Yasuhiro Araki, Ph.D, profile picture
Uploaded byYasuhiro Araki, Ph.D
2,254 views

セキュリティを意識したAWS使用法

This document discusses security best practices for Amazon Web Services (AWS). It recommends removing SSH host key pairs from public Amazon Machine Images (AMIs) to prevent security risks. It also suggests configuring virtual private clouds (VPCs) to restrict outbound traffic, using smaller instance types like t1.micro that offer less resources to attackers, mounting filesystems as noexec to prevent execution of unauthorized code, and using chroot jails.

Embed presentation

Downloaded 46 times
AWS Twitter: @ar1 yasuarak@amazon.co.jp
!  §  §  §  §  Twitter:ar1 §  Debian
IaaS(AWS) Customer 1 Customer 2 …   Customer n Hypervisor Virtual Interfaces Customer 1 Security Groups Customer 2 Security Groups … Customer n Security Groups Firewall AWS Physical Interfaces
•  Amazon ( )   •    Amazon  EC2   Instances   Encrypted     File  System   Amazon  EC2   Instance   Encrypted   Swap  File  
•  /   •  iptables /   Inbound  Traffic   Amazon  EC2   Instances     iptables   Encrypted     File  System   Amazon  EC2   Instance   Encrypted   Swap  File  
EC2 EC2 …   EC2 Hypervisor Virtual Interfaces Customer 1 Security Groups Customer 2 Security Groups … Customer n Security Groups Firewall AWS Physical Interfaces
EC2 SSH AMI
AMI
AMI AMI EBS ? ( ) ( ) EBS ssh virus
ssh ! ssh §  /etc/init.d/ssh ssh §  lsof (lsof –i :22, lsof –p XXX) ! authorized_keys §  # sshd -T | grep authorizedkeysfile
AWS Public AMI ssh If you forget to remove the existing SSH host key pairs from your public AMI, our routine auditing process will notify you and all customers running instances of your AMI of the potential security risk. After a short grace period, we will mark the AMI private.
!   VPC outbound !   t1.micro §  32bit 64bit 64bit 32bit VM mount !   mount –o noexec ! chroot

More Related Content

PPTX
JECRC iWeekend Cloud Day
byjecrciweekend
 
PPTX
Code Deploy
byHajOnSoft
 
PDF
Docker at AWS
byGovinda Fichtner
 
PDF
ContainerDay 2020 - Using Docker as a frontend for Amazon ECS and AWS Fargate
byMassimo Ferre'
 
PPTX
Meetup CNCF Torino - Amazon EKS March 29th 2019
byMassimo Ferre'
 
PDF
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
byMassimo Ferre'
 
PDF
AWS Community Day - Andrew May - Running Containers in AWS
byAWS Chicago
 
PPT
Aws oct18
byPraveen Thakur
 
JECRC iWeekend Cloud Day
byjecrciweekend
 
Code Deploy
byHajOnSoft
 
Docker at AWS
byGovinda Fichtner
 
ContainerDay 2020 - Using Docker as a frontend for Amazon ECS and AWS Fargate
byMassimo Ferre'
 
Meetup CNCF Torino - Amazon EKS March 29th 2019
byMassimo Ferre'
 
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
byMassimo Ferre'
 
AWS Community Day - Andrew May - Running Containers in AWS
byAWS Chicago
 
Aws oct18
byPraveen Thakur
 

What's hot

PDF
Hands-on with AWS IoT
byJulien SIMON
 
PDF
IDI 2020 - Containers Meet Serverless
byMassimo Ferre'
 
