SlideShare a Scribd company logo

2019 community day__chennai_aws_secrets_manager_v0.1.pptx

V
VijayaNirmalaGopal

AWS Secrets Manager presentation on Best Practices, use cases on Amazon Web Services, Secrets Manager, ansible, CI CD, Automation

Technology
1 of 27
Download to read offline
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager - Best Practices & Use cases Vijaya Nirmala Gopal
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Vijaya Nirmala Gopal (Nirmala) DevOps Solutions Lead - Cloud, Sonata Software Limited https://cloudgoddess.blogspot.com/ Ansible Galaxy Contributor
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ❏ AWS Secrets Manager Overview ❏ Top security threats with Credentials ❏ Overlooked Risks ❏ Use case for the day ❏ With Infrastructure as Code ❏ For Configuration Management Solution ❏ Logging/Monitoring - Cloudwatch ❏ Auditing - CloudTrail ❏ Notifications - SNS ❏ Quick compare ❏ Extra Bits Agenda
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager – Key Features ❏ Secret Rotation with KMS ❏ Automatic password generator [aws cli] ❏ Pay as you go; No upfront or setup cost ❏ Fine grained access using IAM policies ❏ Use secrets for workloads handling Compliance data like HIPPA, PCI-DSS, ISO/xxx ❏ Audit/Monitor Secrets in AWS
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Overlooked Risks ??? Shared by Teri Radichel, CEO, 2nd Sight Lab, AWS Community Hero
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Shared by Teri Radichel, CEO, 2nd Sight Lab, AWS Community Hero ❏ Risk Assessments shows below reasons against credentials misuse ❏ Open network ports ❏ Broad permissions for Application(s) ❏ Wider privileges for IAM user ❏ Unprotected keys and credentials
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use case - AWS Secrets Manager
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager - Permissions Essential Permissions – AWS SM
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager - AWS CLI Creation & Retrieval of secrets
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure provisioning - Use cases How efficient is secrets with Cloudformation ● Use resolve tag to fetch or refer the secrets from Secrets Manager {{resolve:secretsmanager:secret-id:secret-string:json-key:version-stage:version-id}} “MasterPassword”: ‘{{ resolve:secretsmanager:RDS-master-password:SecretString:password}}’
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure provisioning - Use cases How efficient is secrets with Terraform ● Use terraform module ‘aws_secretsmanager_secret’ and ‘aws_secretsmanager_secret_version’ create secrets ● Use output to view the secrets ● AWS CLI for fetching the secrets in user_data
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Configuration Management - Use cases How secrets fit with Ansible ❏ Ansible aws_secret - Lookup plugin for secrets manager ❏ Use & register with CLI
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Configuration Management - Use cases Fetch using AWS CLI
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Configuration Management - Use cases Fetch using API(ex. Python)
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secret Manager – with Lambda Fetch and use with Lambda
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auditing Secrets Usage - CloudTrail
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudTrail - Delete ❏ what happens on Delete ❏ Be known to mischievous actions ❏ Take back the decision in 7 days ❏ Check integrity by running regressions
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitoring/Logging Secrets - CloudWatch ❏ API calls made ❏ Access error messages ❏ Analyze and action of unused or un-rotated secrets
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SNS - AWS Secrets Manager Get alerted on actions or customize triggers for alert ❏ On Delete ❏ On permission denied to track suspicious access ❏ API Calls ❏ Other scenarios
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager – Cost Explorer
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Comparison with other options AWS SSM Parameter store ❏ Rotate with custom Lambda ❏ Lambda creation and maintenance ❏ No Cross account access ❏ S3 - In Rest & Transit Encrypted texts ❏ Ansible Vault or Hashicorp ❏ VM or Instance ❏ Custom made mechanism to rotate AWS Secrets Manager ❏ All secrets are encrypted ❏ Built in Lambda to rotate secrets ❏ Billed per secret stored and API calls ❏ Integration password rotation ❏ Random password generation
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step Ahead - git-secrets Access Keys/Credentials in Git Repos ❏ scrutinize the most valuable targets ❏ prevents keys/credentials anywhere in/into repos ❏ Add as Jenkins job to checkout repos dynamically and scan and report
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step 1: Clone git-secrets repo into Target Instance(EC2 or VM) Step 2: Install git-secrets
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step 3: Install register and view patterns Step 4: Add sample file scan for keys or patterns
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step 5: Block the commits for files not compliant with patterns allowed
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Recommended

AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...Amazon Web Services
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAmazon Web Services
 
Understanding AWS Secrets Manager - AWS Online Tech Talks
Understanding AWS Secrets Manager - AWS Online Tech TalksUnderstanding AWS Secrets Manager - AWS Online Tech Talks
Understanding AWS Secrets Manager - AWS Online Tech TalksAmazon Web Services
 
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...Amazon Web Services
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerAmazon Web Services
 
AWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS User Group Bengaluru
 
Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...
Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...
Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...Amazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
 

Recommended

AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...Amazon Web Services
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAmazon Web Services
 
Understanding AWS Secrets Manager - AWS Online Tech Talks
Understanding AWS Secrets Manager - AWS Online Tech TalksUnderstanding AWS Secrets Manager - AWS Online Tech Talks
Understanding AWS Secrets Manager - AWS Online Tech TalksAmazon Web Services
 
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...Amazon Web Services
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerAmazon Web Services
 
AWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS User Group Bengaluru
 
Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...
Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...
Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...Amazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets ManagerAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by designRichard Harvey
 
AWS Atlanta meetup Secrets Manager
AWS Atlanta meetup Secrets ManagerAWS Atlanta meetup Secrets Manager
AWS Atlanta meetup Secrets ManagerAdam Book
 
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...Amazon Web Services
 
An Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your ApplicationsAn Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your ApplicationsAmazon Web Services
 
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018Amazon Web Services
 
AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By DesignAmazon Web Services
 
Best Practices for Encrypting Data on AWS
Best Practices for Encrypting Data on AWSBest Practices for Encrypting Data on AWS
Best Practices for Encrypting Data on AWSAmazon Web Services
 
SecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDaySecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDayAmazon Web Services
 
Securing Your Customers Data From Day One
Securing Your Customers Data From Day OneSecuring Your Customers Data From Day One
Securing Your Customers Data From Day OneAmazon Web Services LATAM
 
Threat Detection & Remediation Workshop - Module 4
Threat Detection & Remediation Workshop - Module 4Threat Detection & Remediation Workshop - Module 4
Threat Detection & Remediation Workshop - Module 4Amazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...Amazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfSecuring Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfAmazon Web Services
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...Amazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWSAmazon Web Services
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Amazon Web Services
 
AWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS User Group Bengaluru
 
Vijayanirmala a_community_builders_guidebook_for_securing_your_secrets
Vijayanirmala a_community_builders_guidebook_for_securing_your_secretsVijayanirmala a_community_builders_guidebook_for_securing_your_secrets
Vijayanirmala a_community_builders_guidebook_for_securing_your_secretsVijayaNirmalaGopal
 

More Related Content

What's hot

Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by designRichard Harvey
 
AWS Atlanta meetup Secrets Manager
AWS Atlanta meetup Secrets ManagerAWS Atlanta meetup Secrets Manager
AWS Atlanta meetup Secrets ManagerAdam Book
 
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...Amazon Web Services
 
An Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your ApplicationsAn Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your ApplicationsAmazon Web Services
 
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018Amazon Web Services
 
Best Practices for Encrypting Data on AWS
Best Practices for Encrypting Data on AWSBest Practices for Encrypting Data on AWS
Best Practices for Encrypting Data on AWSAmazon Web Services
 
SecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDaySecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDayAmazon Web Services
 
Threat Detection & Remediation Workshop - Module 4
Threat Detection & Remediation Workshop - Module 4Threat Detection & Remediation Workshop - Module 4
Threat Detection & Remediation Workshop - Module 4Amazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...Amazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfSecuring Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfAmazon Web Services
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...Amazon Web Services
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Amazon Web Services
 

