SlideShare uma empresa Scribd logo

Getting Started with AWS Security

Amazon Web Services
Amazon Web Services

AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.

Tecnologia
1 de 51
Baixar para ler offline
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Stephen Quigg - Principal Security Solutions Architect,AWS Ann Ledwith – Continuous Delivery Lead,Sage July 2016 Getting Started with AWS Security
Why is enterprise security traditionally hard? Lack of visibility Low degree of automation
AND Move fast Stay secure
Making life easier Choosing security does not mean giving up on convenience or introducing complexity
Security ownership as part of DNA • Promotes culture of “everyone is an owner” for security • Makes security a stakeholderin business success • Enables easier and smoothercommunication Distributed Embedded
Build strong security foundations
AWS can strengthen your security posture Get native functionality and tools Over 30 global compliance certifications and accreditations Leverage security enhancements gleaned from 1 million+ customer experiences Benefit from AWS industry leading security teams 24/7, 365 days a year Security infrastructure built to satisfy military, global banks, and other high-sensitivity organizations
Get strong assurance over AWS security controls AWS formal control environment SOC 1 Type II SOC 2 Type II and public SOC 3 report ISO 27001, 27017, 27018 Certification PCI DSS Level 1 Service Provider FedRAMP Authorization Achieve HIPAA compliance
AWS Foundation Services Compute Storage Database Networking AWS global infrastructure Regions Availability Zones Edge locations Client-side data encryption Server-side data encryption Network traffic protection Platform, applications,identity and access management Operating system, network,and firewall configuration Customer content Customers Customers choose the required level of security Customers are responsible for their security IN the cloud AWS is responsible for the security OF the cloud
Integrate identity and access management
AWS Identity and Access Management IAM users IAM groups IAM roles IAM policies
Account governance—new accounts InfoSec’s cross- account roles AWS account credential management (“Root account”) Federation Baseline requirements Actions and conditions Map enterprise roles
Enable detective controls
AWS CloudTrail and Amazon CloudWatch AWS CloudTrail Amazon CloudWatch ü Enable globally for all AWS Regions ü Encryption and integrity validation ü Archive and forward ü Amazon CloudWatch Logs ü Metrics and filters ü Alarms and notifications
Establish network security
Control where your content is stored 13 AWS Regions (11 public, China region and GovCloud region) Canada, Ohio, UK and another China region planned for 2016 and beyond 35 Availability Zones (adding 9 more in 2016 across new AWS Regions) 55+ edge locations Region Edge location
VPC Public Subnet 10.10.1.0/24 VPC Public Subnet 10.10.2.0/24 VPC CIDR 10.10.0.0/16 VPC Private Subnet 10.10.3.0/24 VPC Private Subnet 10.10.4.0/24 VPC Private Subnet 10.10.5.0/24 VPC Private Subnet 10.10.6.0/24 AZ A AZ B Public Elastic Load Balancing Internal Elastic Load Balancing Amazon RDS Master Auto Scaling Web Tier Auto Scaling Application Tier Internet Gateway Amazon RDS Standby Snapshots Multi-AZ RDS Data Tier Existing Data Center Virtual Private Gateway Customer Gateway VPN Connection AWS Direct Connect Network Partner Location Administrators and Corporate Users Amazon Virtual Private Cloud
Availability Zone A Private subnet Public subnet Private subnet Availability Zone B Public subnet Private subnet ELB Web Back end VPC CIDR 10.1.0.0/16 ELB Web Back end VPC sg_ELB_FrontEnd (ELB Security Group) sg_Web_Frontend (Web Security Group) Security groups sg_Backend (Backend Security Group)
Security groups
VPC Flow Logs • Agentless • Enable per Elastic Network Interface (ENI), per subnet, or per VPC • Logged to Amazon CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics and take appropriate actions AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
VPC Flow Logs • Amazon Elasticsearch Service • Amazon CloudWatch Logs subscriptions
VPC Flow Logs—CloudWatch alarms
Protect your data with encryption
Cryptographic services Amazon CloudHSM ü Deep integration withAWS services ü CloudTrail ü AWS SDK for application encryption ü Dedicated HSM ü Integrate with on-premises HSMs ü Hybrid architectures AWS Key Management Service (AWS KMS)
Optimise change management
AWS Config and Config rules AWS Config Amazon Config rules ü Record configuration changes continuously ü Time-series view of resource changes ü Archive and compare ü Enforce best practices ü Automatically roll back unwanted changes ü Trigger additional workflow
AWS Config tracks changes to your assets
Visibility of when changes were made
AWS Config rules keeps an eye on things
AWS Config rules—tenancy enforcement example
AWS Config rules—tenancy enforcement example
AWS Config Partners