PDF
Aws cli
byAnh Vu Pham
 
PDF
Amazon EC2 container service
byAleksandr Maklakov
 
PPTX
Amazon Web Services - Running Containers with ECS
byScott Weber
 
PDF
Docker Paris #29
byJulien SIMON
 
PPTX
AWS ECOSYSTEM - Introduction
byIvan Petrushevski
 
PDF
[AWS KR UG 1회 세미나] AWS 배포전략 @ 정민영
byAWSKRUG - AWS한국사용자모임
 
PDF
Deliver Docker Containers Continuously on AWS - QCon 2017
byPhilipp Garbe
 
DOCX
Amazon Web Services (AWS) Online Training
byGlory IT Technologies
 
PDF
20211120 Automating EC2 operations / EC2運用の自動化
byMasaru Ogura
 
PDF
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
byJulien SIMON
 
PPTX
Aws ebs snapshot with iam cross account access
byNaoya Hashimoto
 
PPTX
Wi t containerizemicroservices
byDipali Kulshrestha
 
PDF
Storing, Managing, and Deploying Docker Container Images with Amazon ECR
byChanaka Lasantha
 
PPTX
Integrate AWS CodeDeploy With Git And Deploy A Revision
bydevopsjourney
 
PPTX
AWS EKS Security Best Practices
byStackRox
 
PPTX
Amazon Web Services (AWS) - A Brief Introduction
bydandb-technology
 
PPTX
Mtbc cloud ehr
byGhazanfar Latif (Gabe)
 
PDF
Max Körbächer - AWS EKS and beyond – master your Kubernetes deployment on AWS...
byCodemotion
 
Hands-on with AWS IoT
byJulien SIMON
 
IDI 2020 - Containers Meet Serverless
byMassimo Ferre'
 
Aws cli
byAnh Vu Pham
 
Amazon EC2 container service
byAleksandr Maklakov
 
Amazon Web Services - Running Containers with ECS
byScott Weber
 
Docker Paris #29
byJulien SIMON
 
AWS ECOSYSTEM - Introduction
byIvan Petrushevski
 
[AWS KR UG 1회 세미나] AWS 배포전략 @ 정민영
byAWSKRUG - AWS한국사용자모임
 
Deliver Docker Containers Continuously on AWS - QCon 2017
byPhilipp Garbe
 
Amazon Web Services (AWS) Online Training
byGlory IT Technologies
 
20211120 Automating EC2 operations / EC2運用の自動化
byMasaru Ogura
 
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
byJulien SIMON
 
Aws ebs snapshot with iam cross account access
byNaoya Hashimoto
 
Wi t containerizemicroservices
byDipali Kulshrestha
 
Storing, Managing, and Deploying Docker Container Images with Amazon ECR
byChanaka Lasantha
 
Integrate AWS CodeDeploy With Git And Deploy A Revision
bydevopsjourney
 
AWS EKS Security Best Practices
byStackRox
 
Amazon Web Services (AWS) - A Brief Introduction
bydandb-technology
 
Mtbc cloud ehr
byGhazanfar Latif (Gabe)
 
Max Körbächer - AWS EKS and beyond – master your Kubernetes deployment on AWS...
byCodemotion
 

Similar to セキュリティを意識したAWS使用法

PDF
Aws security overview q3 2010 v2
byReadMaloney
 
PDF
[AWS Summit 2012] ソリューションセッション#4 AWS: Overview of Security Processes
byAmazon Web Services Japan
 
PPTX
AWS - Security and Compliance Overview
byRightScale
 
PPTX
Cloud Security Topics: Network Intrusion Detection for Amazon EC2
byAlert Logic
 
PPTX
16h30 aws gru security deck
byinfolive
 
PDF
Security on AWS
byAmazon Web Services LATAM
 
PPTX
17h30 aws enterprise_app_jvaria
byLuiz Gustavo Santos
 
PPTX
Meeting PCI DSS Requirements with AWS and CloudPassage
byCloudPassage
 
PDF
Enterprise Applications on AWS
byAmazon Web Services LATAM
 
PPTX
Xen and Apache cloudstack
byThe Linux Foundation
 
KEY
Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)
byYasuhito Takamiya
 
PDF
Netflix Moving To Cloud
byHien Luu
 
PDF
AWS利用の勘所とトレーニングでの活用
byYasuhiro Araki, Ph.D
 
PPTX
CloudStack Networking
byCloudStack - Open Source Cloud Computing Project
 
PPTX
Protect your app from Outages
byRon Zavner
 
PPTX
19th February 2013, AWS User Group UK, Meetup #3, Managing your apps on AWS: ...
byAWS User Group UK
 
