Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce Data Leakage Risks with aws-vault

•Download as PPTX, PDF•

0 likes•23 views

Contacts: ● https://t.me/cageyv ● https://cageyv.dev/ ● https://github.com/cageyv/ ● https://www.linkedin.com/in/vladimirsamoylov/ Useful links: ● https://github.com/99designs/aws-vault ● https://github.com/cageyv/aws-vault-examples ● https://docs.aws.amazon.com/cli/latest/usergui de/getting-started-install.html ● https://docs.aws.amazon.com/STS/latest/APIRe ference/welcome.html

Presentations & Public Speaking

Communit
y
AWS Community
How To Get Rid of Hard-coded Credential
and Reduce Data Leakage Risks with
aws-vault
Vladimir Cageyv Samoylov

AWS Community
Key Takeaway
Understand how to minimize frictions on application
development by using 3rd party tool, aws-vault, in your local development environment.
Static IAM Access Keys should not be used in modern applications or/and on developers machines.

AWS Community
A common simple workflow
Dev Stage Prod

But, what happens before dev
environment?

AWS Community
Local environment
Dev Stage Prod
Local

AWS Community
Local development and fixing bugs

But what if code depends on AWS
Services?

AWS Community
Let’s ask search engine, GPT or Stack Overflow
And the most popular answers will suggest you to go and create IAM User and STATIC Access Key :(

AWS Community
Static credentials stored locally

AWS Community
Temporary credentials stored locally

“Only amateurs attack machines;
professionals target people.”
Bruce Schneier,
American cryptographer, writer and computer security specialist

aws-vault - A vault for securely storing
and accessing AWS credentials in
development environments

AWS Community
How it works and how aws-vault store creds
AWS Vault stores IAM credentials in your operating system's secure keystore and then generates
temporary credentials from those to expose to your shell and applications. It's designed to be
complementary to the AWS CLI tools, and is aware of your profiles and configuration in
~/.aws/config.
MacOS
KeyChain
Ubuntu
Gnome Keyring
Windows
Credential Manager

AWS Community
AWS Security Token Service (AWS STS)
AWS provides AWS Security Token Service (AWS STS) as a web service that enables you to request
temporary, limited-privilege credentials for users
Source: https://blog.knoldus.com/deep-dive-aws-temporary-security-credentials-assumerole-and-iam-role/

AWS Community
Top use cases with aws-vault in daily life
- No more temporary keys inside ~/.aws/sso/cache
- Login to AWS Console
- Local runs with an without containers
- Emulate ECS/EC2
- Unit tests with AWS Services and Localstack emulation
- More use cases: https://github.com/99designs/aws-vault/blob/master/USAGE.md
- aws-vault-examples: https://github.com/cageyv/aws-vault-examples

Thank you
Contacts:
● https://t.me/cageyv
● https://cageyv.dev/
● https://github.com/cageyv/
● https://www.linkedin.com/in/vladimirsamoylov
/
Useful links:
● https://github.com/99designs/aws-vault
● https://github.com/cageyv/aws-vault-examples
● https://docs.aws.amazon.com/cli/latest/usergui
de/getting-started-install.html
● https://docs.aws.amazon.com/STS/latest/APIRe
ference/welcome.html

The document provides an overview of security best practices when using AWS. It discusses AWS' shared security responsibility model and outlines key AWS security features like IAM, VPCs, encryption, and monitoring tools. Recommendations are given for establishing an ISMS on AWS, managing access and encryption, securing operating systems and applications, and monitoring with tools like CloudTrail and CloudWatch Logs.

