Mohamed Wali_AWS Security Reference Architecture.pptx

•Download as PPTX, PDF•

0 likes•81 views

The document discusses the AWS Security Reference Architecture (AWS SRA), which defines a target security architecture that organizations can use to build and review their own security architectures. The AWS SRA helps organizations define their security architecture, review existing designs and capabilities, implement security services, learn about AWS security features, and facilitate discussions around security responsibilities. It presents a layered approach to security and reference designs for account structure, network architecture, and protecting resources, principals, and accounts using various AWS security services. Code examples demonstrating the AWS SRA are provided in a public GitHub repository along with architecture diagrams, deployment guides, and other documentation.

Technology

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Reference
Architecture
Visualize your security
Mohamed Wali
Solutions Architect
Amazon Web Services

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What we’ll cover
• What the AWS Security Reference
Architecture (AWS SRA) is
and why it matters to you
• Highlights
• How to navigate the
documents and code Amazon
GuardDuty
AWS Certificate
Manager (ACM)

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Reference Architecture (AWS SRA)
Amazon
GuardDuty
AWS Certificate
Manager (ACM)

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why build a security reference architecture?

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How the AWS SRA can help you
1. Define target state for your own security architecture
2. Review (and revise) the designs and capabilities you have
already implemented
3. Bootstrap the implementation of your own security architecture
4. Learn more about AWS security services and capabilities
5. Drive a discussion of organizational responsibilities for security

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Let’s look at the architecture

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security foundations

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS SRA: High-level account structure

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS SRA: Show all
the security services
Amazon
GuardDuty
AWS Certificate
Manager (ACM)

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security OU: Tooling account

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security OU: Log Archive account

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Infrastructure OU: Shared Services account

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Workloads OU: Application account
Application

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Workloads OU: Application account

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security at all layers
AWS Well-Architected Framework

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Your AWS environment in layers

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Protecting the AWS organization and OUs

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Protecting accounts

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Protecting network

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Protecting principals

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Protecting resources

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS SRA code repository

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Current available code examples
AWS
CloudTrail
AWS Config
aggregator
AWS Config
conformance
packs
AWS Security
Hub
AWS Firewall
Manager
Amazon
Macie
Amazon
GuardDuty
AWS Organizations AWS Organizations
with delegated admin
Default account configurations
AWS IAM
Access Analyzer
IAM password
policy
Amazon EBS
default encryption
Amazon S3
public access block

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Public GitHub repository
Self-service
Focused on AWS Control
Tower environments
Built from AWS experience
working
with customers
(high quality)
Environment testing

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What else is included?
Architecture diagram
Resource descriptions
Deployment instructions
Least privilege
Post-deployment events
CloudTrail solution

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Where to find it
AWS prescriptive guidance
Code repository

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Q&A

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!
Mohamed Wali
Solutions Architect
Amazon Web Services

Securing your data platforms in job zero. Powerful encryption capabilities are available in the core services of the AWS cloud. AWS continues to innovate and release enhancements to encryption-specific services, and expand the encryption capabilities in new services to make encryption easy for everyone. Learn how to take advantage of these services and features to protect and secure your data in the cloud.

AWS Control Tower

CloudHesive

Getting Started with AWS Security

Amazon Web Services

AWS Security By Design

Amazon Web Services

Introduction to AWS Security: Security Week at the San Francisco Loft This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too. Level: 100 Speaker: Bill Reid - Sr. Manager, Solutions Architecture, AWS

Amazon EKS multi-cluster gitops-bridge

Carlos Santana

Security Automation using AWS Management Tools

Amazon Web Services

In order to ensure security best practices in your AWS accounts, you must establish a security baseline and then enforce it across all of these accounts. In this session, you will learn how to use AWS CloudFormation and AWS Organizations to execute security best practices (AWS CloudTrail, AWS Config, Flow Logs, S3 Access logs, etc...) in scenarios where you are managing many AWS accounts across an organization. You will see how to leverage Service Catalog across multiple accounts. Learn how to store all of these logs in a centralized logging system such as Amazon ElasticSearch Service, set up alerts, and drift detection on anomalous or high-risk activity.