Automate security functions
Evolving the practice of security architecture Security architecture as a separate function can no longer exist Static position papers, architecture diagrams, and documents UI-dependent consoles and technologies Auditing, assurance, and compliance are decoupled, separate processes Current security architecture practice
AWS CloudFormation—infrastructure as code Template StackAWS CloudFormation ü Orchestrate changes acrossAWS services ü Use as foundation toAWS Service Catalog products ü Use with source code repositories to manage infrastructure changes ü JSON-based text file describing infrastructure ü Resources created from a template ü Can be updated ü Updates can be restructured
Evolving the practice of security architecture Security architecture can now be part of the “maker” team Architecture artifacts (design choices, narrative, and so on) committed to common repositories Complete solutions account for automation Solution architectures are living audit/compliance artifacts and evidence in a closed loop Evolved security architecture practice AWS CodeCommit AWS CodePipeline Jenkins
Get training in AWS security Security Fundamentals on AWS (Free online course) Security Operations on AWS (Three-day class) Details at aws.amazon.com/training
Lets hear how Sage is doing secure continuous delivery with AWS
33 Sage Products and Services in AWS – why? • Scalability • Fault tolerant – highly available • Cost • Agility
FAST or SECURE FAST and SECURE
CD Pipeline + Security 7/11/16 41 Deploy Visible to all stakeholders Static Analysis Dependency Scan Labs Unit Test TestBuild Dynamic Analysis Automated Test Create Scan Scan Continuous Integration Automated Test Source Control Artifact Management Configuration Management Infrastructure as code + Hosting platform Check in Deployment Automation Security Check Pass/Fail – changes will proceed no further on failure Quality metric – changes will proceed no further if threshold is breached Alarm
CD Pipeline + Security 7/11/16 42 Deploy Visible to all stakeholders Static Analysis Dependency Scan Labs Unit Test TestBuild Dynamic Analysis Automated Test Create Scan Scan Continuous Integration Automated Test Source Control Artifact Management Configuration Management Infrastructure as code + Hosting platform Check in Deployment Automation Security Check Pass/Fail – changes will proceed no further on failure Quality metric – changes will proceed no further if threshold is breached Alarm
CD Pipeline + Security 7/11/16 43 Deploy Visible to all stakeholders Static Analysis Dependency Scan Labs Unit Test TestBuild Dynamic Analysis Automated Test Create Scan Scan Continuous Integration Automated Test Source Control Artifact Management Configuration Management Infrastructure as code + Hosting platform Check in Deployment Automation Security Check Pass/Fail – changes will proceed no further on failure Quality metric – changes will proceed no further if threshold is breached Alarm Latest Amazon AMI Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific
CD Pipeline + Security 7/11/16 44 Deploy Visible to all stakeholders Static Analysis Dependency Scan Labs Unit Test TestBuild Dynamic Analysis Automated Test Create Scan Scan Continuous Integration Automated Test Source Control Artifact Management Configuration Management Infrastructure as code + Hosting platform Check in Deployment Automation Security Check Pass/Fail – changes will proceed no further on failure Quality metric – changes will proceed no further if threshold is breached Alarm Latest Amazon Linux AMI Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific
CD Pipeline + Security 7/11/16 45 Deploy Visible to all stakeholders Static Analysis Dependency Scan Labs Unit Test TestBuild Dynamic Analysis Automated Test Create Scan Scan Continuous Integration Automated Test Source Control Artifact Management Configuration Management Infrastructure as code + Hosting platform Check in Deployment Automation Security Check Pass/Fail – changes will proceed no further on failure Quality metric – changes will proceed no further if threshold is breached Alarm Latest Amazon Linux AMI Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific
AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific QA AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific Performance Test AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific Production
AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific QA AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific Performance Test AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific Production
Outcomes • Security patches/mitigations take hours instead of days to apply across the entire fleet • Frees up the team to work on further improvements • Non-production environments representative of Live – better confidence in testing
Future Amazon Inspector AWS CodePipeline AWS CodeCommit
Please remember to rate this session under My Agenda on awssummit.london

