Scribd Logo
Upload

Welcome to Scribd!

  • Modul 3 - AWS Security

    Uploaded by

    genocide88
    17 views33 pages
    Topics - Introduction to AWS Security - The AWS Shared Responsibility Model - AWS Access Control and Management - AWS Security Resources and Features

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Topics - Introduction to AWS Security - The AWS Shared Responsibility Model - AWS Access Control and Management - AWS Security Resources and Features

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    17 views33 pages

    Modul 3 - AWS Security

    Uploaded by

    genocide88
    Topics - Introduction to AWS Security - The AWS Shared Responsibility Model - AWS Access Control and Management - AWS Security Resources and Features

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 33

    Module 3 : Security Overview

    Donnie Prakoso
    Technical Evangelist, AWS

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Topics

    Introduction to AWS Security


    The AWS Shared Responsibility Model
    AWS Access Control and Management
    AWS Security Resources and Features

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Introduction to AWS Security

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Introduction to AWS Security

    Security is of the utmost importance to AWS.


    • Approach to security
    • AWS environment controls
    • AWS offerings and features

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Keep Your Data Safe

    Resilient infrastructure
    High security
    Strong safeguards

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Continual Improvement

    Rapid innovation
    Constantly evolving security services

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Pay For What You Need

    Advanced security services


    Address real-time emerging risks
    Meeting needs at a lower operational cost

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Meet Compliance Requirements

    Governance-enabled features
    • Additional oversight
    • Security control
    • Central automation

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Security Products and Features

    Tools
    • Access from AWS and partners
    • Use for monitoring and logging

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Network Security

    Built-in firewalls
    Encryption in transit
    Private/dedicated connections
    Distributed denial of service (DDoS)
    mitigation

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Inventory and Configuration Management

    Deployment tools
    Inventory and configuration tools
    Template definition and management tools

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Data Encryption

    Encryption capabilities
    Key management options
    • AWS Key Management Service
    Hardware-based cryptographic key storage options
    • AWS CloudHSM

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Access Control and Management

    Identity and Access Management (IAM)


    Multi-factor authentication (MFA)
    Integration and federation with corporate directories
    Amazon Cognito
    AWS Single Sign-On

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Monitoring and Logging

    Tools and features to reduce your risk profile:


    • Deep visibility into API calls
    • Log aggregation and options
    • Alert notifications

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    AWS Marketplace

    Qualified partners to market/sell software to AWS


    customers
    Online software store that can run on AWS

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    The AWS Shared Responsibility Model

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Shared Responsibility Model

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Security of the Cloud

    Protection of the AWS global infrastructure is top priority


    Availability of third-party reports

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Security of the Cloud

    AWS Foundation Services

    Unmanaged services Managed Services

    Amazon EC2 Amazon DynamoDB


    Amazon EBS Amazon RDS
    Amazon Redshift
    Amazon EMR
    Amazon WorkSpaces
    © 2018, Amazon Web
    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Security in the Cloud

    What to store In what content format and structure


    Which AWS services
    In what location Who has access
    © 2018, Amazon Web
    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    Security in the Cloud

    Customers retain control


    Changes to model depend on services

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    AWS Access Control and Management

    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    AWS IAM

    Control access to AWS resources


    • Authentication
    • Authorization
    Controls access to services such as:
    Compute
    Storage
    Database
    Application services

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    AWS IAM

    Create users and groups


    Grant permissions

    User Group Permissions Role

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    AWS IAM

    Functionality
    Manage
    • Users and their access
    IAM Corp
    • Roles and their permissions
    • Federate users and their permissions

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    AWS Account Root User

    Account root user has complete access to all


    AWS Services.

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    AWS Account Root User

    Recommendations
    1. Delete root user access
    keys.
    2. Create an IAM user.
    3. Grant administrator
    access.
    4. Use IAM credentials to
    interact with AWS.

    IAM

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    AWS IAM: Authentication

    Programmatic access
    • Enables access key ID and secret access key

    Management console access


    • Uses AWS account name and password
    • MFA prompts for code

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    AWS IAM: Authorization

    Access AWS services


    • Grant authorization
    Assign permissions
    • Create an AWS IAM policy

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    AWS IAM: Policy Assignment

    IAM Policy

    IAM User IAM Group IAM Roles

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    IAM Best Practices

    Delete AWS root account access keys


    Activate multi-factor authentication (MFA)
    Give IAM users only the permissions they must have
    Use IAM groups
    Apply an IAM password policy

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    IAM Best Practices

    Roles
    • Use roles for applications
    • Use roles instead of sharing credentials
    Credentials
    • Rotate credentials regularly
    • Remove unnecessary users and credentials
    Use policy conditions for extra security
    Monitor activity in your AWS account

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.
    End of Module 3
    Test Your Knowledge

    © 2018, Amazon Web


    Web Services,
    Services,Inc.
    Inc.ororitsitsAffiliates.
    Affiliates.AllAll
    rights reserved.
    rights reserved.

    You might also like