SlideShare a Scribd company logo

AWS Security Understanding AWS Security

Amazon Web Services
Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.

Technology
1 of 63
© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc. Understanding AWS Security James Bromberger Amazon Web Services
Agenda •  Our Security •  Your Security –  Account Management (the keys to the kingdom) –  Service Isolation –  Visibility and Auditing •  Special Guest
Security is our #1 priority
Shared security responsibility
AWS •  Facilities •  Physical Security •  Physical Infrastructure •  Network Infrastructure •  Virtualization Infrastructure •  Operating System •  Application •  Security Groups •  OS Firewalls •  Network Configuration •  Account Management Customer
AWS •  Facilities •  Physical Security •  Physical Infrastructure •  Network Infrastructure •  Virtualization Infrastructure •  Operating System •  Application •  Security Groups •  OS Firewalls •  Network Configuration •  Account Management Customer
How does AWS get security? •  Physical access is recorded, videoed •  Multi-factor authentication for physical access •  Segregation of duties: staff with physical access versus staff with logical access •  And every 90 days…
How does AWS get security?
How does AWS get security?
Prove what AWS does! •  Certifications •  Audits & Attestations –  Independent 3rd parties –  Regularly refreshed –  Available to customers aws.amazon.com/compliance
Certifications & Approving Industry Bodies
What does AWS do for its security? November 2013 60 pages freely available aws.amazon.com/security/
AWS •  Facilities •  Physical Security •  Physical Infrastructure •  Network Infrastructure •  Virtualization Infrastructure •  Operating System •  Application •  Security Groups •  OS Firewalls •  Network Configuration •  Account Management Customer
Secure your account
Identity and Access Management •  Users & Groups
Identity and Access Management •  Users & Groups •  Unique Security Credentials
Identity and Access Management •  Users & Groups •  Unique Security Credentials •  Temporary Security Credentials
Identity and Access Management •  Users & Groups •  Unique Security Credentials •  Temporary Security Credentials •  Policies & Permissions
Identity and Access Management •  Users & Groups •  Unique Security Credentials •  Temporary Security Credentials •  Policies & Permissions •  Roles
Identity and Access Management •  Users & Groups •  Unique Security Credentials •  Temporary Security Credentials •  Policies & Permissions •  Roles •  Multi-factor Authentication
ProTip #1: Account Security
Identity and Access Management 1.  Secure your Master account with MFA 2.  Create an IAM Group for your Admin team 3.  Create IAM Users for your Admin staff, as members of your Admin group 4.  Turn on MFA for these users!
ProTip #2: No hard-coded Credentials
EC2 Roles for Temporary Credentials •  Remove hard-coded credentials from scripts and config files •  Create an IAM Role and assign restricted policy •  Launch instance into Role •  AWS SDKs transparently get temporary credentials { "Code" : "Success", "LastUpdated" : "2012-04-26T16:39:16Z", "Type" : "AWS-HMAC", "AccessKeyId" : "AKIAIOSFODNN7EXAMPLE", "SecretAccessKey" : "wJalrXUtnFEMI/ K7MDENG/bPxRfiCYEXAMPLEKEY", "Token" : "token", "Expiration" : "2012-04-27T22:39:16Z" } GET http://169.254.169.254/latest/meta- data/iam/security-credentials/s3access
ProTip #3: Least Privilege Policies
IAM Policies •  Group “DNS-Admins”, Policy:“Action” : { “route53:List*”, “route53:Get*”, “route53ChangeResourceRecordSets” } “Resource” : { “arn:aws:route53:::hostedzone/ZONEID” }
IAM Policies Use Conditions to restrict key exposure “Condition”: { "IpAddress" : { "aws:SourceIp" : ["192.0.2.0/24", "203.0.113.0/24"] } }
ProTip #4: Test Your Policies
Identity and Access Management Test your policies in the Policy Simulator!
Secure your data in flight
Secure your data in flight Credentials for talking to AWS APIs via REST: •  ACCESS KEY –  An identifier •  SECRET KEY –  Used to sign requests –  Shouldn’t traverse the network again •  Not retrievable from AWS again – you lose it, generate a new pair
Secure your data in flight Use SSL / TLS for all your traffic, just like you do for your API access ProTip: Validate the SSL Certificate!
Secure your data in flight SSL offload to the Elastic Load Balancing Service
Secure your data in flight •  RDS connections –  MySQL –  PostgreSQL –  Oracle •  Get Public Key from AWS: https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem https://rds.amazonaws.com/doc/mysql-ssl-ca-cert.pem
Secure your data at rest
Secure your data at rest •  Use encrypted file systems on EBS and StorageGateway –  dm-crypt/LUKS –  Windows BitLocker –  Windows EFS (file level) •  In your database –  RDS Oracle & SQL Server – Transparent Data Encryption •  Object Level into S3
Secure your data at rest Redshift •  By Default: –  Full disk encryption by default –  Uses SSL to talk to S3 •  Optionally you can: –  Set S3 backups to be encrypted –  Limit S3 bucket access –  Connect using SSL –  Run within VPC –  Use CloudHSM key store –  Backup access logs to S3 •  Redshift retains 1 week
Secure your data at rest CloudHSM: Hardware Security Modules in the cloud •  Single Tenancy •  Private key material never leaves the HSM •  AWS provisioned, customer managed
Isolate your services
Isolate your services Virtual Private Cloud •  Security Groups –  Don’t use 0.0.0.0/0 •  Subnet separation of instances with: –  Network ACLs, and IAM policy to prevent changes –  Routing tables, and IAM policy to prevent changes –  No Internet Gateway, and IAM policy to prevent changes
Isolate your services One application per instance •  Simplify forensics •  Simplify Security Groups •  Swim-lane capacity overloads •  Limit blast radius
VPC Peering
VPC Peering •  Connect two VPCs in the same Region –  No IP address conflicts •  Bridged by routing table entries (both sides of peering relationship) •  Offer & Accept model Customer B receives request from ACustomer A initiates peer to B
Log (& review) your API calls
CloudTrail Your staff or scripts make calls… on AWS API endpoints… CloudTrail logs this to an S3 bucket… so you can review this log
CloudTrail •  Who made the API call? •  When was the API call made? •  What was the API call? •  What were the resources that were acted up on in the API call? •  Where was the API call made from?
CloudTrail Partners
Support: Trusted Advisor
Customer story: Luke Chadwick
Billing Alerts
Luke’s Summary •  Turn on MFA for root and IAM user accounts •  Look at IAM Roles for EC2 Instances •  Create a few Billing Alerts! •  Visit aws.amazon.com/security •  Talk to the AWS Solution Architecture Team about security and compliance
Bonus Australian Information
Australian Privacy Considerations Whitepaper
https://aws.amazon.com/whitepapers/ Auditing Logging Risk Compliance Security
Visit the Solution Architecture Team today, Please fill in feedback forms! Questions on security: talk to AWS James Bromberger jameseb@amazon.com @JamesBromberger

