SlideShare uma empresa Scribd logo

Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Management Tools

Amazon Web Services
Amazon Web Services

In this session, you’ll learn how to enable governance compliance and undertake operational and risk auditing of your AWS account through a combination of continuous monitoring auditing and evaluation of your AWS resources. With AWS management tools you can see a history of AWS API calls for your account, review changes in configurations and relationships among AWS resources, and dive into detailed resource configuration histories. You can determine your overall compliance with the configurations specified in your internal guidelines and you can give developers and systems administrators a secure and compliant means to create and manage AWS resources.

1 de 38
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shahbaz Alam Senior Practice Manager, Amazon Web Services Professional Services shahbaza@amazon.com Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Management Tools
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What’s in your AWS account? Availability Zone #1 www.example.com Elastic Load Balancing DatabaseEC2 instance web app server Autoscaling Group #1
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. As you expand and change, entropy increases… CloudFront Siemens Customers Internet Route 53 On-Premises Media Sources AWS Direct Connect SQS S3 Bucket 2 1 Availability Zone B ELB Processing Layer EC2 App Servers EC2 App Servers Customer App Layer EC2 Web Servers EC2 Web Servers Web Layer ProcessedMedia Processed Data / Meta-data DynamoDB Availability Zone A 4 G2 GPU-Optimized Instances G2 GPU-Optimized Instances ELB 3 5 6 Static Content Unprocessed Media Unprocessed Media DynamicContent
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Becoming more complex with each new workload… AWS Cloud Route 53 Users CloudFront S3 Bucket Availability Zone Auto scaling Groups Elastic Load Balancing RDS MySQL DB RDS MSSQL DB RDS MySQL DB (Standby) RDS MSSQL DB (Standby) Web- Servers Private Subnet Private Subnet Private Subnet Private Subnet Dynamic Websites Static Websites .Net Stack LAMP Stack SPS Stack Shared Services WAF WAF Availability Zone .Net Stack LAMP Stack SPS Stack Shared Services Virtual Private Cloud Auto scaling Groups CloudFront Siemens Customer s Internet Route 53 On- Premise s Media Sources AWS Direct Connect SQS S3 Bucket 2 1 Availability Zone B ELB Processing Layer EC2 App Servers EC2 App Servers Customer App Layer EC2 Web Servers EC2 Web Servers Web Layer ProcessedMedia Processed Data / Meta-data DynamoDB Availability Zone A 4 G2 GPU- Optimized Instances G2 GPU- Optimized Instances ELB 3 5 6 Static Content Unprocessed Media Unprocessed Media Dynamic Content Availability Zone A Availability Zone B Public Subnet Public Subnet Private Subnet Private Subnet Instance A 10.1.1.11 /24 Instance B 10.1.2.22 /24 Instance C 10.1.3.33 /24 Instance D 10.1.4.44 /24 10.1.1.0/16 10.1.2.0/16 10.1.3.0/16 Public Subnet
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why do so many think it’s harder in the cloud…? CostScale Reliability/Repeatability Skills shortageSignal to noiseLarge datasets
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Because humans and data don’t mix well…
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do I govern my environment to ensure it is secure and compliant?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Some definitions Governance: oversight role and process by which companies manage and mitigate business risks. Compliance: process and internal controls to meet the requirements imposed by a governing body.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Implementing a governance and compliance program… What is IT doing? When changes occur and/or IT resources become “non-compliant” What IT resources exist? What is IT supposed to do? Define Discover MonitorRespond
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security engineering…then and now
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The challenge Governance Speed • Define • Discover • Monitor • Respond • Manage • Report • Agility • Innovation • Scale
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS allows you to do both J With AWS you can programmatically: • Define how to provision and configure resources • Discover new resources and changes to existing resources • Monitor resources and operations for compliance • Respond to (and report on) changes to your resources
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security, Risk, Compliance, and Automation Toolbox Audit Visibility Protection Automation AWS CloudTrail Amazon CloudWatch AWS Systems Manager AWS Config AWS CodePipeline AWS WAF AWS KMS AWS Trusted Advisor AWS CloudFormation AWS Organizations AWS Lambda Amazon Inspector AWS Service Catalog Amazon Macie AWS Shield AWS Config Rules
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do I ensure that my developers provision AWS resources in an orderly and predictable fashion?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CloudFormation JSON/YAML formatted file Parameter definition Resource creation Configuration actions Framework Stack creation Stack updates Error detection and rollback Configured AWS resources Comprehensive service support Service event aware Customizable Template CloudFormation Stack + Stack Sets
