1. The document outlines an agenda for a meetup event on September 5th 2018 hosted by #74PRESENTS. It includes 3 presentations on AWS topics, as well as breaks for food and networking. 2. The first presentation is by Jesus Rodriguez from PolarSeven on "AWS CodePipeline & multiple origins". The second is by Craig Dent from Evident.io on "11 Exercises To Get CloudFit". The third is by representatives from Freshworks on "Scaling to support 150,000 businesses". 3. The event concludes with an prize drawing and announcement of the next meetup on October 3rd 2018.

1. September 5th 2018
#74PRESENTS

2. Sponsors

3. What’s On Tonight
6:00 pm
1. PolarSeven
“AWS CodePipeline & multiple origins” - Jesus Rodriguez
6:20 pm
2. Evident.io
“11 Exercises To Get CloudFit” - Craig Dent
6:40 pm
Break
Have some pizza & beer, on us!
7:20 pm
3. Freshworks
“Scaling to support 150,000 businesses” - Karthikeyan Marudhachalam/Hariprasad Ellanki
7:40 pm Networking

4. Presentation 1
Jesus Rodriguez
Cloud Consultant
“AWS CodePipeline & multiple origins”

5. Built Using
Route 53 CloudFormation
CodePipeline
S3Lambda
Cloudwatch IAM SNS
VPC Load Balancer Autoscaling EC2

6. Solution design

7. It’s demo time!
Because there is nothing scarier during a presentation than a live demo

8. Cost of this demo
$0.50

9. Contact Us
hello@polarseven.com
Thank youGracias

10. Presentation 2
Craig Dent
Consulting Engineer
“11 Exercises To Get CloudFit”

11. 11 Exercises To Get CloudFit
AWS Security Fitness

12. Why is Cloud Fitness
important?

14. Cloud Adoption Barriers

15. Cloud Security Threats

16. Cloud Security Headaches

17. Ready to Get
CloudFit?

18. Exercise 1:
Disable Root Account API
Access Key
Root Account has no
restrictions
Create administrative IAM users
Grant access to billing
information and tools
“Lock the door and throw away
the key” i.e. Disable/Remove
the default AWS root user API
access keys

19. Exercise 2:
Enable MFA Tokens Everywhere
Rotating passwords too often:
BAD
Using overly complicated
passwords no one remembers:
BAD
Using Multi-factor
Authentication:
GOOD
MFA – Physical or Virtual
Virtual has choices – Google
Authenticator, Authy, etc.

20. Exercise 3:
Reduce IAM Users With Admin Rights
10
Create IAM admin users. At least 2,
no more than 3 per IAM group
What is the risk if an Admin account
is lost or compromised?
Could the result impact my revenue
or reputation?

21. Exercise 4:
Use Roles for AWS EC2
Temporary authentication
credentials. Limited privilege
Reduce the surface area of
attack
1
2
3
4
5 Auditable activity with CloudTrail
Automatically generated
authentication credentials
Do your EC2 instances need to
contact other AWS Services?

22. Exercise 5:
Least Privilege
Only give minimal rights to do
things on AWS...just what is
needed to accomplish tasks or
actions
IAM can get very granular
This applies to:
● IAM Users
● IAM Groups
● IAM Roles / Instance Profiles
● Applications or Scripts
e.g. If an app only needs to write
to an S3 bucket, then only give it
permission to PutObject.

23. Exercise 6:
Rotate All the Keys Regularly
Rotate all credentials, passwords,
and API Access Keys on a regular
basis.
90 days minimum
Compromised API Access Keys
can cost your business dearly

24. 14
Exercise 7:
Use IAM Roles With AWS STS
Similar to EC2 Roles
Can be used in place of privileged
IAM User Access Keys
Temporary credentials
Allows for 3rd parties to access
your account more securely
Extended version of AssumeRole
allows for Identity Federation

25. Exercise 8:
Use AutoScaling to
Counter DDoS
AutoScaling allows you to increase
the number of EC2 instances
automatically
More instances means your site
stays up
Small price to pay for increased
reliability

26. Exercise 9:
Do Not Allow 0.0.0.0/0 Unless You Mean It
SSH - Only allow the access from the origin IP and port where you will admin your instance from.
Only turn this on when needed and remove it when not.
EC2 IP Address range is a favourite of scanners
Affects not just EC2 instances but also ELB’s, ElastiCache clusters, RDS, EMR nodes, and others…

27. Exercise 10:
Strengthen S3 Bucket
Policies
Watch world-readable and world-
listable S3 buckets
Open S3 buckets a favourite for
trolling for API Access Keys
Check your bucket security
regularly
Watch for AuthenticatedUsers
grantee

28. Are your S3 Buckets Secure?
359 Million
Records Leaked

29. Exercise 11:
CloudTrail and Encryption

30. The CloudFit Regimen
⃞ Exercise 1: Disable Root Account API Access Key
⃞ Exercise 2: Enable MFA Tokens Everywhere
⃞ Exercise 3: Reduce IAM Users With Admin Rights
⃞ Exercise 4: Use Roles for AWS EC2
⃞ Exercise 5: Least Privilege
⃞ Exercise 6: Rotate All the Keys Regularly
⃞ Exercise 7: Use IAM Roles With AWS STS
⃞ Exercise 8: Use AutoScaling to Counter DDoS
⃞ Exercise 9: Do Not Allow 0.0.0.0/0 Unless You Mean It
⃞ Exercise 10: Create AWS S3 Bucket Policies
⃞ Exercise 11: Enable AWS CloudTrail and Encryption

31. WARNING – Sales Plug Approaching

32. Evident Security Platform (ESP)
Your CloudFit Tracker

33. How it works:

34. Evident Security Platform (ESP)
Your CloudFit Tracker
Start a Free Trial

35. Break & Networking
• Refresh your drink
• Grab some pizza
• Make new contacts
• Enter the prize draw!

36. Presentation 3
Karthikeyan Marudhachalam/ Hariprasad
Ellanki
“Scaling to support 150,000 businesses”

37. Scaling to support
150,000 businesses
Karthikeyan Marudhachalam/
Hariprasad Ellanki

38. ● Founded in 2010
● 150,000+ businesses
● 150+ countries
● 7 products
● $249M in funding

39. Freshdesk ● Customer support software
● Email, social, phone & chat channels
● 2.5 million DB reads in a minute
● 3 million conversations in a day
● 44TB of data
● 750 Million requests per week
● DCs in US, Australia, EU-C & India

40. Architecture

41. Requests per
week

42. Database
● Started with single DB
● Read replica
● Partitions
● Sharding
● Archiving

43. App Servers ● Mostly Ruby-on-Rails
● OpsWorks managed
● Blue-Green deployment
● Failure isolation
○ Dedicated Layers for each request group
○ Dedicated Layer for businesses with SLA
○ Buffer Layer
○ Future: Shell

44. Microservices ● Go, Java, Python & Node.js
● Search: Elasticsearch
● Analytics: Redshift
● Queueing
○ SQS
○ Kafka

45. Thank You

46. Draw Prize
This weeks winner is :

47. Thanks For Coming
Join Us Next Month – October 3rd 2018
Presentations from
&
>> Register @ http://www.meetup.com/AWS-Sydney/ <<