SlideShare a Scribd company logo

Best Practices for SecOps on AWS

Amazon Web Services
Amazon Web Services

1. The document provides a practical approach for achieving security operations (SecOps) excellence in AWS through controlling, monitoring, and fixing security issues. 2. It discusses establishing guardrails through identity and access management (IAM), infrastructure as code (Code*), and AWS Config as part of the control phase. The monitor phase involves visibility tools like CloudTrail, CloudWatch, and VPC flow logs. The fix phase deals with exceptions through automation with Lambda. 3. A demonstration is provided of an event flow showing how security controls would be enhanced from standard to active monitoring in response to a detected anomaly.

1 of 44
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Armando Leite, Principal Security Architect 03/29/17 Best Practices for Managing Security Operations in AWS
Provide a practical approach for SecOps excellence + Show how it works in practice. + Get you to try it (take home toolkit) Control Monitor Fix Goals of session
In detail 1. Introduction 2. CMF: Control/Monitor/Fix - Control: Creating the guardrails. - IAM, Code*, AWS Config - Monitor: Provide visibility - Cloudtrail, Flowlogs, Syslog, Cloudwatch - Fix: Dealing with Exceptions - Lambda 3. In Practice (aka demo) 4. Your take home kit and actions MSB – Minimum Security Baseline Pro Level – What to aim for.
Cloud Adoption Framework The Security Perspective Directive Preventive Detective Responsive Control Monitor ? Fix Driving the right behavior Maintain and assure over time. Get back to known good.
Our guidelines (‘Directive’) Operating principles: 1. Think pipelines/workflows, not isolated controls. 2. Use the data. 3. The SOP is Code.
Control Monitor FixControl Monitor Fix
Phase 1: Control Goal: • Drive towards secure outcomes i.e. Build guardrails Possible options: • IAM • Cloudformation • Code* Best practice: • MSB: Individual users + Least privilege + use of groups. • Pro level: Centralized deployment of controls across N accounts.
AWS Identity and Access Management (IAM) § Enables you to control who can do what in your AWS account § Splits into users, groups, roles, and permissions § Control § Centralized § Fine-grained - APIs, resources, and AWS Management Console § Security § Secure (deny) by default Final decision =“deny” (explicit deny) Ye s Final decision =“allow” Ye s No Is there an Allow? 4 Decision starts at Deny 1 Evaluate all applicable policies 2 Is there an explicit deny? 3 No Final decision =“deny” (default deny) 5 § AWS retrieves all policies associated with the user and resource. § Only policies that match the action and conditions are evaluated. § If a policy statement has a deny, it trumps all other policy statements. § Access is granted if there is an explicit allow and no deny. • By default, an implicit (default) deny is returned.
Top 11 IAM best practices 1. Users – Create individual users. 2. Permissions – Grant least privilege. 3. Groups – Manage permissions with groups. 4. Conditions – Restrict privileged access further with conditions. 5. Auditing – Enable AWS CloudTrail to get logs of API calls. 6. Password – Configure a strong password policy. 7. Rotate – Rotate security credentials regularly. 8. MFA – Enable MFA for privileged users. 9. Sharing – Use IAM roles to share access. 10.Roles – Use IAM roles for Amazon EC2 instances. 11.Root – Reduce or remove use of root.
One AWS account vs. multiple AWS accounts? Use a single AWS account when you: § Want simpler control of who does what in your AWS environment. § Have no need to isolate projects/products/teams. § Have no need for breaking up the cost. Use multiple AWS accounts when you: § Need full isolation between projects/teams/environments. § Want to isolate recovery data and/or auditing data (e.g., writing your CloudTrail logs to a different account). § Need a single bill, but want to break out the cost and usage.
Segmented AWS Account Structure Procurement and Finance SOC/Auditors Billing account Production accounts User management account Security / Audit account Application Owners Security/auditUtilityFinancial Consolidated Billing, Billing Alerts Read-only access for all accounts Dev / Test accounts Operational Logging account Backup / DR account Key management account Shared services account Domain Specific Admins Event and State Logging Read-only access to logging data
