SlideShare a Scribd company logo

Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:Invent 2018

Amazon Web Services
Amazon Web Services

In this workshop, you learn how to build compliance into your CI/CD pipeline. Take a list of real-world HIPAA and PCI requirements, and build a continuous deployment pipeline that ensures compliance and best-practices architecture using AWS services such as AWS CodeStar, AWS Config, Amazon Inspector, AWS X-Ray, AWS Lambda, Amazon S3, AWS Glue, and more. You also have the opportunity to write custom AWS Config rules and ensure that your application is proactively compliant in your builds.

1 of 39
Download to read offline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous Compliance for Modern Application Pipelines Aaron Richmond Partner Solution Architect Amazon Web Services G P S W S 4 0 2
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Module 1: What is continuous compliance? Module 2: AWS compliance-enabling services Module 3: Modern application pipelines Module 4: Policy into technical requirements Module 5: Comply or FRY!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. STORY Intro
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Setup Launch stacks bit.ly/2EX0g0r
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab 1 Applications
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is continuous compliance?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 1: What is continuous compliance? What is compliance? Why does it matter? How do I “get” it?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 1: What is continuous compliance? DevOps Build Package DeployCI/CD
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 1: What is continuous compliance? DevSecOps Build Package Deploy Controls Controls CI/CD
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 1: What is continuous compliance? DevSecOps Build Package Deploy Controls Controls with Compliance CI/CD Continuous Compliance benchmarked
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS compliance-enabling services
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Identity and access management • Logging and monitoring • Data protection • Infrastructure security • Incident response Achieving compliance around the world with the AWS Cloud Adoption Framework core five epics Module 2: AWS compliance-enabling services • AWS Identity and Access Management (IAM), AWS Organizations, Amazon Cognito … • AWS CloudTrail, Amazon CloudWatch, Amazon GuardDuty … • KMS, Encryption, ACM, Amazon Macie … • Amazon VPC, PrivateLink, Amazon CloudFront, AWS Shield … • Amazon SNS, Lambda, AWS Shield Advanced …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 2: AWS compliance-enabling services Set your controls AWS Identity and Access Management (IAM) Policies SCPs Amazon CloudWatch Amazon Virtual Private Cloud (Amazon VPC) NACLs/SGs Route tables PrivateLink Amazon CloudWatch Rules AWS Config RulesInfrastructure as Code AWS Service Catalog
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 2: AWS compliance-enabling services Monitor your controls AWS CloudFormation Drift Detection Amazon CloudWatch Metrics Events Amazon GuardDuty Network Findings AWS Config Change Notification AWS CloudTrail Access Resource APIs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 2: AWS compliance-enabling services Verify your controls AWS Config AWS Artifact Services in scope Lambda Benchmark
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 2: AWS compliance-enabling services Build controls into your CI/CD AWS CodePipeline Amazon Inspector AWS Config Secure artifacts Amazon ECR AMI AWS Service Catalog AWS Systems Manager AWS X-Ray
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Modern application pipelines
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Modern applications consist of Module 3: Modern application pipelines
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Modern application pipelines support Module 3: Modern application pipelines
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab 2 Pipelines
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab 3 Continuous compliance
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Policy into technical requirements
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Monitoring and logging (enforce, monitor, respond…) Audit Program Requirement ID Description ISO 27001 A.16.1.2 Information security events shall be reported through appropriate management channels as quickly as possible. NIST 800-53 AU-6 (1) The organization employs automated mechanisms to integrate audit review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities. SOC 1 and 2 8.1 Monitoring and alarming are configured by Service Owners to identify and notify operational and management personnel of incidents when early warning thresholds are crossed on key operational metrics. HIPAA 164.308(a)(6)(ii) Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity or business associate; and document security incidents and their outcomes. IRAP 0123 The cloud vendor must direct personnel to report cyber security incidents to an ITSM as soon as possible after the cyber security incident is discovered.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Policy P-1.0 Identify and respond to suspected or known security incidents; Standards PR-1.0.2 To configure inputs manually in inputs.conf, create a stanza using the following template and add it to $SPLUNK_HOME/etc/apps/Splunk_TA_aws/local/inputs.conf… Procedures S-1.0.1 AWS CloudTrail and AWS Config must be turned on for all AWS accounts. S-1.0.2 Every API call and access record shall be routed into company SIEM.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Manual to automated policy Identify Implement Enforce Monitor Alert Demonstrate
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Identify specifics 1.1 Avoid the use of the "root" account 1.7 Ensure IAM password policies require at least one symbol 1.24 Ensure IAM policies that allow full "*:*" administrative privileges are not created PCI-DSS requirement 8.5 Shared user IDs do not exist for system administration and other critical functions
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Implement AWS resource configuration Least privilege Reduced scope Automation of controls Well-architected
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Enforce Easy Advanced Pre-built AWS Config rules CloudWatch Alarm on metric or filter Rule on event Advanced AWS Config rules
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Monitor AWS Config - Configuration change - Periodically GuardDuty - Findings CloudWatch - Alarm on metric, filter - Rule with event, target CloudTrail - API calls
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Alert CloudWatch SNS Topic Event Targets AWS Config SNS Topic AWS resource notifications S3 events
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Demonstrate via benchmark
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. And now …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Comply or FRY!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Comply or FRY! Agnes the auditor is coming to audit your startup If you fail you are going under The company's future is in your hands
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous compliance for modern application pipelines Module 1: What is continuous compliance? Module 2: AWS compliance-enabling services Module 3: Modern application pipelines Module 4: Policy into technical requirements Module 5: Comply or FRY!
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Aaron Richmond arichmon@amazon.com
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recommended

Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018
Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018
Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018Amazon Web Services
 
Build a Searchable Media Library & Moderate Content at Scale Using Machine Le...
Build a Searchable Media Library & Moderate Content at Scale Using Machine Le...Build a Searchable Media Library & Moderate Content at Scale Using Machine Le...
Build a Searchable Media Library & Moderate Content at Scale Using Machine Le...Amazon Web Services
 
Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...
Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...
Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...Amazon Web Services
 
Machine Learning at the IoT Edge (IOT214) - AWS re:Invent 2018
Machine Learning at the IoT Edge (IOT214) - AWS re:Invent 2018Machine Learning at the IoT Edge (IOT214) - AWS re:Invent 2018
Machine Learning at the IoT Edge (IOT214) - AWS re:Invent 2018Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018
Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018
Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018Amazon Web Services
 
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018Amazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
 

Recommended

Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018
Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018
Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018Amazon Web Services
 
Build a Searchable Media Library & Moderate Content at Scale Using Machine Le...
Build a Searchable Media Library & Moderate Content at Scale Using Machine Le...Build a Searchable Media Library & Moderate Content at Scale Using Machine Le...
Build a Searchable Media Library & Moderate Content at Scale Using Machine Le...Amazon Web Services
 
Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...
Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...
Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale (S...Amazon Web Services
 
Machine Learning at the IoT Edge (IOT214) - AWS re:Invent 2018
Machine Learning at the IoT Edge (IOT214) - AWS re:Invent 2018Machine Learning at the IoT Edge (IOT214) - AWS re:Invent 2018
Machine Learning at the IoT Edge (IOT214) - AWS re:Invent 2018Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018
Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018
Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018Amazon Web Services
 
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018Amazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
 
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Amazon Web Services
 
Building a Monitoring Plan.pdf
Building a Monitoring Plan.pdfBuilding a Monitoring Plan.pdf
Building a Monitoring Plan.pdfAmazon Web Services
 
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018Amazon Web Services
 
From One to Many: Evolving VPC Design (ARC309-R1) - AWS re:Invent 2018
From One to Many: Evolving VPC Design (ARC309-R1) - AWS re:Invent 2018From One to Many: Evolving VPC Design (ARC309-R1) - AWS re:Invent 2018
From One to Many: Evolving VPC Design (ARC309-R1) - AWS re:Invent 2018Amazon Web Services
 
