SlideShare a Scribd company logo

AWS Lambda Security Operations

Amazon Web Services
Amazon Web Services

This document discusses using AWS Lambda for security operations like auditing, monitoring, and remediation. It provides examples of how AWS Lambda functions can be triggered by events from services like AWS CloudTrail, CloudWatch Logs, and VPC Flow Logs to filter logs and alerts. Lambda functions can also use AWS APIs to perform automated remediation steps. The document includes demos of architectures that apply these patterns.

1 of 41
Download to read offline
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Using AWS Lambda as a Security Team A n d r e w B a i r d B r i t t a n y D o n c a s t e r S I D 3 0 1 N o v e m b e r 2 7 , 2 0 1 7
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Topics Overview + demo Auditing + demo Monitoring + demo Remediation + demo
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Engineering
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Engineering
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cost-effective and efficient No infrastructure to manage Pay only for what you use Bring your own code Productivity-focused compute service to build powerful, dynamic, modular applications in the cloud Run code in standard languages Focus on business logic Benefits of AWS Lambda 1 2 3
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Lambda: Run Code in Response to Events FUNCTION SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state Node Python Java C# EVENT SOURCE
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auditing
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auditing—Typical Goals • What is the state now? • When did the state change? • Who last updated the record of state? • How can I trust this record of state? Auditing—Typical Instrumentation • Log archiving • CMDB • Change-Review Board • Tight access control
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Immutable • Coupled with reality • Compliance-focused • Manually/process-generated • Inaccurate/out-of-date • Noise > signal W h a t t h e y s h o u l d n o t b e W h a t t h e y s h o u l d b e Audit Logs
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auditing—re:Focus Why typical goals/instrumentation now falls short: Has the environment changed since I last reviewed it? Yes No What changed? You were eaten by a grue. ALL THE THINGS!!!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Modernizing your audit strategy: • Event-driven • Scale through code • Programmatic decisions Auditing—re:Focus (cont'd.) Does this resource (or type of resource) affect my state of compliance? Yes Is the change compliant? No Archive the Logs No Yes
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A W S C o n f i g a n d A W S C o n f i g R u l e s AWS Cl oud Trai l and Amazon Cl oud Watch L ogs Active Auditing with AWS Lambda
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudTrail
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudWatch Logs Subscriptions
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config & AWS Config Rules A continuous recording and continuous assessment service Changing resources AWS Config Config Rules History, Snapshot Notifications API Access Normalized Answer the questions: How are my resources configured over time? Is a change that just occurred to a resource, compliant?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Lambda as Auditor App Account 1 App Account n Security Team Account
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo Architecture AWS Config AWS Lambda function Amazon EC2 instance security group
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Recap: Auditing • Enable CloudTrail and AWS Config in all regions • Subscribe to audit-relevant logs in Amazon CloudWatch Logs • Persist in Amazon S3/Amazon Glacier (make immutable) • Audit logs play an active role in security operations (via Lambda!) BONUS: check out Cloud Custodian from Capital One! https://developer.capitalone.com/opensource-projects/cloud-custodian
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitoring
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitoring So you have an SOC… • Monitoring tools and ‘connectors’ • People watching screens, waiting for alerts How much insight are you really getting?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Types of Monitoring in AWS Amazon CloudWatch AWS CloudTrail Logs Events VPC Flow Logs
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Patterns for Monitoring—CloudWatch Lambda function Add Context Filter Integration with other tools CloudWatch Events CloudWatch Logs
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Patterns for Monitoring—CloudTrail AWS CloudTrail Lambda function Amazon S3 Bucket Add Context Filter Log Delivery Notification Integration with other tools
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Patterns for Monitoring—VPC Flow Logs virtual private cloud Amazon CloudWatch Lambda function VPC Flow Logs Subscription Integration with other tools Add Context Filter
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Patterns for Monitoring—Macie CloudWatch Events Lambda function
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo Architecture virtual private cloud Amazon CloudWatch Lambda function VPC Flow Logs Subscription Integration with other tools Amazon Kinesis Firehose https://aws.amazon.com/blogs/security/how-to-visualize-and-refine-your-networks-security-by-adding-security-group-ids-to-your-vpc-flow-logs/ Ingest to Visualization Tool Amazon ES
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Recap: Monitoring • You can still use your existing tool sets • Lambda helps filter and add context to alerts
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Remediation
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Remediation
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Remediation $$ Scale Cost Speed
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Patterns for Remediation Amazon CloudWatch AWS CloudTrail VPC Flow logs AWS Config Lambda function AWS APIs AWS WAF
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Remediation Patterns What if the problem is on an Amazon EC2 Instance? • Asynchronously execute commands • No need to SSH/RDP • Commands and output logged Lambda function Amazon EC2 Systems Manager - Run Command EC2 Instances
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. If One Lambda Just Won’t Do… AWS Step Functions …makes it easy to coordinate multiple Lambda functions and visualize the execution
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Coordination of Lambda Visualize in the console Define in JSON Monitor executions
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo Architecture Amazon CloudWatch Lambda function AWS APIs
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Recap: Remediation • Automate remediation steps where possible • For Amazon EC2 access during remediation, use Run Command • If multiple steps are involved for remediation, use AWS Step Functions for coordination
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Recommended

SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
 
GPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaGPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaAmazon Web Services
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureAmazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
SRV213-Thirty Serverless Architectures in 30 Minutes
SRV213-Thirty Serverless Architectures in 30 MinutesSRV213-Thirty Serverless Architectures in 30 Minutes
SRV213-Thirty Serverless Architectures in 30 MinutesAmazon Web Services
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadAmazon Web Services
 
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...Amazon Web Services
 

Recommended

SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
 
GPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaGPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaAmazon Web Services
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureAmazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
SRV213-Thirty Serverless Architectures in 30 Minutes
SRV213-Thirty Serverless Architectures in 30 MinutesSRV213-Thirty Serverless Architectures in 30 Minutes
SRV213-Thirty Serverless Architectures in 30 MinutesAmazon Web Services
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadAmazon Web Services
 
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...Amazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSAmazon Web Services
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
 
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfWPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfAmazon Web Services
 
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Amazon Web Services
 
SID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWSSID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWSAmazon Web Services
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWSAmazon Web Services
 
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfWIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfAmazon Web Services
 
ENT315_Landing Zones
ENT315_Landing ZonesENT315_Landing Zones
ENT315_Landing ZonesAmazon Web Services
 
Application Performance Management on AWS
Application Performance Management on AWSApplication Performance Management on AWS
Application Performance Management on AWSAmazon Web Services
 
SID402_An AWS Security Odyssey
SID402_An AWS Security OdysseySID402_An AWS Security Odyssey
SID402_An AWS Security OdysseyAmazon Web Services
 
SRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationSRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationAmazon Web Services
 
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...Amazon Web Services
 
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineWIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineAmazon Web Services
 
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...Amazon Web Services
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...Amazon Web Services
 
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesGPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesAmazon Web Services
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
 
What's New in Serverless - SRV305 - re:Invent 2017
What's New in Serverless - SRV305 - re:Invent 2017What's New in Serverless - SRV305 - re:Invent 2017
What's New in Serverless - SRV305 - re:Invent 2017Amazon Web Services
 
Introduction to the Serverless Cloud
Introduction to the Serverless CloudIntroduction to the Serverless Cloud
Introduction to the Serverless CloudAmazon Web Services
 

More Related Content

What's hot

Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSAmazon Web Services
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
 
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfWPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfAmazon Web Services
 
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Amazon Web Services
 
SID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWSSID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWSAmazon Web Services
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWSAmazon Web Services
 
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfWIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfAmazon Web Services
 
Application Performance Management on AWS
Application Performance Management on AWSApplication Performance Management on AWS
Application Performance Management on AWSAmazon Web Services
 
SRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationSRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationAmazon Web Services
 
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...Amazon Web Services
 
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineWIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineAmazon Web Services
 
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...Amazon Web Services
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...Amazon Web Services
 
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesGPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesAmazon Web Services
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
 

What's hot (20)

Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWS
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
 
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfWPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
 
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017
 
SID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWSSID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWS
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
 
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfWIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
 
ENT315_Landing Zones
ENT315_Landing ZonesENT315_Landing Zones
ENT315_Landing Zones
 