AWS Organizations Control AWS service use across accounts Policy-based management for multiple AWS accounts. Consolidate billingAutomate AWS account creation
Typical Use Cases Control the use of AWS services to help comply with corporate security and compliance policies. Automate the creation of AWS accounts for different resources. • API response to trigger additional automation. (e.g. deploy CloudFormation template)
What is AWS CloudFormation? • AWS CloudFormation allows you to model, provision, and update the full breadth of AWS resources. • Manage anything from a single Amazon EC2 instance to a multi-tier application. • Integrates with other development and management tools.
Source Code Running Host Continuous Integration / Continuous Deployment Cloudformation Security
Elements of a Continuous Delivery Pipeline Commit Phase: Source Control changes • Static code analysis: Analyze the CFN templates against a set of security rules Acceptance Phase: Dev Environment • Dynamic analysis: Run template in sandbox / acceptance test environment. Capacity/Integration/Staging Phases: Pre-Prod Environment • Load, performance, Penetration and failover testing. Production Phase: Prod Environment • Deploy controls.
Code* for Infrastructure code Create Stack CloudFormation CodePipeline DevOps Code Push Code Pull Static Code Analysis Lambda Dynamic Security checks Lambda Manual Approval Create ChangeSet CloudFormation Approve ChangeSet Delete Stack CloudFormation Execute ChangeSet CloudFormation Commit Phase Acceptance Phase Prod Phase This image cannot currently be displayed. S3
Control Monitor Fix
Phase 2: Monitor Goals: - Ensure effective operation over time. - Detect anomalies/change. Options: • Cloudtrail, Cloudwatch*, VPC Flowlogs, Config… Best Practice: • MSB: Aggregate log data. • Pro level: Analyze and act on log data as it arrives.
What is AWS CloudTrail? A fully managed service that records API calls made on your AWS account. Customers are making API calls... On a growing set of services around the world… CloudTrail is continuously recording API calls… And delivering log files to customers
Alert indexer Triage/Classification rules Cloudtrail Cloudtrail Cloudtrail ... ... Security accountAccount 1 Account 2 Account N Cloudtrail aggregation bucket Automated configuration to enable logging and aggregation destination. Log files deposited in S3 bucket under Security Account. SNS notifies lambda of new events available for processing. Each lambda evaluates a specific compliance item or misuse case. Rules engines help defin action to take based on asset and environment. If dictated by rules engine, event results in notification via email i.e. critical events. Alerts preserved in Dynamodb for reporting and indexing of raw data. All processing in Security Account i.e. no external dependencies to add new logic, log processing, etc.
AWS Config & Config Rules Changing resources AWS Config Config Rules History, Snapshot Notifications API Access Normalized
AWS Config: Inventory and compliance
AWS Config Rules: Evaluate resource Config
Alert… Account DB Cloudtrail Cloudtrail Cloudtrail ... ... Logging aggregation accountAccount 1 Account 2 Account N Cloudtrail aggregation bucket SQS Dashboard CWE Config Config Config Ticketing…
Alert… Account DB ... ... Logging aggregation accountAccount 1 Account 2 Cloudtrail aggregation bucket SQS Dashboard CWE Ticketing… Cloudtrail Account N Config Flowlogs CloudtrailConfig Flowlogs CloudtrailConfig Flowlogs Flowlogs Aggregation bucket
Control Monitor Fix
Goal: • Return to ‘known good’ • ‘Don’t throw the baby out with the bathwater’… Options: • Lambda shines but whole AWS platform plays a role. Best Practices: • MSB: automate alerting and integrate with ticketing systems. • Pro Level: Closed loop. Fix – Correcting anomalies
Signal Noise Gather Remediate Do Nothing Correct Alert Enrich Stop Measure Spectrum of options
