Scribd Logo
Upload

Welcome to Scribd!

  • © 2019, Amazon Web Services, Inc. or Its Affiliates. All Rights Reserved

    Uploaded by

    UserJohn
    7 views35 pages

    Original Title

    AWSome_Day_Online_2019_-_Module_3_Security

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    7 views35 pages

    © 2019, Amazon Web Services, Inc. or Its Affiliates. All Rights Reserved

    Uploaded by

    UserJohn

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 35

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

    AWS Security

    Leo Drakopoulos
    AWS Solutions Architect – Financial Services
    AWS Solutions Architecture

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Agenda

    Introduction to AWS Security

    The AWS Shared Responsibility Model

    AWS Access Control and Management

    AWS Security Resources and Features

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Introduction to AWS Security

    Security is of the utmost importance to AWS.

    • Approach to security

    • AWS environment controls

    • AWS offerings and features

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Keep Your Data Safe

    Resilient infrastructure

    High security

    Strong safeguards

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Continual Improvement

    Rapid innovation

    Constantly evolving security services

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Pay For What You Need

    Advanced security services

    Address real-time emerging risks

    Meeting needs at a lower operational cost

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Meet Compliance Requirements

    Governance-enabled features

    • Additional oversight

    • Security control

    • Central automation

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Security Products and Features

    Tools

    • Access from AWS and partners

    • Use for monitoring and logging

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Network Security

    Built-in firewalls

    Encryption in transit

    Private/dedicated connections

    Distributed denial of service (DDoS) mitigation

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Inventory and Configuration Management

    Deployment tools

    Inventory and configuration tools

    Template definition and management tools

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Data Encryption

    Encryption capabilities

    Key management options

    • AWS Key Management Service

    Hardware-based cryptographic key storage options

    • AWS CloudHSM

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Access Control and Management

    Identity and Access Management (IAM)

    Multi-factor authentication (MFA)

    Integration and federation with corporate directories

    Amazon Cognito

    AWS Single Sign-On

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Monitoring and Logging

    Tools and features to reduce your risk profile:

    • Deep visibility into API calls

    • Log aggregation and options

    • Alert notifications

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    AWS Marketplace

    Qualified partners to market/sell software to AWS customers

    Online software store that can run on AWS

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Shared Responsibility Model

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Security of the Cloud

    Protection of the AWS global infrastructure is top priority


    Availability of third-party reports

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Security of the Cloud

    AWS Foundation Services

    Unmanaged services Managed Services

    Amazon EC2 Amazon DynamoDB


    Amazon EBS Amazon RDS
    Amazon Redshift
    Amazon EMR
    Amazon WorkSpaces
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Security in the Cloud

    What to store In what content format and structure


    Which AWS services Who has access
    In what location
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Security in the Cloud

    Customers retain control


    Changes to model depend on services

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    AWS IAM

    Control access to AWS resources


    • Authentication
    • Authorization

    Controls access to services such as:


    • Compute
    • Storage
    • Database
    • Application services
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    AWS IAM

    Create users and groups


    Grant permissions

    User Group Permissions Role

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    AWS IAM

    Functionality

    Manage

    • Users and their access IAM Corp

    • Roles and their permissions

    • Federate users and their permissions

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    AWS Account Root User

    Account root user has complete access


    to all AWS Services.

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    AWS Account Root User

    Recommendations

    1. Delete root user access keys.

    2. Create an IAM user.

    3. Grant administrator access.

    4. Use IAM credentials to interact with AWS.

    IAM

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    AWS IAM: Authentication

    Programmatic access
    • Enables access key ID and secret access key

    Management console access


    • Uses AWS account name and password
    • MFA prompts for code

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    AWS IAM: Authorization

    Access AWS services


    • Grant authorization

    Assign permissions
    • Create an AWS IAM policy

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    AWS IAM: Policy Assignment

    IAM Policy

    IAM User IAM Group IAM Roles


    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    IAM Best Practices

    Delete AWS root account access keys

    Activate multi-factor authentication (MFA)

    Give IAM users only the permissions they must have

    Use IAM groups

    Apply an IAM password policy

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    IAM Best Practices

    Roles
    • Use roles for applications
    • Use roles instead of sharing credentials

    Credentials
    • Rotate credentials regularly
    • Remove unnecessary users and credentials
    Use policy conditions for extra security
    Monitor activity in your AWS account

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Thank you!
    Leo Drakopoulos

    © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

    You might also like