SlideShare a Scribd company logo

Mohamed Wali_AWS Security Reference Architecture.pptx

Download as PPTX, PDF
AWS Chicago
AWS Chicago

Mohamed Wali AWS Security Reference Architecture AWS Communtity Day Midwest 2023

Technology
1 of 28
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Reference Architecture Visualize your security Mohamed Wali Solutions Architect Amazon Web Services
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. What we’ll cover • What the AWS Security Reference Architecture (AWS SRA) is and why it matters to you • Highlights • How to navigate the documents and code Amazon GuardDuty AWS Certificate Manager (ACM)
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Reference Architecture (AWS SRA) Amazon GuardDuty AWS Certificate Manager (ACM)
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why build a security reference architecture?
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. How the AWS SRA can help you 1. Define target state for your own security architecture 2. Review (and revise) the designs and capabilities you have already implemented 3. Bootstrap the implementation of your own security architecture 4. Learn more about AWS security services and capabilities 5. Drive a discussion of organizational responsibilities for security
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Let’s look at the architecture
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security foundations
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS SRA: High-level account structure
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS SRA: Show all the security services Amazon GuardDuty AWS Certificate Manager (ACM)
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security OU: Tooling account
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security OU: Log Archive account
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure OU: Shared Services account
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Workloads OU: Application account Application
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Workloads OU: Application account
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security at all layers AWS Well-Architected Framework
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your AWS environment in layers
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting the AWS organization and OUs
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting accounts
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting network
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting principals
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting resources
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS SRA code repository
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Current available code examples AWS CloudTrail AWS Config aggregator AWS Config conformance packs AWS Security Hub AWS Firewall Manager Amazon Macie Amazon GuardDuty AWS Organizations AWS Organizations with delegated admin Default account configurations AWS IAM Access Analyzer IAM password policy Amazon EBS default encryption Amazon S3 public access block
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Public GitHub repository Self-service Focused on AWS Control Tower environments Built from AWS experience working with customers (high quality) Environment testing
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. What else is included? Architecture diagram Resource descriptions Deployment instructions Least privilege Post-deployment events CloudTrail solution
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Where to find it AWS prescriptive guidance Code repository
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Q&A
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! Mohamed Wali Solutions Architect Amazon Web Services

Recommended

Göteborg Reinvent 2023_Aritra_updated.pptx
Göteborg Reinvent 2023_Aritra_updated.pptxGöteborg Reinvent 2023_Aritra_updated.pptx
Göteborg Reinvent 2023_Aritra_updated.pptxAritra Nag
 
AWS ReInvent 2023 Recap: AWS User GroupKolkata
AWS ReInvent 2023 Recap: AWS User GroupKolkataAWS ReInvent 2023 Recap: AWS User GroupKolkata
AWS ReInvent 2023 Recap: AWS User GroupKolkataAritra Nag
 
AWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deckAWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deckSammy Cheung
 
AWS re:Invent 2023 re:Cap - AWS User Group Oslo - Håkon
AWS re:Invent 2023 re:Cap - AWS User Group Oslo - HåkonAWS re:Invent 2023 re:Cap - AWS User Group Oslo - Håkon
AWS re:Invent 2023 re:Cap - AWS User Group Oslo - HåkonHåkon Eriksen Drange
 
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By DesignAmazon Web Services
 

Recommended

Göteborg Reinvent 2023_Aritra_updated.pptx
Göteborg Reinvent 2023_Aritra_updated.pptxGöteborg Reinvent 2023_Aritra_updated.pptx
Göteborg Reinvent 2023_Aritra_updated.pptxAritra Nag
 
AWS ReInvent 2023 Recap: AWS User GroupKolkata
AWS ReInvent 2023 Recap: AWS User GroupKolkataAWS ReInvent 2023 Recap: AWS User GroupKolkata
AWS ReInvent 2023 Recap: AWS User GroupKolkataAritra Nag
 
AWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deckAWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deckSammy Cheung
 
AWS re:Invent 2023 re:Cap - AWS User Group Oslo - Håkon
AWS re:Invent 2023 re:Cap - AWS User Group Oslo - HåkonAWS re:Invent 2023 re:Cap - AWS User Group Oslo - Håkon
AWS re:Invent 2023 re:Cap - AWS User Group Oslo - HåkonHåkon Eriksen Drange
 
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By DesignAmazon Web Services
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
 
Amazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeAmazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeCarlos Santana
 
Security Automation using AWS Management Tools
Security Automation using AWS Management ToolsSecurity Automation using AWS Management Tools
Security Automation using AWS Management ToolsAmazon Web Services
 
Introduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptxIntroduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptxGauravSharma164138
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAmazon Web Services
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Control Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy ValidationControl Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy ValidationCarlos Santana
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...All Things Open
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Amazon Web Services
 
Pitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewPitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewEagleDream Technologies
 
What's New in AWS Security Features
What's New in AWS Security FeaturesWhat's New in AWS Security Features
What's New in AWS Security FeaturesAmazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignAmazon Web Services
 
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAmazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
Scaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOpsScaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOpsCarlos Santana
 
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 Amazon Web Services
 
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...Brian Andrzejewski
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
 
AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS Chicago
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...AWS Chicago
 