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CloudFormation Template Infrastructure as code Declarative and flexible AWSTemplateFormatVersion: "2010-09-09" Description: A sample template Resources: MyEC2Instance: #An inline comment Type: "AWS::EC2::Instance" Properties: ImageId: "ami-2f726546" #Another comment -- This is a Linux AMI InstanceType: t1.micro KeyName: testkey BlockDeviceMappings: - DeviceName: /dev/sdm Ebs: VolumeType: io1 Iops: 200 DeleteOnTermination: false VolumeSize: 20
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do I enable self-service for my business units so that they can quickly deploy approved IT services?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Service Catalog • Allows organizations to create and manage catalogs of IT services. • Enables users to quickly deploy approved IT services in a self-service manner without access to the underlying services in AWS. Organizations Developers Control Standardization Governance Agility Self-service Time to market
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Service Catalog Enable • 11 User API methods • 40+ Admin API methods • Share products across Portfolios and AWS accounts Orchestrate • Version products • Limit console access • Provide various levels of user access Automate • Launch constraints • Template constraints
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How can I view what activity occurred in my AWS account?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CloudTrail Provides a history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services. You make API calls On a set of AWS services around the world CloudTrail continuously records API calls AWS CloudTrail Store or archive logs in an S3 bucket AWS Management Console IAM AWS CLI
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How can I easily discover what AWS resources exist and detect if AWS resources are compliant with rules I defined?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Config and Config Rules Enables you to assess, audit, and evaluate the configurations of your AWS resources. Changing resources History Notifications API Access Normalized AWS Config AWS Config Rules
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How can I monitor the specific state of a resource and discover what software is running on my AWS instances? How can I centrally define, control, and manage configuration data and secure parameters without hardcoding?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Systems Manager Provides visibility and control of your infrastructure on AWS. You can view operational data from multiple AWS services and automate operational tasks across your AWS resources Run command State manager Inventory Maintenance window Patch manager Automation Parameter store Documents
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How can I create visualizations to help monitor my AWS environment and alert on high value events or activity?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon CloudWatch • CloudWatch Events delivers a near real-time stream of system events • Create rules to match events and route them to one or more target functions or streams Monitor Amazon EC2 Monitor Other AWS Resources Monitor Custom Metrics Monitor and Store Logs Set Alarms View Graphs and Statistics
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How can I take action when an event occurs?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Lambda AWS Lambda allows you to run code in response to an event Function Services (Anything) Changes in data state Requests to endpoints Changes in resource state • Node • Python • Java • C# Event Source
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. General remediation pattern Amazon CloudWatch AWS CloudTrail VPC Flow Logs Lambda function AWS APIs AWS WAF Team collaboration (Slack etc.) • Define/Create • Discover/Detect • Monitor/Alert • Respond/Remediate • Define counter measures • Conduct forensics Amazon GuardDuty AWS Config
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Remediating an Amazon EC2 Instance… • Asynchronously execute commands • No need to SSH/RDP • Commands and output logged AWS Lambda function Amazon EC2 Systems Manager - Run Command Amazon EC2 Instances
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Lambda + AWS Systems Manager + AWS CloudWatch AWS Systems Manager Documents Amazon CloudWatch Rule AWS Lambda Amazon GuardDuty Lambda function EBS volume Amazon EBS snapshot
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Putting it all together…
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automate at every stage Developers Customers ReleaseTestBuild Plan Monitor Delivery pipeline Feedback loop Security
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Foundational DevSecOps pipeline AWS Lambda (or AWS CodeBuild) AWS CodeCommit (or S3/GitHub) AWS CodePipeline AWS CodePipeline Developer commits AWS CloudFormation Policy fail PASS Developers Stack
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mature DevSecOps pipeline https://aws.amazon.com/answers/devops/aws-cloudformation-validation-pipeline/ AWS CodePipelineDevOps Push/Pull AWS CodeCommit Pre-create Pre-create AWS Lambda AWS CodeBuild / cfn-nag Stack creation Create stacks AWS CloudFormation Post-create Post-create AWS Lambda Amazon SNS notification Deploy Deploy AWS Lambda Amazon S3 bucket Manual Approval
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Use AWS Management Tools and AWS Managed Services to… Standardize Governance Improve Security Enforce Policies Automatically Continuous Monitoring Enable Self Service Scale to Multiple Environments Remediate Issues Automatically
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! Please complete the session survey in the summit mobile app.

