SlideShare uma empresa Scribd logo

AWS Control Tower

C
CloudHesive

AWS Control Tower

Tecnologia
1 de 33
Baixar para ler offline
© 2021, Amazon Web Services, Inc. or its Affiliates. Eduardo Lovera Solutions Architect Devin Patterson Solutions Architect 12/13/21 AWS Control Tower Using AWS Control Tower to govern multi-account AWS environments at scale
© 2021, Amazon Web Services, Inc. or its Affiliates. Every home needs a strong architecture Every home needs a strong architecture
© 2021, Amazon Web Services, Inc. or its Affiliates. Agenda • Management and Governance • Services Integration and Guardrails • Provisioning and Operations • Control Tower Examples • QA
© 2021, Amazon Web Services, Inc. or its Affiliates. Management and Governance
© 2021, Amazon Web Services, Inc. or its Affiliates. Provision Operate AWS management and governance services Enable BUSINESS AGILITY + GOVERNANCE CONTROL AWS Control Tower AWS Organizations AWS Budgets AWS License Manager AWS OpsWorks AWS CloudFormation AWS Service Catalog AWS Cost Explorer Amazon CloudWatch AWS Cost and Usage Report AWS CloudTrail AWS Systems Manager AWS Config
© 2021, Amazon Web Services, Inc. or its Affiliates. Business agility or governance? Governance — Agility — Self-service access Experiment fast Respond quickly to change
© 2021, Amazon Web Services, Inc. or its Affiliates. AWS Control Tower The easiest self-service solution to automate the setup of new AWS multi-account environments Deployment of AWS best practice Blueprints and Guardrails An AWS service, offering automated account creation based on AWS best practices Dashboard for monitoring compliance status AWS Managed Service version of multi account environment
© 2021, Amazon Web Services, Inc. or its Affiliates. Enable governance Set up an AWS landing zone Establish guardrails Automate compliant account provisioning Centralize identity and access Manage continuously
© 2021, Amazon Web Services, Inc. or its Affiliates. Out of the Box in < 1 Hr…ZERO lines of code written 2 email addresses and 2 mouse clicks Dashboard for visibility Automated landing zone Guardrails Account factory Built-in identity and access Preconfigured log archive and audit access to accounts Built-in monitoring and notifications Automatic updates
© 2021, Amazon Web Services, Inc. or its Affiliates. Landing Zone provisioned by AWS Control Tower Management Account AWS Control Tower AWS Organizations AWS Single Sign-On AWS CloudFormation StackSets AWS Service Catalog (Account Factory) Core OU Custom OU AWS SSO directory Log Archive Account Audit Account Provisioned accounts Account Baseline Centralized AWS CloudTrail and AWS Config logs Account Baseline Security Notifications Security Cross- account roles Amazon Config Aggregator Account Baseline Network Baseline
© 2021, Amazon Web Services, Inc. or its Affiliates. Services Integration and Guardrails
© 2021, Amazon Web Services, Inc. or its Affiliates. AWS Service Integration AWS Control Tower Account Management Guardrail Enforcement AWS Security Hub Landing Zone AWS Landing Zone AWS Organizations
© 2021, Amazon Web Services, Inc. or its Affiliates. Establish guardrails Organizational units Accounts Enable Enable Output Output Output Organizational units Accounts Preventive guardrail Granular AWS policies SCP Detective/remediable guardrails Granular AWS policies AWS Config rules Always compliant Compliant Non- compliant
© 2021, Amazon Web Services, Inc. or its Affiliates. Guardrail Examples Guardrail Type Requirement Enable MFA for the Root User Detective Strongly Recommended Disallow public read access to S3 Detective Strongly Recommended Enable AWS Config in All Available Regions Preventive Mandatory Disallow Policy Changes to Log Archive Preventive Mandatory Integrate CloudTrail Events with CloudWatch Logs Preventive Mandatory Disallow Amazon S3 Buckets That Are Not Versioning Enabled Detective Elective Disallow Delete Actions on Amazon S3 Buckets Without MFA Detective Elective
© 2021, Amazon Web Services, Inc. or its Affiliates. Centralize identity and access • AWS SSO provides default directory for identity • AWS SSO also enables federated access management across all accounts in your organization • Preconfigured groups (e.g., AWS Control Tower administrators, auditors, AWS Service Catalog end users) • Preconfigured permission sets (e.g., admin, read-only, write) • AWS SSO integrates with 3rd party IDP (Microsoft Azure AD, PING, OKTA)
© 2021, Amazon Web Services, Inc. or its Affiliates. Automate Compliant Account Provisioning New Governed AWS account Network baseline Account baseline AWS Control Tower Applied Guardrails Account factory Defaults Network baseline Network CIDR Network regions OU Account baseline AWS Service Catalog Automation
© 2021, Amazon Web Services, Inc. or its Affiliates. Provisioning and Operations
© 2021, Amazon Web Services, Inc. or its Affiliates. Self-service account provisioning in AWS Service Catalog Users can configure and provision AWS accounts and resources without needing full privileges to AWS services (e.g., Amazon EC2, Amazon RDS) 3 2 1