Recommended

AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security Amazon Web Services
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityAmazon Web Services
 
Controlling Access to your Resources
Controlling Access to your ResourcesControlling Access to your Resources
Controlling Access to your ResourcesAmazon Web Services
 
Aws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detailAws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detailPawel Rzepa
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 

Recommended

AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security Amazon Web Services
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityAmazon Web Services
 
Controlling Access to your Resources
Controlling Access to your ResourcesControlling Access to your Resources
Controlling Access to your ResourcesAmazon Web Services
 
Aws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detailAws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detailPawel Rzepa
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
Federation
FederationFederation
FederationAmazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...Amazon Web Services
 
Amazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security ProcessesAmazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security Processeswhite paper
 
Managing Access to Resources on Amazon Web Services
Managing Access to Resources on Amazon Web ServicesManaging Access to Resources on Amazon Web Services
Managing Access to Resources on Amazon Web ServicesAmazon Web Services
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive Amazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
Federation
Federation Federation
Federation Amazon Web Services
 
AWS and the ASD Essential Eight
AWS and the ASD Essential EightAWS and the ASD Essential Eight
AWS and the ASD Essential EightAmazon Web Services
 
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...AWS Germany
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
Introduction to IAM + Best Practices
Introduction to IAM + Best PracticesIntroduction to IAM + Best Practices
Introduction to IAM + Best PracticesAmazon Web Services
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - OverviewSai Kesavamatham
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAmazon Web Services
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
 
Building mobile apps on aws
Building mobile apps on awsBuilding mobile apps on aws
Building mobile apps on awsAmazon Web Services
 
AWS Customer Presentation - The Guardian
AWS Customer Presentation - The GuardianAWS Customer Presentation - The Guardian
AWS Customer Presentation - The GuardianAmazon Web Services
 

More Related Content

What's hot

AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...Amazon Web Services
 
Amazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security ProcessesAmazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security Processeswhite paper
 
Managing Access to Resources on Amazon Web Services
Managing Access to Resources on Amazon Web ServicesManaging Access to Resources on Amazon Web Services
Managing Access to Resources on Amazon Web ServicesAmazon Web Services
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive Amazon Web Services
 
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...AWS Germany
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 
Introduction to IAM + Best Practices
Introduction to IAM + Best PracticesIntroduction to IAM + Best Practices
Introduction to IAM + Best PracticesAmazon Web Services
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - OverviewSai Kesavamatham
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAmazon Web Services
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
 

What's hot (20)

Federation
FederationFederation
Federation
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
 
Amazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security ProcessesAmazon Web Services: Overview of Security Processes
Amazon Web Services: Overview of Security Processes
 
Managing Access to Resources on Amazon Web Services
Managing Access to Resources on Amazon Web ServicesManaging Access to Resources on Amazon Web Services
Managing Access to Resources on Amazon Web Services
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Federation
Federation Federation
Federation
 
AWS and the ASD Essential Eight
AWS and the ASD Essential EightAWS and the ASD Essential Eight
AWS and the ASD Essential Eight
 
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
 
Introduction to IAM + Best Practices
Introduction to IAM + Best PracticesIntroduction to IAM + Best Practices
Introduction to IAM + Best Practices
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
 

Viewers also liked

AWS Customer Presentation - The Guardian
AWS Customer Presentation - The GuardianAWS Customer Presentation - The Guardian
AWS Customer Presentation - The GuardianAmazon Web Services
 
AWS Customer Success Story - DotAndMedia
AWS Customer Success Story - DotAndMediaAWS Customer Success Story - DotAndMedia
AWS Customer Success Story - DotAndMediaAmazon Web Services
 
AWS Customer Presentation - ORbyte
AWS Customer Presentation - ORbyteAWS Customer Presentation - ORbyte
AWS Customer Presentation - ORbyteAmazon Web Services
 
Architecting Enterprise Applications In The Cloud
Architecting Enterprise Applications In The CloudArchitecting Enterprise Applications In The Cloud
Architecting Enterprise Applications In The CloudAmazon Web Services
 
Scaling the Platform for Your Startup
Scaling the Platform for Your StartupScaling the Platform for Your Startup
Scaling the Platform for Your StartupAmazon Web Services
 
AWS Partner Presentation - Sonian
AWS Partner Presentation - SonianAWS Partner Presentation - Sonian
AWS Partner Presentation - SonianAmazon Web Services
 
AWS Enterprise Summit London | National Rail Enquiries Darwin Migration
AWS Enterprise Summit London | National Rail Enquiries Darwin MigrationAWS Enterprise Summit London | National Rail Enquiries Darwin Migration
AWS Enterprise Summit London | National Rail Enquiries Darwin MigrationAmazon Web Services
 
AWS Webcast - Build Agile Applications in AWS Cloud
AWS Webcast - Build Agile Applications in AWS CloudAWS Webcast - Build Agile Applications in AWS Cloud
AWS Webcast - Build Agile Applications in AWS CloudAmazon Web Services
 
Design Patterns for Developers - Technical 201
Design Patterns for Developers - Technical 201Design Patterns for Developers - Technical 201
Design Patterns for Developers - Technical 201Amazon Web Services
 
