SlideShare a Scribd company logo
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Reference
Architecture
Visualize your security
Mohamed Wali
Solutions Architect
Amazon Web Services
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What we’ll cover
• What the AWS Security Reference
Architecture (AWS SRA) is
and why it matters to you
• Highlights
• How to navigate the
documents and code Amazon
GuardDuty
AWS Certificate
Manager (ACM)
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Reference Architecture (AWS SRA)
Amazon
GuardDuty
AWS Certificate
Manager (ACM)
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why build a security reference architecture?
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How the AWS SRA can help you
1. Define target state for your own security architecture
2. Review (and revise) the designs and capabilities you have
already implemented
3. Bootstrap the implementation of your own security architecture
4. Learn more about AWS security services and capabilities
5. Drive a discussion of organizational responsibilities for security
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Let’s look at the architecture
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security foundations
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS SRA: High-level account structure
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS SRA: Show all
the security services
Amazon
GuardDuty
AWS Certificate
Manager (ACM)
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security OU: Tooling account
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security OU: Log Archive account
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Infrastructure OU: Shared Services account
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Workloads OU: Application account
Application
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Workloads OU: Application account
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security at all layers
AWS Well-Architected Framework
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Your AWS environment in layers
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Protecting the AWS organization and OUs
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Protecting accounts
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Protecting network
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Protecting principals
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Protecting resources
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS SRA code repository
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Current available code examples
AWS
CloudTrail
AWS Config
aggregator
AWS Config
conformance
packs
AWS Security
Hub
AWS Firewall
Manager
Amazon
Macie
Amazon
GuardDuty
AWS Organizations AWS Organizations
with delegated admin
Default account configurations
AWS IAM
Access Analyzer
IAM password
policy
Amazon EBS
default encryption
Amazon S3
public access block
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Public GitHub repository
Self-service
Focused on AWS Control
Tower environments
Built from AWS experience
working
with customers
(high quality)
Environment testing
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What else is included?
Architecture diagram
Resource descriptions
Deployment instructions
Least privilege
Post-deployment events
CloudTrail solution
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Where to find it
AWS prescriptive guidance
Code repository
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Q&A
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!
Mohamed Wali
Solutions Architect
Amazon Web Services

More Related Content

Similar to Mohamed Wali_AWS Security Reference Architecture.pptx

AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By Design
Amazon Web Services
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
Amazon Web Services
 
Amazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeAmazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridge
Carlos Santana
 
Security Automation using AWS Management Tools
Security Automation using AWS Management ToolsSecurity Automation using AWS Management Tools
Security Automation using AWS Management Tools
Amazon Web Services
 
Introduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptxIntroduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptx
GauravSharma164138
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
Amazon Web Services
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Control Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy ValidationControl Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy Validation
Carlos Santana
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
All Things Open
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Amazon Web Services
 
Pitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewPitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overview
EagleDream Technologies
 
What's New in AWS Security Features
What's New in AWS Security FeaturesWhat's New in AWS Security Features
What's New in AWS Security Features
Amazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
Amazon Web Services
 
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
Amazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Amazon Web Services
 
Scaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOpsScaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOps
Carlos Santana
 
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
Amazon Web Services
 
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
Brian Andrzejewski
 

Similar to Mohamed Wali_AWS Security Reference Architecture.pptx (20)

AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By Design
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
Amazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeAmazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridge
 
Security Automation using AWS Management Tools
Security Automation using AWS Management ToolsSecurity Automation using AWS Management Tools
Security Automation using AWS Management Tools
 
Introduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptxIntroduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptx
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Control Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy ValidationControl Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy Validation
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
 
Pitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewPitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overview
 
What's New in AWS Security Features
What's New in AWS Security FeaturesWhat's New in AWS Security Features
What's New in AWS Security Features
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
 
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
 
Scaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOpsScaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOps
 
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
 
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
 

More from AWS Chicago

Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
AWS Chicago
 
Rob Sable: Gen AI and Manufacfuring Community Day
Rob Sable: Gen AI and Manufacfuring Community DayRob Sable: Gen AI and Manufacfuring Community Day
Rob Sable: Gen AI and Manufacfuring Community Day
AWS Chicago
 
LinkedIn profile and strategies for earning the Top Voice award
LinkedIn profile and strategies for earning the Top Voice awardLinkedIn profile and strategies for earning the Top Voice award
LinkedIn profile and strategies for earning the Top Voice award
AWS Chicago
 
Lloyd Evans: GRC Engineering Automating Compliance
Lloyd Evans: GRC Engineering Automating ComplianceLloyd Evans: GRC Engineering Automating Compliance
Lloyd Evans: GRC Engineering Automating Compliance
AWS Chicago
 
Drake Lundstrom: How not to do a cloud migration
Drake Lundstrom: How not to do a cloud migrationDrake Lundstrom: How not to do a cloud migration
Drake Lundstrom: How not to do a cloud migration
AWS Chicago
 