Security Incident Response Simulations Test and benchmark your security response to security events. Experts from the Security, Risk and Compliance (SRC) practice can help you assess your current state of incident response readiness, then prepare and execute an exercise to practice that response. Objectives: • Assess current incident response processes and procedures • Provide recommendations for using AWS services of incident response • Test the cloud incident response process via a simulated exercise Typical effort: 15 Man Days
Control Monitor FixControl Monitor Fix In practice…
Demo – event flow 1 – Standard 2 – Enhanced 3 – Active Auto Scaling group security group security group EC2 instance Web server security group EC2 instance App server Auto Scaling group CloudWatch Syslog Flowlogs CloudTrail In standard operation, we are observant. Control: - Security agent loaded in instance. - Logons tracked. Monitoring: - We gather data covering API activity (cloudtrail), network (Flowlogs) and also in- instance activity (Syslog). Fix: - We are good J Logon ok? Logon is OK! SSH Login! (CWECustom)
Demo – event flow 1 – Standard 2 – Enhanced 3 – Active Auto Scaling group security group security group EC2 instance Web server security group EC2 instance App server Auto Scaling group CloudWatch Syslog Flowlogs CloudTrail SSH Login! (CWECustom) A logon event occurs. We go to Enhanced surveillance mode. Control: - Dynamically add lambda subscriptions to log feeds. Monitor: - In instance activity (privilege escalation) - Initiation of forbidden flows. Fix: - Alert only. Watchful but passive. Enhance OS data analysis Network data analysis Subscribe to Syslog Enable Instance level flowlogs Subscribe to instance flowlogs Flowlogs Logon ok? Logon NOT ok.
Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance web app server security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Preserve Deregister Syslog data Root Access CloudWatch
Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Preserve Deregister Syslog data CloudWatch
Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Preserve Deregister Syslog data CloudWatch Block all
Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Deregister Preserve Syslog data CloudWatch Block all Dereg ASG/ELB
Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Deregister Preserve Syslog data CloudWatch Logs Block all Dereg ASG/ELB Amazon EBS snapshots
Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance web app server security group App server 1 – Standard 2 – Enhanced 3 – Active security group EC2 instance Anomaly An escalation occurred and we switched to Active i.e. intervene and get it fixed. Control: - SG to isolate anomalous instance. - Preserve instance for both live and offline analysis. - Deregister application from live use. Monitoring: - We continue to monitor all activity as per previous steps. Fix: - The control actions cause ASG to be 1 instance short and will recover to original fleet size from ‘last known good’.
Demo – event flow 1 – Standard 2 – Enhanced 3 – Active Auto Scaling group security group security group EC2 instance Web server security group EC2 instance App server Auto Scaling group CloudWatch Syslog Flowlogs CloudTrail In standard operation, we are observant. Control: - Security agent loaded in instance. - Logons tracked to TT. Monitoring: - We gather data covering API activity (cloudtrail), network (Flowlogs) and also in- instance activity (Syslog). Fix: - We are BACK TO good J
Summary Control: • IAM is the foundation for everything else. • Service catalogue as an option to standardize product distribution. • Code*: Embed security throughout (‘Fail early’). Monitor: • Cloudtrail, Config, Flowlogs,…:To get visibility, you need to see – enable logging. • Data is good. Better if you use it. Great if used to drive automation. Fix: • Reduce ‘Detect-Report-Remediate’ cycles. • Automate to gain speed + free human intellect to more added value tasks.
Take home kit – your turn! #1 Demo code is published • https://github.com/awslabs/automating-governance-sample #2 Implementing DevSecOps using AWS Codepipeline • https://aws.amazon.com/blogs/devops/implementing-devsecops-using-aws-codepipeline #3 “what should I Control/Monitor/Fix next?” • https://aws.amazon.com/whitepapers/aws-security-best-practices/ #4 (Optional) Come Jam with us!
https://securityjam.awsevents.com/ Private delivery
Thank you! Armando Leite, Principal Security Architect armandl@amazon.com

