SlideShare a Scribd company logo

Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017

Download as PPTX, PDF
Amazon Web Services
Amazon Web Services

Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017

Technology
1 of 26
1© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 3 Security, Identity, and Access Management
2© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Physical & Environmental Security  Lock your data center.  Only provide access to those who need it.  Keep track of access.  Mount servers on racks with locks.  Have redundant utilities.  Build your data center with security in mind.
3© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Network Security  Identification & Authentication  Firewalls  Patching  Virus Protection  Encryption
4© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared Responsibility – AWS AWS Client-side Data Encryption and Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Platform, Applications, Identity and Access Management Operating System, Network and Firewall Configuration Customer Data Customer Foundation Services Compute Storage Database Network AWS Global Infrastructure Regions Availability Zones Edge Locations
5© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Physical Security 24/7 trained security staff AWS data centers in nondescript and undisclosed facilities Two-factor authentication for authorized staff Authorization for data center access
6© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Hardware, Software, and Network Automated change-control process Bastion servers that record all access attempts Firewall and other boundary devices AWS monitoring tools
7© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Certifications and Accreditations ISO 9001, ISO 27001, ISO 27017, ISO 27018, IRAP (Australia), MLPS Level 3 (China), MTCS Tier 3 Certification (Singapore) and more …
8© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. SSL Endpoints VPC Secure Transmission Establish secure communication sessions (HTTPS) using SSL/TLS. Instance Firewalls Configure firewall rules for instances using Security Groups. SSL Endpoints Security Groups Network Control In your Virtual Private Cloud, create low-level networking constraints for resource access. Public and private subnets, NAT and VPN support. SSL Endpoints
9© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Multi-Tier Security Groups HTTP SSH/RDP Ports 80 and 443 only open to the Internet Engineering staff have SSH/RDP access to Bastion Host All other internet ports blocked by default Bastion
10© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Identity and Access Management (IAM) AWS IAM 3 Manage federated users and their permissions 2 Manage AWS IAM roles and their permissions 1 Manage AWS IAM users and their access
11© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Authentication Authentication AWS Management Console  User Name and Password IAM User
12© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Authentication Access Key ID: AKIAIOSFODNN7EXAMPLE Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Java Python .NET AWS SDK & APIAWS CLI Authentication AWS CLI or SDK API  Access Key and Secret Key IAM User
13© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM User Management - Groups User D DevOps Group User C AWS Account TestDev Group User BUser A
14© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Authorization Authorization Policies:  Are JSON documents to describe permissions.  Are assigned to Users, Groups or Roles. IAM User IAM Group IAM Roles
21© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Roles - Instance Profiles Amazon EC2 App & EC2 MetaData Service http://169.254.169.254/latest/meta-data/iam/security-credentials/rolename Amazon S3 1 2 3 4 Create Instance SelectIAMRole ApplicationinteractswithS3
22© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Roles – Assume Role IAM Restricted Policy IAM User A-1 AWS Account A IAM Admin RoleIAM Admin Policy Assigned Assume Assigned 1 2 IAM User B-1 AWS Account B Amazon S3 Assume 4 Access 53 Access 1
23© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Temporary Security Credentials (AWS STS) Session Access Key Id Secret Access Key Session Token Expiration Temporary Security Credentials 15 minutes to 36 hours Use Cases Cross account access Federation Mobile Users Key rotation for Amazon EC2- based apps
24© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. sts:AssumeRole IAM Role Permissions Actual Permissions [optional] Permissions passed with AssumeRole
25© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Federation IAM federation may be used for federated access to: AWS Management Console AWS APIs Supported Identities: AWS Directory Service Microsoft Active Directory OpenID Connect (OIDC) such as Amazon Cognito and Login with Amazon SAML 2.0 AWS Directory Service Amazon Cognito
26© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Cognito Federation for Mobile Applications AWS Account AWS Region Cognito DynamoDB AWS STS User Identity Provider (Login with Amazon) Mobile Client 1 2 3 4 5 App accessed Redirect for authentication and receive an ID token Exchange ID token for Cognito token Exchange Cognito token for temporary AWS credentials Uses the temporary credentials to access AWS services
27© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Federation using SAML 2.0 AWS Account AWS Region Kinesis AWS STS Corporate Data Center User Client Application Identity Store (LDAP) Identity Provider (Portal) 1 2 3 4 5 6 7 User Login Client app request to IDP Portal sends client SAML assertion App calls AssumeRoleWithSAML AWS returns temporary security credentials App uses credentials to access AWS resource
28© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Application Authentication AWS IAM Application No Support No Support OS
30© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Best Practices Delete AWS account (root) access keys. Create individual IAM users. Use groups to assign permissions to IAM users. Grant least privilege. Configure a strong password policy. Enable MFA for privileged users.
31© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Best Practices (cont.) Use roles for applications that run on Amazon EC2 instances. Delegate by using roles instead of by sharing credentials. Rotate credentials regularly. Remove unnecessary users and credentials. Use policy conditions for extra security. Monitor activity in your AWS account.
32© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Resource-Based Policies Are an alternative to IAM and supported by some services. Grant cross-account access to your resources. Use a principal to uniquely identify account in the policy. Supported AWS services include :  Amazon S3 Bucket Policy  Amazon SNS Topic Policy  Amazon SQS Queue Policy  Amazon Glacier Vault Policy  AWS OpsWorks Stack Policy  AWS Lambda Function Policy
39© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. Errors or corrections? Email us at aws-course-feedback@amazon.com. For all other questions, contact us at: https://aws.amazon.com/contact-us/aws-training/. All trademarks are the property of their owners.