Application Performance Management on AWS
Application Performance Management on AWSApplication Performance Management on AWS
Application Performance Management on AWS
 
SID402_An AWS Security Odyssey
SID402_An AWS Security OdysseySID402_An AWS Security Odyssey
SID402_An AWS Security Odyssey
 
SRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationSRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and Authorization
 
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
 
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineWIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
 
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
 
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesGPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
 

Similar to AWS Lambda Security Operations

What's New in Serverless - SRV305 - re:Invent 2017
What's New in Serverless - SRV305 - re:Invent 2017What's New in Serverless - SRV305 - re:Invent 2017
What's New in Serverless - SRV305 - re:Invent 2017Amazon Web Services
 
Introduction to the Serverless Cloud
Introduction to the Serverless CloudIntroduction to the Serverless Cloud
Introduction to the Serverless CloudAmazon Web Services
 
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017Amazon Web Services
 
Serverless: State of The Union I AWS Dev Day 2018
Serverless: State of The Union I AWS Dev Day 2018Serverless: State of The Union I AWS Dev Day 2018
Serverless: State of The Union I AWS Dev Day 2018AWS Germany
 
How to Build Scalable Serverless Applications
How to Build Scalable Serverless ApplicationsHow to Build Scalable Serverless Applications
How to Build Scalable Serverless ApplicationsAmazon Web Services
 
CON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized ServicesCON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized ServicesAmazon Web Services
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017Amazon Web Services
 
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017Amazon Web Services
 
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...Amazon Web Services
 
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Amazon Web Services
 
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...Amazon Web Services
 
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsMSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsAmazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...
SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...
SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...Amazon Web Services
 
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAmazon Web Services
 
Serverless Architecture Patterns
Serverless Architecture PatternsServerless Architecture Patterns
Serverless Architecture PatternsAmazon Web Services
 

Similar to AWS Lambda Security Operations (20)

What's New in Serverless - SRV305 - re:Invent 2017
What's New in Serverless - SRV305 - re:Invent 2017What's New in Serverless - SRV305 - re:Invent 2017
What's New in Serverless - SRV305 - re:Invent 2017
 
Introduction to the Serverless Cloud
Introduction to the Serverless CloudIntroduction to the Serverless Cloud
Introduction to the Serverless Cloud
 
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
Monitoring and Troubleshooting in a Serverless World - SRV303 - re:Invent 2017
 
Serverless: State of The Union I AWS Dev Day 2018
Serverless: State of The Union I AWS Dev Day 2018Serverless: State of The Union I AWS Dev Day 2018
Serverless: State of The Union I AWS Dev Day 2018
 
Serverless - State of the Union
Serverless - State of the UnionServerless - State of the Union
Serverless - State of the Union
 
How to Build Scalable Serverless Applications
How to Build Scalable Serverless ApplicationsHow to Build Scalable Serverless Applications
How to Build Scalable Serverless Applications
 
CON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized ServicesCON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized Services
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
 
What's New in Serverless
What's New in ServerlessWhat's New in Serverless
What's New in Serverless
 
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
 
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...
End-User Computing on AWS with Amazon WorkSpaces and Amazon AppStream 2.0 - E...
 
Getting started with AWS
Getting started with AWSGetting started with AWS
Getting started with AWS
 
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
 
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
 
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsMSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
 
SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...
SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...
SRV331_Build a Multi-Region Serverless Application for Resilience and High Av...
 
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
 
Serverless Architecture Patterns
Serverless Architecture PatternsServerless Architecture Patterns
Serverless Architecture Patterns
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS Lambda Security Operations