© 2021, Amazon Web Services, Inc. or its Affiliates. Web Site Kit: 6 weeks of work <30 mins If you build it yourself: Team can instantiate in (with Service Catalog): Maybe miss features / security Already Info-Sec reviewed, ongoing updates Serverless Kit: 8 weeks of work <30 mins If you build it yourself: Team can instantiate in: Maybe miss features / security & lots of complexity Already Info-Sec reviewed, ongoing updates Enabling DevOps with AWS Service Catalog
© 2021, Amazon Web Services, Inc. or its Affiliates. Operate with agility + control Operate Dashboard Continuous visibility into your multi-account environment Act Take operational action on resources Audit Audit resource configurations, user access, and policy enforcement Monitor Monitor resources and workloads
© 2021, Amazon Web Services, Inc. or its Affiliates. Lifecycle events Benefits: • Amazon EventBridge Integration • Operation Status Events supported: 1. CreateManagedAccount 2. UpdateManagedAccount 3. EnableGuardrail 4. DisableGuardrail 5. SetupLandingZone 6. UpdateLandingZone 7. RegisterOrganizationalUnit 8. DeregisterOrganizationalUnit
© 2021, Amazon Web Services, Inc. or its Affiliates. Configure/Trigger Customizations with LifeCycle Events Account Stack Set Amazon GuardDuty AWS Security Hub IAM Roles Amazon VPC Flow logs Account Customizations 1. Launch Account Admin New Account 2. Account Created Amazon CloudWatch Rule 3. CreateManagedAccount AWS Lambda 4. Trigger Lambda AWS CloudFormation 6a. Trigger customizations through stack additions 6b. Trigger customizations Directly Control Tower Management AWS Service Catalog • CreateManagedAccount: The log records whether AWS Control Tower successfully completed every action to create and provision a new account using account factory.
© 2021, Amazon Web Services, Inc. or its Affiliates. Control Tower Examples
© 2021, Amazon Web Services, Inc. or its Affiliates. Multi-account approach // security log flow Developer Sandbox Dev Pre-Prod Workloads Security Security AWS Organizations Shared Services Network Log Archive Prod Team Shared Services Network Path Sandbox Data Center Orgs: Account management Log Archive: Security logs Security: Security tools, AWS Config rules Shared services: Directory, limit monitoring Network: AWS Direct Connect Dev Sandbox: Experiments, Learning Dev: Development Pre-Prod: Staging Prod: Production Team SS: Team Shared Services, Data Lake Infrastructure
© 2021, Amazon Web Services, Inc. or its Affiliates. Multi-account approach // network connectivity Developer Sandbox Dev Pre-Prod Workloads Security Security AWS Organizations Shared Services Network Log Archive Prod Team Shared Services Network Path Sandbox Data Center Orgs: Account management Log Archive: Security logs Security: Security tools, AWS Config rules Shared services: Directory, limit monitoring Network: AWS Direct Connect Dev Sandbox: Experiments, Learning Dev: Development Pre-Prod: Staging Prod: Production Team SS: Team Shared Services, Data Lake Infrastructure
© 2021, Amazon Web Services, Inc. or its Affiliates. Starter AWS multi-account framework AWS Cloud AWS Organizations Foundational Organizational Units (OUs) Security Infrastructure Δ Shared Services Δ Network Additional OUs
© 2021, Amazon Web Services, Inc. or its Affiliates. Multi-account framework AWS Cloud AWS Organizations Master Foundational Organizational Units (OU) Infrastructure Δ Shared Services Δ Network Additional OU Security
© 2021, Amazon Web Services, Inc. or its Affiliates. Use cases for Control Tower solutions on AWS Marketplace Operational Excellence Operational Readiness https://aws.amazon.com/marketplace/solutions/control-tower/ Establish centralized infrastructure software and services to manage a multi-account environment and deliver enhanced performance and security. Elevate your multi-account environment by detecting the occurrence of security events, enabling faster responses, and making security improvements. Multi-account security Identity management Network management SIEM Operational intelligence Cost management and governance Multi-account security
© 2021, Amazon Web Services, Inc. or its Affiliates. Summary of key features Dashboard for visibility and actions Automated landing zone with best practice blueprints Guardrails for policy management Account factory for account provisioning Built-in identity and access management Preconfigured log archive and audit access to accounts Built-in monitoring and notifications Automatic updates
© 2021, Amazon Web Services, Inc. or its Affiliates. How do I get started? AWS Control Tower labs: https://controltower.aws-management.tools/ Attend an AWS Control Tower Activation Day – held regionally / time zone based - contact account team Getting started : https://tinyurl.com/y2gtzf9c How-to videos (Management & Governance): https://tinyurl.com/y3yeohkm
© 2021, Amazon Web Services, Inc. or its Affiliates. Q&A Eduardo Lovera edulover@amazon.com Devin Patterson dhpatt@amazon.com
© 2021, Amazon Web Services, Inc. or its Affiliates. Help us Improve! https://survey.immersionday.com/rvtCfL2nR
© 2021, Amazon Web Services, Inc. or its Affiliates. Thank You Eduardo Lovera edulover@amazon.com Devin Patterson dhpatt@amazon.com