Introduction_to_AWS_Services__Networking,_Security.pptx

GauravSharma164138

Introduction to AWS Security

Amazon Web Services

AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ

Amazon Web Services

โมดูลนี้ครอบคลุมถึงแนวทางการรักษาความปลอดภัยบนระบบคลาวด์ของ AWS พร้อมทั้ง AWS Shared Responsibility Model, AWS Access Control and Management, AWS Security Compliance Programs และแหล่งทรัพยากรที่มีให้บริการเพื่อให้คุณทำความเข้าใจตัวเลือกด้านการรักษาความปลอดภัยของ AWS Cloud ได้ดียิ่งขึ้น

Introduction to Threat Detection and Remediation on AWS

Amazon Web Services

In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.

Introduction to AWS Security

Amazon Web Services

This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too. Level: 100 Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS

Control Planes on Kubernetes and Policy Validation

Carlos Santana

Are you concerned about the security of your cloud resources deployed on Kubernetes? Are you struggling to ensure compliance with regulatory requirements while managing your cloud infrastructure? If yes, then this talk is for you! We will discuss how to secure cloud resources deployed with Crossplane on Kubernetes using Governance and Policy as Code. We will explore how to leverage Governance and Policy as Code tools like Rego, Kyverno, and OPA to ensure security and compliance. By the end of this talk, you will have a better understanding of the challenges associated with securing cloud resources deployed with Crossplane or ACK on Kubernetes, the importance of Governance and Policy as Code in ensuring security and compliance, and why it is critical to use open source and open standards in these technologies.

Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...

All Things Open

Presented at All Things Open 2023 Presented by Carlos Santana - AWS Title: Securing Cloud Resources Deployed with Control Planes on Kubernetes using Governance and Policy as Code Abstract: Are you concerned about the security of your cloud resources deployed on Kubernetes? Are you struggling to ensure compliance with regulatory requirements while managing your cloud infrastructure? If yes, then this talk is for you! We will discuss how to secure cloud resources deployed with Crossplane on Kubernetes using Governance and Policy as Code. We will explore how to leverage Governance and Policy as Code tools like Rego, Kyverno, and OPA to ensure security and compliance. By the end of this talk, you will have a better understanding of the challenges associated with securing cloud resources deployed with Crossplane or ACK on Kubernetes, the importance of Governance and Policy as Code in ensuring security and compliance, and why it is critical to use open source and open standards in these technologies. Find more info about All Things Open: On the web: https://www.allthingsopen.org/ Twitter: https://twitter.com/AllThingsOpen LinkedIn: https://www.linkedin.com/company/all-things-open/ Instagram: https://www.instagram.com/allthingsopen/ Facebook: https://www.facebook.com/AllThingsOpen Mastodon: https://mastodon.social/@allthingsopen Threads: https://www.threads.net/@allthingsopen 2023 conference: https://2023.allthingsopen.org/

Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018

Amazon Web Services

Every startup should build with security and protection of customer data as their number one priority, ensuring services are properly architected, monitored and secured. This presentation covers a wide range of best practices from MFA, root accounts, MDM, controlled network access and incident response. You'll learn key principles of how to build a secure organization to protect your data and best practices you should be applying even before your service launches. Speaker: Ahmed Gouda, Solutions Architect, AWS

Pitt Immersion Day Module 5 - security overview

EagleDream Technologies

What's New in AWS Security FeaturesAmazon Web Services

Deep Dive - AWS Security by Design

Amazon Web Services

Security by design examines a wide range of issues, such as: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. This standardized, automated, prescriptive and repeatable design can be deployed for common use cases, security standards and audit requirements across multiple industries and workloads.

AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda

Amazon Web Services

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

Amazon Web Services

AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard. AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.

Scaling production grade EKS Multi-Cluster environments using GitOps

Carlos Santana

Learn how to manage and scale productive ArgoCD deployments in a multi cluster environment easily and securely using GitOps patterns. We will present the deployment of applications across multiple Kubernetes clusters on various public, private, on-premises and explore the best practices for scaling and managing highly available, reliable and secure applications. We will also demonstrate how you can structure your Git repositories to share and scale within your teams and organization in order to deploy your cloud native deployments in an automatic and predictive way.

The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019

Amazon Web Services

The services that make up AWS are many and varied, but the set of concepts you need to secure your data and infrastructure is simple and straightforward. By the end of this session, you will know the fundamental patterns that you can apply to secure any workload you run in AWS with confidence. We cover the basics of network security, the process of reading and writing access management policies, and data encryption.

AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...

Brian Andrzejewski

In this session, learn critical AWS account and service configurations for security operations that can enable users to more easily prevent and detect security concerns in their AWS account. This prescriptive guidance is grounded in experiences assisting and advising customers in their incident response during security events. This session covers critical AWS configurations to implement, mechanisms available to detect inadvertent access to an AWS account and its resources, and where and how to iterate next in your security journey on the cloud.

Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks

Amazon Web Services

AWS reInvent 2023 recaps from Chicago AWS user group

AWS Chicago

Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...

AWS Chicago

Similar to Mohamed Wali_AWS Security Reference Architecture.pptx

Introduction to AWS Security: Security Week at the SF Loft

Amazon Web Services

Amazon EKS multi-cluster gitops-bridge

Carlos Santana

Security Automation using AWS Management Tools

Amazon Web Services

Introduction_to_AWS_Services__Networking,_Security.pptx

GauravSharma164138

Introduction to AWS Security

Amazon Web Services

AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ

Amazon Web Services

Introduction to Threat Detection and Remediation on AWS

Amazon Web Services

Introduction to AWS Security

Amazon Web Services

Control Planes on Kubernetes and Policy Validation

Carlos Santana

Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...

All Things Open

Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018

Amazon Web Services

Pitt Immersion Day Module 5 - security overview

EagleDream Technologies

What's New in AWS Security FeaturesAmazon Web Services

Deep Dive - AWS Security by Design

Amazon Web Services

AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda

Amazon Web Services

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

Amazon Web Services

Scaling production grade EKS Multi-Cluster environments using GitOps

Carlos Santana

The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019

Amazon Web Services

AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...

Brian Andrzejewski

Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks

Amazon Web Services

Similar to Mohamed Wali_AWS Security Reference Architecture.pptx (20)

Introduction to AWS Security: Security Week at the SF Loft

Amazon EKS multi-cluster gitops-bridge

Security Automation using AWS Management Tools

Introduction_to_AWS_Services__Networking,_Security.pptx

Introduction to AWS Security

AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ

Introduction to Threat Detection and Remediation on AWS

Introduction to AWS Security

Control Planes on Kubernetes and Policy Validation

Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...

Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018

Pitt Immersion Day Module 5 - security overview

What's New in AWS Security Features

Deep Dive - AWS Security by Design

AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

Scaling production grade EKS Multi-Cluster environments using GitOps

The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019

AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...

Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks

Recently uploaded

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

The Future of Platform Engineering

Jemma Hussein Allen

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Knowledge engineering: from people to machines and back

Elena Simperl

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Recently uploaded (20)

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Key Trends Shaping the Future of Infrastructure.pdf

Leading Change strategies and insights for effective change management pdf 1.pdf

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

"Impact of front-end architecture on development cost", Viktor Turskyi

Epistemic Interaction - tuning interfaces to provide information for AI support

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Designing Great Products: The Power of Design and Leadership by Chief Designe...

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

UiPath Test Automation using UiPath Test Suite series, part 4

The Future of Platform Engineering

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Knowledge engineering: from people to machines and back

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Accelerate your Kubernetes clusters with Varnish Caching

Mohamed Wali_AWS Security Reference Architecture.pptx

1. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Reference Architecture Visualize your security Mohamed Wali Solutions Architect Amazon Web Services

2. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. What we’ll cover • What the AWS Security Reference Architecture (AWS SRA) is and why it matters to you • Highlights • How to navigate the documents and code Amazon GuardDuty AWS Certificate Manager (ACM)

5. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. How the AWS SRA can help you 1. Define target state for your own security architecture 2. Review (and revise) the designs and capabilities you have already implemented 3. Bootstrap the implementation of your own security architecture 4. Learn more about AWS security services and capabilities 5. Drive a discussion of organizational responsibilities for security

23. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Current available code examples AWS CloudTrail AWS Config aggregator AWS Config conformance packs AWS Security Hub AWS Firewall Manager Amazon Macie Amazon GuardDuty AWS Organizations AWS Organizations with delegated admin Default account configurations AWS IAM Access Analyzer IAM password policy Amazon EBS default encryption Amazon S3 public access block

24. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Public GitHub repository Self-service Focused on AWS Control Tower environments Built from AWS experience working with customers (high quality) Environment testing

25. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. What else is included? Architecture diagram Resource descriptions Deployment instructions Least privilege Post-deployment events CloudTrail solution

Mohamed Wali_AWS Security Reference Architecture.pptx

Recommended

Recommended

More Related Content

Similar to Mohamed Wali_AWS Security Reference Architecture.pptx

Similar to Mohamed Wali_AWS Security Reference Architecture.pptx (20)

More from AWS Chicago

More from AWS Chicago (20)

Recently uploaded

Recently uploaded (20)

Mohamed Wali_AWS Security Reference Architecture.pptx