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...Amazon Web Services
 
SRV207 Orchestrating AWS Lambda with Step Functions
SRV207 Orchestrating AWS Lambda with Step Functions SRV207 Orchestrating AWS Lambda with Step Functions
SRV207 Orchestrating AWS Lambda with Step FunctionsAmazon Web Services
 
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...Amazon Web Services
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Amazon Web Services
 
VPC Design Scenarios for Real-Life Use Cases (NET320) - AWS re:Invent 2018
VPC Design Scenarios for Real-Life Use Cases (NET320) - AWS re:Invent 2018VPC Design Scenarios for Real-Life Use Cases (NET320) - AWS re:Invent 2018
VPC Design Scenarios for Real-Life Use Cases (NET320) - AWS re:Invent 2018Amazon Web Services
 
DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3Amazon Web Services
 
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018Amazon Web Services
 
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018Amazon Web Services
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveAmazon Web Services
 
Continuous Integration Best Practices (DEV319-R1) - AWS re:Invent 2018
Continuous Integration Best Practices (DEV319-R1) - AWS re:Invent 2018Continuous Integration Best Practices (DEV319-R1) - AWS re:Invent 2018
Continuous Integration Best Practices (DEV319-R1) - AWS re:Invent 2018Amazon Web Services
 
Foundations of AWS Global Cloud Infrastructure (ARC217) - AWS re:Invent 2018
Foundations of AWS Global Cloud Infrastructure (ARC217) - AWS re:Invent 2018Foundations of AWS Global Cloud Infrastructure (ARC217) - AWS re:Invent 2018
Foundations of AWS Global Cloud Infrastructure (ARC217) - AWS re:Invent 2018Amazon Web Services
 
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...Amazon Web Services
 
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...Amazon Web Services
 
Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018
Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018
Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018Amazon Web Services
 
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018Amazon Web Services
 
Manage, Control, and Optimize Your AWS Costs with Native AWS Products (ENT305...
Manage, Control, and Optimize Your AWS Costs with Native AWS Products (ENT305...Manage, Control, and Optimize Your AWS Costs with Native AWS Products (ENT305...
Manage, Control, and Optimize Your AWS Costs with Native AWS Products (ENT305...Amazon Web Services
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Amazon Web Services
 

More Related Content

What's hot

Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Amazon Web Services
 
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018Amazon Web Services
 
From One to Many: Evolving VPC Design (ARC309-R1) - AWS re:Invent 2018
From One to Many: Evolving VPC Design (ARC309-R1) - AWS re:Invent 2018From One to Many: Evolving VPC Design (ARC309-R1) - AWS re:Invent 2018
From One to Many: Evolving VPC Design (ARC309-R1) - AWS re:Invent 2018Amazon Web Services
 
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...Amazon Web Services
 
SRV207 Orchestrating AWS Lambda with Step Functions
SRV207 Orchestrating AWS Lambda with Step Functions SRV207 Orchestrating AWS Lambda with Step Functions
SRV207 Orchestrating AWS Lambda with Step FunctionsAmazon Web Services
 
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...Amazon Web Services
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Amazon Web Services
 
VPC Design Scenarios for Real-Life Use Cases (NET320) - AWS re:Invent 2018
VPC Design Scenarios for Real-Life Use Cases (NET320) - AWS re:Invent 2018VPC Design Scenarios for Real-Life Use Cases (NET320) - AWS re:Invent 2018
VPC Design Scenarios for Real-Life Use Cases (NET320) - AWS re:Invent 2018Amazon Web Services
 
DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3Amazon Web Services
 
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018Amazon Web Services
 
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018Amazon Web Services
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveAmazon Web Services
 