Recomendados

Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubAmazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 

Recomendados

Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubAmazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design Amazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: SecurityAmazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...Amazon Web Services
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerAmazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials DayAmazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security FundamentalsAmazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionErnest Chiang
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubCrishantha Nanayakkara
 
Cloudwatch: Monitoring your AWS services with Metrics and Alarms
Cloudwatch: Monitoring your AWS services with Metrics and AlarmsCloudwatch: Monitoring your AWS services with Metrics and Alarms
Cloudwatch: Monitoring your AWS services with Metrics and AlarmsFelipe
 
AWS Cloud Watch
AWS Cloud WatchAWS Cloud Watch
AWS Cloud WatchzekeLabs Technologies
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAmazon Web Services
 
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...Amazon Web Services
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...Amazon Web Services
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerAmazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionErnest Chiang
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
Cloudwatch: Monitoring your AWS services with Metrics and Alarms
Cloudwatch: Monitoring your AWS services with Metrics and AlarmsCloudwatch: Monitoring your AWS services with Metrics and Alarms
Cloudwatch: Monitoring your AWS services with Metrics and AlarmsFelipe
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAmazon Web Services
 

Mais procurados (20)

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets Manager
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials Day
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Cloudwatch: Monitoring your AWS services with Metrics and Alarms
Cloudwatch: Monitoring your AWS services with Metrics and AlarmsCloudwatch: Monitoring your AWS services with Metrics and Alarms
Cloudwatch: Monitoring your AWS services with Metrics and Alarms
 
AWS Cloud Watch
AWS Cloud WatchAWS Cloud Watch
AWS Cloud Watch
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
 