Recommended

Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesAmazon Web Services
 
Storage and Compute
Storage and ComputeStorage and Compute
Storage and ComputeAmazon Web Services
 
Networking and Security
Networking and SecurityNetworking and Security
Networking and SecurityAmazon Web Services
 
Module 2 AWS Foundational Services - AWSome Day Online Conference
Module 2 AWS Foundational Services - AWSome Day Online Conference Module 2 AWS Foundational Services - AWSome Day Online Conference
Module 2 AWS Foundational Services - AWSome Day Online Conference Amazon Web Services
 
Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Amazon Web Services
 
Security best practices
Security best practices Security best practices
Security best practices Amazon Web Services
 
AWSome Day | Tech Track
AWSome Day | Tech TrackAWSome Day | Tech Track
AWSome Day | Tech TrackAmazon Web Services
 
AWSome Day 2016 - Module 2: Infrastructure Services
AWSome Day 2016 - Module 2: Infrastructure ServicesAWSome Day 2016 - Module 2: Infrastructure Services
AWSome Day 2016 - Module 2: Infrastructure ServicesAmazon Web Services
 

Recommended

Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesAmazon Web Services
 
Storage and Compute
Storage and ComputeStorage and Compute
Storage and ComputeAmazon Web Services
 
Networking and Security
Networking and SecurityNetworking and Security
Networking and SecurityAmazon Web Services
 
Module 2 AWS Foundational Services - AWSome Day Online Conference
Module 2 AWS Foundational Services - AWSome Day Online Conference Module 2 AWS Foundational Services - AWSome Day Online Conference
Module 2 AWS Foundational Services - AWSome Day Online Conference Amazon Web Services
 
Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Amazon Web Services
 
Security best practices
Security best practices Security best practices
Security best practices Amazon Web Services
 
AWSome Day | Tech Track
AWSome Day | Tech TrackAWSome Day | Tech Track
AWSome Day | Tech TrackAmazon Web Services
 
AWSome Day 2016 - Module 2: Infrastructure Services
AWSome Day 2016 - Module 2: Infrastructure ServicesAWSome Day 2016 - Module 2: Infrastructure Services
AWSome Day 2016 - Module 2: Infrastructure ServicesAmazon Web Services
 
Cost Optimisation
Cost OptimisationCost Optimisation
Cost OptimisationAmazon Web Services
 
AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018Amazon Web Services
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesAmazon Web Services
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesIan Massingham
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWSAmazon Web Services
 
AWSome Day Intro
AWSome Day IntroAWSome Day Intro
AWSome Day IntroAmazon Web Services
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2Amazon Web Services
 
AWS Business Essentials
AWS Business EssentialsAWS Business Essentials
AWS Business EssentialsAmazon Web Services
 
AWS AWSome Day 2018 - Technical Track
AWS AWSome Day 2018 - Technical TrackAWS AWSome Day 2018 - Technical Track
AWS AWSome Day 2018 - Technical TrackTom Woodyer
 
Awsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and IntroductionAwsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and IntroductionAmazon Web Services
 
Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpaces Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpacesAmazon Web Services
 
AWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Security and compliance
Security and complianceSecurity and compliance
Security and complianceTATA LILIAN SHULIKA
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Amazon Web Services
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials DayAmazon Web Services
 
Security Innovations in the Cloud
Security Innovations in the CloudSecurity Innovations in the Cloud
Security Innovations in the CloudAmazon Web Services
 
2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharingYu-Lin Huang
 
AWSome Day Cork | Technical Track
AWSome Day Cork | Technical TrackAWSome Day Cork | Technical Track
AWSome Day Cork | Technical TrackAmazon Web Services
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarAmazon Web Services
 
Amazon EC2 Masterclass
Amazon EC2 MasterclassAmazon EC2 Masterclass
Amazon EC2 MasterclassAmazon Web Services
 
AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS
AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDSAWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS
AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDSAmazon Web Services
 

More Related Content

What's hot

Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesAmazon Web Services
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesIan Massingham
 
AWS AWSome Day 2018 - Technical Track
AWS AWSome Day 2018 - Technical TrackAWS AWSome Day 2018 - Technical Track
AWS AWSome Day 2018 - Technical TrackTom Woodyer
 
Awsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and IntroductionAwsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and IntroductionAmazon Web Services
 
Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpaces Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpacesAmazon Web Services
 
AWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAmazon Web Services
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Amazon Web Services
 
Security Innovations in the Cloud
Security Innovations in the CloudSecurity Innovations in the Cloud
Security Innovations in the CloudAmazon Web Services
 
2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharingYu-Lin Huang
 
AWSome Day Cork | Technical Track
AWSome Day Cork | Technical TrackAWSome Day Cork | Technical Track
AWSome Day Cork | Technical TrackAmazon Web Services
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarAmazon Web Services
 

What's hot (20)

Cost Optimisation
Cost OptimisationCost Optimisation
Cost Optimisation
 
AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar Series
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
 
AWSome Day Intro
AWSome Day IntroAWSome Day Intro
AWSome Day Intro
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2
 
AWS Business Essentials
AWS Business EssentialsAWS Business Essentials
AWS Business Essentials
 
AWS AWSome Day 2018 - Technical Track
AWS AWSome Day 2018 - Technical TrackAWS AWSome Day 2018 - Technical Track
AWS AWSome Day 2018 - Technical Track
 
Awsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and IntroductionAwsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and Introduction
 
Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpaces Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpaces
 
AWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and History
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Security and compliance
Security and complianceSecurity and compliance
Security and compliance
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials Day
 
Security Innovations in the Cloud
Security Innovations in the CloudSecurity Innovations in the Cloud
Security Innovations in the Cloud
 
2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing
 
AWSome Day Cork | Technical Track
AWSome Day Cork | Technical TrackAWSome Day Cork | Technical Track
AWSome Day Cork | Technical Track
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL Webinar
 

Viewers also liked

AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS
AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDSAWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS
AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDSAmazon Web Services
 
Amazon Elastic Compute Cloud (EC2) - Module 2 Part 1 - AWSome Day 2017
Amazon Elastic Compute Cloud (EC2) - Module 2 Part 1 - AWSome Day 2017Amazon Elastic Compute Cloud (EC2) - Module 2 Part 1 - AWSome Day 2017
Amazon Elastic Compute Cloud (EC2) - Module 2 Part 1 - AWSome Day 2017Amazon Web Services
 
