AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasing threat environment?

•Download as PPTX, PDF•

1 like•177 views

A talk I gave at the Leeds AWS Meetup (01/11/2017) exploring how Sky Betting and Gaming manage secure access to AWS in an ever-increasing threat environment.

Technology

How do you manage secure access to AWS
in an ever-increasing threat environment?

Dear AWS Customer,
Your security is important to us. We recently
became aware that your AWS Access Key
(ending with 3KFA) along with your Secret Key
are publicly available on github.com . This poses
a security risk to you, could lead to excessive
charges from unauthorized activity or abuse, and
violates the AWS Customer Agreement.

Andrew Backhouse
Solution Architect, Platform Services
Infrastructure Tribe
@Backhoouse

✅
Joiner/movers/leavers
✅ Short lived TTL
✅ Fine grain policy
✅ Quick & easy

Services
AWS APIs
HashiCorp Vault
IAM Policies
IAM Roles
Glue (pscli)

Data Flows
3rd Party services
On-premise services
Compliance
Controls

Services: pscli
ComposAble deveLopment and cI
https://github.com/adampointer/cali

Services: Vault
https://www.vaultproject.io/

Services: Vault Policy
https://www.vaultproject.io/

Services: AWS APIs
The AWS Security Token Service (STS)
Enables temporary, limited-privilege credentials for AWS Identity and Access
Management (IAM) users or for users that you authenticate (federated users).
Single sign-on (SSO) to the console.
To support SSO, AWS lets you call a federation endpoint
(https://signin.aws.amazon.com/federation) and pass temporary security credentials.
http://docs.aws.amazon.com/IAM/latest/UserGuide/i
d_credentials_temp_request.html
🏆

Wrap up
✅ Joiner/movers/leavers
✅ Short lived TTL
✅ Fine grain policy
✅ Quick & easy
✅ Compliance
✅ Audit
✅ Controls
Edge cases for IAM creds…
Like what you heard? AWS Blog post coming soon! 😀

What's hot

How to Protect your AWS Environment

Lahav Savir

Serverless for security professionals is a concept that deviates from traditional Infrastructure such as servers, network, and storage infrastructure. Serverless represents a new ecosystem of operational and security paradigms and enables new data flows. In this talk, we walk through a new model for securing serverless applications. We dissect a serverless application and examine the security best practices implemented. Participants learn to secure serverless applications using Amazon CloudFront, AWS WAF, Amazon Macie, AWS Secrets Manager, Amazon Cognito, AWS IAM, AWS KMS, AWS CloudTrail, AWS Config, and DevSecOps. Walk away with an understanding of the options and best practices for securing serverless workloads and adopting secure DevOps practices.

Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...

Amazon Web Services

Better Together: JWT and Hashi Vault in Modern Apps

Shrivatsa Upadhye

Is that requirement from NIST 800-53 Controls or NIST 800-190? If you've ever wondered where those pesky cloud security controls come from, this meetup is for you. In this Meetup, Jame Strong and Jason Lutz from Contino (an AWS Premier Consulting Partner) will discuss how Contino views DevSecOps. They will review the Benefits of DevSecOps: - Cost Reduction - Speed of Delivery - Speed of Recovery - Security is Federated - DevSecOps Fosters a Culture of Openness and Transparency During this Meetup, James and Jason will show you how to harden and secure a container pipeline and AWS network. Briefly, they will demonstrate how to deploy accounts with a Cloud Security Posture and review security best practices from AWS, CIS, and NIST. They will also touch on how to integrate changes in your infrastructure pipelines to adhere to your Enterprise's Security Compliance Guidelines. If you're interested in integrating security and compliance into your Application and Infrastructure pipelines to realize the benefits of DevSecOps, join us in this virtual meetup.

AWS Cloud Governance & Security through Automation - Atlanta AWS Builders

James Strong

Look mum, no hands! AWS Systems Manager for server management and automation.

