Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Securing The AWS Cloud, Steve Riley, AWS Events, April 2010

8,256 views

Published on

Steve Riley, AWS Evangelist presents on Securing the AWS Cloud at the Enterprise event - San Francisco and Start-up event - Sunnyvale in April 2010.

Published in: Technology

Securing The AWS Cloud, Steve Riley, AWS Events, April 2010

  1. 1. Securing the AWS Cloud Steve Riley [email_address] @steveriley @awscloud http://stvrly.wordpress.com
  2. 2. Amazon EC2 Amazon S3 Amazon CloudFront
  3. 5. Amazon EC2 Amazon S3 Amazon CloudFront
  4. 11. Amazon S3 Amazon SimpleDB Amazon EBS Amazon RDS Amazon EC2 ++ ++ ++
  5. 12. … … … AWS admins only SSH via bastions Audits reviewed Customer only Inbound flows Default deny Customer only SSH, ID/pw, X.509 Root/admin control Hypervisor layer Physical interfaces AWS firewall Customer 1 security groups Customer 2 security groups Customer n security groups Customer 1 virtual interfaces Customer 2 virtual interfaces Customer n virtual interfaces Customer 1 Customer 2 Customer n
  6. 13. 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 / / / / / / / / / / / / / / / /
  7. 14. Web tier Application tier Database tier HTTP/HTTPS from Internet SSH/RDP management from corpnet SSH/RDP management from corpnet, vendor
  8. 15. ec2-authorize WebSG -P tcp -p 80 -s 0.0.0.0/0 ec2-authorize WebSG -P tcp -p 443 -s 0.0.0.0/0 ec2-authorize AppSG -P tcp -p AppPort -o WebSG ec2-authorize AppSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG -P tcp -p DBPort -o AppSG ec2-authorize DBSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG -P tcp -p 22|3389 -s Vendor
  9. 16. Your corporate network Amazon Web Services Cloud Your VPC
  10. 17. <ul><li>Currently </li></ul><ul><li>EC2 on-demand and reserved </li></ul><ul><li>EBS </li></ul><ul><li>CloudWatch </li></ul><ul><li>Linux/Unix and Windows </li></ul><ul><li>Upcoming </li></ul><ul><li>Outbound Internet </li></ul><ul><li>Elastic IPs </li></ul><ul><li>Elastic Load Balancing </li></ul><ul><li>Autoscaling </li></ul><ul><li>DevPay </li></ul><ul><li>>1 AZ, >1 router </li></ul><ul><li>Inter-subnet security groups </li></ul>Your corporate network Amazon Web Services Cloud Your VPC
  11. 18. “ Key” = name of object <ul><li>Read </li></ul><ul><li>Write </li></ul><ul><li>Full </li></ul><ul><li>Read </li></ul><ul><li>Write </li></ul><ul><li>Full </li></ul>
  12. 21. Compliance <ul><li>Sarbanes-Oxley Act </li></ul><ul><ul><li>Ongoing </li></ul></ul><ul><li>HIPAA </li></ul><ul><ul><li>Current customer deployments </li></ul></ul><ul><ul><li>Whitepaper describes the specifics </li></ul></ul><ul><li>SAS 70 type II </li></ul><ul><ul><li>Complete </li></ul></ul><ul><ul><li>Physical security, access controls, change management, operations </li></ul></ul>
  13. 23. Thank you very much! Steve Riley [email_address] @steveriley @awscloud http://stvrly.wordpress.com

×