Recomendados

Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryAmazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWSNetwork Security and Access Control within AWS
Network Security and Access Control within AWSAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWSAWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWSAmazon Web Services
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveAmazon Web Services
 
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...Amazon Web Services
 
Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with ...
Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with ... Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with ...
Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with ...Amazon Web Services
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveAmazon Web Services
 

Recomendados

Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryAmazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWSNetwork Security and Access Control within AWS
Network Security and Access Control within AWSAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWSAWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWSAmazon Web Services
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveAmazon Web Services
 
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...Amazon Web Services
 
Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with ...
Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with ... Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with ...
Database Migration: Simple, Cross-Engine and Cross-Platform Migrations with ...Amazon Web Services
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveAmazon Web Services
 
Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - TorontoAmazon Web Services
 
Databases on AWS Workshop.pdf
Databases on AWS Workshop.pdfDatabases on AWS Workshop.pdf
Databases on AWS Workshop.pdfAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWS Protecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...Amazon Web Services
 
Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...Amazon Web Services
 
Getting started with amazon redshift - Toronto
Getting started with amazon redshift - TorontoGetting started with amazon redshift - Toronto
Getting started with amazon redshift - TorontoAmazon Web Services
 
Ponencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridPonencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridAmazon Web Services
 
Sec301 Security @ (Cloud) Scale
Sec301 Security @ (Cloud) ScaleSec301 Security @ (Cloud) Scale
Sec301 Security @ (Cloud) ScaleAmazon Web Services
 
How EidosMedia Leverages ONTAP Cloud for AWS to Serve Millions of Users Globa...
How EidosMedia Leverages ONTAP Cloud for AWS to Serve Millions of Users Globa...How EidosMedia Leverages ONTAP Cloud for AWS to Serve Millions of Users Globa...
How EidosMedia Leverages ONTAP Cloud for AWS to Serve Millions of Users Globa...Amazon Web Services
 
AWS re:Invent 2016: Strategic Planning for Long-Term Data Archiving with Amaz...
AWS re:Invent 2016: Strategic Planning for Long-Term Data Archiving with Amaz...AWS re:Invent 2016: Strategic Planning for Long-Term Data Archiving with Amaz...
AWS re:Invent 2016: Strategic Planning for Long-Term Data Archiving with Amaz...Amazon Web Services
 
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWSMigrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWSKristana Kane
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSAmazon Web Services
 
ENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems ManagerENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems ManagerAmazon Web Services
 
Real-time Data Processing Using AWS Lambda
Real-time Data Processing Using AWS LambdaReal-time Data Processing Using AWS Lambda
Real-time Data Processing Using AWS LambdaAmazon Web Services
 
AWS Storage and Content Delivery Services
AWS Storage and Content Delivery ServicesAWS Storage and Content Delivery Services
AWS Storage and Content Delivery ServicesAmazon Web Services
 
찾아가는 AWS 세미나(구로,가산,판교) - AWS 기반 빅데이터 활용 방법 (김일호 솔루션즈 아키텍트)
찾아가는 AWS 세미나(구로,가산,판교) - AWS 기반 빅데이터 활용 방법 (김일호 솔루션즈 아키텍트)찾아가는 AWS 세미나(구로,가산,판교) - AWS 기반 빅데이터 활용 방법 (김일호 솔루션즈 아키텍트)
찾아가는 AWS 세미나(구로,가산,판교) - AWS 기반 빅데이터 활용 방법 (김일호 솔루션즈 아키텍트)Amazon Web Services Korea
 
ENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
AWS for Startups
AWS for StartupsAWS for Startups
AWS for StartupsAmazon Web Services
 
Getting Started with AWS Lambda and the Serverless Cloud by Jim Tran, Princip...
Getting Started with AWS Lambda and the Serverless Cloud by Jim Tran, Princip...Getting Started with AWS Lambda and the Serverless Cloud by Jim Tran, Princip...
Getting Started with AWS Lambda and the Serverless Cloud by Jim Tran, Princip...Amazon Web Services
 
Keynote: Paving the Way and Making a Difference: AWS in the Public Sector
Keynote: Paving the Way and Making a Difference: AWS in the Public SectorKeynote: Paving the Way and Making a Difference: AWS in the Public Sector
Keynote: Paving the Way and Making a Difference: AWS in the Public SectorAmazon Web Services
 
Deep Dive Amazon EC2
Deep Dive Amazon EC2Deep Dive Amazon EC2
Deep Dive Amazon EC2Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - TorontoAmazon Web Services
 