Recomendados

Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Amazon Web Services
 
Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...
Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...
Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...Amazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Governance at Scale
Governance at ScaleGovernance at Scale
Governance at ScaleAmazon Web Services
 
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAmazon Web Services
 
AWS core services
AWS core servicesAWS core services
AWS core servicesNagesh Ramamoorthy
 
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018Amazon Web Services
 

Recomendados

Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Amazon Web Services
 
Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...
Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...
Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...Amazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Governance at Scale
Governance at ScaleGovernance at Scale
Governance at ScaleAmazon Web Services
 
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAmazon Web Services
 
AWS core services
AWS core servicesAWS core services
AWS core servicesNagesh Ramamoorthy
 
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018Amazon Web Services
 
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesTom Laszewski
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveAmazon Web Services
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftAmazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAleksandr Maklakov
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Amazon Web Services
 
Security Day - Intro
Security Day - IntroSecurity Day - Intro
Security Day - IntroAmazon Web Services
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Amazon Web Services
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
 
Implementing Governance@Scale
Implementing Governance@ScaleImplementing Governance@Scale
Implementing Governance@ScaleAmazon Web Services
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Amazon Web Services
 
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF LoftAdding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF LoftAmazon Web Services
 
DEM04 Fearless: From Monolith to Serverless with Dynatrace
DEM04 Fearless: From Monolith to Serverless with DynatraceDEM04 Fearless: From Monolith to Serverless with Dynatrace
DEM04 Fearless: From Monolith to Serverless with DynatraceAmazon Web Services
 
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Amazon Web Services
 
Enabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfEnabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfAmazon Web Services
 
AWS Governance Overview - Beach
AWS Governance Overview - BeachAWS Governance Overview - Beach
AWS Governance Overview - BeachAmazon Web Services
 
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...Amazon Web Services
 
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Amazon Web Services
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Amazon Web Services
 
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Amazon Web Services
 
Enterprise Security
Enterprise SecurityEnterprise Security
Enterprise SecurityAmazon Web Services
 
Security Automation using AWS Management Tools
Security Automation using AWS Management ToolsSecurity Automation using AWS Management Tools
Security Automation using AWS Management ToolsAmazon Web Services
 

Mais conteúdo relacionado

Mais procurados

MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesTom Laszewski
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveAmazon Web Services
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftAmazon Web Services
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Amazon Web Services
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Amazon Web Services
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Amazon Web Services
 
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF LoftAdding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF LoftAmazon Web Services
 
DEM04 Fearless: From Monolith to Serverless with Dynatrace
DEM04 Fearless: From Monolith to Serverless with DynatraceDEM04 Fearless: From Monolith to Serverless with Dynatrace
DEM04 Fearless: From Monolith to Serverless with DynatraceAmazon Web Services
 
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Amazon Web Services
 
Enabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfEnabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfAmazon Web Services
 
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...Amazon Web Services
 
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Amazon Web Services
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Amazon Web Services
 
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Amazon Web Services
 

Mais procurados (20)

MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica Hive
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
 
Security Day - Intro
Security Day - IntroSecurity Day - Intro
Security Day - Intro
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
 
Implementing Governance@Scale
Implementing Governance@ScaleImplementing Governance@Scale
Implementing Governance@Scale
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
 
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF LoftAdding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
 
DEM04 Fearless: From Monolith to Serverless with Dynatrace
DEM04 Fearless: From Monolith to Serverless with DynatraceDEM04 Fearless: From Monolith to Serverless with Dynatrace
DEM04 Fearless: From Monolith to Serverless with Dynatrace
 
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
 
Enabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfEnabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdf
 
AWS Governance Overview - Beach
AWS Governance Overview - BeachAWS Governance Overview - Beach
AWS Governance Overview - Beach
 
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...
 
