SlideShare uma empresa Scribd logo

Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS Summit

Amazon Web Services
Amazon Web Services

The move to AWS enables new application and architectural patterns that are in a continual state of change. The only way that your infrastructure, security, and operations can keep pace with these changes is with automation. In this session, we discuss the various automation tools that can be used to deploy AWS infrastructure (as code), add the VM-Series to help protect against threats (security as code), and then automatically update the policy based on Amazon GuardDuty or AWS Security Hub findings (operations as code). A brief demonstration concludes this session.

1 de 13
Baixar para ler offline
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT INFRASTRUCTURE, SECURITY AND OPERATIONS “AS CODE” Dula Hernandez Channel Systems Engineer SessionID
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT CLOUD AUTOMATION DRIVERS Agility, DevSecOps, Multi-cloud Palo Alto Networks Automation Capabilities Cloud Security Automation Stack Applying Cloud Security Automation Composable Automation Eco-system Distributable Security Cloud Adoption and Benefits
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT NEED FOR AUTOMATION • Rapidly deploy new applications: Dev 🡪 Test 🡪 Prod • Improve security, increase agility, reduce effort to achieve business goals • Inject security into DevOps 🡪 DevSecOps App Network Security Infrastructur e as Code Securit y as Code Ansible AWS CloudFormation Templates Terraform Provider for AWS Terraform Provider for PAN-OS Infrastructure & Ongoing Configuration “as code” Key Stakeholder Involvement Accelerate Adoption Automation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT ACCELERATE SECURE CLOUD DEPLOYMENTS Quick Reproducible Repeatable Scalable Deploy in minutes app1 app2 app3 Region1 Region2
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT CLOUD SECURITY AUTOMATION STACK Infrastructure Build-Out Terraform Cloud Templates (Infrastructure as Code) Security Layer Terraform Provider (PAN-OS) (Security as Code) Operations Terraform Integration (Automated Incident Response) Repeatable, Consistent, Agile, and Secure Other public clouds
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT INFRASTRUCTURE AS CODE: BUILD THE ENVIRONMENT Manual Process: slow, delayed and extended rollouts Infrastructure as Code: deployed in minutes, highly reproducible, agile Region 1 Region 2 Region 1 Untrust Security group VP C Untrust Security group VP C Trust Security group VP C Trust Security group VP C Untrust Security group VP C Untrust Security group VP C Trust Security group VP C Trust Security group VP C Untrust Security group VP C Untrust Security group VP C Trust Security group VP C Trust Security group VP C
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT INFRASTRUCTURE AS CODE: FIREWALL HUB WITH ALB’S • Fully automated • Blueprint developed and pushed out company wide • Huge cost savings • VM-Series natively integrated with cloud capabilities • Next: Automate build out of LOB (Line of Business) applications Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT SECURITY AS CODE: INTEGRATE LOB WITH FIREWALL HUB • Automate the creation of private link tunnels • Automate deployment of NAT and Security policies • Seamless integration: App + Security = business objectives • We can do more! • Next: Feed threat intel to VM- Series to block attacks from new sources. VPN Connection PrivateLink PrivateLink Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer Network Load Balancer Network Load Balancer VPN GW VPN Connection PrivateLink PrivateLink Network Load Balancer Network Load Balancer VPN GW
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT OPS AS CODE: AMAZON GUARDDUTY INTEGRATION 1) Amazon GuardDuty sends security alerts to AWS CloudWatch Malicious IP address 2) Amazon CloudWatch event triggers a Lambda function Policy: Drop Session 4) DAG’s used in security policy to drop matching sessions. Dynamic Address Group 3) Register the malicious IP to a Dynamic Address Group (DAG) using the XML API. Amazon CloudWatch Lambda Function Amazon GuardDuty Untrust Security group VPC Untrust Security group VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT SUMMARY & KEY TAKEAWAYS • Framework developed with real world use case and workflows • Collaboration based on inputs from customers and cloud providers • Readily available templates • Easy to adopt and use • Highly composable • Well defined integration pointsPalo Alto Networks VM-Series Infrastructure Templates Composable Cloud Security Cloud Success with Security Cloud Native Templates Cloud Native Tunnels Automation with Terraform Security Provider devsecops Extensible Foundation Pillars Beams Cupola
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT DEMO: CLOUD SECURITY AT THE SPEED OF DEVOPS Firewall admin (Sec Team) Developer (App Team) 1. Push new app 3. Commit app security policy 4. Poll and pull changes 5. Push VM-Series policy using PAN-OS Terraform provider AWS CodeDeploy Repeat / Refine / Update 2. Deploy app 0. Infrastructure as code using Terraform templates web app root volume data volume Availability zone 1 Security group Auto Scaling group Security group
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT Thank you! SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Speaker Name Contact information
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMITSUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey. !