Semelhante a AWS Control Tower

Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...Amazon Web Services
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
Introduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptxIntroduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptxGauravSharma164138
 
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...Amazon Web Services
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
 
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptxTrack 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptxAmazon Web Services
 
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Amazon Web Services
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
AWS Systems manager 2019
AWS Systems manager 2019AWS Systems manager 2019
AWS Systems manager 2019John Varghese
 
Private Equity Value Creation Carve Outs, Divestitures and mergers
Private Equity Value Creation Carve Outs, Divestitures and mergersPrivate Equity Value Creation Carve Outs, Divestitures and mergers
Private Equity Value Creation Carve Outs, Divestitures and mergersTom Laszewski
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
 
Security Automation using AWS Management Tools
Security Automation using AWS Management ToolsSecurity Automation using AWS Management Tools
Security Automation using AWS Management ToolsAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...Brian Andrzejewski
 
ENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesAmazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
Best Practices for getting Started on AWS
Best Practices for getting Started on AWSBest Practices for getting Started on AWS
Best Practices for getting Started on AWSAmazon Web Services
 

Semelhante a AWS Control Tower (20)

Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
 
Introduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptxIntroduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptx
 
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
 
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptxTrack 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
 
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
 
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
AWS Systems manager 2019
AWS Systems manager 2019AWS Systems manager 2019
AWS Systems manager 2019
 
Private Equity Value Creation Carve Outs, Divestitures and mergers
Private Equity Value Creation Carve Outs, Divestitures and mergersPrivate Equity Value Creation Carve Outs, Divestitures and mergers
Private Equity Value Creation Carve Outs, Divestitures and mergers
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdf
 
Security Automation using AWS Management Tools
Security Automation using AWS Management ToolsSecurity Automation using AWS Management Tools
Security Automation using AWS Management Tools
 
AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By Design
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
AWS reInforce 2021: TDR202 - Lessons learned from the front lines of Incident...
 
ENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS ServicesENT201 Simplifying Microsoft Architectures with AWS Services
ENT201 Simplifying Microsoft Architectures with AWS Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019
 
Best Practices for getting Started on AWS
Best Practices for getting Started on AWSBest Practices for getting Started on AWS
Best Practices for getting Started on AWS
 

Mais de CloudHesive

Serverless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of FloridaServerless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of FloridaCloudHesive
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...CloudHesive
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...CloudHesive
 
Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...CloudHesive
 
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptxAmazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptxCloudHesive
 
ConnectPath Introduction
ConnectPath IntroductionConnectPath Introduction
ConnectPath IntroductionCloudHesive
 
Modernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdfModernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdfCloudHesive
 
Modernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdfModernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdfCloudHesive
 
End User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptxEnd User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptxCloudHesive
 
Analytics at CloudHesive
Analytics at CloudHesiveAnalytics at CloudHesive
Analytics at CloudHesiveCloudHesive
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicCloudHesive
 
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS CostsBest Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS CostsCloudHesive
 
Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations CloudHesive
 
reInvent reCap 2022
reInvent reCap 2022reInvent reCap 2022
reInvent reCap 2022CloudHesive
 
Serverless without Code (Lambda)
Serverless without Code (Lambda)Serverless without Code (Lambda)
Serverless without Code (Lambda)CloudHesive
 
AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)CloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
5 minutes on security
5 minutes on security5 minutes on security
5 minutes on securityCloudHesive
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 

Mais de CloudHesive (20)

Serverless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of FloridaServerless Generative AI on AWS, AWS User Groups of Florida
Serverless Generative AI on AWS, AWS User Groups of Florida
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
 
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
Amazon Connect & AI - Shaping the Future of Customer Interactions - GenAI and...
 
Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...Accelerating Business and Research Through Automation and Artificial Intellig...
Accelerating Business and Research Through Automation and Artificial Intellig...
 