What's hot (20)

AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by design
 
AWS Atlanta meetup Secrets Manager
AWS Atlanta meetup Secrets ManagerAWS Atlanta meetup Secrets Manager
AWS Atlanta meetup Secrets Manager
 
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
 
An Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your ApplicationsAn Active Case Study on Insider Threat Detection in your Applications
An Active Case Study on Insider Threat Detection in your Applications
 
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
 
AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By Design
 
Best Practices for Encrypting Data on AWS
Best Practices for Encrypting Data on AWSBest Practices for Encrypting Data on AWS
Best Practices for Encrypting Data on AWS
 
SecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDaySecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDay
 
Securing Your Customers Data From Day One
Securing Your Customers Data From Day OneSecuring Your Customers Data From Day One
Securing Your Customers Data From Day One
 
Threat Detection & Remediation Workshop - Module 4
Threat Detection & Remediation Workshop - Module 4Threat Detection & Remediation Workshop - Module 4
Threat Detection & Remediation Workshop - Module 4
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfSecuring Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
 
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
 

Similar to 2019 community day__chennai_aws_secrets_manager_v0.1.pptx

Vijayanirmala a_community_builders_guidebook_for_securing_your_secrets
Vijayanirmala a_community_builders_guidebook_for_securing_your_secretsVijayanirmala a_community_builders_guidebook_for_securing_your_secrets
Vijayanirmala a_community_builders_guidebook_for_securing_your_secretsVijayaNirmalaGopal
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Amazon Web Services
 
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...Amazon Web Services
 
Securing Your Customers Data From Day One
Securing Your Customers Data From Day OneSecuring Your Customers Data From Day One
Securing Your Customers Data From Day OneAmazon Web Services
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Amazon Web Services
 
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAmazon Web Services
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...Amazon Web Services
 
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...Amazon Web Services
 
AWS Security and Encryption
AWS Security and EncryptionAWS Security and Encryption
AWS Security and EncryptionRichard Harvey
 
Building Well Architected .NET Apps (WIN304) - AWS re:Invent 2018
Building Well Architected .NET Apps (WIN304) - AWS re:Invent 2018Building Well Architected .NET Apps (WIN304) - AWS re:Invent 2018
Building Well Architected .NET Apps (WIN304) - AWS re:Invent 2018Amazon Web Services
 
Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...
Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...
Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...AWS Chicago
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS Germany
 
AWS Security Webinar: The Key to Effective Cloud Encryption
AWS Security Webinar: The Key to Effective Cloud EncryptionAWS Security Webinar: The Key to Effective Cloud Encryption
AWS Security Webinar: The Key to Effective Cloud EncryptionAmazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignAmazon Web Services
 
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019 Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019 Amazon Web Services
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Amazon Web Services
 

Similar to 2019 community day__chennai_aws_secrets_manager_v0.1.pptx (20)

AWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS Secrets for Best Practices
AWS Secrets for Best Practices
 
Vijayanirmala a_community_builders_guidebook_for_securing_your_secrets
Vijayanirmala a_community_builders_guidebook_for_securing_your_secretsVijayanirmala a_community_builders_guidebook_for_securing_your_secrets
Vijayanirmala a_community_builders_guidebook_for_securing_your_secrets
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
 
AWS
AWSAWS
AWS
 
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...
 
Securing Your Customers Data From Day One
Securing Your Customers Data From Day OneSecuring Your Customers Data From Day One
Securing Your Customers Data From Day One
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
 
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
 
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...
Using the AWS Encryption SDK for multiple master key encryption - SDD402 - AW...
 