Recomendados

Architecting Digital Media Archive Migrations with AWS - STG301 - Anaheim AWS...
Architecting Digital Media Archive Migrations with AWS - STG301 - Anaheim AWS...Architecting Digital Media Archive Migrations with AWS - STG301 - Anaheim AWS...
Architecting Digital Media Archive Migrations with AWS - STG301 - Anaheim AWS...Amazon Web Services
 
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Amazon Web Services
 
Build-a-Unified-Cloud
Build-a-Unified-CloudBuild-a-Unified-Cloud
Build-a-Unified-CloudAmazon Web Services
 
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdf
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdfPerforming real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdf
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...
Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...
Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...Amazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...Amazon Web Services
 
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitAmazon Web Services
 

Recomendados

Architecting Digital Media Archive Migrations with AWS - STG301 - Anaheim AWS...
Architecting Digital Media Archive Migrations with AWS - STG301 - Anaheim AWS...Architecting Digital Media Archive Migrations with AWS - STG301 - Anaheim AWS...
Architecting Digital Media Archive Migrations with AWS - STG301 - Anaheim AWS...Amazon Web Services
 
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...
Build a Next-Gen Meeting Room Experience Using Alexa for Business - SVC203 - ...Amazon Web Services
 
Build-a-Unified-Cloud
Build-a-Unified-CloudBuild-a-Unified-Cloud
Build-a-Unified-CloudAmazon Web Services
 
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdf
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdfPerforming real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdf
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...
Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...
Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...Amazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...Amazon Web Services
 
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitAmazon Web Services
 
How to act on security and compliance alerts with AWS Security Hub - SEC202 -...
How to act on security and compliance alerts with AWS Security Hub - SEC202 -...How to act on security and compliance alerts with AWS Security Hub - SEC202 -...
How to act on security and compliance alerts with AWS Security Hub - SEC202 -...Amazon Web Services
 
Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Amazon Web Services
 
以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構Amazon Web Services
 
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...Amazon Web Services
 
Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Amazon Web Services
 
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS SummitDiscover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS SummitAmazon Web Services
 
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS SummitTwelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS SummitAmazon Web Services
 
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Amazon Web Services
 
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitDiscuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitAmazon Web Services
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitAmazon Web Services
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Amazon Web Services
 
Twelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS SummitTwelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS SummitAmazon Web Services
 
Machine learning at the IoT Edge with AWS IoT Greengrass - SVC203 - Atlanta A...
Machine learning at the IoT Edge with AWS IoT Greengrass - SVC203 - Atlanta A...Machine learning at the IoT Edge with AWS IoT Greengrass - SVC203 - Atlanta A...
Machine learning at the IoT Edge with AWS IoT Greengrass - SVC203 - Atlanta A...Amazon Web Services
 
Architecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentArchitecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentAmazon Web Services
 
Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...
Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...
Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...Amazon Web Services
 
Database Freedom - ADB304 - Santa Clara AWS Summit
Database Freedom - ADB304 - Santa Clara AWS SummitDatabase Freedom - ADB304 - Santa Clara AWS Summit
Database Freedom - ADB304 - Santa Clara AWS SummitAmazon Web Services
 
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...Amazon Web Services
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Amazon Web Services
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...Amazon Web Services
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep DiveAmazon Web Services
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Amazon Web Services
 
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

How to act on security and compliance alerts with AWS Security Hub - SEC202 -...
How to act on security and compliance alerts with AWS Security Hub - SEC202 -...How to act on security and compliance alerts with AWS Security Hub - SEC202 -...
How to act on security and compliance alerts with AWS Security Hub - SEC202 -...Amazon Web Services
 
Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Amazon Web Services
 
以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構Amazon Web Services
 
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...Amazon Web Services
 
Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Amazon Web Services
 
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS SummitDiscover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS SummitAmazon Web Services
 
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS SummitTwelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS SummitAmazon Web Services
 
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Amazon Web Services
 
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitDiscuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitAmazon Web Services
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitAmazon Web Services
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Amazon Web Services
 
Twelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS SummitTwelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS SummitAmazon Web Services
 
Machine learning at the IoT Edge with AWS IoT Greengrass - SVC203 - Atlanta A...
Machine learning at the IoT Edge with AWS IoT Greengrass - SVC203 - Atlanta A...Machine learning at the IoT Edge with AWS IoT Greengrass - SVC203 - Atlanta A...
Machine learning at the IoT Edge with AWS IoT Greengrass - SVC203 - Atlanta A...Amazon Web Services
 
Architecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentArchitecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentAmazon Web Services
 
Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...
Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...
Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...Amazon Web Services
 
Database Freedom - ADB304 - Santa Clara AWS Summit
Database Freedom - ADB304 - Santa Clara AWS SummitDatabase Freedom - ADB304 - Santa Clara AWS Summit
Database Freedom - ADB304 - Santa Clara AWS SummitAmazon Web Services
 
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...Amazon Web Services
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Amazon Web Services
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...Amazon Web Services
 

Mais procurados (20)

How to act on security and compliance alerts with AWS Security Hub - SEC202 -...
How to act on security and compliance alerts with AWS Security Hub - SEC202 -...How to act on security and compliance alerts with AWS Security Hub - SEC202 -...
How to act on security and compliance alerts with AWS Security Hub - SEC202 -...
 
Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...
 
以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構
 
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
 
Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...
 
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS SummitDiscover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
Discover MongoDB Atlas and MongoDB Stitch - DEM02-S - Mexico City AWS Summit
 
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS SummitTwelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
Twelve-Factor Serverless Applications - MAD303 - Anaheim AWS Summit
 
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
 
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitDiscuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
 
Twelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS SummitTwelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
Twelve-factor serverless applications - MAD302 - Santa Clara AWS Summit
 
Machine learning at the IoT Edge with AWS IoT Greengrass - SVC203 - Atlanta A...
Machine learning at the IoT Edge with AWS IoT Greengrass - SVC203 - Atlanta A...Machine learning at the IoT Edge with AWS IoT Greengrass - SVC203 - Atlanta A...
Machine learning at the IoT Edge with AWS IoT Greengrass - SVC203 - Atlanta A...
 
Architecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentArchitecting security and governance across your AWS environment
Architecting security and governance across your AWS environment
 
Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...
Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...
Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...
 
Database Freedom - ADB304 - Santa Clara AWS Summit
Database Freedom - ADB304 - Santa Clara AWS SummitDatabase Freedom - ADB304 - Santa Clara AWS Summit
Database Freedom - ADB304 - Santa Clara AWS Summit
 
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep Dive
 

Semelhante a Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS Summit

Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Amazon Web Services
 
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Amazon Web Services
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Amazon Web Services
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Cynthia Hsieh
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Amazon Web Services
 
Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A... Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A...Amazon Web Services
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudAmazon Web Services
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloudAmazon Web Services
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecurityAmazon Web Services
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Amazon Web Services
 
Accelerating Your Cloud Innovation
Accelerating Your Cloud InnovationAccelerating Your Cloud Innovation
Accelerating Your Cloud InnovationAmazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPCAWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPCAmazon Web Services
 
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAmazon Web Services
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS servicesRuncy Oommen
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWSAmazon Web Services
 

Semelhante a Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS Summit (20)

Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
 
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
 
Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A... Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A...
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloud
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloud
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on Security
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
 
Accelerating Your Cloud Innovation
Accelerating Your Cloud InnovationAccelerating Your Cloud Innovation
Accelerating Your Cloud Innovation
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
 
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPCAWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
 
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS services
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWS
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS Summit