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptxAmazon Connect Rethink Your Contact Center with CloudHesive.pptx
Amazon Connect Rethink Your Contact Center with CloudHesive.pptx
 
ConnectPath Introduction
ConnectPath IntroductionConnectPath Introduction
ConnectPath Introduction
 
Modernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdfModernize your contact center with ConnectPath CX v2.pdf
Modernize your contact center with ConnectPath CX v2.pdf
 
Modernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdfModernize your contact center with ConnectPath CX — Chart.pdf
Modernize your contact center with ConnectPath CX — Chart.pdf
 
End User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptxEnd User Computing at CloudHesive.pptx
End User Computing at CloudHesive.pptx
 
Analytics at CloudHesive
Analytics at CloudHesiveAnalytics at CloudHesive
Analytics at CloudHesive
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
 
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS CostsBest Practices and Resources to Effectively Manage and Optimize Your AWS Costs
Best Practices and Resources to Effectively Manage and Optimize Your AWS Costs
 
Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations Serverless data and analytics on AWS for operations
Serverless data and analytics on AWS for operations
 
reInvent reCap 2022
reInvent reCap 2022reInvent reCap 2022
reInvent reCap 2022
 
Serverless without Code (Lambda)
Serverless without Code (Lambda)Serverless without Code (Lambda)
Serverless without Code (Lambda)
 
AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)AWS Advanced Analytics Automation Toolkit (AAA)
AWS Advanced Analytics Automation Toolkit (AAA)
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
5 minutes on security
5 minutes on security5 minutes on security
5 minutes on security
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 