AWS Security and Encryption
AWS Security and EncryptionAWS Security and Encryption
AWS Security and Encryption
 
Building Well Architected .NET Apps (WIN304) - AWS re:Invent 2018
Building Well Architected .NET Apps (WIN304) - AWS re:Invent 2018Building Well Architected .NET Apps (WIN304) - AWS re:Invent 2018
Building Well Architected .NET Apps (WIN304) - AWS re:Invent 2018
 
How AI is disrupting the world
How AI is disrupting the world How AI is disrupting the world
How AI is disrupting the world
 
Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...
Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...
Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
 
AWS Security Webinar: The Key to Effective Cloud Encryption
AWS Security Webinar: The Key to Effective Cloud EncryptionAWS Security Webinar: The Key to Effective Cloud Encryption
AWS Security Webinar: The Key to Effective Cloud Encryption
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
 
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019 Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
 

More from VijayaNirmalaGopal

VijayaNirmala_Unified_automation_on_cloud_on_premise
VijayaNirmala_Unified_automation_on_cloud_on_premiseVijayaNirmala_Unified_automation_on_cloud_on_premise
VijayaNirmala_Unified_automation_on_cloud_on_premiseVijayaNirmalaGopal
 
VijayaNirmala_a_builders_bible_for_authenticating_authorizing_anyservice_anytime
VijayaNirmala_a_builders_bible_for_authenticating_authorizing_anyservice_anytimeVijayaNirmala_a_builders_bible_for_authenticating_authorizing_anyservice_anytime
VijayaNirmala_a_builders_bible_for_authenticating_authorizing_anyservice_anytimeVijayaNirmalaGopal
 
Significance of RedHat Ansible
Significance of RedHat AnsibleSignificance of RedHat Ansible
Significance of RedHat AnsibleVijayaNirmalaGopal
 
Aws community day kochi 2019 iam everywhere .pptx
Aws community day kochi 2019 iam everywhere .pptxAws community day kochi 2019 iam everywhere .pptx
Aws community day kochi 2019 iam everywhere .pptxVijayaNirmalaGopal
 
Unified deployments using aws systems manager
Unified deployments using aws systems managerUnified deployments using aws systems manager
Unified deployments using aws systems managerVijayaNirmalaGopal
 

More from VijayaNirmalaGopal (6)

VijayaNirmala_Unified_automation_on_cloud_on_premise
VijayaNirmala_Unified_automation_on_cloud_on_premiseVijayaNirmala_Unified_automation_on_cloud_on_premise
VijayaNirmala_Unified_automation_on_cloud_on_premise
 
VijayaNirmala_a_builders_bible_for_authenticating_authorizing_anyservice_anytime
VijayaNirmala_a_builders_bible_for_authenticating_authorizing_anyservice_anytimeVijayaNirmala_a_builders_bible_for_authenticating_authorizing_anyservice_anytime
VijayaNirmala_a_builders_bible_for_authenticating_authorizing_anyservice_anytime
 
Significance of RedHat Ansible
Significance of RedHat AnsibleSignificance of RedHat Ansible
Significance of RedHat Ansible
 
Aws community day kochi 2019 iam everywhere .pptx
Aws community day kochi 2019 iam everywhere .pptxAws community day kochi 2019 iam everywhere .pptx
Aws community day kochi 2019 iam everywhere .pptx
 
Community day _aws_ci_cd_v0.2
Community day _aws_ci_cd_v0.2Community day _aws_ci_cd_v0.2
Community day _aws_ci_cd_v0.2
 
Unified deployments using aws systems manager
Unified deployments using aws systems managerUnified deployments using aws systems manager
Unified deployments using aws systems manager
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceIES VE
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