PDF
CloudStack-Developer-Day
byKimihiko Kitase
 
PPTX
Clavister security for virtualized environment
bynicolasotira
 
PPTX
Managing Cloud Security: Intrusion Detection Services in a Public Cloud
byRightScale
 
PPT
Ram chinta hug-20120922-v1
byRam Chinta
 
Aws security overview q3 2010 v2
byReadMaloney
 
[AWS Summit 2012] ソリューションセッション#4 AWS: Overview of Security Processes
byAmazon Web Services Japan
 
AWS - Security and Compliance Overview
byRightScale
 
Cloud Security Topics: Network Intrusion Detection for Amazon EC2
byAlert Logic
 
16h30 aws gru security deck
byinfolive
 
Security on AWS
byAmazon Web Services LATAM
 
17h30 aws enterprise_app_jvaria
byLuiz Gustavo Santos
 
Meeting PCI DSS Requirements with AWS and CloudPassage
byCloudPassage
 
Enterprise Applications on AWS
byAmazon Web Services LATAM
 
Xen and Apache cloudstack
byThe Linux Foundation
 
Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)
byYasuhito Takamiya
 
Netflix Moving To Cloud
byHien Luu
 
AWS利用の勘所とトレーニングでの活用
byYasuhiro Araki, Ph.D
 
CloudStack Networking
byCloudStack - Open Source Cloud Computing Project
 
Protect your app from Outages
byRon Zavner
 
19th February 2013, AWS User Group UK, Meetup #3, Managing your apps on AWS: ...
byAWS User Group UK
 
CloudStack-Developer-Day
byKimihiko Kitase
 
Clavister security for virtualized environment
bynicolasotira
 
Managing Cloud Security: Intrusion Detection Services in a Public Cloud
byRightScale
 