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Using AWS Lambda as a Security Team A n d r e w B a i r d B r i t t a n y D o n c a s t e r S I D 3 0 1 N o v e m b e r 2 7 , 2 0 1 7
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Topics Overview + demo Auditing + demo Monitoring + demo Remediation + demo
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Engineering
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Engineering
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cost-effective and efficient No infrastructure to manage Pay only for what you use Bring your own code Productivity-focused compute service to build powerful, dynamic, modular applications in the cloud Run code in standard languages Focus on business logic Benefits of AWS Lambda 1 2 3
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Lambda: Run Code in Response to Events FUNCTION SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state Node Python Java C# EVENT SOURCE
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auditing
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auditing—Typical Goals • What is the state now? • When did the state change? • Who last updated the record of state? • How can I trust this record of state? Auditing—Typical Instrumentation • Log archiving • CMDB • Change-Review Board • Tight access control
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Immutable • Coupled with reality • Compliance-focused • Manually/process-generated • Inaccurate/out-of-date • Noise > signal W h a t t h e y s h o u l d n o t b e W h a t t h e y s h o u l d b e Audit Logs
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auditing—re:Focus Why typical goals/instrumentation now falls short: Has the environment changed since I last reviewed it? Yes No What changed? You were eaten by a grue. ALL THE THINGS!!!
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Modernizing your audit strategy: • Event-driven • Scale through code • Programmatic decisions Auditing—re:Focus (cont'd.) Does this resource (or type of resource) affect my state of compliance? Yes Is the change compliant? No Archive the Logs No Yes
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A W S C o n f i g a n d A W S C o n f i g R u l e s AWS Cl oud Trai l and Amazon Cl oud Watch L ogs Active Auditing with AWS Lambda
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudTrail
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudWatch Logs Subscriptions
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config & AWS Config Rules A continuous recording and continuous assessment service Changing resources AWS Config Config Rules History, Snapshot Notifications API Access Normalized Answer the questions: How are my resources configured over time? Is a change that just occurred to a resource, compliant?
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Lambda as Auditor App Account 1 App Account n Security Team Account
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo Architecture AWS Config AWS Lambda function Amazon EC2 instance security group
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Recap: Auditing • Enable CloudTrail and AWS Config in all regions • Subscribe to audit-relevant logs in Amazon CloudWatch Logs • Persist in Amazon S3/Amazon Glacier (make immutable) • Audit logs play an active role in security operations (via Lambda!) BONUS: check out Cloud Custodian from Capital One! https://developer.capitalone.com/opensource-projects/cloud-custodian
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitoring
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitoring So you have an SOC… • Monitoring tools and ‘connectors’ • People watching screens, waiting for alerts How much insight are you really getting?
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Types of Monitoring in AWS Amazon CloudWatch AWS CloudTrail Logs Events VPC Flow Logs
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Patterns for Monitoring—CloudWatch Lambda function Add Context Filter Integration with other tools CloudWatch Events CloudWatch Logs
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Patterns for Monitoring—CloudTrail AWS CloudTrail Lambda function Amazon S3 Bucket Add Context Filter Log Delivery Notification Integration with other tools
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Patterns for Monitoring—VPC Flow Logs virtual private cloud Amazon CloudWatch Lambda function VPC Flow Logs Subscription Integration with other tools Add Context Filter
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Patterns for Monitoring—Macie CloudWatch Events Lambda function
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo Architecture virtual private cloud Amazon CloudWatch Lambda function VPC Flow Logs Subscription Integration with other tools Amazon Kinesis Firehose https://aws.amazon.com/blogs/security/how-to-visualize-and-refine-your-networks-security-by-adding-security-group-ids-to-your-vpc-flow-logs/ Ingest to Visualization Tool Amazon ES
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Recap: Monitoring • You can still use your existing tool sets • Lambda helps filter and add context to alerts
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Remediation
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Remediation
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Remediation $$ Scale Cost Speed
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Patterns for Remediation Amazon CloudWatch AWS CloudTrail VPC Flow logs AWS Config Lambda function AWS APIs AWS WAF
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Remediation Patterns What if the problem is on an Amazon EC2 Instance? • Asynchronously execute commands • No need to SSH/RDP • Commands and output logged Lambda function Amazon EC2 Systems Manager - Run Command EC2 Instances
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. If One Lambda Just Won’t Do… AWS Step Functions …makes it easy to coordinate multiple Lambda functions and visualize the execution
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Coordination of Lambda Visualize in the console Define in JSON Monitor executions
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo Architecture Amazon CloudWatch Lambda function AWS APIs
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Recap: Remediation • Automate remediation steps where possible • For Amazon EC2 access during remediation, use Run Command • If multiple steps are involved for remediation, use AWS Step Functions for coordination
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!