Recommended

Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Amazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Amazon Web Services
 
What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?
Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트) IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Amazon Web Services
 
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
Amazon Web Services Korea
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the Cloud
Amazon Web Services
 

Recommended

Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Amazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Amazon Web Services
 
What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?
Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트) IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Amazon Web Services
 
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
Amazon Web Services Korea
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the Cloud
Amazon Web Services
 
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Amazon Web Services
 
Accelerating Your Portfolio Migration to AWS Using AWS Migration Hub - ENT321...
Accelerating Your Portfolio Migration to AWS Using AWS Migration Hub - ENT321...Accelerating Your Portfolio Migration to AWS Using AWS Migration Hub - ENT321...
Accelerating Your Portfolio Migration to AWS Using AWS Migration Hub - ENT321...
Amazon Web Services
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
Shiva Narayanaswamy
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Crishantha Nanayakkara
 
AWS Deployment Best Practices
AWS Deployment Best PracticesAWS Deployment Best Practices
AWS Deployment Best Practices
Amazon Web Services
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...
Amazon Web Services
 
CI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateCI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and Fargate
Amazon Web Services
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
Amazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
Amazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
Amazon Web Services
 
Using AWS for Backup and Restore (backup in the cloud, backup to the cloud, a...
Using AWS for Backup and Restore (backup in the cloud, backup to the cloud, a...Using AWS for Backup and Restore (backup in the cloud, backup to the cloud, a...
Using AWS for Backup and Restore (backup in the cloud, backup to the cloud, a...
Amazon Web Services
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
Amazon Web Services Korea
 
AWS Application Discovery Service
AWS Application Discovery ServiceAWS Application Discovery Service
AWS Application Discovery Service
Amazon Web Services
 
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
Amazon Web Services Korea
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
AWS Overview in a Single Diagram
AWS Overview in a Single DiagramAWS Overview in a Single Diagram
AWS Overview in a Single Diagram
Jan Ralph Lester Plazo
 
Best Practices for Managing Security Operations in AWS - March 2017 AWS Onlin...
Best Practices for Managing Security Operations in AWS - March 2017 AWS Onlin...Best Practices for Managing Security Operations in AWS - March 2017 AWS Onlin...
Best Practices for Managing Security Operations in AWS - March 2017 AWS Onlin...
Amazon Web Services
 
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
Amazon Web Services
 

More Related Content

What's hot

Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Amazon Web Services
 
Accelerating Your Portfolio Migration to AWS Using AWS Migration Hub - ENT321...
Accelerating Your Portfolio Migration to AWS Using AWS Migration Hub - ENT321...Accelerating Your Portfolio Migration to AWS Using AWS Migration Hub - ENT321...
Accelerating Your Portfolio Migration to AWS Using AWS Migration Hub - ENT321...
Amazon Web Services
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
Shiva Narayanaswamy
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Crishantha Nanayakkara
 
AWS Deployment Best Practices
AWS Deployment Best PracticesAWS Deployment Best Practices
AWS Deployment Best Practices
Amazon Web Services
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...
Amazon Web Services
 
CI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateCI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and Fargate
Amazon Web Services
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
Amazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
Amazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
Amazon Web Services
 
Using AWS for Backup and Restore (backup in the cloud, backup to the cloud, a...
Using AWS for Backup and Restore (backup in the cloud, backup to the cloud, a...Using AWS for Backup and Restore (backup in the cloud, backup to the cloud, a...
Using AWS for Backup and Restore (backup in the cloud, backup to the cloud, a...
Amazon Web Services
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
Amazon Web Services Korea
 
AWS Application Discovery Service
AWS Application Discovery ServiceAWS Application Discovery Service
AWS Application Discovery Service
Amazon Web Services
 