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT INFRASTRUCTURE, SECURITY AND OPERATIONS “AS CODE” Dula Hernandez Channel Systems Engineer SessionID
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT CLOUD AUTOMATION DRIVERS Agility, DevSecOps, Multi-cloud Palo Alto Networks Automation Capabilities Cloud Security Automation Stack Applying Cloud Security Automation Composable Automation Eco-system Distributable Security Cloud Adoption and Benefits
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT NEED FOR AUTOMATION • Rapidly deploy new applications: Dev 🡪 Test 🡪 Prod • Improve security, increase agility, reduce effort to achieve business goals • Inject security into DevOps 🡪 DevSecOps App Network Security Infrastructur e as Code Securit y as Code Ansible AWS CloudFormation Templates Terraform Provider for AWS Terraform Provider for PAN-OS Infrastructure & Ongoing Configuration “as code” Key Stakeholder Involvement Accelerate Adoption Automation
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT ACCELERATE SECURE CLOUD DEPLOYMENTS Quick Reproducible Repeatable Scalable Deploy in minutes app1 app2 app3 Region1 Region2
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT CLOUD SECURITY AUTOMATION STACK Infrastructure Build-Out Terraform Cloud Templates (Infrastructure as Code) Security Layer Terraform Provider (PAN-OS) (Security as Code) Operations Terraform Integration (Automated Incident Response) Repeatable, Consistent, Agile, and Secure Other public clouds
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT INFRASTRUCTURE AS CODE: BUILD THE ENVIRONMENT Manual Process: slow, delayed and extended rollouts Infrastructure as Code: deployed in minutes, highly reproducible, agile Region 1 Region 2 Region 1 Untrust Security group VP C Untrust Security group VP C Trust Security group VP C Trust Security group VP C Untrust Security group VP C Untrust Security group VP C Trust Security group VP C Trust Security group VP C Untrust Security group VP C Untrust Security group VP C Trust Security group VP C Trust Security group VP C
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT INFRASTRUCTURE AS CODE: FIREWALL HUB WITH ALB’S • Fully automated • Blueprint developed and pushed out company wide • Huge cost savings • VM-Series natively integrated with cloud capabilities • Next: Automate build out of LOB (Line of Business) applications Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT SECURITY AS CODE: INTEGRATE LOB WITH FIREWALL HUB • Automate the creation of private link tunnels • Automate deployment of NAT and Security policies • Seamless integration: App + Security = business objectives • We can do more! • Next: Feed threat intel to VM- Series to block attacks from new sources. VPN Connection PrivateLink PrivateLink Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer Network Load Balancer Network Load Balancer VPN GW VPN Connection PrivateLink PrivateLink Network Load Balancer Network Load Balancer VPN GW
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT OPS AS CODE: AMAZON GUARDDUTY INTEGRATION 1) Amazon GuardDuty sends security alerts to AWS CloudWatch Malicious IP address 2) Amazon CloudWatch event triggers a Lambda function Policy: Drop Session 4) DAG’s used in security policy to drop matching sessions. Dynamic Address Group 3) Register the malicious IP to a Dynamic Address Group (DAG) using the XML API. Amazon CloudWatch Lambda Function Amazon GuardDuty Untrust Security group VPC Untrust Security group VPC
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT SUMMARY & KEY TAKEAWAYS • Framework developed with real world use case and workflows • Collaboration based on inputs from customers and cloud providers • Readily available templates • Easy to adopt and use • Highly composable • Well defined integration pointsPalo Alto Networks VM-Series Infrastructure Templates Composable Cloud Security Cloud Success with Security Cloud Native Templates Cloud Native Tunnels Automation with Terraform Security Provider devsecops Extensible Foundation Pillars Beams Cupola
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT DEMO: CLOUD SECURITY AT THE SPEED OF DEVOPS Firewall admin (Sec Team) Developer (App Team) 1. Push new app 3. Commit app security policy 4. Poll and pull changes 5. Push VM-Series policy using PAN-OS Terraform provider AWS CodeDeploy Repeat / Refine / Update 2. Deploy app 0. Infrastructure as code using Terraform templates web app root volume data volume Availability zone 1 Security group Auto Scaling group Security group
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT Thank you! SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Speaker Name Contact information
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMITSUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey. !