How to implement DevSecOps on AWS for startups

Aleksandr Maklakov

This document discusses how to implement DevSecOps on AWS for startups. It covers: - Key principles of DevSecOps like everyone being responsible for security and shifting security left - The tools and services used in their pipeline including Packer, Terraform, Ansible, SonarQube, AWS Inspector, GuardDuty, and WAF - How they established policies, used a multi-account approach, implemented access management, and focused on security culture and monitoring - Their plans to further improve using AWS Config, perform penetration testing, and meet standards like OWASP and PCI DSS

Amazon Container 환경의 보안 – 최인영, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집

Amazon Web Services Korea

Security best practices

Amazon Web Services

The document provides an overview of security best practices when using AWS. It discusses AWS' shared security responsibility model and outlines key AWS security features like role-based access control, encryption, and security groups. It also provides recommendations for building security into applications on AWS, including managing access, encrypting data, hardening operating systems, and using services like CloudTrail and CloudWatch Logs for monitoring.

Intro to AWS Security

Amazon Web Services

Security Best Practices

Ian Massingham

Security Best Practices: AWS AWSome Day Management Track

Ian Massingham

Security Best Practices

Amazon Web Services

This document provides an overview of security best practices when using AWS. It discusses AWS' shared security responsibility model and outlines key AWS security features such as IAM, encryption, firewalls, and monitoring tools. Recommendations are given for building secure infrastructure on AWS including account management, network segmentation, asset management, and monitoring. Case studies and additional resources are also referenced.

The document provides an overview of security best practices when using AWS. It discusses AWS' shared security responsibility model and outlines key AWS security features like role-based access control, encryption, and security groups. It also provides recommendations for building security into applications on AWS, including managing access, encrypting data, hardening operating systems, and using services like CloudTrail and CloudWatch Logs for monitoring.

Intro to AWS Security

Amazon Web Services

Security Best Practices

Ian Massingham

Security Best Practices: AWS AWSome Day Management Track

Ian Massingham

Security Best Practices

Amazon Web Services

Running Microsoft Enterprise Workloads on Amazon Web Services

Amazon Web Services

Cloud Security At Netflix, October 2013

Jay Zarfoss

This document provides a summary of a presentation on cloud security at Netflix. It discusses Netflix's cloud security architecture from past to present to future. It emphasizes that Netflix adopts cloud-native principles like agility, decentralization, and self-service for security development. It addresses common concerns about trusting the cloud and special requirements. It outlines Netflix's perspective on balancing security and flexibility. Finally, it discusses Netflix's approach to key management and how it has evolved from storing keys in properties files to using temporary credentials from AWS Identity and Access Management.

Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...

Amazon Web Services

Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.

Increase Speed and Agility with Amazon Web Services

Amazon Web Services

Increase Speed and Agility with Amazon Web Services

Amazon Web Services

The document discusses how AWS services can help organizations increase speed and agility. It provides an overview of AWS services for compute, storage, databases, analytics and more. It also discusses how AWS enables continuous delivery and automation through services like CodeDeploy, CodePipeline, CloudFormation and Elastic Beanstalk. The document argues that AWS allows organizations to provision resources on demand, pay as they go, and build infrastructure as code.

Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...

Autodesk

Tom Jones, a Solution Architect at Amazon Web Services, gave a presentation on developing and deploying secure, scalable applications on AWS. He discussed AWS's broad range of services including compute, storage, databases, and networking. He also covered security features, development tools, and best practices for building applications on AWS including using services like Elastic Beanstalk, CloudFormation, and CodePipeline. The presentation provided an overview of how to leverage AWS services at different stages of the development lifecycle.

Microsoft on AWS - AWS Summit SG 2017

Amazon Web Services

Learn how to architect fully available and scalable Microsoft solutions and environments in AWS. Find out how Microsoft solutions can leverage various AWS services to achieve more resiliency, replace unnecessary complexity, simplify architecture, provide scalability, and introduce DevOps concepts, automation and repeatability. Plan authentication and authorization, various hybrid scenarios with other cloud environment and on premise solutions/infrastructure. Learn about common architecture patterns for Active Directory and business productivity solutions like SharePoint, Exchange and Skype for Business, also common scenarios for SQL deployments and System Center.

윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션

Amazon Web Services Korea

This document discusses DevOps concepts and practices including: - DevOps aims to improve collaboration between development and operations teams through practices like continuous integration, deployment automation, and infrastructure as code. - The five pillars of DevOps are: microservices, infrastructure as code, automation and configuration management, continuous integration and continuous delivery, and logging and monitoring. - Specific DevOps practices discussed include building infrastructure templates with CloudFormation, implementing continuous integration and delivery pipelines with CodePipeline/CodeBuild/CodeDeploy, and automating infrastructure provisioning and configuration changes.

Journey Through The Cloud - Security Best Practices

Amazon Web Services

AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organization's security and compliance objectives. View a recording of the webinar based on this presentation on YouTube here: http://youtu.be/rXPyGDWKHIo

awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...

himanipatel524244

This document provides an overview of an AWS training course on getting started with AWS. The course objectives are to learn AWS terminology, foundational services like EC2, VPC, S3, EBS, security concepts, databases like DynamoDB and RDS, and management tools. The course is divided into 7 modules covering topics like introduction/history, foundational services, security/IAM, databases, elasticity tools, and a wrap-up. It also provides information on AWS global infrastructure, services, customers, and advantages of AWS cloud computing.

The iot acdemy_awstraining_part4_aws_lab

The IOT Academy

This document provides an overview of Amazon Web Services (AWS) including key services like S3 storage, EC2 compute, and database services. It discusses the growth of AWS and popular services. The document then outlines how students can set up an AWS account, launch instances, and deploy example web applications using AWS resources while staying within free usage tiers or a $100 promotional credit for educational use. Best practices for cost optimization and architecture on AWS are also covered.

Getting Started with Windows Workloads on Amazon EC2

Amazon Web Services

This document provides an overview and introduction to using Windows workloads on Amazon EC2. It discusses AWS regions and availability zones, reference architectures including for SQL Server and Active Directory, developing on AWS for Windows using tools like AWS Toolkit for Visual Studio, licensing options like Dedicated Hosts that allow using existing Microsoft licenses, and demoing PowerShell for importing VMs. Technical resources are provided including quickstarts, whitepapers, videos and the upcoming re:Invent conference for the Windows track.

Introduction to Amazon EC2

Amazon Web Services

The document provides an overview of Amazon EC2, including: - AWS concepts like regions, availability zones, and instance types - Storage options like EBS, S3, and instance store - Networking options like VPC, subnets, and load balancers - Monitoring tools like CloudWatch and how to set up alarms - Security measures like IAM roles and encryption - Deployment options including AMIs, auto scaling, and CodeDeploy

Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...

Amazon Web Services

"Are your media assets secure? For media companies, security is paramount. Few things can more directly impact your company's bottom line. As the move to store, process, and distribute digital media via the cloud continues, it is imperative to examine the relevant security implications of a multitenant public cloud environment. This talk is intended to answer questions around securely storing, processing, distributing, and archiving digital media assets in the AWS environment. The talk also covers the security controls, features, and services that AWS provides its customers. Learn how AWS aligns with the MPAA security best practices and how media companies can leverage that for their media workloads. This session also includes a representative from Sony Media Cloud Sevices discussing the path to MPAA alignment of their application Ci on AWS based on these best practices."

AWSome Day | Tech Track

Amazon Web Services

AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...

Amazon Web Services

With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and will cover solutions for account structure, user configuration, provisioning, networking and operation automation. This solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and Amazon Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations. Additionally, Philips will explain their cloud journey and how they have applied their guiding principles when building their landing zone.

AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017

Amazon Web Services

Best Practices for Security at Scale

Amazon Web Services

Best Practices for Deploying Microsoft Workloads on AWS

Zlatan Dzinic

This document provides best practices for deploying Microsoft workloads on AWS. It discusses identity management best practices including AWS IAM, server identity management, and federation. It also covers deploying SQL Server for high availability and disaster recovery. Additional sections discuss deploying Exchange, SharePoint, and other Microsoft server products on AWS, as well as developer best practices and DevOps automation. The document concludes with information on licensing options for Microsoft software on AWS.