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
Amazon Web Services Korea
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
AWS Overview in a Single Diagram
AWS Overview in a Single DiagramAWS Overview in a Single Diagram
AWS Overview in a Single Diagram
Jan Ralph Lester Plazo
 

What's hot (20)

Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
 
Accelerating Your Portfolio Migration to AWS Using AWS Migration Hub - ENT321...
Accelerating Your Portfolio Migration to AWS Using AWS Migration Hub - ENT321...Accelerating Your Portfolio Migration to AWS Using AWS Migration Hub - ENT321...
Accelerating Your Portfolio Migration to AWS Using AWS Migration Hub - ENT321...
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
AWS Deployment Best Practices
AWS Deployment Best PracticesAWS Deployment Best Practices
AWS Deployment Best Practices
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...
 
CI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateCI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and Fargate
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
 
Using AWS for Backup and Restore (backup in the cloud, backup to the cloud, a...
Using AWS for Backup and Restore (backup in the cloud, backup to the cloud, a...Using AWS for Backup and Restore (backup in the cloud, backup to the cloud, a...
Using AWS for Backup and Restore (backup in the cloud, backup to the cloud, a...
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
 
AWS Application Discovery Service
AWS Application Discovery ServiceAWS Application Discovery Service
AWS Application Discovery Service
 
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 
AWS Overview in a Single Diagram
AWS Overview in a Single DiagramAWS Overview in a Single Diagram
AWS Overview in a Single Diagram
 

Similar to Best Practices for SecOps on AWS

Best Practices for Managing Security Operations in AWS - March 2017 AWS Onlin...
Best Practices for Managing Security Operations in AWS - March 2017 AWS Onlin...Best Practices for Managing Security Operations in AWS - March 2017 AWS Onlin...
Best Practices for Managing Security Operations in AWS - March 2017 AWS Onlin...
Amazon Web Services
 
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
Amazon Web Services
 
Automated Governance of Your AWS Resources
Automated Governance of Your AWS ResourcesAutomated Governance of Your AWS Resources
Automated Governance of Your AWS Resources
Amazon Web Services
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack Security
Amazon Web Services
 
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
AWS Germany
 
Easily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS ResourcesEasily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS Resources
Amazon Web Services
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Amazon Web Services
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Amazon Web Services
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
Amazon Web Services
 
Getting Started Best Practices
Getting Started Best PracticesGetting Started Best Practices
Getting Started Best Practices
Amazon Web Services
 
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Amazon Web Services
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
Faiza Mehar
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
Amazon Web Services
 
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...
Amazon Web Services
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
Amazon Web Services
 
Best Practices for getting Started on AWS
Best Practices for getting Started on AWSBest Practices for getting Started on AWS
Best Practices for getting Started on AWS
Amazon Web Services
 
Automate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAutomate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resources
Amazon Web Services
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
Amazon Web Services
 
Infrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large EnterprisesInfrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large Enterprises
Tensult
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
Amazon Web Services
 

Similar to Best Practices for SecOps on AWS (20)

Best Practices for Managing Security Operations in AWS - March 2017 AWS Onlin...
Best Practices for Managing Security Operations in AWS - March 2017 AWS Onlin...Best Practices for Managing Security Operations in AWS - March 2017 AWS Onlin...
Best Practices for Managing Security Operations in AWS - March 2017 AWS Onlin...
 
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
 
Automated Governance of Your AWS Resources
Automated Governance of Your AWS ResourcesAutomated Governance of Your AWS Resources
Automated Governance of Your AWS Resources
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack Security
 
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
 
Easily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS ResourcesEasily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS Resources
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
 
Getting Started Best Practices
Getting Started Best PracticesGetting Started Best Practices
Getting Started Best Practices
 
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
 
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
Best Practices for getting Started on AWS
Best Practices for getting Started on AWSBest Practices for getting Started on AWS
Best Practices for getting Started on AWS
 
Automate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAutomate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resources
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
 
Infrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large EnterprisesInfrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large Enterprises
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Best Practices for SecOps on AWS

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Armando Leite, Principal Security Architect 03/29/17 Best Practices for Managing Security Operations in AWS
  • 2. Provide a practical approach for SecOps excellence + Show how it works in practice. + Get you to try it (take home toolkit) Control Monitor Fix Goals of session
  • 3. In detail 1. Introduction 2. CMF: Control/Monitor/Fix - Control: Creating the guardrails. - IAM, Code*, AWS Config - Monitor: Provide visibility - Cloudtrail, Flowlogs, Syslog, Cloudwatch - Fix: Dealing with Exceptions - Lambda 3. In Practice (aka demo) 4. Your take home kit and actions MSB – Minimum Security Baseline Pro Level – What to aim for.
  • 4. Cloud Adoption Framework The Security Perspective Directive Preventive Detective Responsive Control Monitor ? Fix Driving the right behavior Maintain and assure over time. Get back to known good.
  • 5. Our guidelines (‘Directive’) Operating principles: 1. Think pipelines/workflows, not isolated controls. 2. Use the data. 3. The SOP is Code.
  • 7. Phase 1: Control Goal: • Drive towards secure outcomes i.e. Build guardrails Possible options: • IAM • Cloudformation • Code* Best practice: • MSB: Individual users + Least privilege + use of groups. • Pro level: Centralized deployment of controls across N accounts.
  • 8. AWS Identity and Access Management (IAM) § Enables you to control who can do what in your AWS account § Splits into users, groups, roles, and permissions § Control § Centralized § Fine-grained - APIs, resources, and AWS Management Console § Security § Secure (deny) by default Final decision =“deny” (explicit deny) Ye s Final decision =“allow” Ye s No Is there an Allow? 4 Decision starts at Deny 1 Evaluate all applicable policies 2 Is there an explicit deny? 3 No Final decision =“deny” (default deny) 5 § AWS retrieves all policies associated with the user and resource. § Only policies that match the action and conditions are evaluated. § If a policy statement has a deny, it trumps all other policy statements. § Access is granted if there is an explicit allow and no deny. • By default, an implicit (default) deny is returned.
  • 9. Top 11 IAM best practices 1. Users – Create individual users. 2. Permissions – Grant least privilege. 3. Groups – Manage permissions with groups. 4. Conditions – Restrict privileged access further with conditions. 5. Auditing – Enable AWS CloudTrail to get logs of API calls. 6. Password – Configure a strong password policy. 7. Rotate – Rotate security credentials regularly. 8. MFA – Enable MFA for privileged users. 9. Sharing – Use IAM roles to share access. 10.Roles – Use IAM roles for Amazon EC2 instances. 11.Root – Reduce or remove use of root.
  • 10. One AWS account vs. multiple AWS accounts? Use a single AWS account when you: § Want simpler control of who does what in your AWS environment. § Have no need to isolate projects/products/teams. § Have no need for breaking up the cost. Use multiple AWS accounts when you: § Need full isolation between projects/teams/environments. § Want to isolate recovery data and/or auditing data (e.g., writing your CloudTrail logs to a different account). § Need a single bill, but want to break out the cost and usage.
  • 11. Segmented AWS Account Structure Procurement and Finance SOC/Auditors Billing account Production accounts User management account Security / Audit account Application Owners Security/auditUtilityFinancial Consolidated Billing, Billing Alerts Read-only access for all accounts Dev / Test accounts Operational Logging account Backup / DR account Key management account Shared services account Domain Specific Admins Event and State Logging Read-only access to logging data
  • 12. AWS Organizations Control AWS service use across accounts Policy-based management for multiple AWS accounts. Consolidate billingAutomate AWS account creation