Continuous Integration Best Practices (DEV319-R1) - AWS re:Invent 2018
Continuous Integration Best Practices (DEV319-R1) - AWS re:Invent 2018Continuous Integration Best Practices (DEV319-R1) - AWS re:Invent 2018
Continuous Integration Best Practices (DEV319-R1) - AWS re:Invent 2018Amazon Web Services
 
Foundations of AWS Global Cloud Infrastructure (ARC217) - AWS re:Invent 2018
Foundations of AWS Global Cloud Infrastructure (ARC217) - AWS re:Invent 2018Foundations of AWS Global Cloud Infrastructure (ARC217) - AWS re:Invent 2018
Foundations of AWS Global Cloud Infrastructure (ARC217) - AWS re:Invent 2018Amazon Web Services
 
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...Amazon Web Services
 
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...Amazon Web Services
 
Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018
Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018
Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018Amazon Web Services
 
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018Amazon Web Services
 
Manage, Control, and Optimize Your AWS Costs with Native AWS Products (ENT305...
Manage, Control, and Optimize Your AWS Costs with Native AWS Products (ENT305...Manage, Control, and Optimize Your AWS Costs with Native AWS Products (ENT305...
Manage, Control, and Optimize Your AWS Costs with Native AWS Products (ENT305...Amazon Web Services
 

What's hot (20)

Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
 
Building a Monitoring Plan.pdf
Building a Monitoring Plan.pdfBuilding a Monitoring Plan.pdf
Building a Monitoring Plan.pdf
 
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018
 
From One to Many: Evolving VPC Design (ARC309-R1) - AWS re:Invent 2018
From One to Many: Evolving VPC Design (ARC309-R1) - AWS re:Invent 2018From One to Many: Evolving VPC Design (ARC309-R1) - AWS re:Invent 2018
From One to Many: Evolving VPC Design (ARC309-R1) - AWS re:Invent 2018
 
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...
 
SRV207 Orchestrating AWS Lambda with Step Functions
SRV207 Orchestrating AWS Lambda with Step Functions SRV207 Orchestrating AWS Lambda with Step Functions
SRV207 Orchestrating AWS Lambda with Step Functions
 
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
 
VPC Design Scenarios for Real-Life Use Cases (NET320) - AWS re:Invent 2018
VPC Design Scenarios for Real-Life Use Cases (NET320) - AWS re:Invent 2018VPC Design Scenarios for Real-Life Use Cases (NET320) - AWS re:Invent 2018
VPC Design Scenarios for Real-Life Use Cases (NET320) - AWS re:Invent 2018
 
DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3
 
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018
A Few Milliseconds in the Life of an HTTP Request (CTD416) - AWS re:Invent 2018
 
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica Hive
 
Continuous Integration Best Practices (DEV319-R1) - AWS re:Invent 2018
Continuous Integration Best Practices (DEV319-R1) - AWS re:Invent 2018Continuous Integration Best Practices (DEV319-R1) - AWS re:Invent 2018
Continuous Integration Best Practices (DEV319-R1) - AWS re:Invent 2018
 
Foundations of AWS Global Cloud Infrastructure (ARC217) - AWS re:Invent 2018
Foundations of AWS Global Cloud Infrastructure (ARC217) - AWS re:Invent 2018Foundations of AWS Global Cloud Infrastructure (ARC217) - AWS re:Invent 2018
Foundations of AWS Global Cloud Infrastructure (ARC217) - AWS re:Invent 2018
 
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...
Visibility into Serverless Applications built using AWS Fargate (CON312-R1) -...
 
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
Deploy Alexa for Business in Your Organization & Build Your First Private Ski...
 
Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018
Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018
Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018
 
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018
 
Manage, Control, and Optimize Your AWS Costs with Native AWS Products (ENT305...
Manage, Control, and Optimize Your AWS Costs with Native AWS Products (ENT305...Manage, Control, and Optimize Your AWS Costs with Native AWS Products (ENT305...
Manage, Control, and Optimize Your AWS Costs with Native AWS Products (ENT305...
 