Michael Pearce

PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015

Evident.io

Security in the cloud is fundamentally different. Not so much due to the technology--though there's plenty of differences there--but more with respect to the way that security is applied and how it's run. Over the past few years, we've seen a radical shift in how development and operational teams work together. Security teams have been left out in the cold and are still viewed as the "No" team. It doesn't have to be that way. Cloud technologies have enabled new work flows and models for businesses and other teams...security is no different. We just have to wake up and take advantage of the new ecosystem. When security teams embrace change, the boundaries start to dissolve and security can finally be built in instead of bolted on. In this session, we'll look at some of the challenges involved in this shift, how it impacts your teams, your skill set, and how a modern approach to defence will improve your security posture. Presented at BC Aware Day, 31-Jan-2017

Security Teams & Tech In A Cloud World

Mark Nunnikhoven

AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry. Speaker: Iolaire Mckinnon, Senior Consultant - Security, Risk & Compliance, Professional Services, AWS

AWS Shared Responsibility Model & Compliance Program Overview

Amazon Web Services

La seguridad en la nube de AWS es la mayor prioridad. Como cliente de AWS, se beneficiará de una arquitectura de red y un centro de datos diseñados para satisfacer los requisitos de seguridad de las organizaciones más exigentes. Una ventaja de la nube de AWS es que permite a los clientes escalar e innovar al mismo tiempo que garantizan la seguridad del entorno. Los clientes solo pagan por los servicios que usan, es decir, que puede gozar de la seguridad que necesite sin tener que realizar pagos iniciales y a un costo inferior que el de un entorno on-premise. https://aws.amazon.com/es/security/

AWS - Security & Compliance

Amazon Web Services LATAM

Introduction to AWS Security

Amazon Web Services

Securing aws workloads with embedded application security

John Varghese

Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...

AWS Chicago

How to implement DevSecOps on AWS for startups

Aleksandr Maklakov

Présentation de Michael Lopez et Stephane Martarello de CrossKnowledge lors du meetup des développeurs mobile de la Cote d'Azur sur le thème de Dimensionnement d'images avec AWS Lambda: Comment mettre en place une solution serverless simple et peu couteuse basée sur Amazon API Gateway et Lambda pour dimensionner automatiquement les images uploadées sur votre application (exemple : Vignettes de profile) Rejoignez nous pour notre prochain meetup: https://www.meetup.com/preview/Developpement-Mobile-Android-iOS-Cote-d-Azur

AWS chez Attestis

Olivier Destrebecq

In this session, participate in a hands-on exercise with AWS IoT Core. You begin by leveraging the AWS IoT Device SDKs to securely connect to AWS IoT, then you modify and send sample data over MQTT to AWS IoT Core. Lastly, you learn how to make that data actionable by leveraging the AWS IoT rules engine. By the end of the session, expect to have a solid understanding of how AWS IoT works and how to begin using AWS IoT in your applications.

Build an End-To-End IoT Example with AWS IoT Core (IOT211-R2) - AWS re:Invent...

Amazon Web Services

Securing AWS Environments

Ashish Kaushik

Application Load Balancer and Network Load Balancer end-to-end IPv6 support

Dhaval Soni

AWS Security Week: Security, Identity, & Compliance

Amazon Web Services

Myles Hosford, Security Solution Architect, APAC, AWS James Wilkins, Lead of the Cloud Task Force, Association of Banks Singapore (ABS) In this session we will explore the current financial regulatory landscape and future compliance trends. We will dive deep on to how to leverage AWS services to implement next generation security and compliance at scale. The session will be delivered by Myles Hosford, APAC Security Solution Architect, and James Wilkins, Lead of the Cloud Task Force for the Association of Banks Singapore (ABS).

AWS Summit Singapore - Next Generation Security

Amazon Web Services

Security is such a big subject which means that when you say security depending on the person you talk to they will have one or more of the following topics in their mind: AWS access, Access to your AWS infra, Audit Trails of ho did what in AWS, Securing access to your application, of your application, and OS security. And the list goes on and on. Without pretending I have "THE solution" and "to know it all" let me show you what I did regarding security in the cloud. I will show you how I tried to take security measures on all for me relevant aspects mentioned above and more.