2019 community day__chennai_aws_secrets_manager_v0.1.pptx

  • 1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager - Best Practices & Use cases Vijaya Nirmala Gopal
  • 2. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Vijaya Nirmala Gopal (Nirmala) DevOps Solutions Lead - Cloud, Sonata Software Limited https://cloudgoddess.blogspot.com/ Ansible Galaxy Contributor
  • 3. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ❏ AWS Secrets Manager Overview ❏ Top security threats with Credentials ❏ Overlooked Risks ❏ Use case for the day ❏ With Infrastructure as Code ❏ For Configuration Management Solution ❏ Logging/Monitoring - Cloudwatch ❏ Auditing - CloudTrail ❏ Notifications - SNS ❏ Quick compare ❏ Extra Bits Agenda
  • 4. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager – Key Features ❏ Secret Rotation with KMS ❏ Automatic password generator [aws cli] ❏ Pay as you go; No upfront or setup cost ❏ Fine grained access using IAM policies ❏ Use secrets for workloads handling Compliance data like HIPPA, PCI-DSS, ISO/xxx ❏ Audit/Monitor Secrets in AWS
  • 5. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Overlooked Risks ??? Shared by Teri Radichel, CEO, 2nd Sight Lab, AWS Community Hero
  • 6. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 7. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Shared by Teri Radichel, CEO, 2nd Sight Lab, AWS Community Hero ❏ Risk Assessments shows below reasons against credentials misuse ❏ Open network ports ❏ Broad permissions for Application(s) ❏ Wider privileges for IAM user ❏ Unprotected keys and credentials
  • 8. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use case - AWS Secrets Manager
  • 9. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager - Permissions Essential Permissions – AWS SM
  • 10. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager - AWS CLI Creation & Retrieval of secrets
  • 11. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure provisioning - Use cases How efficient is secrets with Cloudformation ● Use resolve tag to fetch or refer the secrets from Secrets Manager {{resolve:secretsmanager:secret-id:secret-string:json-key:version-stage:version-id}} “MasterPassword”: ‘{{ resolve:secretsmanager:RDS-master-password:SecretString:password}}’
  • 12. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure provisioning - Use cases How efficient is secrets with Terraform ● Use terraform module ‘aws_secretsmanager_secret’ and ‘aws_secretsmanager_secret_version’ create secrets ● Use output to view the secrets ● AWS CLI for fetching the secrets in user_data
  • 13. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Configuration Management - Use cases How secrets fit with Ansible ❏ Ansible aws_secret - Lookup plugin for secrets manager ❏ Use & register with CLI
  • 14. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Configuration Management - Use cases Fetch using AWS CLI
  • 15. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Configuration Management - Use cases Fetch using API(ex. Python)
  • 16. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secret Manager – with Lambda Fetch and use with Lambda
  • 17. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auditing Secrets Usage - CloudTrail
  • 18. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudTrail - Delete ❏ what happens on Delete ❏ Be known to mischievous actions ❏ Take back the decision in 7 days ❏ Check integrity by running regressions
  • 19. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitoring/Logging Secrets - CloudWatch ❏ API calls made ❏ Access error messages ❏ Analyze and action of unused or un-rotated secrets
  • 20. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SNS - AWS Secrets Manager Get alerted on actions or customize triggers for alert ❏ On Delete ❏ On permission denied to track suspicious access ❏ API Calls ❏ Other scenarios
  • 21. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager – Cost Explorer
  • 22. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Comparison with other options AWS SSM Parameter store ❏ Rotate with custom Lambda ❏ Lambda creation and maintenance ❏ No Cross account access ❏ S3 - In Rest & Transit Encrypted texts ❏ Ansible Vault or Hashicorp ❏ VM or Instance ❏ Custom made mechanism to rotate AWS Secrets Manager ❏ All secrets are encrypted ❏ Built in Lambda to rotate secrets ❏ Billed per secret stored and API calls ❏ Integration password rotation ❏ Random password generation
  • 23. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step Ahead - git-secrets Access Keys/Credentials in Git Repos ❏ scrutinize the most valuable targets ❏ prevents keys/credentials anywhere in/into repos ❏ Add as Jenkins job to checkout repos dynamically and scan and report
  • 24. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step 1: Clone git-secrets repo into Target Instance(EC2 or VM) Step 2: Install git-secrets
  • 25. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step 3: Install register and view patterns Step 4: Add sample file scan for keys or patterns
  • 26. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step 5: Block the commits for files not compliant with patterns allowed
  • 27. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!