  • 13. Typical Use Cases Control the use of AWS services to help comply with corporate security and compliance policies. Automate the creation of AWS accounts for different resources. • API response to trigger additional automation. (e.g. deploy CloudFormation template)
  • 14. What is AWS CloudFormation? • AWS CloudFormation allows you to model, provision, and update the full breadth of AWS resources. • Manage anything from a single Amazon EC2 instance to a multi-tier application. • Integrates with other development and management tools.
  • 15. Source Code Running Host Continuous Integration / Continuous Deployment Cloudformation Security
  • 16. Elements of a Continuous Delivery Pipeline Commit Phase: Source Control changes • Static code analysis: Analyze the CFN templates against a set of security rules Acceptance Phase: Dev Environment • Dynamic analysis: Run template in sandbox / acceptance test environment. Capacity/Integration/Staging Phases: Pre-Prod Environment • Load, performance, Penetration and failover testing. Production Phase: Prod Environment • Deploy controls.
  • 17. Code* for Infrastructure code Create Stack CloudFormation CodePipeline DevOps Code Push Code Pull Static Code Analysis Lambda Dynamic Security checks Lambda Manual Approval Create ChangeSet CloudFormation Approve ChangeSet Delete Stack CloudFormation Execute ChangeSet CloudFormation Commit Phase Acceptance Phase Prod Phase This image cannot currently be displayed. S3
  • 19. Phase 2: Monitor Goals: - Ensure effective operation over time. - Detect anomalies/change. Options: • Cloudtrail, Cloudwatch*, VPC Flowlogs, Config… Best Practice: • MSB: Aggregate log data. • Pro level: Analyze and act on log data as it arrives.
  • 20. What is AWS CloudTrail? A fully managed service that records API calls made on your AWS account. Customers are making API calls... On a growing set of services around the world… CloudTrail is continuously recording API calls… And delivering log files to customers
  • 21. Alert indexer Triage/Classification rules Cloudtrail Cloudtrail Cloudtrail ... ... Security accountAccount 1 Account 2 Account N Cloudtrail aggregation bucket Automated configuration to enable logging and aggregation destination. Log files deposited in S3 bucket under Security Account. SNS notifies lambda of new events available for processing. Each lambda evaluates a specific compliance item or misuse case. Rules engines help defin action to take based on asset and environment. If dictated by rules engine, event results in notification via email i.e. critical events. Alerts preserved in Dynamodb for reporting and indexing of raw data. All processing in Security Account i.e. no external dependencies to add new logic, log processing, etc.
  • 22. AWS Config & Config Rules Changing resources AWS Config Config Rules History, Snapshot Notifications API Access Normalized
  • 23. AWS Config: Inventory and compliance
  • 24. AWS Config Rules: Evaluate resource Config
  • 25. Alert… Account DB Cloudtrail Cloudtrail Cloudtrail ... ... Logging aggregation accountAccount 1 Account 2 Account N Cloudtrail aggregation bucket SQS Dashboard CWE Config Config Config Ticketing…
  • 26. Alert… Account DB ... ... Logging aggregation accountAccount 1 Account 2 Cloudtrail aggregation bucket SQS Dashboard CWE Ticketing… Cloudtrail Account N Config Flowlogs CloudtrailConfig Flowlogs CloudtrailConfig Flowlogs Flowlogs Aggregation bucket
  • 28. Goal: • Return to ‘known good’ • ‘Don’t throw the baby out with the bathwater’… Options: • Lambda shines but whole AWS platform plays a role. Best Practices: • MSB: automate alerting and integrate with ticketing systems. • Pro Level: Closed loop. Fix – Correcting anomalies
  • 30. Security Incident Response Simulations Test and benchmark your security response to security events. Experts from the Security, Risk and Compliance (SRC) practice can help you assess your current state of incident response readiness, then prepare and execute an exercise to practice that response. Objectives: • Assess current incident response processes and procedures • Provide recommendations for using AWS services of incident response • Test the cloud incident response process via a simulated exercise Typical effort: 15 Man Days