AWS Sydney Summit 2013 - Architecting for High Availability
AWS Sydney Summit 2013 - Architecting for High AvailabilityAWS Sydney Summit 2013 - Architecting for High Availability
AWS Sydney Summit 2013 - Architecting for High AvailabilityAmazon Web Services
 
善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶Amazon Web Services
 
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...Amazon Web Services
 
AWS Compute Services State of the Union (CPN202) | AWS re:Invent 2013
AWS Compute Services State of the Union (CPN202) | AWS re:Invent 2013AWS Compute Services State of the Union (CPN202) | AWS re:Invent 2013
AWS Compute Services State of the Union (CPN202) | AWS re:Invent 2013Amazon Web Services
 

Viewers also liked (20)

Building mobile apps on aws
Building mobile apps on awsBuilding mobile apps on aws
Building mobile apps on aws
 
AWS Customer Presentation - The Guardian
AWS Customer Presentation - The GuardianAWS Customer Presentation - The Guardian
AWS Customer Presentation - The Guardian
 
AWS Customer Success Story - DotAndMedia
AWS Customer Success Story - DotAndMediaAWS Customer Success Story - DotAndMedia
AWS Customer Success Story - DotAndMedia
 
AWS Customer Presentation - ORbyte
AWS Customer Presentation - ORbyteAWS Customer Presentation - ORbyte
AWS Customer Presentation - ORbyte
 
6 rules for innovation
6 rules for innovation6 rules for innovation
6 rules for innovation
 
Analytics on AWS - IP Expo 2013
Analytics on AWS - IP Expo 2013Analytics on AWS - IP Expo 2013
Analytics on AWS - IP Expo 2013
 
Architecting Enterprise Applications In The Cloud
Architecting Enterprise Applications In The CloudArchitecting Enterprise Applications In The Cloud
Architecting Enterprise Applications In The Cloud
 
Scaling the Platform for Your Startup
Scaling the Platform for Your StartupScaling the Platform for Your Startup
Scaling the Platform for Your Startup
 
AWS Partner Presentation - Sonian
AWS Partner Presentation - SonianAWS Partner Presentation - Sonian
AWS Partner Presentation - Sonian
 
Mobile Application Development
Mobile Application DevelopmentMobile Application Development
Mobile Application Development
 
AWS Customer Service - Sonian
AWS Customer Service - Sonian AWS Customer Service - Sonian
AWS Customer Service - Sonian
 
AWS Enterprise Summit London | National Rail Enquiries Darwin Migration
AWS Enterprise Summit London | National Rail Enquiries Darwin MigrationAWS Enterprise Summit London | National Rail Enquiries Darwin Migration
AWS Enterprise Summit London | National Rail Enquiries Darwin Migration
 
AWS Webcast - Build Agile Applications in AWS Cloud
AWS Webcast - Build Agile Applications in AWS CloudAWS Webcast - Build Agile Applications in AWS Cloud
AWS Webcast - Build Agile Applications in AWS Cloud
 
Canberra Symposium Keynote
Canberra Symposium KeynoteCanberra Symposium Keynote
Canberra Symposium Keynote
 
Design Patterns for Developers - Technical 201
Design Patterns for Developers - Technical 201Design Patterns for Developers - Technical 201
Design Patterns for Developers - Technical 201
 
AWS SeMINAR SERIES 2015 Sydney
AWS SeMINAR SERIES 2015 SydneyAWS SeMINAR SERIES 2015 Sydney
AWS SeMINAR SERIES 2015 Sydney
 
AWS Sydney Summit 2013 - Architecting for High Availability
AWS Sydney Summit 2013 - Architecting for High AvailabilityAWS Sydney Summit 2013 - Architecting for High Availability
AWS Sydney Summit 2013 - Architecting for High Availability
 
善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶
 
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...
 
