Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Getting started - Protect your applications in under 30 mins

62 views

Published on

In this demo-driven session, you will learn how to enable standard protection for your applications within minutes in 5 simple steps. You will learn about how to enable AWS WAF, deploy best practice WAF rulesets, and finally, use Firewall Manager to consistently protect all applications across your organization.

  • Be the first to comment

  • Be the first to like this

Getting started - Protect your applications in under 30 mins

  1. 1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Shawn Marck, AWS Perimeter Protection March, 2019 Getting Started Protect your applications in under 30 minutes
  2. 2. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Five simple steps AWS Shield Standard Automatically protects all AWS services against common DDoS attacks AWS Shield Advanced Managed DDoS protection for additional protection, visibility and access to 24X7 DRT
  3. 3. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Five simple steps 1. Ensure all internet-facing resources are registered as Protected Resources in AWS Shield Advanced.
  4. 4. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Five simple steps Classic Load Balancer Amazon Route 53 Application Load Balancer Amazon CloudFront Network Load Balancer Elastic IPAddress
  5. 5. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Five simple steps 1. Ensure all internet-facing resources are registered as Protected Resources in AWS Shield Advanced.
  6. 6. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Five simple steps 1. Ensure all internet-facing resources are registered as Protected Resources in AWS Shield Advanced. 2. Protect web applications with Amazon CloudFront and Amazon Route 53.
  7. 7. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Five simple steps
  8. 8. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Five simple steps 1. Ensure all internet-facing resources are registered as Protected Resources in AWS Shield Advanced. 2. Protect web applications with Amazon CloudFront and Amazon Route 53.
  9. 9. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Five simple steps 1. Ensure all internet-facing resources are registered as Protected Resources in AWS Shield Advanced. 2. Protect web applications with Amazon CloudFront and Amazon Route 53. 3. Use AWS WAF and Rate-Based Rules to mitigate application layer attacks.
  10. 10. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DDoS Resilient Architecture Amazon Route 53 ALB Security Group Amazon EC2 Instances Application Load Balancer Amazon CloudFront Public Subnet Web Application Security Group Private Subnet AWS WAF Amazon API Gateway DDoS Attack Users
  11. 11. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Five simple steps 1. Ensure all internet-facing resources are registered as Protected Resources in AWS Shield Advanced. 2. Protect web applications with Amazon CloudFront and Amazon Route 53. 3. Use AWS WAF and Rate-Based Rules to mitigate application layer attacks. 4. Monitor relevant CloudWatch metrics.
  12. 12. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudWatch metrics
  13. 13. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Five simple steps 1. Ensure all internet-facing resources are registered as Protected Resources in AWS Shield Advanced. 2. Protect web applications with Amazon CloudFront and Amazon Route 53. 3. Use AWS WAF and Rate-Based Rules to mitigate application layer attacks. 4. Monitor relevant CloudWatch metrics.
  14. 14. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Five simple steps 1. Ensure all internet-facing resources are registered as Protected Resources in AWS Shield Advanced. 2. Protect web applications with Amazon CloudFront and Amazon Route 53. 3. Use AWS WAF and Rate-Based Rules to mitigate application layer attacks. 4. Monitor relevant CloudWatch metrics. 5. Prepare to engage with the AWS DDoS Response Team (DRT).
  15. 15. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Simple Demo
  16. 16. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Additional Resources Item link AWS Shield – service page https://aws.amazon.com/shield/ Documentation https://aws.amazon.com/documentation/shield/ AWS Re:Invent 2017: Automating DDoS Response in the Cloud https://www.youtube.com/watch?v=6pQ3j4IcpY8 AWS Security Blog Tag: DDoS https://aws.amazon.com/blogs/security/tag/ddos/ AWS WAF – service page https://aws.amazon.com/waf/ AWS Firewall Manager – service page https://aws.amazon.com/firewall-manager/ AWS WAF partner for managed rules https://aws.amazon.com/mp/security/WAFManagedRules/
  17. 17. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! https://aws.amazon.com/shield/

×