AWSUGKOCHI - SEP - 2019 - Meetup - An Introduction in to AWS Infrastructure Security Best Practices

•

1 like•219 views

AWSUGKOCHI - September 2019 Meetup Presentation An Introduction in to AWS Infrastructure Security Best Practices by Shibu Basheer, CTO - Cabot Technology Solutions

Technology

Topics
1. IAM
2. STS
3. Organisation
4. Cloudtrail
5. Cloudwatch
6. AWS Config
7. Secret Manager
8. Others

Policies / Compliance
Well Architected Framework

IAM
● Create individual users
● MFA
● Use groups to assign to assign permissions to users.
● Grant Least Privilege
● Use AWS Managed Policies
● Do not share access keys
● Use Roles for Applications that run in EC2
● Use STS to generate temporary security credentials (apps, web applications)

STS
● Security Token Service
● Avoid hard coding access key IDs in code
● Use STS for temporary access to aws services
● STS service will generate temporary accessKeyID, secretAccessKey and
sessionToken
● Cognito
● OpenId connect

AWS Organizations
● Manage multiple aws accounts under one account
● Restrict resources
● Billing Entities
● Business Units
● Environments (dev, test, prod)

Cloudtrail
● Log/Record every API call.
● Used for auditing any information
● Automate remediation on incidents

Cloudwatch
● Logs from things - Applications, devices, services
● Alarms
● Rules
● Logs
● Dashboard

AWS Config
● Infrastructure keeps changing
● AWS Config keeps track of everything that changed in AWS
● Compliance Rules
○ E.g. EIP Attached
○ Cloudtrail Enabled
● Prebuilt and Custom Rules

Secret Manager
● Rotate RDS passwords
● Store security credentials
● Retrieve via API calls.
● No hard coding of DB passwords in code

Other items
● VPC Flow logs
● Security Groups
● EC2 Key Pairs

Other Services
● AWS Inspector
○ Security Assessment Service
○ Scan vulnerabilities
● Macie
○ Discover sensitive data stored in your infrastructure
● Guard Duty
○ Threat detection service
○ Uses data from vpc flow logs, cloudtrail logs, and dns
● KMS (Key management Service)
○ Store keys that encrypts your data

Thank you!
Shibu Basheer
Linkedin / Twitter / Instagram
@shibubasheer
shibu@cabotsolutions.com

Recently uploaded

Portal Kombat : extension du réseau de propagande russe

中央社

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

marcuskenyatta275

Join me in this session where I'll share our journey of building a fully serverless application that flawlessly managed check-ins for an event with a staggering 80 thousand registrations. We'll dive into three key strategies that made this possible. Firstly, by harnessing DynamoDB global tables, we ensured global service availability and data replication across regions, boosting performance and disaster recovery. Next, we'll explore how we seamlessly integrated real-time updates into the app using Appsync subscriptions, making the experience dynamic and engaging for users. Finally, I'll discuss how provisioned concurrency not only improved performance but also kept costs in check, highlighting the cost-effectiveness of serverless architectures. Through these strategies and the inherent scalability of serverless technology, our application effortlessly handled massive user loads without manual intervention. This session is a real world example to the power and efficiency of modern cloud-based solutions in enabling seamless scalability and robust performance with Serverless

How we scaled to 80K users by doing nothing!.pdf

Srushith Repakula

Extensible Python: Robustness through Addition - PyCon 2024

Patrick Viafore

ERP Contender Series: Acumatica vs. Sage Intacct

BrainSell Technologies

(Explainable) Data-Centric AI: what are you explaininhg, and to whom?

Paolo Missier

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

FIDO Alliance

Webinar Recording: https://www.panagenda.com/webinars/easier-faster-and-more-powerful-notes-document-properties-reimagined/ Have you ever felt frustrated by the small properties dialog in Notes? Had to create an agent or button to quickly change a field? Searched endlessly for the field you wanted to compare each time you selected a new document? Wished you could just make the damned thing bigger? Luckily, there is a solution – and you probably already have it installed! With the free panagenda Document Properties (Pro) you get the properties dialog you always needed. Big, resizable, full-text searchable. View multiple documents at once or compare them with a diff viewer. Modify any field, and finally have an easy way to handle profile documents for all users. Join HCL Lifetime Ambassador Julian Robichaux to discover how Document Properties can simplify your work and assist you daily when using Domino applications – in the client or the designer. You will never look back! Key takeaways from this session - What Document Properties is, which editions there are, and how you can find it in Notes and Domino Designer - How you can search for and edit any field, compare documents, or CSV export all data - How to find, edit, and even delete profile documents - Which configuration settings are available to customize feature