Andrew May: Things AWS could learn from Azure (and things it shouldn't)
Andrew May: Things AWS could learn from Azure (and things it shouldn't)Andrew May: Things AWS could learn from Azure (and things it shouldn't)
Andrew May: Things AWS could learn from Azure (and things it shouldn't)
AWS Chicago
 
Steve Seaney: Leveraging AWS services to streamline compliance
Steve Seaney: Leveraging AWS services to streamline complianceSteve Seaney: Leveraging AWS services to streamline compliance
Steve Seaney: Leveraging AWS services to streamline compliance
AWS Chicago
 
AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
AWS Chicago
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
AWS Chicago
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptx
AWS Chicago
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
AWS Chicago
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
AWS Chicago
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
AWS Chicago
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
AWS Chicago
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
AWS Chicago
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptx
AWS Chicago
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
AWS Chicago
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
AWS Chicago
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
AWS Chicago
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdf
AWS Chicago
 

More from AWS Chicago (20)

Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
 
Rob Sable: Gen AI and Manufacfuring Community Day
Rob Sable: Gen AI and Manufacfuring Community DayRob Sable: Gen AI and Manufacfuring Community Day
Rob Sable: Gen AI and Manufacfuring Community Day
 
LinkedIn profile and strategies for earning the Top Voice award
LinkedIn profile and strategies for earning the Top Voice awardLinkedIn profile and strategies for earning the Top Voice award
LinkedIn profile and strategies for earning the Top Voice award
 
Lloyd Evans: GRC Engineering Automating Compliance
Lloyd Evans: GRC Engineering Automating ComplianceLloyd Evans: GRC Engineering Automating Compliance
Lloyd Evans: GRC Engineering Automating Compliance
 
Drake Lundstrom: How not to do a cloud migration
Drake Lundstrom: How not to do a cloud migrationDrake Lundstrom: How not to do a cloud migration
Drake Lundstrom: How not to do a cloud migration
 
Andrew May: Things AWS could learn from Azure (and things it shouldn't)
Andrew May: Things AWS could learn from Azure (and things it shouldn't)Andrew May: Things AWS could learn from Azure (and things it shouldn't)
Andrew May: Things AWS could learn from Azure (and things it shouldn't)
 
Steve Seaney: Leveraging AWS services to streamline compliance
Steve Seaney: Leveraging AWS services to streamline complianceSteve Seaney: Leveraging AWS services to streamline compliance
Steve Seaney: Leveraging AWS services to streamline compliance
 
AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptx
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptx
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdf
 

Recently uploaded

Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 

Recently uploaded (20)

Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 

Mohamed Wali_AWS Security Reference Architecture.pptx

  • 1. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Reference Architecture Visualize your security Mohamed Wali Solutions Architect Amazon Web Services
  • 2. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. What we’ll cover • What the AWS Security Reference Architecture (AWS SRA) is and why it matters to you • Highlights • How to navigate the documents and code Amazon GuardDuty AWS Certificate Manager (ACM)
  • 3. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Reference Architecture (AWS SRA) Amazon GuardDuty AWS Certificate Manager (ACM)
  • 4. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why build a security reference architecture?
  • 5. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. How the AWS SRA can help you 1. Define target state for your own security architecture 2. Review (and revise) the designs and capabilities you have already implemented 3. Bootstrap the implementation of your own security architecture 4. Learn more about AWS security services and capabilities 5. Drive a discussion of organizational responsibilities for security
  • 6. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Let’s look at the architecture
  • 7. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security foundations
  • 8. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS SRA: High-level account structure
  • 9. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS SRA: Show all the security services Amazon GuardDuty AWS Certificate Manager (ACM)
  • 10. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security OU: Tooling account
  • 11. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security OU: Log Archive account
  • 12. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure OU: Shared Services account
  • 13. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Workloads OU: Application account Application
  • 14. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Workloads OU: Application account
  • 15. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security at all layers AWS Well-Architected Framework
  • 16. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your AWS environment in layers
  • 17. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting the AWS organization and OUs
  • 18. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting accounts
  • 19. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting network
  • 20. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting principals
  • 21. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protecting resources
  • 22. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS SRA code repository
  • 23. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Current available code examples AWS CloudTrail AWS Config aggregator AWS Config conformance packs AWS Security Hub AWS Firewall Manager Amazon Macie Amazon GuardDuty AWS Organizations AWS Organizations with delegated admin Default account configurations AWS IAM Access Analyzer IAM password policy Amazon EBS default encryption Amazon S3 public access block
  • 24. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Public GitHub repository Self-service Focused on AWS Control Tower environments Built from AWS experience working with customers (high quality) Environment testing
  • 25. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. What else is included? Architecture diagram Resource descriptions Deployment instructions Least privilege Post-deployment events CloudTrail solution
  • 26. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Where to find it AWS prescriptive guidance Code repository
  • 27. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Q&A
  • 28. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! Mohamed Wali Solutions Architect Amazon Web Services