Similar to Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:Invent 2018

Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Amazon Web Services
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Amazon Web Services
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
 
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018Amazon Web Services
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneAmazon Web Services
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
 
Threat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopThreat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopAmazon Web Services
 
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Amazon Web Services
 
ENT304 Enabling Self Service for Data Scientists with AWS Service Catalog
ENT304 Enabling Self Service for Data Scientists with AWS Service CatalogENT304 Enabling Self Service for Data Scientists with AWS Service Catalog
ENT304 Enabling Self Service for Data Scientists with AWS Service CatalogAmazon Web Services
 
Introducing AWS Firewall Manager - AWS Online Tech Talks
Introducing AWS Firewall Manager - AWS Online Tech TalksIntroducing AWS Firewall Manager - AWS Online Tech Talks
Introducing AWS Firewall Manager - AWS Online Tech TalksAmazon Web Services
 
New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadAmazon Web Services
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Amazon Web Services
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Amazon Web Services
 
Threat Detection & Remediation Workshop
Threat Detection & Remediation WorkshopThreat Detection & Remediation Workshop
Threat Detection & Remediation WorkshopAmazon Web Services
 
Easily transform compliance to code using AWS Config, Config Rules, and the R...
Easily transform compliance to code using AWS Config, Config Rules, and the R...Easily transform compliance to code using AWS Config, Config Rules, and the R...
Easily transform compliance to code using AWS Config, Config Rules, and the R...Amazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Amazon Web Services
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...Amazon Web Services
 

Similar to Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:Invent 2018 (20)

Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
 
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
 
Threat Detection and Remediation Workshop
Threat Detection and Remediation WorkshopThreat Detection and Remediation Workshop
Threat Detection and Remediation Workshop
 
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2
 
ENT304 Enabling Self Service for Data Scientists with AWS Service Catalog
ENT304 Enabling Self Service for Data Scientists with AWS Service CatalogENT304 Enabling Self Service for Data Scientists with AWS Service Catalog
ENT304 Enabling Self Service for Data Scientists with AWS Service Catalog
 
Introducing AWS Firewall Manager - AWS Online Tech Talks
Introducing AWS Firewall Manager - AWS Online Tech TalksIntroducing AWS Firewall Manager - AWS Online Tech Talks
Introducing AWS Firewall Manager - AWS Online Tech Talks
 
New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your Workload
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
 
Threat Detection & Remediation Workshop
Threat Detection & Remediation WorkshopThreat Detection & Remediation Workshop
Threat Detection & Remediation Workshop
 
Easily transform compliance to code using AWS Config, Config Rules, and the R...
Easily transform compliance to code using AWS Config, Config Rules, and the R...Easily transform compliance to code using AWS Config, Config Rules, and the R...
Easily transform compliance to code using AWS Config, Config Rules, and the R...
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:Invent 2018