AWSome Day 2016 - Module 3: Security, Identity, and Access Management
AWSome Day 2016 - Module 3: Security, Identity, and Access ManagementAWSome Day 2016 - Module 3: Security, Identity, and Access Management
AWSome Day 2016 - Module 3: Security, Identity, and Access ManagementAmazon Web Services
 
RDS and DynamoDB - Module 3 Part 2 - AWSome Day 2017
RDS and DynamoDB - Module 3 Part 2 - AWSome Day 2017RDS and DynamoDB - Module 3 Part 2 - AWSome Day 2017
RDS and DynamoDB - Module 3 Part 2 - AWSome Day 2017Amazon Web Services
 
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management ToolsAWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management ToolsAmazon Web Services
 
AWS TEchnical Essentials Workshop
AWS TEchnical Essentials Workshop AWS TEchnical Essentials Workshop
AWS TEchnical Essentials Workshop Muhammad Usman Khan
 
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017Amazon Web Services
 
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesDay 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesAmazon Web Services
 
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017Amazon Web Services
 
Getting Started with Amazon EC2 and AWS Compute Services
Getting Started with Amazon EC2 and AWS Compute ServicesGetting Started with Amazon EC2 and AWS Compute Services
Getting Started with Amazon EC2 and AWS Compute ServicesAmazon Web Services
 
Intro to AWS: EC2 & Compute Services
Intro to AWS: EC2 & Compute ServicesIntro to AWS: EC2 & Compute Services
Intro to AWS: EC2 & Compute ServicesAmazon Web Services
 
Introduction to Amazon Web Services
Introduction to Amazon Web ServicesIntroduction to Amazon Web Services
Introduction to Amazon Web ServicesAmazon Web Services
 

Viewers also liked (16)

Amazon EC2 Masterclass
Amazon EC2 MasterclassAmazon EC2 Masterclass
Amazon EC2 Masterclass
 
AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS
AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDSAWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS
AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS
 
AWS business essentials
AWS business essentials AWS business essentials
AWS business essentials
 
Amazon Elastic Compute Cloud (EC2) - Module 2 Part 1 - AWSome Day 2017
Amazon Elastic Compute Cloud (EC2) - Module 2 Part 1 - AWSome Day 2017Amazon Elastic Compute Cloud (EC2) - Module 2 Part 1 - AWSome Day 2017
Amazon Elastic Compute Cloud (EC2) - Module 2 Part 1 - AWSome Day 2017
 
AWSome Day 2016 - Module 3: Security, Identity, and Access Management
AWSome Day 2016 - Module 3: Security, Identity, and Access ManagementAWSome Day 2016 - Module 3: Security, Identity, and Access Management
AWSome Day 2016 - Module 3: Security, Identity, and Access Management
 
RDS and DynamoDB - Module 3 Part 2 - AWSome Day 2017
RDS and DynamoDB - Module 3 Part 2 - AWSome Day 2017RDS and DynamoDB - Module 3 Part 2 - AWSome Day 2017
RDS and DynamoDB - Module 3 Part 2 - AWSome Day 2017
 
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management ToolsAWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
 
AWS TEchnical Essentials Workshop
AWS TEchnical Essentials Workshop AWS TEchnical Essentials Workshop
AWS TEchnical Essentials Workshop
 
AWS Intro & History
AWS Intro & HistoryAWS Intro & History
AWS Intro & History
 
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
 
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesDay 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web Services
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2
 
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
 
Getting Started with Amazon EC2 and AWS Compute Services
Getting Started with Amazon EC2 and AWS Compute ServicesGetting Started with Amazon EC2 and AWS Compute Services
Getting Started with Amazon EC2 and AWS Compute Services
 
Intro to AWS: EC2 & Compute Services
Intro to AWS: EC2 & Compute ServicesIntro to AWS: EC2 & Compute Services
Intro to AWS: EC2 & Compute Services
 