Getting Started on AWS

Amazon Web Services

This document provides an overview of an AWS training course on getting started with AWS. The course objectives are to understand AWS foundational services like EC2, VPC, S3, and EBS, as well as services for security, databases, elasticity and management tools. The course is divided into 7 modules that cover topics like the history of AWS, foundational services, security and IAM, databases, management tools, and a conclusion.

Genesis chapter 3 Isaiah Scudder.pptx

FamilyWorshipCenterD

ACTIVE IMPLANTABLE MEDICAL DEVICE IN EUROPE

Charmi13

Similar to Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce Data Leakage Risks with aws-vault

Running Microsoft Enterprise Workloads on Amazon Web Services

Amazon Web Services

Cloud Security At Netflix, October 2013

Jay Zarfoss

Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...

Amazon Web Services

Increase Speed and Agility with Amazon Web Services

Amazon Web Services

Increase Speed and Agility with Amazon Web Services

Amazon Web Services

Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...

Autodesk

Microsoft on AWS - AWS Summit SG 2017

Amazon Web Services

윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션

Amazon Web Services Korea

Journey Through The Cloud - Security Best Practices

Amazon Web Services

awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...

himanipatel524244

The iot acdemy_awstraining_part4_aws_lab

The IOT Academy

Getting Started with Windows Workloads on Amazon EC2

Amazon Web Services

Introduction to Amazon EC2

Amazon Web Services

Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...

Amazon Web Services

AWSome Day | Tech Track

Amazon Web Services

AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...

Amazon Web Services

AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017

Amazon Web Services

Best Practices for Security at Scale

Amazon Web Services

Best Practices for Deploying Microsoft Workloads on AWS

Zlatan Dzinic

Getting Started on AWS

Amazon Web Services

Similar to Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce Data Leakage Risks with aws-vault (20)

Running Microsoft Enterprise Workloads on Amazon Web Services

Cloud Security At Netflix, October 2013

Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...

Increase Speed and Agility with Amazon Web Services

Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...

Microsoft on AWS - AWS Summit SG 2017

윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션

Journey Through The Cloud - Security Best Practices

awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...

The iot acdemy_awstraining_part4_aws_lab

Getting Started with Windows Workloads on Amazon EC2

Introduction to Amazon EC2

Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...

AWSome Day | Tech Track

AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...

AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017

Best Practices for Security at Scale

Best Practices for Deploying Microsoft Workloads on AWS

Getting Started on AWS

Recently uploaded

Genesis chapter 3 Isaiah Scudder.pptx

FamilyWorshipCenterD

ACTIVE IMPLANTABLE MEDICAL DEVICE IN EUROPE

Charmi13

Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion

OECD Directorate for Financial and Enterprise Affairs

怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样

kekzed

原版定制【微信:bwp0011】《(lincoln学位证书)英国林肯大学毕业证文凭学位证书》【微信:bwp0011】成绩单、雅思、外壳、留信学历认证永久存档查询，采用学校原版纸张、特殊工艺完全按照原版一比一制作（包括：隐形水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠，文字图案浮雕，激光镭射，紫外荧光，温感，复印防伪）行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备，十五年致力于帮助留学生解决难题，业务范围有加拿大、英国、澳洲、韩国、美国、新加坡，新西兰等学历材料，包您满意。【业务选择办理准则】一、工作未确定，回国需先给父母、亲戚朋友看下文凭的情况，办理一份就读学校的毕业证【微信bwp0011】文凭即可二、回国进私企、外企、自己做生意的情况，这些单位是不查询毕业证真伪的，而且国内没有渠道去查询国外文凭的真假，也不需要提供真实教育部认证。鉴于此，办理一份毕业证【微信bwp0011】即可三、进国企，银行，事业单位，考公务员等等，这些单位是必需要提供真实教育部认证的，办理教育部认证所需资料众多且烦琐，所有材料您都必须提供原件，我们凭借丰富的经验，快捷的绿色通道帮您快速整合材料，让您少走弯路。留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才【关于价格问题（保证一手价格）】我们所定的价格是非常合理的，而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子我给客户的都是第一手的代理价格，因为我想坦诚对待大家不想跟大家在价格方面浪费时间对于老客户或者被老客户介绍过来的朋友，我们都会适当给一些优惠。

Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion

OECD Directorate for Financial and Enterprise Affairs

Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...