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

panagenda

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Leah Henrickson

This our Twelfth semiannual report on the global Cryptocurrency mining industry. Bitcoin is the world’s largest special purpose supercomputer. And it is globally decentralized. Millions of nodes all run the same open-source code to secure the Bitcoin network, create value, and put new transactions onto the distributed ledger. The latest Top500 list has just been announced at the ISC 2024 conference in Hamburg, and once again the Frontier supercomputer with 1.2 Exaflops peak performance is number one on the list. If assigned to SHA-256 hashing, Frontier would provide only the equivalent hash rate of about three cabinets of the latest high-end Bitcoin mining systems, costing less than 0.1% of Frontier’s cost. Michael Saylor, Chairman of MicroStrategy, has pointed out that GPUs are two orders of magnitude slower than the 5-nanometer technology of custom ASICs used for Bitcoin mining today. He makes the point that the Bitcoin network is unassailable by all of the hyperscale computing resources combined in AWS, Google, and Microsoft Azure cloud data centers today.

TopCryptoSupers 12thReport OrionX May2024

Stephen Perrenod

Google I/O Extended 2024 Warsaw

GDSC PJATK

AI mind or machine power point presentation

yogeshlabana357357

WebAssembly is Key to Better LLM Performance

Samy Fodil

Using IESVE for Room Loads Analysis - UK & Ireland

IES VE

Are you wondering why everyone is talking about the Flutterwave scandal? You’re not alone! It’s been in the news a lot. We’re going to tell you all about the Flutterwave Scandal in a way that’s easy to get. Keep reading, because we’re going to share the whole story with you. The company Flutterwave is headquartered in San Francisco, California, United States. In 2016, Iyinoluwa Aboyeji, Olugbenga Agboola, and Adeleke Adekoya established Flutterwave. It offers a payment infrastructure to international merchants and payment service providers throughout Africa. The company operates in various African countries including Nigeria, Kenya, Uganda, Ghana, South Africa, and others. They focus on digital payments, helping businesses accept and process payments on various channels like the web, mobile, ATM, and POS. Recently, they’ve been in the news due to allegations of misconduct within the company, which has affected their reputation and value. Flutterwave is an essential player in the African fintech landscape, aiming to drive growth for banks and businesses through digital payment solutions. The Flutterwave scandal involves allegations of misconduct and inappropriate behaviour towards female employees by the company’s co-founder and CEO, Olugbenga Agboola. Reports have surfaced from both current and former employees about bullying, intimidation, and sexual harassment at work. The allegations of inappropriate behaviour towards female employees at Flutterwave, specifically involving the CEO Olugbenga Agboola, were brought to public attention in April 2022.This was when Clara Wanjiku Odero, an ex-employee and current CEO of Credrails, published a Medium post and a series of tweets on April 4, 2022, accusing Flutterwave and Agboola of bullying. These allegations were part of a broader range of misconduct claims that surfaced around the same time The reasons behind the scandal are rooted in accusations of unethical behavior within the company. The allegations suggest a workplace culture that allowed for misconduct and failed to protect employees from harassment and intimidation. Specifically, the Flutterwave scandal refers to the series of events where the CEO was accused of engaging in improper conduct with female colleagues. This led to a broader investigation into the company’s practices and raised serious concerns about the fintech’s corporate governance. The scandal had significant repercussions, including a drop in the company’s stock price and a loss of trust among customers and partners. The trust that customers and investors had in Flutterwave was greatly damaged. People started to doubt the company’s integrity and whether their money and personal information were safe. Market Impact The scandal shook the entire fintech market. Flutterwave’s competitors saw this as an opportunity and started to attract customers who were leaving Flutterwave.