  • 31. Control Monitor FixControl Monitor Fix In practice…
  • 32. Demo – event flow 1 – Standard 2 – Enhanced 3 – Active Auto Scaling group security group security group EC2 instance Web server security group EC2 instance App server Auto Scaling group CloudWatch Syslog Flowlogs CloudTrail In standard operation, we are observant. Control: - Security agent loaded in instance. - Logons tracked. Monitoring: - We gather data covering API activity (cloudtrail), network (Flowlogs) and also in- instance activity (Syslog). Fix: - We are good J Logon ok? Logon is OK! SSH Login! (CWECustom)
  • 33. Demo – event flow 1 – Standard 2 – Enhanced 3 – Active Auto Scaling group security group security group EC2 instance Web server security group EC2 instance App server Auto Scaling group CloudWatch Syslog Flowlogs CloudTrail SSH Login! (CWECustom) A logon event occurs. We go to Enhanced surveillance mode. Control: - Dynamically add lambda subscriptions to log feeds. Monitor: - In instance activity (privilege escalation) - Initiation of forbidden flows. Fix: - Alert only. Watchful but passive. Enhance OS data analysis Network data analysis Subscribe to Syslog Enable Instance level flowlogs Subscribe to instance flowlogs Flowlogs Logon ok? Logon NOT ok.
  • 34. Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance web app server security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Preserve Deregister Syslog data Root Access CloudWatch
  • 35. Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Preserve Deregister Syslog data CloudWatch
  • 36. Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Preserve Deregister Syslog data CloudWatch Block all
  • 37. Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Deregister Preserve Syslog data CloudWatch Block all Dereg ASG/ELB
  • 38. Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance Anomaly security group App server 1 – Standard 2 – Enhanced 3 – Active OS data analysis Isolate Deregister Preserve Syslog data CloudWatch Logs Block all Dereg ASG/ELB Amazon EBS snapshots
  • 39. Demo – event flow Auto Scaling group security group EC2 instance web app server Elastic Load Balancing security group EC2 instance web app server security group EC2 instance web app server security group App server 1 – Standard 2 – Enhanced 3 – Active security group EC2 instance Anomaly An escalation occurred and we switched to Active i.e. intervene and get it fixed. Control: - SG to isolate anomalous instance. - Preserve instance for both live and offline analysis. - Deregister application from live use. Monitoring: - We continue to monitor all activity as per previous steps. Fix: - The control actions cause ASG to be 1 instance short and will recover to original fleet size from ‘last known good’.
  • 40. Demo – event flow 1 – Standard 2 – Enhanced 3 – Active Auto Scaling group security group security group EC2 instance Web server security group EC2 instance App server Auto Scaling group CloudWatch Syslog Flowlogs CloudTrail In standard operation, we are observant. Control: - Security agent loaded in instance. - Logons tracked to TT. Monitoring: - We gather data covering API activity (cloudtrail), network (Flowlogs) and also in- instance activity (Syslog). Fix: - We are BACK TO good J
  • 41. Summary Control: • IAM is the foundation for everything else. • Service catalogue as an option to standardize product distribution. • Code*: Embed security throughout (‘Fail early’). Monitor: • Cloudtrail, Config, Flowlogs,…:To get visibility, you need to see – enable logging. • Data is good. Better if you use it. Great if used to drive automation. Fix: • Reduce ‘Detect-Report-Remediate’ cycles. • Automate to gain speed + free human intellect to more added value tasks.
  • 42. Take home kit – your turn! #1 Demo code is published • https://github.com/awslabs/automating-governance-sample #2 Implementing DevSecOps using AWS Codepipeline • https://aws.amazon.com/blogs/devops/implementing-devsecops-using-aws-codepipeline #3 “what should I Control/Monitor/Fix next?” • https://aws.amazon.com/whitepapers/aws-security-best-practices/ #4 (Optional) Come Jam with us!
  • 44. Thank you! Armando Leite, Principal Security Architect armandl@amazon.com