천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)

2. • • • • • •

5. ü ü ü ü ü ü ü ü ü ü ü

7. AWS CLOUDTRAIL AMAZON INSPECTOR AMAZON VPC AWS WAF AWS IAM AWS KEY MANAGEMENT SERVICE SERVER-SIDE ENCRYPTION ENCRYPTION SDK

8. WhatsCat™ WhatsCat™ LOL cats »

9. WhatsCat™

10. § § § § Amazon Route 53

11. Amazon Route 53 AWS Identity & Access Management MFA token Developers Network Team User

20. Amazon Virtual Private Cloud Amazon Route 53 ü ü ü ü

26. Amazon Route 53 VPC Security Groups ü ü

28. WhatsCat™

29. WhatsCat™ LOL cats »

30. Amazon Route 53 RDS DB instance § § § §

31. Amazon CloudWatch ü ü Amazon Route 53 RDS DB instance

33. AWS CloudTrail ü ü ü Amazon Route 53 RDS DB instance

35. WhatsCat™

36. Amazon Route 53 Web instance RDS DB instance active (Multi-AZ) Availability Zone RDS DB instance standby (Multi-AZ) Elastic Load Balancing Availability Zone Web instance § § § §

37. Web instance RDS DB instance active (Multi-AZ) Availability Zone RDS DB instance standby (Multi-AZ) Elastic Load Balancing Availability Zone Web instance SSL Amazon Certificate Manager Service ü ü ü ü Amazon Route 53

41. Web instance RDS DB instance active (Multi-AZ) Availability Zone RDS DB instance standby (Multi-AZ) Elastic Load Balancing Availability Zone Web instance Amazon Route 53 1. EC2 2. RDS

42. Web instance RDS DB instance active (Multi-AZ) Availability Zone RDS DB instance standby (Multi-AZ) Elastic Load Balancing Availability Zone Web instance Amazon Route 53 AWS Key Management Service (KMS) ü ü AWS KMS Customer master keys Data key 1 S3 object EBS volume Redshift cluster Data key 2 Data key 3 Data key 4 Custom application

44. WhatsCat™

45. WhatsCat™ LOL cats » Cat photos »

46. Amazon Route 53 Web instance RDS DB instance active (Multi-AZ) Availability Zone Elastic Load Balancing Amazon S3 Amazon Cloudfront § § § § DynamoDBElastiCache

47. MySQL • • • • • • •

49. Good Cats Bad Dogs AWS WAF Amazon CloudFront Elastic Load Balancing Amazon Route 53 DynamoDB Application RDS ElastiCache

57. • • • • • • • • • • •

59. Cats > 100,000 WhatsCat™

60. Availability Zone Amazon Route 53 Amazon S3 Amazon Cloudfront Availability Zone Elastic Load Balancer DynamoDB RDS DB Instance Read Replica Web Instance Web Instance Web Instance ElastiCache RDS DB Instance Read Replica Web Instance Web Instance Web Instance ElastiCacheRDS DB Instance Standby (Multi-AZ) RDS DB Instance Active (Multi-AZ)

61. Product Release App Code Infrastructure Code Security Code

62. • • • • • • • OPS SEC DEV 확장성 - 자동화 - 피드백

63. • • • AWS IAM AWS CloudTrail Amazon CloudWatch Security CI/CD PipelineAWS CodeCommit AWS CodeDeploy AWS CodePipeline AWS CodeBuild

64. • • • Amazon Inspector Security CI/CD Pipeline

65. • • • • • • • • • •

66. • ü ü

67. InstancePublic AMI Golden AMI Launch instance EC2 Configure instance Hardened instance Bake AMI Hardening and configuration User administration Operating system Running instances Launch AWS Config AWS Lambda Automate AMI baking Amazon Inspector Amazon Inspector Amazon Inspector Decommission

68. IAM stack Infrastructure stack Logging stack AWS CodeCommit

69. AWS Trusted Advisor - Security

70. AWS Trusted Advisor - Security

71. WhatsCat™ Cats > 1 million

72. • • • • •

74. Amazon CloudFront Amazon CloudFront Elastic Load Balancer DynamoDB Application Amazon RDS Elastic Load Balancer DynamoDB Application Amazon RDS Elastic Load Balancer DynamoDB Application Amazon RDS

76. • • •

천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)

천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)

Recommended

More Related Content

What's hot

What's hot(20)

Viewers also liked

Viewers also liked(11)

Similar to 천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)

Similar to 천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)(20)

More from Amazon Web Services Korea

More from Amazon Web Services Korea(20)

Recently uploaded

Recently uploaded(20)

천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)