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...Amazon Web Services
 
Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...Amazon Web Services
 
Getting started with amazon redshift - Toronto
Getting started with amazon redshift - TorontoGetting started with amazon redshift - Toronto
Getting started with amazon redshift - TorontoAmazon Web Services
 
Ponencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridPonencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridAmazon Web Services
 
How EidosMedia Leverages ONTAP Cloud for AWS to Serve Millions of Users Globa...
How EidosMedia Leverages ONTAP Cloud for AWS to Serve Millions of Users Globa...How EidosMedia Leverages ONTAP Cloud for AWS to Serve Millions of Users Globa...
How EidosMedia Leverages ONTAP Cloud for AWS to Serve Millions of Users Globa...Amazon Web Services
 
AWS re:Invent 2016: Strategic Planning for Long-Term Data Archiving with Amaz...
AWS re:Invent 2016: Strategic Planning for Long-Term Data Archiving with Amaz...AWS re:Invent 2016: Strategic Planning for Long-Term Data Archiving with Amaz...
AWS re:Invent 2016: Strategic Planning for Long-Term Data Archiving with Amaz...Amazon Web Services
 
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWSMigrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWSKristana Kane
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSAmazon Web Services
 
ENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems ManagerENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems ManagerAmazon Web Services
 
Real-time Data Processing Using AWS Lambda
Real-time Data Processing Using AWS LambdaReal-time Data Processing Using AWS Lambda
Real-time Data Processing Using AWS LambdaAmazon Web Services
 
AWS Storage and Content Delivery Services
AWS Storage and Content Delivery ServicesAWS Storage and Content Delivery Services
AWS Storage and Content Delivery ServicesAmazon Web Services
 
찾아가는 AWS 세미나(구로,가산,판교) - AWS 기반 빅데이터 활용 방법 (김일호 솔루션즈 아키텍트)
찾아가는 AWS 세미나(구로,가산,판교) - AWS 기반 빅데이터 활용 방법 (김일호 솔루션즈 아키텍트)찾아가는 AWS 세미나(구로,가산,판교) - AWS 기반 빅데이터 활용 방법 (김일호 솔루션즈 아키텍트)
찾아가는 AWS 세미나(구로,가산,판교) - AWS 기반 빅데이터 활용 방법 (김일호 솔루션즈 아키텍트)Amazon Web Services Korea
 
ENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSAmazon Web Services
 
Getting Started with AWS Lambda and the Serverless Cloud by Jim Tran, Princip...
Getting Started with AWS Lambda and the Serverless Cloud by Jim Tran, Princip...Getting Started with AWS Lambda and the Serverless Cloud by Jim Tran, Princip...
Getting Started with AWS Lambda and the Serverless Cloud by Jim Tran, Princip...Amazon Web Services
 

Mais procurados (20)

Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - Toronto
 
Databases on AWS Workshop.pdf
Databases on AWS Workshop.pdfDatabases on AWS Workshop.pdf
Databases on AWS Workshop.pdf
 
Protecting Your Data in AWS
Protecting Your Data in AWS Protecting Your Data in AWS
Protecting Your Data in AWS
 
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
 
Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...
 
Getting started with amazon redshift - Toronto
Getting started with amazon redshift - TorontoGetting started with amazon redshift - Toronto
Getting started with amazon redshift - Toronto
 
Ponencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridPonencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - Madrid
 
Sec301 Security @ (Cloud) Scale
Sec301 Security @ (Cloud) ScaleSec301 Security @ (Cloud) Scale
Sec301 Security @ (Cloud) Scale
 
How EidosMedia Leverages ONTAP Cloud for AWS to Serve Millions of Users Globa...
How EidosMedia Leverages ONTAP Cloud for AWS to Serve Millions of Users Globa...How EidosMedia Leverages ONTAP Cloud for AWS to Serve Millions of Users Globa...
How EidosMedia Leverages ONTAP Cloud for AWS to Serve Millions of Users Globa...
 
AWS re:Invent 2016: Strategic Planning for Long-Term Data Archiving with Amaz...
AWS re:Invent 2016: Strategic Planning for Long-Term Data Archiving with Amaz...AWS re:Invent 2016: Strategic Planning for Long-Term Data Archiving with Amaz...
AWS re:Invent 2016: Strategic Planning for Long-Term Data Archiving with Amaz...
 