  • 1.
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous Compliance for Modern Application Pipelines Aaron Richmond Partner Solution Architect Amazon Web Services G P S W S 4 0 2
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Module 1: What is continuous compliance? Module 2: AWS compliance-enabling services Module 3: Modern application pipelines Module 4: Policy into technical requirements Module 5: Comply or FRY!
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. STORY Intro
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Setup Launch stacks bit.ly/2EX0g0r
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab 1 Applications
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is continuous compliance?
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 1: What is continuous compliance? What is compliance? Why does it matter? How do I “get” it?
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 1: What is continuous compliance? DevOps Build Package DeployCI/CD
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 1: What is continuous compliance? DevSecOps Build Package Deploy Controls Controls CI/CD
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 1: What is continuous compliance? DevSecOps Build Package Deploy Controls Controls with Compliance CI/CD Continuous Compliance benchmarked
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS compliance-enabling services
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Identity and access management • Logging and monitoring • Data protection • Infrastructure security • Incident response Achieving compliance around the world with the AWS Cloud Adoption Framework core five epics Module 2: AWS compliance-enabling services • AWS Identity and Access Management (IAM), AWS Organizations, Amazon Cognito … • AWS CloudTrail, Amazon CloudWatch, Amazon GuardDuty … • KMS, Encryption, ACM, Amazon Macie … • Amazon VPC, PrivateLink, Amazon CloudFront, AWS Shield … • Amazon SNS, Lambda, AWS Shield Advanced …
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 2: AWS compliance-enabling services Set your controls AWS Identity and Access Management (IAM) Policies SCPs Amazon CloudWatch Amazon Virtual Private Cloud (Amazon VPC) NACLs/SGs Route tables PrivateLink Amazon CloudWatch Rules AWS Config RulesInfrastructure as Code AWS Service Catalog
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 2: AWS compliance-enabling services Monitor your controls AWS CloudFormation Drift Detection Amazon CloudWatch Metrics Events Amazon GuardDuty Network Findings AWS Config Change Notification AWS CloudTrail Access Resource APIs
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 2: AWS compliance-enabling services Verify your controls AWS Config AWS Artifact Services in scope Lambda Benchmark
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 2: AWS compliance-enabling services Build controls into your CI/CD AWS CodePipeline Amazon Inspector AWS Config Secure artifacts Amazon ECR AMI AWS Service Catalog AWS Systems Manager AWS X-Ray
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Modern application pipelines
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Modern applications consist of Module 3: Modern application pipelines
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Modern application pipelines support Module 3: Modern application pipelines
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab 2 Pipelines
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab 3 Continuous compliance
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Policy into technical requirements
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Monitoring and logging (enforce, monitor, respond…) Audit Program Requirement ID Description ISO 27001 A.16.1.2 Information security events shall be reported through appropriate management channels as quickly as possible. NIST 800-53 AU-6 (1) The organization employs automated mechanisms to integrate audit review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities. SOC 1 and 2 8.1 Monitoring and alarming are configured by Service Owners to identify and notify operational and management personnel of incidents when early warning thresholds are crossed on key operational metrics. HIPAA 164.308(a)(6)(ii) Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity or business associate; and document security incidents and their outcomes. IRAP 0123 The cloud vendor must direct personnel to report cyber security incidents to an ITSM as soon as possible after the cyber security incident is discovered.
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Policy P-1.0 Identify and respond to suspected or known security incidents; Standards PR-1.0.2 To configure inputs manually in inputs.conf, create a stanza using the following template and add it to $SPLUNK_HOME/etc/apps/Splunk_TA_aws/local/inputs.conf… Procedures S-1.0.1 AWS CloudTrail and AWS Config must be turned on for all AWS accounts. S-1.0.2 Every API call and access record shall be routed into company SIEM.
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Manual to automated policy Identify Implement Enforce Monitor Alert Demonstrate
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Identify specifics 1.1 Avoid the use of the "root" account 1.7 Ensure IAM password policies require at least one symbol 1.24 Ensure IAM policies that allow full "*:*" administrative privileges are not created PCI-DSS requirement 8.5 Shared user IDs do not exist for system administration and other critical functions
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Implement AWS resource configuration Least privilege Reduced scope Automation of controls Well-architected
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Enforce Easy Advanced Pre-built AWS Config rules CloudWatch Alarm on metric or filter Rule on event Advanced AWS Config rules
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Monitor AWS Config - Configuration change - Periodically GuardDuty - Findings CloudWatch - Alarm on metric, filter - Rule with event, target CloudTrail - API calls
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Alert CloudWatch SNS Topic Event Targets AWS Config SNS Topic AWS resource notifications S3 events
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 4: Policy into technical requirements Demonstrate via benchmark
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. And now …
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Comply or FRY!
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Comply or FRY! Agnes the auditor is coming to audit your startup If you fail you are going under The company's future is in your hands
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous compliance for modern application pipelines Module 1: What is continuous compliance? Module 2: AWS compliance-enabling services Module 3: Modern application pipelines Module 4: Policy into technical requirements Module 5: Comply or FRY!
  • 38. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Aaron Richmond arichmon@amazon.com
  • 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.