AWS Compute Services State of the Union (CPN202) | AWS re:Invent 2013
AWS Compute Services State of the Union (CPN202) | AWS re:Invent 2013AWS Compute Services State of the Union (CPN202) | AWS re:Invent 2013
AWS Compute Services State of the Union (CPN202) | AWS re:Invent 2013
 

Similar to AWS Security Understanding AWS Security

Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Amazon Web Services
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats CloudCheckr
 
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)Amazon Web Services
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
 
(SEC312) Reliable Design & Deployment of Security & Compliance
(SEC312) Reliable Design & Deployment of Security & Compliance(SEC312) Reliable Design & Deployment of Security & Compliance
(SEC312) Reliable Design & Deployment of Security & ComplianceAmazon Web Services
 
APN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA PartnersAPN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA PartnersAmazon Web Services
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...Amazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityLalitMohanSharma8
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionYour First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionAmazon Web Services
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSManojAccTest
 
AWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAmazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS Amazon Web Services
 
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...Amazon Web Services
 
Datensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web DayDatensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web DayAWS Germany
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice Alert Logic
 

Similar to AWS Security Understanding AWS Security (20)

Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats
 
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
 
(SEC312) Reliable Design & Deployment of Security & Compliance
(SEC312) Reliable Design & Deployment of Security & Compliance(SEC312) Reliable Design & Deployment of Security & Compliance
(SEC312) Reliable Design & Deployment of Security & Compliance
 
APN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA PartnersAPN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA Partners
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption ...
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWS
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionYour First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
 
AWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman Shakeel
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
 
Datensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web DayDatensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web Day
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