Último

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 

AWS Control Tower

  • 1. © 2021, Amazon Web Services, Inc. or its Affiliates. Eduardo Lovera Solutions Architect Devin Patterson Solutions Architect 12/13/21 AWS Control Tower Using AWS Control Tower to govern multi-account AWS environments at scale
  • 2. © 2021, Amazon Web Services, Inc. or its Affiliates. Every home needs a strong architecture Every home needs a strong architecture
  • 3. © 2021, Amazon Web Services, Inc. or its Affiliates. Agenda • Management and Governance • Services Integration and Guardrails • Provisioning and Operations • Control Tower Examples • QA
  • 4. © 2021, Amazon Web Services, Inc. or its Affiliates. Management and Governance
  • 5. © 2021, Amazon Web Services, Inc. or its Affiliates. Provision Operate AWS management and governance services Enable BUSINESS AGILITY + GOVERNANCE CONTROL AWS Control Tower AWS Organizations AWS Budgets AWS License Manager AWS OpsWorks AWS CloudFormation AWS Service Catalog AWS Cost Explorer Amazon CloudWatch AWS Cost and Usage Report AWS CloudTrail AWS Systems Manager AWS Config
  • 6. © 2021, Amazon Web Services, Inc. or its Affiliates. Business agility or governance? Governance — Agility — Self-service access Experiment fast Respond quickly to change
  • 7. © 2021, Amazon Web Services, Inc. or its Affiliates. AWS Control Tower The easiest self-service solution to automate the setup of new AWS multi-account environments Deployment of AWS best practice Blueprints and Guardrails An AWS service, offering automated account creation based on AWS best practices Dashboard for monitoring compliance status AWS Managed Service version of multi account environment
  • 8. © 2021, Amazon Web Services, Inc. or its Affiliates. Enable governance Set up an AWS landing zone Establish guardrails Automate compliant account provisioning Centralize identity and access Manage continuously
  • 9. © 2021, Amazon Web Services, Inc. or its Affiliates. Out of the Box in < 1 Hr…ZERO lines of code written 2 email addresses and 2 mouse clicks Dashboard for visibility Automated landing zone Guardrails Account factory Built-in identity and access Preconfigured log archive and audit access to accounts Built-in monitoring and notifications Automatic updates
  • 10. © 2021, Amazon Web Services, Inc. or its Affiliates. Landing Zone provisioned by AWS Control Tower Management Account AWS Control Tower AWS Organizations AWS Single Sign-On AWS CloudFormation StackSets AWS Service Catalog (Account Factory) Core OU Custom OU AWS SSO directory Log Archive Account Audit Account Provisioned accounts Account Baseline Centralized AWS CloudTrail and AWS Config logs Account Baseline Security Notifications Security Cross- account roles Amazon Config Aggregator Account Baseline Network Baseline
  • 11. © 2021, Amazon Web Services, Inc. or its Affiliates. Services Integration and Guardrails
  • 12. © 2021, Amazon Web Services, Inc. or its Affiliates. AWS Service Integration AWS Control Tower Account Management Guardrail Enforcement AWS Security Hub Landing Zone AWS Landing Zone AWS Organizations
  • 13. © 2021, Amazon Web Services, Inc. or its Affiliates. Establish guardrails Organizational units Accounts Enable Enable Output Output Output Organizational units Accounts Preventive guardrail Granular AWS policies SCP Detective/remediable guardrails Granular AWS policies AWS Config rules Always compliant Compliant Non- compliant
  • 14. © 2021, Amazon Web Services, Inc. or its Affiliates. Guardrail Examples Guardrail Type Requirement Enable MFA for the Root User Detective Strongly Recommended Disallow public read access to S3 Detective Strongly Recommended Enable AWS Config in All Available Regions Preventive Mandatory Disallow Policy Changes to Log Archive Preventive Mandatory Integrate CloudTrail Events with CloudWatch Logs Preventive Mandatory Disallow Amazon S3 Buckets That Are Not Versioning Enabled Detective Elective Disallow Delete Actions on Amazon S3 Buckets Without MFA Detective Elective
  • 15. © 2021, Amazon Web Services, Inc. or its Affiliates. Centralize identity and access • AWS SSO provides default directory for identity • AWS SSO also enables federated access management across all accounts in your organization • Preconfigured groups (e.g., AWS Control Tower administrators, auditors, AWS Service Catalog end users) • Preconfigured permission sets (e.g., admin, read-only, write) • AWS SSO integrates with 3rd party IDP (Microsoft Azure AD, PING, OKTA)
  • 16. © 2021, Amazon Web Services, Inc. or its Affiliates. Automate Compliant Account Provisioning New Governed AWS account Network baseline Account baseline AWS Control Tower Applied Guardrails Account factory Defaults Network baseline Network CIDR Network regions OU Account baseline AWS Service Catalog Automation
  • 17. © 2021, Amazon Web Services, Inc. or its Affiliates. Provisioning and Operations
  • 18. © 2021, Amazon Web Services, Inc. or its Affiliates. Self-service account provisioning in AWS Service Catalog Users can configure and provision AWS accounts and resources without needing full privileges to AWS services (e.g., Amazon EC2, Amazon RDS) 3 2 1