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
 
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
 

Semelhante a Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Management Tools

Security Automation using AWS Management Tools
Security Automation using AWS Management ToolsSecurity Automation using AWS Management Tools
Security Automation using AWS Management ToolsAmazon Web Services
 
Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...
Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...
Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...Amazon Web Services
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Amazon Web Services
 
Automated Monitoring of Best Practices and Operational Health of Your AWS Res...
Automated Monitoring of Best Practices and Operational Health of Your AWS Res...Automated Monitoring of Best Practices and Operational Health of Your AWS Res...
Automated Monitoring of Best Practices and Operational Health of Your AWS Res...Amazon Web Services
 
Visualise and Voice-Enable Your Security
Visualise and Voice-Enable Your SecurityVisualise and Voice-Enable Your Security
Visualise and Voice-Enable Your SecurityAmazon Web Services
 
AWSome Day MODULE 5 - Autoscaling and Next Steps
AWSome Day MODULE 5 - Autoscaling and Next StepsAWSome Day MODULE 5 - Autoscaling and Next Steps
AWSome Day MODULE 5 - Autoscaling and Next StepsAmazon Web Services
 
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Amazon Web Services
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
 
Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...
Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...
Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...Amazon Web Services
 
Coordinating Microservices with AWS Step Functions.pdf
Coordinating Microservices with AWS Step Functions.pdfCoordinating Microservices with AWS Step Functions.pdf
Coordinating Microservices with AWS Step Functions.pdfAmazon Web Services
 
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...Amazon Web Services
 
The Serverless Tidal Wave - SwampUP 2018 Keynote
The Serverless Tidal Wave - SwampUP 2018 KeynoteThe Serverless Tidal Wave - SwampUP 2018 Keynote
The Serverless Tidal Wave - SwampUP 2018 KeynoteArun Gupta
 
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Amazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 

Semelhante a Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Management Tools (20)

Enterprise Security
Enterprise SecurityEnterprise Security
Enterprise Security
 
Security Automation using AWS Management Tools
Security Automation using AWS Management ToolsSecurity Automation using AWS Management Tools
Security Automation using AWS Management Tools
 
Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...
Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...
Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
 
Automated Monitoring of Best Practices and Operational Health of Your AWS Res...
Automated Monitoring of Best Practices and Operational Health of Your AWS Res...Automated Monitoring of Best Practices and Operational Health of Your AWS Res...
Automated Monitoring of Best Practices and Operational Health of Your AWS Res...
 
Visualise and Voice-Enable Your Security
Visualise and Voice-Enable Your SecurityVisualise and Voice-Enable Your Security
Visualise and Voice-Enable Your Security
 
AWSome Day MODULE 5 - Autoscaling and Next Steps
AWSome Day MODULE 5 - Autoscaling and Next StepsAWSome Day MODULE 5 - Autoscaling and Next Steps
AWSome Day MODULE 5 - Autoscaling and Next Steps
 
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
 
Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...
Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...
Enabling Your Organization’s Amazon Redshift Adoption – Going from Zero to He...
 
Security@Scale
Security@ScaleSecurity@Scale
Security@Scale
 
Coordinating Microservices with AWS Step Functions.pdf
Coordinating Microservices with AWS Step Functions.pdfCoordinating Microservices with AWS Step Functions.pdf
Coordinating Microservices with AWS Step Functions.pdf
 
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...
Optimize Performance and Reduce Risk Using AWS Support Tools (ENT316-R1) - AW...
 
AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By Design
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
The Serverless Tidal Wave - SwampUP 2018 Keynote
The Serverless Tidal Wave - SwampUP 2018 KeynoteThe Serverless Tidal Wave - SwampUP 2018 Keynote
The Serverless Tidal Wave - SwampUP 2018 Keynote
 
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Management Tools

  • 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shahbaz Alam Senior Practice Manager, Amazon Web Services Professional Services shahbaza@amazon.com Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Management Tools
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What’s in your AWS account? Availability Zone #1 www.example.com Elastic Load Balancing DatabaseEC2 instance web app server Autoscaling Group #1
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. As you expand and change, entropy increases… CloudFront Siemens Customers Internet Route 53 On-Premises Media Sources AWS Direct Connect SQS S3 Bucket 2 1 Availability Zone B ELB Processing Layer EC2 App Servers EC2 App Servers Customer App Layer EC2 Web Servers EC2 Web Servers Web Layer ProcessedMedia Processed Data / Meta-data DynamoDB Availability Zone A 4 G2 GPU-Optimized Instances G2 GPU-Optimized Instances ELB 3 5 6 Static Content Unprocessed Media Unprocessed Media DynamicContent
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Becoming more complex with each new workload… AWS Cloud Route 53 Users CloudFront S3 Bucket Availability Zone Auto scaling Groups Elastic Load Balancing RDS MySQL DB RDS MSSQL DB RDS MySQL DB (Standby) RDS MSSQL DB (Standby) Web- Servers Private Subnet Private Subnet Private Subnet Private Subnet Dynamic Websites Static Websites .Net Stack LAMP Stack SPS Stack Shared Services WAF WAF Availability Zone .Net Stack LAMP Stack SPS Stack Shared Services Virtual Private Cloud Auto scaling Groups CloudFront Siemens Customer s Internet Route 53 On- Premise s Media Sources AWS Direct Connect SQS S3 Bucket 2 1 Availability Zone B ELB Processing Layer EC2 App Servers EC2 App Servers Customer App Layer EC2 Web Servers EC2 Web Servers Web Layer ProcessedMedia Processed Data / Meta-data DynamoDB Availability Zone A 4 G2 GPU- Optimized Instances G2 GPU- Optimized Instances ELB 3 5 6 Static Content Unprocessed Media Unprocessed Media Dynamic Content Availability Zone A Availability Zone B Public Subnet Public Subnet Private Subnet Private Subnet Instance A 10.1.1.11 /24 Instance B 10.1.2.22 /24 Instance C 10.1.3.33 /24 Instance D 10.1.4.44 /24 10.1.1.0/16 10.1.2.0/16 10.1.3.0/16 Public Subnet
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why do so many think it’s harder in the cloud…? CostScale Reliability/Repeatability Skills shortageSignal to noiseLarge datasets
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Because humans and data don’t mix well…
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do I govern my environment to ensure it is secure and compliant?
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Some definitions Governance: oversight role and process by which companies manage and mitigate business risks. Compliance: process and internal controls to meet the requirements imposed by a governing body.
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Implementing a governance and compliance program… What is IT doing? When changes occur and/or IT resources become “non-compliant” What IT resources exist? What is IT supposed to do? Define Discover MonitorRespond
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security engineering…then and now
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The challenge Governance Speed • Define • Discover • Monitor • Respond • Manage • Report • Agility • Innovation • Scale
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS allows you to do both J With AWS you can programmatically: • Define how to provision and configure resources • Discover new resources and changes to existing resources • Monitor resources and operations for compliance • Respond to (and report on) changes to your resources
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security, Risk, Compliance, and Automation Toolbox Audit Visibility Protection Automation AWS CloudTrail Amazon CloudWatch AWS Systems Manager AWS Config AWS CodePipeline AWS WAF AWS KMS AWS Trusted Advisor AWS CloudFormation AWS Organizations AWS Lambda Amazon Inspector AWS Service Catalog Amazon Macie AWS Shield AWS Config Rules
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do I ensure that my developers provision AWS resources in an orderly and predictable fashion?
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CloudFormation JSON/YAML formatted file Parameter definition Resource creation Configuration actions Framework Stack creation Stack updates Error detection and rollback Configured AWS resources Comprehensive service support Service event aware Customizable Template CloudFormation Stack + Stack Sets
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CloudFormation Template Infrastructure as code Declarative and flexible AWSTemplateFormatVersion: "2010-09-09" Description: A sample template Resources: MyEC2Instance: #An inline comment Type: "AWS::EC2::Instance" Properties: ImageId: "ami-2f726546" #Another comment -- This is a Linux AMI InstanceType: t1.micro KeyName: testkey BlockDeviceMappings: - DeviceName: /dev/sdm Ebs: VolumeType: io1 Iops: 200 DeleteOnTermination: false VolumeSize: 20