AWS Security Understanding AWS Security

  • 1. © 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc. Understanding AWS Security James Bromberger Amazon Web Services
  • 2. Agenda •  Our Security •  Your Security –  Account Management (the keys to the kingdom) –  Service Isolation –  Visibility and Auditing •  Special Guest
  • 3. Security is our #1 priority
  • 5. AWS •  Facilities •  Physical Security •  Physical Infrastructure •  Network Infrastructure •  Virtualization Infrastructure •  Operating System •  Application •  Security Groups •  OS Firewalls •  Network Configuration •  Account Management Customer
  • 6. AWS •  Facilities •  Physical Security •  Physical Infrastructure •  Network Infrastructure •  Virtualization Infrastructure •  Operating System •  Application •  Security Groups •  OS Firewalls •  Network Configuration •  Account Management Customer
  • 7. How does AWS get security? •  Physical access is recorded, videoed •  Multi-factor authentication for physical access •  Segregation of duties: staff with physical access versus staff with logical access •  And every 90 days…
  • 8. How does AWS get security?
  • 9. How does AWS get security?
  • 10. Prove what AWS does! •  Certifications •  Audits & Attestations –  Independent 3rd parties –  Regularly refreshed –  Available to customers aws.amazon.com/compliance
  • 12. What does AWS do for its security? November 2013 60 pages freely available aws.amazon.com/security/
  • 13. AWS •  Facilities •  Physical Security •  Physical Infrastructure •  Network Infrastructure •  Virtualization Infrastructure •  Operating System •  Application •  Security Groups •  OS Firewalls •  Network Configuration •  Account Management Customer
  • 15. Identity and Access Management •  Users & Groups
  • 16. Identity and Access Management •  Users & Groups •  Unique Security Credentials
  • 17. Identity and Access Management •  Users & Groups •  Unique Security Credentials •  Temporary Security Credentials
  • 18. Identity and Access Management •  Users & Groups •  Unique Security Credentials •  Temporary Security Credentials •  Policies & Permissions
  • 19. Identity and Access Management •  Users & Groups •  Unique Security Credentials •  Temporary Security Credentials •  Policies & Permissions •  Roles
  • 20. Identity and Access Management •  Users & Groups •  Unique Security Credentials •  Temporary Security Credentials •  Policies & Permissions •  Roles •  Multi-factor Authentication
  • 21. ProTip #1: Account Security
  • 22. Identity and Access Management 1.  Secure your Master account with MFA 2.  Create an IAM Group for your Admin team 3.  Create IAM Users for your Admin staff, as members of your Admin group 4.  Turn on MFA for these users!
  • 24. EC2 Roles for Temporary Credentials •  Remove hard-coded credentials from scripts and config files •  Create an IAM Role and assign restricted policy •  Launch instance into Role •  AWS SDKs transparently get temporary credentials { "Code" : "Success", "LastUpdated" : "2012-04-26T16:39:16Z", "Type" : "AWS-HMAC", "AccessKeyId" : "AKIAIOSFODNN7EXAMPLE", "SecretAccessKey" : "wJalrXUtnFEMI/ K7MDENG/bPxRfiCYEXAMPLEKEY", "Token" : "token", "Expiration" : "2012-04-27T22:39:16Z" } GET http://169.254.169.254/latest/meta- data/iam/security-credentials/s3access
  • 25. ProTip #3: Least Privilege Policies
  • 26. IAM Policies •  Group “DNS-Admins”, Policy:“Action” : { “route53:List*”, “route53:Get*”, “route53ChangeResourceRecordSets” } “Resource” : { “arn:aws:route53:::hostedzone/ZONEID” }