Breaking Down the Flutterwave Scandal What You Need to Know.pdf

UK Journal

Ruby has a lot of standard libraries from Ruby 1.8. I promote them democratically with GitHub today via default and bundled gems. So, I'm working to extract them for Ruby 3.4 continuously and future versions. It's long journey for me. After that, some versions may suddenly happen LoadError at require when running bundle exec or bin/rails, for example matrix or net-smtp. We need to learn what's difference default/bundled gems with standard libraries. In this presentation, I will introduce what's the difficult to extract bundled gems from default gems and the details of the functionality that Ruby's require and bundle exec with default/bundled gems. You can learn how handle your issue about standard libraries.

Long journey of Ruby Standard library at RubyKaigi 2024

Hiroshi SHIBATA

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

FIDO Alliance

Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...

ScyllaDB

State of the Smart Building Startup Landscape 2024!

Memoori

FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...

FIDO Alliance

Recently uploaded (20)

Portal Kombat : extension du réseau de propagande russe

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

How we scaled to 80K users by doing nothing!.pdf

Extensible Python: Robustness through Addition - PyCon 2024

ERP Contender Series: Acumatica vs. Sage Intacct

(Explainable) Data-Centric AI: what are you explaininhg, and to whom?

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

TopCryptoSupers 12thReport OrionX May2024

Google I/O Extended 2024 Warsaw

AI mind or machine power point presentation

WebAssembly is Key to Better LLM Performance

Using IESVE for Room Loads Analysis - UK & Ireland

Breaking Down the Flutterwave Scandal What You Need to Know.pdf

Long journey of Ruby Standard library at RubyKaigi 2024

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...

State of the Smart Building Startup Landscape 2024!

FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...

AWSUGKOCHI - SEP - 2019 - Meetup - An Introduction in to AWS Infrastructure Security Best Practices

1. AWS Security Best Practices Shibu Basheer CTO Cabot Technology Solutions Pvt Ltd

2. Topics 1. IAM 2. STS 3. Organisation 4. Cloudtrail 5. Cloudwatch 6. AWS Config 7. Secret Manager 8. Others

3. Policies / Compliance Well Architected Framework

5. IAM ● Create individual users ● MFA ● Use groups to assign to assign permissions to users. ● Grant Least Privilege ● Use AWS Managed Policies ● Do not share access keys ● Use Roles for Applications that run in EC2 ● Use STS to generate temporary security credentials (apps, web applications)

7. STS ● Security Token Service ● Avoid hard coding access key IDs in code ● Use STS for temporary access to aws services ● STS service will generate temporary accessKeyID, secretAccessKey and sessionToken ● Cognito ● OpenId connect

10.

11. AWS Organizations ● Manage multiple aws accounts under one account ● Restrict resources ● Billing Entities ● Business Units ● Environments (dev, test, prod)

12. Cloudtrail ● Log/Record every API call. ● Used for auditing any information ● Automate remediation on incidents

13. Cloudwatch ● Logs from things - Applications, devices, services ● Alarms ● Rules ● Logs ● Dashboard

14. AWS Config ● Infrastructure keeps changing ● AWS Config keeps track of everything that changed in AWS ● Compliance Rules ○ E.g. EIP Attached ○ Cloudtrail Enabled ● Prebuilt and Custom Rules

15. Secret Manager ● Rotate RDS passwords ● Store security credentials ● Retrieve via API calls. ● No hard coding of DB passwords in code

16. Other items ● VPC Flow logs ● Security Groups ● EC2 Key Pairs

17. Other Services ● AWS Inspector ○ Security Assessment Service ○ Scan vulnerabilities ● Macie ○ Discover sensitive data stored in your infrastructure ● Guard Duty ○ Threat detection service ○ Uses data from vpc flow logs, cloudtrail logs, and dns ● KMS (Key management Service) ○ Store keys that encrypts your data

18. Thank you! Shibu Basheer Linkedin / Twitter / Instagram @shibubasheer shibu@cabotsolutions.com

AWSUGKOCHI - SEP - 2019 - Meetup - An Introduction in to AWS Infrastructure Security Best Practices

Recommended

Recommended

More Related Content

More from AWS User Group Kochi

More from AWS User Group Kochi (7)

Recently uploaded

Recently uploaded (20)

AWSUGKOCHI - SEP - 2019 - Meetup - An Introduction in to AWS Infrastructure Security Best Practices