Ram chinta hug-20120922-v1
byRam Chinta
 

More from Yasuhiro Araki, Ph.D

PDF
1999年JUSメールサーバワークショップ@伊勢志摩
byYasuhiro Araki, Ph.D
 
PDF
サービスをスケールさせるために AWSと利用者の技術
byYasuhiro Araki, Ph.D
 
PPTX
AWSのIPv6対応状況@JAWS-UG大阪
byYasuhiro Araki, Ph.D
 
PPTX
今だから!Amazon CloudFront 徹底活用
byYasuhiro Araki, Ph.D
 
PDF
20151016 soracom-araki-02
byYasuhiro Araki, Ph.D
 
PDF
Webサービス向け、クラウドデザインパターン:アンチパターン紹介
byYasuhiro Araki, Ph.D
 
PDF
AWSにみる日本のクラウドのトレンド予測 20150321 jaws-tohoku
byYasuhiro Araki, Ph.D
 
PPTX
20141202 jaws-osaka-hangeki
byYasuhiro Araki, Ph.D
 
PPTX
20141126 jaws-antipattern
byYasuhiro Araki, Ph.D
 
PPTX
クラウドによる運用の計測と運用価値の表現、その未来
byYasuhiro Araki, Ph.D
 
PPTX
AWS 専用線アクセス体験ラボ紹介と 開催地立候補のお願い
byYasuhiro Araki, Ph.D
 
PPTX
20140906 jawsfesta-araki-lt
byYasuhiro Araki, Ph.D
 
PPTX
20140906 jawsfesta-araki-public
byYasuhiro Araki, Ph.D
 
PPTX
AWSつもり違い10箇条 at 201408 jaws高尾山ビアマウント
byYasuhiro Araki, Ph.D
 
PDF
20140717 awssummit2014-cloud-operation
byYasuhiro Araki, Ph.D
 
PPTX
20140628 AWSの2014前半のアップデートまとめ
byYasuhiro Araki, Ph.D
 
PPTX
20140621 july techfesta (JTF2014) 突発**むけAWS
byYasuhiro Araki, Ph.D
 
PPTX
MTのスケールアップパターン with AWS
byYasuhiro Araki, Ph.D
 
PPTX
S3をてなづけてオレオレバックエンドにしてみた話
byYasuhiro Araki, Ph.D
 
PDF
20140418 aws-casual-network
byYasuhiro Araki, Ph.D
 
1999年JUSメールサーバワークショップ@伊勢志摩
byYasuhiro Araki, Ph.D
 
サービスをスケールさせるために AWSと利用者の技術
byYasuhiro Araki, Ph.D
 
AWSのIPv6対応状況@JAWS-UG大阪
byYasuhiro Araki, Ph.D
 
今だから!Amazon CloudFront 徹底活用
byYasuhiro Araki, Ph.D
 
20151016 soracom-araki-02
byYasuhiro Araki, Ph.D
 
Webサービス向け、クラウドデザインパターン:アンチパターン紹介
byYasuhiro Araki, Ph.D
 
AWSにみる日本のクラウドのトレンド予測 20150321 jaws-tohoku
byYasuhiro Araki, Ph.D
 
20141202 jaws-osaka-hangeki
byYasuhiro Araki, Ph.D
 
20141126 jaws-antipattern
byYasuhiro Araki, Ph.D
 
クラウドによる運用の計測と運用価値の表現、その未来
byYasuhiro Araki, Ph.D
 
AWS 専用線アクセス体験ラボ紹介と 開催地立候補のお願い
byYasuhiro Araki, Ph.D
 
20140906 jawsfesta-araki-lt
byYasuhiro Araki, Ph.D
 
20140906 jawsfesta-araki-public
byYasuhiro Araki, Ph.D
 
AWSつもり違い10箇条 at 201408 jaws高尾山ビアマウント
byYasuhiro Araki, Ph.D
 
20140717 awssummit2014-cloud-operation
byYasuhiro Araki, Ph.D
 
20140628 AWSの2014前半のアップデートまとめ
byYasuhiro Araki, Ph.D
 
20140621 july techfesta (JTF2014) 突発**むけAWS
byYasuhiro Araki, Ph.D
 
MTのスケールアップパターン with AWS
byYasuhiro Araki, Ph.D
 
S3をてなづけてオレオレバックエンドにしてみた話
byYasuhiro Araki, Ph.D
 
20140418 aws-casual-network
byYasuhiro Araki, Ph.D
 

Recently uploaded

PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PDF
final.pdf
byomarbishtawi04
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
final.pdf
byomarbishtawi04
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 

セキュリティを意識したAWS使用法

  • 1.
    AWS Twitter: @ar1 yasuarak@amazon.co.jp
  • 2.
    !  §  §  §  §  Twitter:ar1 §  Debian
  • 3.
    IaaS(AWS) Customer 1 Customer 2 …   Customer n Hypervisor Virtual Interfaces Customer 1 Security Groups Customer 2 Security Groups … Customer n Security Groups Firewall AWS Physical Interfaces
  • 4.
    •  Amazon ( )   •    Amazon  EC2   Instances   Encrypted     File  System   Amazon  EC2   Instance   Encrypted   Swap  File  
  • 5.
    •  /   •  iptables /   Inbound  Traffic   Amazon  EC2   Instances     iptables   Encrypted     File  System   Amazon  EC2   Instance   Encrypted   Swap  File  
  • 7.
    EC2 EC2 …   EC2 Hypervisor Virtual Interfaces Customer 1 Security Groups Customer 2 Security Groups … Customer n Security Groups Firewall AWS Physical Interfaces
  • 8.
  • 9.
  • 10.
    AMI AMI EBS ? ( ) ( ) EBS ssh virus
  • 11.
    ssh ! ssh §  /etc/init.d/ssh ssh §  lsof (lsof –i :22, lsof –p XXX) ! authorized_keys §  # sshd -T | grep authorizedkeysfile
  • 12.
    AWS Public AMI ssh If you forget to remove the existing SSH host key pairs from your public AMI, our routine auditing process will notify you and all customers running instances of your AMI of the potential security risk. After a short grace period, we will mark the AMI private.
  • 13.
    !   VPC outbound !   t1.micro §  32bit 64bit 64bit 32bit VM mount !   mount –o noexec ! chroot