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWSMigrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWS
 
ENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems ManagerENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems Manager
 
Real-time Data Processing Using AWS Lambda
Real-time Data Processing Using AWS LambdaReal-time Data Processing Using AWS Lambda
Real-time Data Processing Using AWS Lambda
 
AWS Storage and Content Delivery Services
AWS Storage and Content Delivery ServicesAWS Storage and Content Delivery Services
AWS Storage and Content Delivery Services
 
찾아가는 AWS 세미나(구로,가산,판교) - AWS 기반 빅데이터 활용 방법 (김일호 솔루션즈 아키텍트)
찾아가는 AWS 세미나(구로,가산,판교) - AWS 기반 빅데이터 활용 방법 (김일호 솔루션즈 아키텍트)찾아가는 AWS 세미나(구로,가산,판교) - AWS 기반 빅데이터 활용 방법 (김일호 솔루션즈 아키텍트)
찾아가는 AWS 세미나(구로,가산,판교) - AWS 기반 빅데이터 활용 방법 (김일호 솔루션즈 아키텍트)
 
ENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWS
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
AWS for Startups
AWS for StartupsAWS for Startups
AWS for Startups
 
Getting Started with AWS Lambda and the Serverless Cloud by Jim Tran, Princip...
Getting Started with AWS Lambda and the Serverless Cloud by Jim Tran, Princip...Getting Started with AWS Lambda and the Serverless Cloud by Jim Tran, Princip...
Getting Started with AWS Lambda and the Serverless Cloud by Jim Tran, Princip...
 

Destaque

Keynote: Paving the Way and Making a Difference: AWS in the Public Sector
Keynote: Paving the Way and Making a Difference: AWS in the Public SectorKeynote: Paving the Way and Making a Difference: AWS in the Public Sector
Keynote: Paving the Way and Making a Difference: AWS in the Public SectorAmazon Web Services
 
AWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAmazon Web Services
 
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013Amazon Web Services
 
Getting Started with AWS Mobile Services
Getting Started with AWS Mobile ServicesGetting Started with AWS Mobile Services
Getting Started with AWS Mobile ServicesAmazon Web Services
 
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Amazon Web Services
 
Securing Your Data In The Cloud
Securing Your Data In The CloudSecuring Your Data In The Cloud
Securing Your Data In The CloudOmer Trajman
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAmazon Web Services
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAmazon Web Services
 
Introduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud ComputingIntroduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud ComputingAmazon Web Services
 
(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?Amazon Web Services
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 

Destaque (20)

Keynote: Paving the Way and Making a Difference: AWS in the Public Sector
Keynote: Paving the Way and Making a Difference: AWS in the Public SectorKeynote: Paving the Way and Making a Difference: AWS in the Public Sector
Keynote: Paving the Way and Making a Difference: AWS in the Public Sector
 
Deep Dive Amazon EC2
Deep Dive Amazon EC2Deep Dive Amazon EC2
Deep Dive Amazon EC2
 
Understanding AWS Security
Understanding AWS Security Understanding AWS Security
Understanding AWS Security
 
AWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best Practices
 
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
 
Getting Started with AWS Mobile Services
Getting Started with AWS Mobile ServicesGetting Started with AWS Mobile Services
Getting Started with AWS Mobile Services
 
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
 
Securing Your Data In The Cloud
Securing Your Data In The CloudSecuring Your Data In The Cloud
Securing Your Data In The Cloud
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWS
 
AWS Deployment Best Practices
AWS Deployment Best PracticesAWS Deployment Best Practices
AWS Deployment Best Practices
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices Masterclass
 
Introduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud ComputingIntroduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud Computing
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
 

Semelhante a Getting Started with AWS Security

Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSAlexandre Santos
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM
 
Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Amazon Web Services
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud Amazon Web Services
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPTAmazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...Amazon Web Services
 
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud Amazon Web Services
 
Security Innovations in the Cloud
Security Innovations in the CloudSecurity Innovations in the Cloud
Security Innovations in the CloudAmazon Web Services
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationAmazon Web Services
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS SecurityAmazon Web Services
 

Semelhante a Getting Started with AWS Security (20)

Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWS
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the Cloud
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rs
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
 
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
 
Security Innovations in the Cloud
Security Innovations in the CloudSecurity Innovations in the Cloud
Security Innovations in the Cloud
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS Security
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Último

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Último (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Getting Started with AWS Security