AWS Security

armincoralic

What's hot (20)

How to Protect your AWS Environment

Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...

Better Together: JWT and Hashi Vault in Modern Apps

AWS Cloud Governance & Security through Automation - Atlanta AWS Builders

Look mum, no hands! AWS Systems Manager for server management and automation.

PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015

Security Teams & Tech In A Cloud World

AWS Shared Responsibility Model & Compliance Program Overview

AWS - Security & Compliance

Introduction to AWS Security

Securing aws workloads with embedded application security

Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...

How to implement DevSecOps on AWS for startups

AWS chez Attestis

Build an End-To-End IoT Example with AWS IoT Core (IOT211-R2) - AWS re:Invent...

Securing AWS Environments

Application Load Balancer and Network Load Balancer end-to-end IPv6 support

AWS Security Week: Security, Identity, & Compliance

AWS Summit Singapore - Next Generation Security

AWS Security

Similar to AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasing threat environment?

Getting Started with AWS Security

Amazon Web Services

AWS Summit Auckland Sponsor presentation - Bulletproof

Amazon Web Services

Securing your data platforms in job zero. Powerful encryption capabilities are available in the core services of the AWS cloud. AWS continues to innovate and release enhancements to encryption-specific services, and expand the encryption capabilities in new services to make encryption easy for everyone. Learn how to take advantage of these services and features to protect and secure your data in the cloud.

Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018

Amazon Web Services

AWS Cloud Controls for Security - Usman Shakeel

Amazon Web Services

Staying Secure in the Cloud

Amazon Web Services

Find out how the Xero Cloud Security team deals with the accelerated pace of security brought about by cloud innovation occurring at Xero as they migrate “all-in” into the AWS cloud. Xero will share the Cloud Security team’s journey to the cloud, key success and learning points, as well as how they worked with Bulletproof to implement automated, repeatable and on-demand security with AWS that works at any scale. You will leave this session with actionable real-world knowledge & how to achieve AWS security posture best practices at minimal cost while delivering high value.

Bulletproof & Xero Presentation - AWS Summit Auckland

Bulletproof

AWSome Day Helsinki Training

Amazon Web Services

[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...

Amazon Web Services

In this session, learn how you evaluate, design, build, and manage distributed applications over hybrid infrastructures using Amazon Web Services. This session follows the evolution of a simple legacy data center expansion with basic connectivity into managing complex hybrid applications. Along the way, we investigate best practice designs in use by AWS customers. Topics covered include: interconnectivity, availability, security, hybrid networks with Amazon VPC and AWS Direct Connect as well as automated provisioning with AWS CloudFormation, and configuration management with AWS OpsWorks. Speakers: Miha Kralj, AWS Solutions Architect Amarpal S. Attwal, Senior Technical Lead, ICT Engineering, Just Eat Koen van den Biggelaar, AWS Solutions Architect

Deep Dive - Hybrid Architectures

Amazon Web Services

AWS Security By Design

Amazon Web Services

In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.

Introduction to Threat Detection and Remediation on AWS

Amazon Web Services

by Brad Dispensa, Sr. Solutions Architect, AWS Operating a security practice on AWS brings many new challenges that haven't been faced in data center environments. The dynamic nature of infrastructure, the relationship between development team members and their applications, and the architecture paradigms have all changed as a result of building software on top of AWS. In this session we will cover how you can use secure configuration and automation to monitor, audit, and enforce your security policies within an AWS environment. Level 200

Secure Configuration and Automation Overview

Amazon Web Services

Healthcare organizations are rapidly adopting container technology to drive innovation. In this session, join Horizon Blue Cross Blue Shield of New Jersey and ClearDATA to learn about how to integrate Amazon ECS into your deployment pipeline while maintaining compliance for healthcare workloads, how to harden container environments for sensitive workloads, and how to leverage AWS tooling and microservices to provide new views and analysis for data stored in on-premises data centers.

HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...

Amazon Web Services

Track 4 Session 4_ MAD02 MAD 04 如何藉由 CICD 流程管理容器化和無伺服器應用

Amazon Web Services

AWS Summit 2014 Melbourne - Breakout 3 The AWS Cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources. Presenter: Stephen Quigg, Solutions Architect, APAC, Amazon Web Services

Understanding AWS Security

Amazon Web Services

Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017

Amazon Web Services

AWS re:Invent re:Cap 행사에서 발표된 강연 자료입니다. 아마존 웹서비스의 양승도 솔루션스 아키텍트가 발표한 내용입니다. 새로 발표된 AWS의 보안 및 접근권한 관리 관련 서비스를 이용해 아키텍처를 구축하는 방법에 대해 초점이 맞춰져 있습니다. 내용 요약: AWS 클라우드의 인프라는 현존하는 클라우드 컴퓨팅 환경 중 가장 유연하고 안전하게 작동할 수 있도록 설계되어 고도의 확장성과 안정성을 지닌 플랫폼으로 기능하고 있으며, 고객들은 이를 활용해 애플리케이션과 데이터를 빠르고 안전하게 배포할 수 있습니다. 이번 세션에서는 현존하는 AWS의 보안 및 컴플라이언스 도구들 외에 이번 re:Invent에서 추가된 AWS Key Management Service, AWS Config, 그리고 AWS Service Catalog를 활용해 커스텀 키 관리 및 암호화, 리소스 사용의 가시성 확보와 감사, 표준화된 리소스 할당을 가능하게 하는 법에 대해 알아보겠습니다.

AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도

Amazon Web Services Korea

Mao Danrong, Solutions Architect, AWS China Blockchain has become a hot topic for enterprises, start-ups, entrepreneurs, and regulatory bodies. Companies are now beginning to understand its disruptive potential and are experimenting with its most promising applications. But, few companies have asked the more fundamental question: Are we ready to adopt a shared public database and Microservice architecture for financial transactions? In this session, we cover the use cases and emerging trends. We also demonstrate blockchain in use and show how to implement it with demo showing using AWS services.

Exploring Blockchain Technology and Emerging Trends

Amazon Web Services

Advanced AWS Security Workshop

Amazon Web Services

Herramientas Cloud Ninja AWS "From Zero to Hero"

Amazon Web Services LATAM

Similar to AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasing threat environment? (20)

Getting Started with AWS Security

AWS Summit Auckland Sponsor presentation - Bulletproof

Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018

AWS Cloud Controls for Security - Usman Shakeel

Staying Secure in the Cloud

Bulletproof & Xero Presentation - AWS Summit Auckland

AWSome Day Helsinki Training

[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...

Deep Dive - Hybrid Architectures

AWS Security By Design

Introduction to Threat Detection and Remediation on AWS

Secure Configuration and Automation Overview

HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...

Track 4 Session 4_ MAD02 MAD 04 如何藉由 CICD 流程管理容器化和無伺服器應用

Understanding AWS Security

Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017

AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도

Exploring Blockchain Technology and Emerging Trends

Advanced AWS Security Workshop

Herramientas Cloud Ninja AWS "From Zero to Hero"

Recently uploaded

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

The Future of Platform Engineering

Jemma Hussein Allen

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Bits & Pixels using AI for Good.........

Alison B. Lowndes

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

Intrigued by why some of the world's largest companies (Netflix, Google, Cisco, Twitter, Uber etc) are using gRPC? In this demo based talk we delve into the world of gRPC in .Net, what it does and why we should use it. We compare the interface with both Rest and graphQL. We will show you how to implement grpc server-side in .net and in the web. Finally, I will show you how the tooling helps you deliver powerful interfaces and interact with them quickly and simply.

