Security Overview

1,347 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,347
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
40
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Security Overview

  1. 1. Security in the AWS Cloud Steve Riley steriley@amazon.com @steveriley @awscloud http://stvrly.wordpress.com
  2. 2. Amazon Web Services: 4 regions Amazon CloudFront: 16 edge locations (including NY!)
  3. 3. Amazon S3 Amazon SimpleDB ++ ++ Amazon RDS (multi AZ) Amazon EBS Amazon RDS (one AZ) ++ Amazon EC2
  4. 4. 0 0 0 00 0 00 0 0 0 00 0 0 0 / ///// // / / / // / / /
  5. 5. Customer only Customer 1 Customer 2 … Customer n SSH, ID/pw, X.509 Root/admin control Customer 1 virtual interfaces Customer 2 virtual interfaces … Customer n virtual interfaces Customer only Inbound flows Default deny Customer 1 security groups Customer 2 security groups … Customer n security groups AWS firewall AWS admins only Hypervisor layer SSH via bastions Audits reviewed Physical interfaces
  6. 6. Web tier Application tier Database tier HTTP/HTTPS SSH/RDP management SSH/RDP management from Internet from corpnet from corpnet, vendor SSH/RDP management from corpnet
  7. 7. ec2-authorize WebSG -P tcp -p 80 -s 0.0.0.0/0 ec2-authorize WebSG -P tcp -p 443 -s 0.0.0.0/0 ec2-authorize WebSG -P tcp -p 22|3389 -s CorpNet ec2-authorize AppSG -P prot -p AppPortRange -o WebSG ec2-authorize AppSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG -P prot -p DBPortRange -o AppSG ec2-authorize DBSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG -P tcp -p 22|3389 -s Vendor
  8. 8. Your VPC Amazon Web Services Cloud IPsec tunnel mode 128-bit AES, SHA-1, PFS, BGP Your corporate network
  9. 9. Currently • EC2 on-demand and reserved • EBS • CloudWatch • Linux/Unix and Windows • US-East, EU-West Your VPC Upcoming Amazon • >1 AZ, >1 router Web Services • Outbound Internet Cloud • Elastic IPs • Elastic Load Balancing • Autoscaling Your corporate network • DevPay • Inter-subnet security groups
  10. 10. • Read • Write • Full •Read •Write •Full “Key” = name of object
  11. 11. Compliance • Sarbanes-Oxley Act – Ongoing • HIPAA – Current customer deployments – Whitepaper describes the specifics • SAS 70 type II – Second audit complete – Physical security, access controls, change management, operations • ISO 27001 – In progress
  12. 12. Thank you very much! Steve Riley steriley@amazon.com @steveriley @awscloud http://stvrly.wordpress.com

×