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Stephen Quigg - Principal Security Solutions Architect,AWS Ann Ledwith – Continuous Delivery Lead,Sage July 2016 Getting Started with AWS Security
  • 2. Why is enterprise security traditionally hard? Lack of visibility Low degree of automation
  • 4. Making life easier Choosing security does not mean giving up on convenience or introducing complexity
  • 5. Security ownership as part of DNA • Promotes culture of “everyone is an owner” for security • Makes security a stakeholderin business success • Enables easier and smoothercommunication Distributed Embedded
  • 7. AWS can strengthen your security posture Get native functionality and tools Over 30 global compliance certifications and accreditations Leverage security enhancements gleaned from 1 million+ customer experiences Benefit from AWS industry leading security teams 24/7, 365 days a year Security infrastructure built to satisfy military, global banks, and other high-sensitivity organizations
  • 8. Get strong assurance over AWS security controls AWS formal control environment SOC 1 Type II SOC 2 Type II and public SOC 3 report ISO 27001, 27017, 27018 Certification PCI DSS Level 1 Service Provider FedRAMP Authorization Achieve HIPAA compliance
  • 9. AWS Foundation Services Compute Storage Database Networking AWS global infrastructure Regions Availability Zones Edge locations Client-side data encryption Server-side data encryption Network traffic protection Platform, applications,identity and access management Operating system, network,and firewall configuration Customer content Customers Customers choose the required level of security Customers are responsible for their security IN the cloud AWS is responsible for the security OF the cloud
  • 10. Integrate identity and access management
  • 11. AWS Identity and Access Management IAM users IAM groups IAM roles IAM policies
  • 12. Account governance—new accounts InfoSec’s cross- account roles AWS account credential management (“Root account”) Federation Baseline requirements Actions and conditions Map enterprise roles
  • 14. AWS CloudTrail and Amazon CloudWatch AWS CloudTrail Amazon CloudWatch ü Enable globally for all AWS Regions ü Encryption and integrity validation ü Archive and forward ü Amazon CloudWatch Logs ü Metrics and filters ü Alarms and notifications
  • 16. Control where your content is stored 13 AWS Regions (11 public, China region and GovCloud region) Canada, Ohio, UK and another China region planned for 2016 and beyond 35 Availability Zones (adding 9 more in 2016 across new AWS Regions) 55+ edge locations Region Edge location
  • 17. VPC Public Subnet 10.10.1.0/24 VPC Public Subnet 10.10.2.0/24 VPC CIDR 10.10.0.0/16 VPC Private Subnet 10.10.3.0/24 VPC Private Subnet 10.10.4.0/24 VPC Private Subnet 10.10.5.0/24 VPC Private Subnet 10.10.6.0/24 AZ A AZ B Public Elastic Load Balancing Internal Elastic Load Balancing Amazon RDS Master Auto Scaling Web Tier Auto Scaling Application Tier Internet Gateway Amazon RDS Standby Snapshots Multi-AZ RDS Data Tier Existing Data Center Virtual Private Gateway Customer Gateway VPN Connection AWS Direct Connect Network Partner Location Administrators and Corporate Users Amazon Virtual Private Cloud
  • 18. Availability Zone A Private subnet Public subnet Private subnet Availability Zone B Public subnet Private subnet ELB Web Back end VPC CIDR 10.1.0.0/16 ELB Web Back end VPC sg_ELB_FrontEnd (ELB Security Group) sg_Web_Frontend (Web Security Group) Security groups sg_Backend (Backend Security Group)
  • 20. VPC Flow Logs • Agentless • Enable per Elastic Network Interface (ENI), per subnet, or per VPC • Logged to Amazon CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics and take appropriate actions AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
  • 21. VPC Flow Logs • Amazon Elasticsearch Service • Amazon CloudWatch Logs subscriptions
  • 23. Protect your data with encryption
  • 24. Cryptographic services Amazon CloudHSM ü Deep integration withAWS services ü CloudTrail ü AWS SDK for application encryption ü Dedicated HSM ü Integrate with on-premises HSMs ü Hybrid architectures AWS Key Management Service (AWS KMS)
  • 26. AWS Config and Config rules AWS Config Amazon Config rules ü Record configuration changes continuously ü Time-series view of resource changes ü Archive and compare ü Enforce best practices ü Automatically roll back unwanted changes ü Trigger additional workflow
  • 27. AWS Config tracks changes to your assets
  • 28. Visibility of when changes were made
  • 29. AWS Config rules keeps an eye on things
  • 30. AWS Config rules—tenancy enforcement example
  • 31. AWS Config rules—tenancy enforcement example
  • 34. Evolving the practice of security architecture Security architecture as a separate function can no longer exist Static position papers, architecture diagrams, and documents UI-dependent consoles and technologies Auditing, assurance, and compliance are decoupled, separate processes Current security architecture practice
