Presentation Transcript

    • Securityin theAWS Cloud
      Steve Rileysteriley@amazon.com@steveriley@awscloud
      http://stvrly.wordpress.com
    • Amazon Web Services
      Amazon CloudFront
    • Amazon S3
      Amazon SimpleDB
      Amazon RDS (multi AZ)
      Amazon EBS
      Amazon RDS (one AZ)
      Amazon EC2
      ++
      ++
      ++
    • Customer 1
      Customer 2
      Customern

      Customer only
      SSH, ID/pw, X.509
      Root/admin control
      Customer 1virtual interfaces
      Customer 2virtual interfaces
      Customernvirtual interfaces

      Customer only
      Inbound flows
      Default deny
      Hypervisor layer
      Customer 1securitygroups
      Customer 2securitygroups
      Customernsecurity groups

      AWS firewall
      AWS admins only
      SSH via bastions
      Audits reviewed
      Physical interfaces
    • 0
      /
      0
      /
      0
      /
      0
      /
      0
      /
      0
      /
      0
      /
      0
      /
      0
      /
      0
      0
      /
      /
      0
      /
      0
      /
      0
      /
      0
      0
      /
      /
    • Web tier
      Application tier
      Database tier
      HTTP/HTTPS
      from Internet
      SSH/RDP management
      from corpnet
      SSH/RDP management
      from corpnet, vendor
      SSH/RDP management
      from corpnet
    • ec2-authorize WebSG -P tcp -p 80 -s 0.0.0.0/0
      ec2-authorize WebSG -P tcp -p 443 -s 0.0.0.0/0
      ec2-authorize WebSG-P tcp-p 22|3389-s CorpNet
      ec2-authorize AppSG -P prot-p AppPortRange -o WebSG
      ec2-authorize AppSG -P tcp -p 22|3389 -s CorpNet
      ec2-authorize DBSG-P prot -p DBPortRange-o AppSG
      ec2-authorize DBSG -P tcp -p 22|3389 -s CorpNet
      ec2-authorize DBSG -P tcp -p 22|3389 -s Vendor
    • Your VPC
      AmazonWeb Services
      Cloud
      Your corporate network
    • Currently
      • EC2 on-demand and reserved
      • EBS
      • CloudWatch
      • Linux/Unix and Windows
      • US-East, EU-West
      Upcoming
      • >1 AZ, >1 router
      • Outbound Internet
      • Elastic IPs
      • Elastic Load Balancing
      • Autoscaling
      • DevPay
      • Inter-subnet security groups
      Your VPC
      AmazonWeb Services
      Cloud
      Your corporate network
      • Read
      • Write
      • Full
      • Read
      • Write
      • Full
      “Key” = name of object
    • Compliance
      Sarbanes-Oxley Act
      Ongoing
      HIPAA
      Current customer deployments
      Whitepaper describes the specifics
      SAS 70 type II
      Complete
      Physical security, access controls, change management, operations
    • Thank you very much!
      Steve Rileysteriley@amazon.com@steveriley@awscloud
      http://stvrly.wordpress.com