Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Improve Governance over Configuration Changes

436 views

Published on

AWS Config enables you to discover what resources are used on AWS, understand how resources are configured and gives you unprecedented visibility into changes to configurations over time – all without disrupting end user productivity. With Config Rules, you can continuously evaluate whether changes to resources are compliant with policies. You can set up predefined rules, provided and managed by AWS, or author your own rules using Amazon Lambda, and these rules are evaluated whenever relevant resources are modified. You can use this visibility and control to assess and improve your security and compliance posture.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Improve Governance over Configuration Changes

  1. 1. Improve Governance Over Configuration Changes Liron Dor, Technical Account Manager
  2. 2. Governance Requirements • Allow our organization to move fast • Visibility over used resources • Define Best Practices and enforce them • Meet Compliance and Regulations • Validate compliance continuously • Alerting and Auto-healing • Automatic control over Manual control © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  3. 3. Governance Challenges • Dynamic environments • High complexity • Different requirements for different environments • Multiple Accounts © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  4. 4. Tools We Offer • Tracking • AWS Config • AWS CloudTrail • VPC Flow Logs • Amazon Inspector • Track / Log • Amazon CloudWatch Logs • Amazon DynamoDB • Amazon ElasticSearch • Alert • AWS Config Rules • Amazon Simple Notification Service (SNS) • AWS Trusted Advisor • Amazon CloudWatch Events • And More… © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  5. 5. AWS Config • Records configuration changes continuously • Capturing the state of your AWS resources • “Configuration Item” contains all attributes for a resource • Capturing the relationship between resources • Discover resources that exists or deleted • Receive notifications on configuration changes © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  6. 6. AWS Config Rules © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  7. 7. AWS Config Rules • Validate configuration record • Enforce Best Practices and procedures • Result is either “compliant” or “non-compliant” © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  8. 8. AWS Config Rules Demo • “Center of Internet Security” (CIS) is a Non Profit organization dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. • Published “CIS AWS Foundations” Security Best Practices document • AWS Config Rules Repository © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  9. 9. Demo © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  10. 10. Summary • Allow our organization to move fast • Know your account, wanted and unwanted changes • Automate your best practices / compliance metrics • Use Logs for forensic, Alerts for immediate actions © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  11. 11. lirondor@amazon.com

×