  • 35. AWS CloudFormation—infrastructure as code Template StackAWS CloudFormation ü Orchestrate changes acrossAWS services ü Use as foundation toAWS Service Catalog products ü Use with source code repositories to manage infrastructure changes ü JSON-based text file describing infrastructure ü Resources created from a template ü Can be updated ü Updates can be restructured
  • 36. Evolving the practice of security architecture Security architecture can now be part of the “maker” team Architecture artifacts (design choices, narrative, and so on) committed to common repositories Complete solutions account for automation Solution architectures are living audit/compliance artifacts and evidence in a closed loop Evolved security architecture practice AWS CodeCommit AWS CodePipeline Jenkins
  • 37. Get training in AWS security Security Fundamentals on AWS (Free online course) Security Operations on AWS (Three-day class) Details at aws.amazon.com/training
  • 38. Lets hear how Sage is doing secure continuous delivery with AWS
  • 39. 33 Sage Products and Services in AWS – why? • Scalability • Fault tolerant – highly available • Cost • Agility
  • 40. FAST or SECURE FAST and SECURE
  • 41. CD Pipeline + Security 7/11/16 41 Deploy Visible to all stakeholders Static Analysis Dependency Scan Labs Unit Test TestBuild Dynamic Analysis Automated Test Create Scan Scan Continuous Integration Automated Test Source Control Artifact Management Configuration Management Infrastructure as code + Hosting platform Check in Deployment Automation Security Check Pass/Fail – changes will proceed no further on failure Quality metric – changes will proceed no further if threshold is breached Alarm
  • 42. CD Pipeline + Security 7/11/16 42 Deploy Visible to all stakeholders Static Analysis Dependency Scan Labs Unit Test TestBuild Dynamic Analysis Automated Test Create Scan Scan Continuous Integration Automated Test Source Control Artifact Management Configuration Management Infrastructure as code + Hosting platform Check in Deployment Automation Security Check Pass/Fail – changes will proceed no further on failure Quality metric – changes will proceed no further if threshold is breached Alarm
  • 43. CD Pipeline + Security 7/11/16 43 Deploy Visible to all stakeholders Static Analysis Dependency Scan Labs Unit Test TestBuild Dynamic Analysis Automated Test Create Scan Scan Continuous Integration Automated Test Source Control Artifact Management Configuration Management Infrastructure as code + Hosting platform Check in Deployment Automation Security Check Pass/Fail – changes will proceed no further on failure Quality metric – changes will proceed no further if threshold is breached Alarm Latest Amazon AMI Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific
  • 44. CD Pipeline + Security 7/11/16 44 Deploy Visible to all stakeholders Static Analysis Dependency Scan Labs Unit Test TestBuild Dynamic Analysis Automated Test Create Scan Scan Continuous Integration Automated Test Source Control Artifact Management Configuration Management Infrastructure as code + Hosting platform Check in Deployment Automation Security Check Pass/Fail – changes will proceed no further on failure Quality metric – changes will proceed no further if threshold is breached Alarm Latest Amazon Linux AMI Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific
  • 45. CD Pipeline + Security 7/11/16 45 Deploy Visible to all stakeholders Static Analysis Dependency Scan Labs Unit Test TestBuild Dynamic Analysis Automated Test Create Scan Scan Continuous Integration Automated Test Source Control Artifact Management Configuration Management Infrastructure as code + Hosting platform Check in Deployment Automation Security Check Pass/Fail – changes will proceed no further on failure Quality metric – changes will proceed no further if threshold is breached Alarm Latest Amazon Linux AMI Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific
  • 46. AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific QA AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific Performance Test AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific Production
  • 47. AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific QA AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific Performance Test AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific AMI_SERV_BUILD Patch Harden Anti-virus Amazon Tools Web Container + dependencies Application specific Production
  • 48. Outcomes • Security patches/mitigations take hours instead of days to apply across the entire fleet • Frees up the team to work on further improvements • Non-production environments representative of Live – better confidence in testing
  • 50.
  • 51. Please remember to rate this session under My Agenda on awssummit.london