More Related Content

Similar to Mohamed Wali_AWS Security Reference Architecture.pptx

Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
 
Amazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeAmazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeCarlos Santana
 
Security Automation using AWS Management Tools
Security Automation using AWS Management ToolsSecurity Automation using AWS Management Tools
Security Automation using AWS Management ToolsAmazon Web Services
 
Introduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptxIntroduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptxGauravSharma164138
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAmazon Web Services
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
Control Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy ValidationControl Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy ValidationCarlos Santana
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...All Things Open
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Amazon Web Services
 
Pitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewPitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewEagleDream Technologies
 
What's New in AWS Security Features
What's New in AWS Security FeaturesWhat's New in AWS Security Features
What's New in AWS Security FeaturesAmazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignAmazon Web Services
 
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAmazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
Scaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOpsScaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOpsCarlos Santana
 
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 Amazon Web Services
 
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...Brian Andrzejewski
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
 

Similar to Mohamed Wali_AWS Security Reference Architecture.pptx (20)

Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
Amazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeAmazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridge
 
Security Automation using AWS Management Tools
Security Automation using AWS Management ToolsSecurity Automation using AWS Management Tools
Security Automation using AWS Management Tools
 
Introduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptxIntroduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptx
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Control Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy ValidationControl Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy Validation
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
 
Pitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewPitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overview
 
What's New in AWS Security Features
What's New in AWS Security FeaturesWhat's New in AWS Security Features
What's New in AWS Security Features
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
 
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
 
Scaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOpsScaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOps
 
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
 
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
 

More from AWS Chicago

AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS Chicago
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...AWS Chicago
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxAWS Chicago
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfAWS Chicago
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaAWS Chicago
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxAWS Chicago
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxAWS Chicago
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfAWS Chicago
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxAWS Chicago
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfAWS Chicago
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfAWS Chicago
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxAWS Chicago
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfAWS Chicago
 
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...AWS Chicago
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxAWS Chicago
 
Michal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdfMichal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdfAWS Chicago
 
Kamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxKamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxAWS Chicago
 
John Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxJohn Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxAWS Chicago
 
JuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxJuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxAWS Chicago
 
Jason Wadsworth - Serverless SaaS.pptx
Jason Wadsworth - Serverless SaaS.pptxJason Wadsworth - Serverless SaaS.pptx
Jason Wadsworth - Serverless SaaS.pptxAWS Chicago
 

More from AWS Chicago (20)

AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptx
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptx
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdf
 
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptx
 
Michal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdfMichal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdf
 
Kamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxKamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptx
 
John Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxJohn Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptx
 
JuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxJuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptx
 
Jason Wadsworth - Serverless SaaS.pptx
Jason Wadsworth - Serverless SaaS.pptxJason Wadsworth - Serverless SaaS.pptx
Jason Wadsworth - Serverless SaaS.pptx
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Mohamed Wali_AWS Security Reference Architecture.pptx

  • 1. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Reference Architecture Visualize your security Mohamed Wali Solutions Architect Amazon Web Services
  • 2. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. What we’ll cover • What the AWS Security Reference Architecture (AWS SRA) is and why it matters to you • Highlights • How to navigate the documents and code Amazon GuardDuty AWS Certificate Manager (ACM)
  • 3. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Reference Architecture (AWS SRA) Amazon GuardDuty AWS Certificate Manager (ACM)
  • 4. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why build a security reference architecture?
  • 5. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. How the AWS SRA can help you 1. Define target state for your own security architecture 2. Review (and revise) the designs and capabilities you have already implemented 3. Bootstrap the implementation of your own security architecture 4. Learn more about AWS security services and capabilities 5. Drive a discussion of organizational responsibilities for security
  • 6. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Let’s look at the architecture
  • 7. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security foundations
  • 8. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS SRA: High-level account structure
  • 9. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS SRA: Show all the security services Amazon GuardDuty AWS Certificate Manager (ACM)
  • 10. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security OU: Tooling account
  • 11. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security OU: Log Archive account
  • 12. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure OU: Shared Services account
  • 13. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Workloads OU: Application account Application
  • 14. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Workloads OU: Application account
  • 15. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security at all layers AWS Well-Architected Framework
  • 16. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your AWS environment in layers
  • 17. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting the AWS organization and OUs
  • 18. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting accounts
  • 19. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting network
  • 20. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting principals
  • 21. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting resources
  • 22. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS SRA code repository
  • 23. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Current available code examples AWS CloudTrail AWS Config aggregator AWS Config conformance packs AWS Security Hub AWS Firewall Manager Amazon Macie Amazon GuardDuty AWS Organizations AWS Organizations with delegated admin Default account configurations AWS IAM Access Analyzer IAM password policy Amazon EBS default encryption Amazon S3 public access block
  • 24. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Public GitHub repository Self-service Focused on AWS Control Tower environments Built from AWS experience working with customers (high quality) Environment testing
  • 25. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. What else is included? Architecture diagram Resource descriptions Deployment instructions Least privilege Post-deployment events CloudTrail solution
  • 26. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Where to find it AWS prescriptive guidance Code repository
  • 27. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Q&A
  • 28. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! Mohamed Wali Solutions Architect Amazon Web Services