Security
in the
AWS Cloud

Steve Riley
steriley@amazon.com
@steveriley
@awscloud
http://stvrly.wordpress.com
Amazon Web Services: 4 regions
Amazon CloudFront: 16 edge locations (including NY!)
Amazon S3
 Amazon SimpleDB        ++   ++
Amazon RDS (multi AZ)

    Amazon EBS
Amazon RDS (one AZ)     ++
       Amazon E...
0 0 0 00 0

00 0 0 0

00 0 0 0




/ /////


// / / /

// / / /
Customer only
  Customer 1           Customer 2              …     Customer n         SSH, ID/pw, X.509
                  ...
Web tier             Application tier     Database tier




HTTP/HTTPS           SSH/RDP management   SSH/RDP management
f...
ec2-authorize WebSG -P tcp -p 80 -s 0.0.0.0/0
ec2-authorize WebSG -P tcp -p 443 -s 0.0.0.0/0
ec2-authorize WebSG -P tcp -p...
Your VPC

                                     Amazon
                                     Web Services
                  ...
Currently
                                    •   EC2 on-demand and reserved
                                    •   EBS
 ...
• Read
                          • Write
                          • Full




•Read
•Write
•Full



 “Key” = name of object
Compliance
• Sarbanes-Oxley Act
  – Ongoing
• HIPAA
  – Current customer deployments
  – Whitepaper describes the specific...
Thank you
very much!

Steve Riley
steriley@amazon.com
@steveriley
@awscloud
http://stvrly.wordpress.com
Security Overview
Security Overview
Security Overview
Security Overview
Security Overview
Security Overview
Security Overview
Security Overview
Security Overview
Security Overview
Upcoming SlideShare
Loading in...5
×

Security Overview

1,131

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,131
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
40
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Security Overview "

  1. 1. Security in the AWS Cloud Steve Riley steriley@amazon.com @steveriley @awscloud http://stvrly.wordpress.com
  2. 2. Amazon Web Services: 4 regions Amazon CloudFront: 16 edge locations (including NY!)
  3. 3. Amazon S3 Amazon SimpleDB ++ ++ Amazon RDS (multi AZ) Amazon EBS Amazon RDS (one AZ) ++ Amazon EC2
  4. 4. 0 0 0 00 0 00 0 0 0 00 0 0 0 / ///// // / / / // / / /
  5. 5. Customer only Customer 1 Customer 2 … Customer n SSH, ID/pw, X.509 Root/admin control Customer 1 virtual interfaces Customer 2 virtual interfaces … Customer n virtual interfaces Customer only Inbound flows Default deny Customer 1 security groups Customer 2 security groups … Customer n security groups AWS firewall AWS admins only Hypervisor layer SSH via bastions Audits reviewed Physical interfaces
  6. 6. Web tier Application tier Database tier HTTP/HTTPS SSH/RDP management SSH/RDP management from Internet from corpnet from corpnet, vendor SSH/RDP management from corpnet
  7. 7. ec2-authorize WebSG -P tcp -p 80 -s 0.0.0.0/0 ec2-authorize WebSG -P tcp -p 443 -s 0.0.0.0/0 ec2-authorize WebSG -P tcp -p 22|3389 -s CorpNet ec2-authorize AppSG -P prot -p AppPortRange -o WebSG ec2-authorize AppSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG -P prot -p DBPortRange -o AppSG ec2-authorize DBSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG -P tcp -p 22|3389 -s Vendor
  8. 8. Your VPC Amazon Web Services Cloud IPsec tunnel mode 128-bit AES, SHA-1, PFS, BGP Your corporate network
  9. 9. Currently • EC2 on-demand and reserved • EBS • CloudWatch • Linux/Unix and Windows • US-East, EU-West Your VPC Upcoming Amazon • >1 AZ, >1 router Web Services • Outbound Internet Cloud • Elastic IPs • Elastic Load Balancing • Autoscaling Your corporate network • DevPay • Inter-subnet security groups
  10. 10. • Read • Write • Full •Read •Write •Full “Key” = name of object
  11. 11. Compliance • Sarbanes-Oxley Act – Ongoing • HIPAA – Current customer deployments – Whitepaper describes the specifics • SAS 70 type II – Second audit complete – Physical security, access controls, change management, operations • ISO 27001 – In progress
  12. 12. Thank you very much! Steve Riley steriley@amazon.com @steveriley @awscloud http://stvrly.wordpress.com

×