  • 19. © 2021, Amazon Web Services, Inc. or its Affiliates. Web Site Kit: 6 weeks of work <30 mins If you build it yourself: Team can instantiate in (with Service Catalog): Maybe miss features / security Already Info-Sec reviewed, ongoing updates Serverless Kit: 8 weeks of work <30 mins If you build it yourself: Team can instantiate in: Maybe miss features / security & lots of complexity Already Info-Sec reviewed, ongoing updates Enabling DevOps with AWS Service Catalog
  • 20. © 2021, Amazon Web Services, Inc. or its Affiliates. Operate with agility + control Operate Dashboard Continuous visibility into your multi-account environment Act Take operational action on resources Audit Audit resource configurations, user access, and policy enforcement Monitor Monitor resources and workloads
  • 21. © 2021, Amazon Web Services, Inc. or its Affiliates. Lifecycle events Benefits: • Amazon EventBridge Integration • Operation Status Events supported: 1. CreateManagedAccount 2. UpdateManagedAccount 3. EnableGuardrail 4. DisableGuardrail 5. SetupLandingZone 6. UpdateLandingZone 7. RegisterOrganizationalUnit 8. DeregisterOrganizationalUnit
  • 22. © 2021, Amazon Web Services, Inc. or its Affiliates. Configure/Trigger Customizations with LifeCycle Events Account Stack Set Amazon GuardDuty AWS Security Hub IAM Roles Amazon VPC Flow logs Account Customizations 1. Launch Account Admin New Account 2. Account Created Amazon CloudWatch Rule 3. CreateManagedAccount AWS Lambda 4. Trigger Lambda AWS CloudFormation 6a. Trigger customizations through stack additions 6b. Trigger customizations Directly Control Tower Management AWS Service Catalog • CreateManagedAccount: The log records whether AWS Control Tower successfully completed every action to create and provision a new account using account factory.
  • 23. © 2021, Amazon Web Services, Inc. or its Affiliates. Control Tower Examples
  • 24. © 2021, Amazon Web Services, Inc. or its Affiliates. Multi-account approach // security log flow Developer Sandbox Dev Pre-Prod Workloads Security Security AWS Organizations Shared Services Network Log Archive Prod Team Shared Services Network Path Sandbox Data Center Orgs: Account management Log Archive: Security logs Security: Security tools, AWS Config rules Shared services: Directory, limit monitoring Network: AWS Direct Connect Dev Sandbox: Experiments, Learning Dev: Development Pre-Prod: Staging Prod: Production Team SS: Team Shared Services, Data Lake Infrastructure
  • 25. © 2021, Amazon Web Services, Inc. or its Affiliates. Multi-account approach // network connectivity Developer Sandbox Dev Pre-Prod Workloads Security Security AWS Organizations Shared Services Network Log Archive Prod Team Shared Services Network Path Sandbox Data Center Orgs: Account management Log Archive: Security logs Security: Security tools, AWS Config rules Shared services: Directory, limit monitoring Network: AWS Direct Connect Dev Sandbox: Experiments, Learning Dev: Development Pre-Prod: Staging Prod: Production Team SS: Team Shared Services, Data Lake Infrastructure
  • 26. © 2021, Amazon Web Services, Inc. or its Affiliates. Starter AWS multi-account framework AWS Cloud AWS Organizations Foundational Organizational Units (OUs) Security Infrastructure Δ Shared Services Δ Network Additional OUs
  • 27. © 2021, Amazon Web Services, Inc. or its Affiliates. Multi-account framework AWS Cloud AWS Organizations Master Foundational Organizational Units (OU) Infrastructure Δ Shared Services Δ Network Additional OU Security
  • 28. © 2021, Amazon Web Services, Inc. or its Affiliates. Use cases for Control Tower solutions on AWS Marketplace Operational Excellence Operational Readiness https://aws.amazon.com/marketplace/solutions/control-tower/ Establish centralized infrastructure software and services to manage a multi-account environment and deliver enhanced performance and security. Elevate your multi-account environment by detecting the occurrence of security events, enabling faster responses, and making security improvements. Multi-account security Identity management Network management SIEM Operational intelligence Cost management and governance Multi-account security
  • 29. © 2021, Amazon Web Services, Inc. or its Affiliates. Summary of key features Dashboard for visibility and actions Automated landing zone with best practice blueprints Guardrails for policy management Account factory for account provisioning Built-in identity and access management Preconfigured log archive and audit access to accounts Built-in monitoring and notifications Automatic updates
  • 30. © 2021, Amazon Web Services, Inc. or its Affiliates. How do I get started? AWS Control Tower labs: https://controltower.aws-management.tools/ Attend an AWS Control Tower Activation Day – held regionally / time zone based - contact account team Getting started : https://tinyurl.com/y2gtzf9c How-to videos (Management & Governance): https://tinyurl.com/y3yeohkm
  • 31. © 2021, Amazon Web Services, Inc. or its Affiliates. Q&A Eduardo Lovera edulover@amazon.com Devin Patterson dhpatt@amazon.com
  • 32. © 2021, Amazon Web Services, Inc. or its Affiliates. Help us Improve! https://survey.immersionday.com/rvtCfL2nR
  • 33. © 2021, Amazon Web Services, Inc. or its Affiliates. Thank You Eduardo Lovera edulover@amazon.com Devin Patterson dhpatt@amazon.com