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do I enable self-service for my business units so that they can quickly deploy approved IT services?
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Service Catalog • Allows organizations to create and manage catalogs of IT services. • Enables users to quickly deploy approved IT services in a self-service manner without access to the underlying services in AWS. Organizations Developers Control Standardization Governance Agility Self-service Time to market
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Service Catalog Enable • 11 User API methods • 40+ Admin API methods • Share products across Portfolios and AWS accounts Orchestrate • Version products • Limit console access • Provide various levels of user access Automate • Launch constraints • Template constraints
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How can I view what activity occurred in my AWS account?
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CloudTrail Provides a history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services. You make API calls On a set of AWS services around the world CloudTrail continuously records API calls AWS CloudTrail Store or archive logs in an S3 bucket AWS Management Console IAM AWS CLI
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How can I easily discover what AWS resources exist and detect if AWS resources are compliant with rules I defined?
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Config and Config Rules Enables you to assess, audit, and evaluate the configurations of your AWS resources. Changing resources History Notifications API Access Normalized AWS Config AWS Config Rules
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How can I monitor the specific state of a resource and discover what software is running on my AWS instances? How can I centrally define, control, and manage configuration data and secure parameters without hardcoding?
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Systems Manager Provides visibility and control of your infrastructure on AWS. You can view operational data from multiple AWS services and automate operational tasks across your AWS resources Run command State manager Inventory Maintenance window Patch manager Automation Parameter store Documents
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How can I create visualizations to help monitor my AWS environment and alert on high value events or activity?
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon CloudWatch • CloudWatch Events delivers a near real-time stream of system events • Create rules to match events and route them to one or more target functions or streams Monitor Amazon EC2 Monitor Other AWS Resources Monitor Custom Metrics Monitor and Store Logs Set Alarms View Graphs and Statistics
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How can I take action when an event occurs?
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Lambda AWS Lambda allows you to run code in response to an event Function Services (Anything) Changes in data state Requests to endpoints Changes in resource state • Node • Python • Java • C# Event Source
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. General remediation pattern Amazon CloudWatch AWS CloudTrail VPC Flow Logs Lambda function AWS APIs AWS WAF Team collaboration (Slack etc.) • Define/Create • Discover/Detect • Monitor/Alert • Respond/Remediate • Define counter measures • Conduct forensics Amazon GuardDuty AWS Config
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Remediating an Amazon EC2 Instance… • Asynchronously execute commands • No need to SSH/RDP • Commands and output logged AWS Lambda function Amazon EC2 Systems Manager - Run Command Amazon EC2 Instances
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Lambda + AWS Systems Manager + AWS CloudWatch AWS Systems Manager Documents Amazon CloudWatch Rule AWS Lambda Amazon GuardDuty Lambda function EBS volume Amazon EBS snapshot
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Putting it all together…
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automate at every stage Developers Customers ReleaseTestBuild Plan Monitor Delivery pipeline Feedback loop Security
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Foundational DevSecOps pipeline AWS Lambda (or AWS CodeBuild) AWS CodeCommit (or S3/GitHub) AWS CodePipeline AWS CodePipeline Developer commits AWS CloudFormation Policy fail PASS Developers Stack
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mature DevSecOps pipeline https://aws.amazon.com/answers/devops/aws-cloudformation-validation-pipeline/ AWS CodePipelineDevOps Push/Pull AWS CodeCommit Pre-create Pre-create AWS Lambda AWS CodeBuild / cfn-nag Stack creation Create stacks AWS CloudFormation Post-create Post-create AWS Lambda Amazon SNS notification Deploy Deploy AWS Lambda Amazon S3 bucket Manual Approval
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Use AWS Management Tools and AWS Managed Services to… Standardize Governance Improve Security Enforce Policies Automatically Continuous Monitoring Enable Self Service Scale to Multiple Environments Remediate Issues Automatically
  • 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! Please complete the session survey in the summit mobile app.