  • 27. IAM Policies Use Conditions to restrict key exposure “Condition”: { "IpAddress" : { "aws:SourceIp" : ["192.0.2.0/24", "203.0.113.0/24"] } }
  • 28. ProTip #4: Test Your Policies
  • 29. Identity and Access Management Test your policies in the Policy Simulator!
  • 30. Secure your data in flight
  • 31. Secure your data in flight Credentials for talking to AWS APIs via REST: •  ACCESS KEY –  An identifier •  SECRET KEY –  Used to sign requests –  Shouldn’t traverse the network again •  Not retrievable from AWS again – you lose it, generate a new pair
  • 32. Secure your data in flight Use SSL / TLS for all your traffic, just like you do for your API access ProTip: Validate the SSL Certificate!
  • 33. Secure your data in flight SSL offload to the Elastic Load Balancing Service
  • 34. Secure your data in flight •  RDS connections –  MySQL –  PostgreSQL –  Oracle •  Get Public Key from AWS: https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem https://rds.amazonaws.com/doc/mysql-ssl-ca-cert.pem
  • 35. Secure your data at rest
  • 36. Secure your data at rest •  Use encrypted file systems on EBS and StorageGateway –  dm-crypt/LUKS –  Windows BitLocker –  Windows EFS (file level) •  In your database –  RDS Oracle & SQL Server – Transparent Data Encryption •  Object Level into S3
  • 37. Secure your data at rest Redshift •  By Default: –  Full disk encryption by default –  Uses SSL to talk to S3 •  Optionally you can: –  Set S3 backups to be encrypted –  Limit S3 bucket access –  Connect using SSL –  Run within VPC –  Use CloudHSM key store –  Backup access logs to S3 •  Redshift retains 1 week
  • 38. Secure your data at rest CloudHSM: Hardware Security Modules in the cloud •  Single Tenancy •  Private key material never leaves the HSM •  AWS provisioned, customer managed
  • 39.
  • 41. Isolate your services Virtual Private Cloud •  Security Groups –  Don’t use 0.0.0.0/0 •  Subnet separation of instances with: –  Network ACLs, and IAM policy to prevent changes –  Routing tables, and IAM policy to prevent changes –  No Internet Gateway, and IAM policy to prevent changes
  • 42. Isolate your services One application per instance •  Simplify forensics •  Simplify Security Groups •  Swim-lane capacity overloads •  Limit blast radius
  • 44. VPC Peering •  Connect two VPCs in the same Region –  No IP address conflicts •  Bridged by routing table entries (both sides of peering relationship) •  Offer & Accept model Customer B receives request from ACustomer A initiates peer to B
  • 45. Log (& review) your API calls
  • 46. CloudTrail Your staff or scripts make calls… on AWS API endpoints… CloudTrail logs this to an S3 bucket… so you can review this log
  • 47. CloudTrail •  Who made the API call? •  When was the API call made? •  What was the API call? •  What were the resources that were acted up on in the API call? •  Where was the API call made from?
  • 50.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 59. Luke’s Summary •  Turn on MFA for root and IAM user accounts •  Look at IAM Roles for EC2 Instances •  Create a few Billing Alerts! •  Visit aws.amazon.com/security •  Talk to the AWS Solution Architecture Team about security and compliance
  • 63. Visit the Solution Architecture Team today, Please fill in feedback forms! Questions on security: talk to AWS James Bromberger jameseb@amazon.com @JamesBromberger