OECD Directorate for Financial and Enterprise Affairs

This presentation by Juraj Čorba, Chair of OECD Working Party on Artificial Intelligence Governance (AIGO), was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp. This presentation was uploaded with the author’s consent.

The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...

OECD Directorate for Financial and Enterprise Affairs

Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion

OECD Directorate for Financial and Enterprise Affairs

The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...

OECD Directorate for Financial and Enterprise Affairs

This presentation by Tim Capel, Director of the UK Information Commissioner’s Office Legal Service, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp. This presentation was uploaded with the author’s consent.

2 December UAE National Day - United Arab Emirates

UAE Ppt

IEEE CIS Webinar Sustainable futures.pdf

Claudio Gallicchio

The importance of sustainable and efficient computational practices in artificial intelligence (AI) and deep learning has become increasingly critical. This webinar focuses on the intersection of sustainability and AI, highlighting the significance of energy-efficient deep learning, innovative randomization techniques in neural networks, the potential of reservoir computing, and the cutting-edge realm of neuromorphic computing. This webinar aims to connect theoretical knowledge with practical applications and provide insights into how these innovative approaches can lead to more robust, efficient, and environmentally conscious AI systems. Webinar Speaker: Prof. Claudio Gallicchio, Assistant Professor, University of Pisa Claudio Gallicchio is an Assistant Professor at the Department of Computer Science of the University of Pisa, Italy. His research involves merging concepts from Deep Learning, Dynamical Systems, and Randomized Neural Systems, and he has co-authored over 100 scientific publications on the subject. He is the founder of the IEEE CIS Task Force on Reservoir Computing, and the co-founder and chair of the IEEE Task Force on Randomization-based Neural Networks and Learning Systems. He is an associate editor of IEEE Transactions on Neural Networks and Learning Systems (TNNLS).

Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion

OECD Directorate for Financial and Enterprise Affairs

The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...

OECD Directorate for Financial and Enterprise Affairs

This presentation by Katharine Kemp, Associate Professor at the Faculty of Law & Justice at UNSW Sydney, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp. This presentation was uploaded with the author’s consent.

Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...

OECD Directorate for Financial and Enterprise Affairs

This presentation by Thibault Schrepel, Associate Professor of Law at Vrije Universiteit Amsterdam University, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp. This presentation was uploaded with the author’s consent.

Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf

Ben Linders

Psychological safety in teams is important; team members must feel safe and able to communicate and collaborate effectively to deliver value. It’s also necessary to build long-lasting teams since things will happen and relationships will be strained. But, how safe is a team? How can we determine if there are any factors that make the team unsafe or have an impact on the team’s culture? In this mini-workshop, we’ll play games for psychological safety and team culture utilizing a deck of coaching cards, The Psychological Safety Cards. We will learn how to use gamification to gain a better understanding of what’s going on in teams. Individuals share what they have learned from working in teams, what has impacted the team’s safety and culture, and what has led to positive change. Different game formats will be played in groups in parallel. Examples are an ice-breaker to get people talking about psychological safety, a constellation where people take positions about aspects of psychological safety in their team or organization, and collaborative card games where people work together to create an environment that fosters psychological safety.