Introduction to Amazon Web Services
Introduction to Amazon Web ServicesIntroduction to Amazon Web Services
Introduction to Amazon Web Services
 

Similar to Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017

Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Amazon Web Services
 
What's New in AWS Security Features
What's New in AWS Security FeaturesWhat's New in AWS Security Features
What's New in AWS Security FeaturesAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Amazon Web Services
 
Pitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewPitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewEagleDream Technologies
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeCSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountAmazon Web Services
 
HSBC and AWS Day - Security Identity and Access Management
HSBC and AWS Day - Security Identity and Access ManagementHSBC and AWS Day - Security Identity and Access Management
HSBC and AWS Day - Security Identity and Access ManagementAmazon Web Services
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Amazon Web Services
 
Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Amazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignAmazon Web Services
 
Module 3 - AWSome Day Online Conference 2018
Module 3 - AWSome Day Online Conference 2018Module 3 - AWSome Day Online Conference 2018
Module 3 - AWSome Day Online Conference 2018Amazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Simple Security for Startups
Simple Security for StartupsSimple Security for Startups
Simple Security for StartupsMark Bate
 
Simple Security for Startups
Simple Security for StartupsSimple Security for Startups
Simple Security for StartupsAWS Germany
 

Similar to Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017 (20)

Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
 
What's New in AWS Security Features
What's New in AWS Security FeaturesWhat's New in AWS Security Features
What's New in AWS Security Features
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
 
Pitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewPitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overview
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in Practice
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeCSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
HSBC and AWS Day - Security Identity and Access Management
HSBC and AWS Day - Security Identity and Access ManagementHSBC and AWS Day - Security Identity and Access Management
HSBC and AWS Day - Security Identity and Access Management
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
 
Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
 
Module 3 - AWSome Day Online Conference 2018
Module 3 - AWSome Day Online Conference 2018Module 3 - AWSome Day Online Conference 2018
Module 3 - AWSome Day Online Conference 2018
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Simple Security for Startups
Simple Security for StartupsSimple Security for Startups
Simple Security for Startups
 
Simple Security for Startups
Simple Security for StartupsSimple Security for Startups
Simple Security for Startups
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Recently uploaded (20)

Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017

  • 1. 1© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 3 Security, Identity, and Access Management
  • 2. 2© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Physical & Environmental Security  Lock your data center.  Only provide access to those who need it.  Keep track of access.  Mount servers on racks with locks.  Have redundant utilities.  Build your data center with security in mind.
  • 3. 3© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Network Security  Identification & Authentication  Firewalls  Patching  Virus Protection  Encryption
  • 4. 4© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared Responsibility – AWS AWS Client-side Data Encryption and Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Platform, Applications, Identity and Access Management Operating System, Network and Firewall Configuration Customer Data Customer Foundation Services Compute Storage Database Network AWS Global Infrastructure Regions Availability Zones Edge Locations
  • 5. 5© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Physical Security 24/7 trained security staff AWS data centers in nondescript and undisclosed facilities Two-factor authentication for authorized staff Authorization for data center access
  • 6. 6© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Hardware, Software, and Network Automated change-control process Bastion servers that record all access attempts Firewall and other boundary devices AWS monitoring tools
  • 7. 7© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Certifications and Accreditations ISO 9001, ISO 27001, ISO 27017, ISO 27018, IRAP (Australia), MLPS Level 3 (China), MTCS Tier 3 Certification (Singapore) and more …
  • 8. 8© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. SSL Endpoints VPC Secure Transmission Establish secure communication sessions (HTTPS) using SSL/TLS. Instance Firewalls Configure firewall rules for instances using Security Groups. SSL Endpoints Security Groups Network Control In your Virtual Private Cloud, create low-level networking constraints for resource access. Public and private subnets, NAT and VPN support. SSL Endpoints
  • 9. 9© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Multi-Tier Security Groups HTTP SSH/RDP Ports 80 and 443 only open to the Internet Engineering staff have SSH/RDP access to Bastion Host All other internet ports blocked by default Bastion
  • 10. 10© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Identity and Access Management (IAM) AWS IAM 3 Manage federated users and their permissions 2 Manage AWS IAM roles and their permissions 1 Manage AWS IAM users and their access
  • 11. 11© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Authentication Authentication AWS Management Console  User Name and Password IAM User
  • 12. 12© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Authentication Access Key ID: AKIAIOSFODNN7EXAMPLE Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Java Python .NET AWS SDK & APIAWS CLI Authentication AWS CLI or SDK API  Access Key and Secret Key IAM User
  • 13. 13© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM User Management - Groups User D DevOps Group User C AWS Account TestDev Group User BUser A
  • 14. 14© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Authorization Authorization Policies:  Are JSON documents to describe permissions.  Are assigned to Users, Groups or Roles. IAM User IAM Group IAM Roles
  • 15. 21© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Roles - Instance Profiles Amazon EC2 App & EC2 MetaData Service http://169.254.169.254/latest/meta-data/iam/security-credentials/rolename Amazon S3 1 2 3 4 Create Instance SelectIAMRole ApplicationinteractswithS3
  • 16. 22© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Roles – Assume Role IAM Restricted Policy IAM User A-1 AWS Account A IAM Admin RoleIAM Admin Policy Assigned Assume Assigned 1 2 IAM User B-1 AWS Account B Amazon S3 Assume 4 Access 53 Access 1
  • 17. 23© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Temporary Security Credentials (AWS STS) Session Access Key Id Secret Access Key Session Token Expiration Temporary Security Credentials 15 minutes to 36 hours Use Cases Cross account access Federation Mobile Users Key rotation for Amazon EC2- based apps
  • 18. 24© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. sts:AssumeRole IAM Role Permissions Actual Permissions [optional] Permissions passed with AssumeRole
  • 19. 25© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Federation IAM federation may be used for federated access to: AWS Management Console AWS APIs Supported Identities: AWS Directory Service Microsoft Active Directory OpenID Connect (OIDC) such as Amazon Cognito and Login with Amazon SAML 2.0 AWS Directory Service Amazon Cognito
  • 20. 26© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Cognito Federation for Mobile Applications AWS Account AWS Region Cognito DynamoDB AWS STS User Identity Provider (Login with Amazon) Mobile Client 1 2 3 4 5 App accessed Redirect for authentication and receive an ID token Exchange ID token for Cognito token Exchange Cognito token for temporary AWS credentials Uses the temporary credentials to access AWS services
  • 21. 27© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Federation using SAML 2.0 AWS Account AWS Region Kinesis AWS STS Corporate Data Center User Client Application Identity Store (LDAP) Identity Provider (Portal) 1 2 3 4 5 6 7 User Login Client app request to IDP Portal sends client SAML assertion App calls AssumeRoleWithSAML AWS returns temporary security credentials App uses credentials to access AWS resource
  • 22. 28© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Application Authentication AWS IAM Application No Support No Support OS
  • 23. 30© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Best Practices Delete AWS account (root) access keys. Create individual IAM users. Use groups to assign permissions to IAM users. Grant least privilege. Configure a strong password policy. Enable MFA for privileged users.
  • 24. 31© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Best Practices (cont.) Use roles for applications that run on Amazon EC2 instances. Delegate by using roles instead of by sharing credentials. Rotate credentials regularly. Remove unnecessary users and credentials. Use policy conditions for extra security. Monitor activity in your AWS account.
  • 25. 32© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Resource-Based Policies Are an alternative to IAM and supported by some services. Grant cross-account access to your resources. Use a principal to uniquely identify account in the policy. Supported AWS services include :  Amazon S3 Bucket Policy  Amazon SNS Topic Policy  Amazon SQS Queue Policy  Amazon Glacier Vault Policy  AWS OpsWorks Stack Policy  AWS Lambda Function Policy
  • 26. 39© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. Errors or corrections? Email us at aws-course-feedback@amazon.com. For all other questions, contact us at: https://aws.amazon.com/contact-us/aws-training/. All trademarks are the property of their owners.