Demystifying gRPC in .Net by John Staveley

John Staveley

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

Discover the essentials of performance testing in the IT sector with our concise guide. Learn about various testing types such as load, stress, endurance, spike, scalability, and volume testing. Understand key performance metrics like response time, throughput, CPU and memory utilization, and error rate. Explore top tools like Apache JMeter, LoadRunner, Gatling, Neoload, and BlazeMeter. Gain insights into best practices for defining objectives, creating realistic scenarios, automating tests, and optimizing performance to ensure user satisfaction, reliability, scalability, and cost efficiency. Ideal for developers, QA engineers, and IT professionals. Visit Expeed Software for more information. https://expeed.com/

In-Depth Performance Testing Guide for IT Professionals

Expeed Software

Recently uploaded (20)

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Assuring Contact Center Experiences for Your Customers With ThousandEyes

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

When stars align: studies in data quality, knowledge graphs, and machine lear...

The Future of Platform Engineering

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Essentials of Automations: Optimizing FME Workflows with Parameters

Connector Corner: Automate dynamic content and events by pushing a button

Bits & Pixels using AI for Good.........

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Demystifying gRPC in .Net by John Staveley

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

"Impact of front-end architecture on development cost", Viktor Turskyi

ODC, Data Fabric and Architecture User Group

PHP Frameworks: I want to break free (IPC Berlin 2024)

In-Depth Performance Testing Guide for IT Professionals

AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasing threat environment?

2. How do you manage secure access to AWS in an ever-increasing threat environment?

3. Dear AWS Customer, Your security is important to us. We recently became aware that your AWS Access Key (ending with 3KFA) along with your Secret Key are publicly available on github.com . This poses a security risk to you, could lead to excessive charges from unauthorized activity or abuse, and violates the AWS Customer Agreement.

4. 😱 🚨

5. Andrew Backhouse Solution Architect, Platform Services Infrastructure Tribe @Backhoouse

7. ✅ Joiner/movers/leavers ✅ Short lived TTL ✅ Fine grain policy ✅ Quick & easy

8. Services AWS APIs HashiCorp Vault IAM Policies IAM Roles Glue (pscli)

9. Data Flows 3rd Party services On-premise services Compliance Controls

10. Architecture DEMO

11. Architecture

12. Architecture

13. Architecture

14. Architecture

15. Architecture

16. Architecture

17. Architecture

18. Architecture

19. Services: pscli ComposAble deveLopment and cI https://github.com/adampointer/cali

20. Services: Vault https://www.vaultproject.io/

21. Services: Vault Policy 💡

22. Services: Vault Policy https://www.vaultproject.io/

23. Services: AWS Setup

24. Services: AWS APIs The AWS Security Token Service (STS) Enables temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). Single sign-on (SSO) to the console. To support SSO, AWS lets you call a federation endpoint (https://signin.aws.amazon.com/federation) and pass temporary security credentials. http://docs.aws.amazon.com/IAM/latest/UserGuide/i d_credentials_temp_request.html 🏆

25. Wrap up ✅ Joiner/movers/leavers ✅ Short lived TTL ✅ Fine grain policy ✅ Quick & easy ✅ Compliance ✅ Audit ✅ Controls Edge cases for IAM creds… Like what you heard? AWS Blog post coming soon! 😀

26. We’re Hiring www.skybetcareers.com

Editor's Notes

Why is this important?
As IT professionals we don’t want our names in the papers for the wrong reasons. Easy mistakes to make. AWS atleast are looking out for you.
But it’s only a matter of time when using IAM User credentials. More of a problem when your policing a large number of AWS accounts. We have 40+ for example.
That sets the scene. Who I am. Find me on twitter
We chose AWS for good reasons. We can to go fast, build stuff and pay for it only when we need it.
We also want to do it in a secure way. Developers want to do things quickly and don’t want security in the way.
All your build tools are delivered by container We still control the version and any configuration You pick and choose what you need. Hence composable.

AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasing threat environment?

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasing threat environment?

Similar to AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasing threat environment? (20)

Recently uploaded

Recently uploaded (20)

AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasing threat environment?

Editor's Notes