Legislation And Regulations For Import, Manufacture,.pptx

Charmi13

Disaster Management project for holidays homework and other uses

RIDHIMAGARG21

BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf

Robin Haunschild

Prsentation for VIVA Welike project 1semester.pptx

prafulpawar29

ServiceNow CIS-ITSM Exam Dumps & Questions [2024]

SkillCertProExams

• For a full set of 530+ questions. Go to https://skillcertpro.com/product/servicenow-cis-itsm-exam-questions/ • SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. • It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. • SkillCertPro updates exam questions every 2 weeks. • You will get life time access and life time free updates • SkillCertPro assures 100% pass guarantee in first attempt.

Recently uploaded (20)

Genesis chapter 3 Isaiah Scudder.pptx

ACTIVE IMPLANTABLE MEDICAL DEVICE IN EUROPE

Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion

怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样

Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion

Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...

The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...

Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion

The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...

2 December UAE National Day - United Arab Emirates

IEEE CIS Webinar Sustainable futures.pdf

Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion

The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...

Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...

Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf

Legislation And Regulations For Import, Manufacture,.pptx

Disaster Management project for holidays homework and other uses

BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf

Prsentation for VIVA Welike project 1semester.pptx

ServiceNow CIS-ITSM Exam Dumps & Questions [2024]

Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce Data Leakage Risks with aws-vault

1. Communit y AWS Community How To Get Rid of Hard-coded Credential and Reduce Data Leakage Risks with aws-vault Vladimir Cageyv Samoylov

2. AWS Community Key Takeaway Understand how to minimize frictions on application development by using 3rd party tool, aws-vault, in your local development environment. Static IAM Access Keys should not be used in modern applications or/and on developers machines.

3. AWS Community A common simple workflow Dev Stage Prod

4. But, what happens before dev environment?

5. AWS Community Local environment Dev Stage Prod Local

6. AWS Community Local development and fixing bugs

7. But what if code depends on AWS Services?

8. AWS Community Let’s ask search engine, GPT or Stack Overflow And the most popular answers will suggest you to go and create IAM User and STATIC Access Key :(

9. AWS Community

10. AWS Community Static credentials stored locally

11. AWS Community Temporary credentials stored locally

12. “Only amateurs attack machines; professionals target people.” Bruce Schneier, American cryptographer, writer and computer security specialist

13. aws-vault - A vault for securely storing and accessing AWS credentials in development environments

14. AWS Community How it works and how aws-vault store creds AWS Vault stores IAM credentials in your operating system's secure keystore and then generates temporary credentials from those to expose to your shell and applications. It's designed to be complementary to the AWS CLI tools, and is aware of your profiles and configuration in ~/.aws/config. MacOS KeyChain Ubuntu Gnome Keyring Windows Credential Manager

15. AWS Community AWS Security Token Service (AWS STS) AWS provides AWS Security Token Service (AWS STS) as a web service that enables you to request temporary, limited-privilege credentials for users Source: https://blog.knoldus.com/deep-dive-aws-temporary-security-credentials-assumerole-and-iam-role/

16. AWS Community Top use cases with aws-vault in daily life - No more temporary keys inside ~/.aws/sso/cache - Login to AWS Console - Local runs with an without containers - Emulate ECS/EC2 - Unit tests with AWS Services and Localstack emulation - More use cases: https://github.com/99designs/aws-vault/blob/master/USAGE.md - aws-vault-examples: https://github.com/cageyv/aws-vault-examples

17. Thank you Contacts: ● https://t.me/cageyv ● https://cageyv.dev/ ● https://github.com/cageyv/ ● https://www.linkedin.com/in/vladimirsamoylov / Useful links: ● https://github.com/99designs/aws-vault ● https://github.com/cageyv/aws-vault-examples ● https://docs.aws.amazon.com/cli/latest/usergui de/getting-started-install.html ● https://docs.aws.amazon.com/STS/latest/APIRe ference/welcome.html

Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce Data Leakage Risks with aws-vault

Recommended

Recommended

More Related Content

Similar to Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce Data Leakage Risks with aws-vault

Similar to Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce Data Leakage Risks with aws-vault (20)

Recently uploaded

Recently uploaded (20)

Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce Data Leakage Risks with aws-vault