Professional Documents
Culture Documents
© 2019, Amazon Web Services, Inc. or Its Affiliates. All Rights Reserved
© 2019, Amazon Web Services, Inc. or Its Affiliates. All Rights Reserved
AWS Security
Leo Drakopoulos
AWS Solutions Architect – Financial Services
AWS Solutions Architecture
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introduction to AWS Security
• Approach to security
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Keep Your Data Safe
Resilient infrastructure
High security
Strong safeguards
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Continual Improvement
Rapid innovation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Pay For What You Need
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Meet Compliance Requirements
Governance-enabled features
• Additional oversight
• Security control
• Central automation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security Products and Features
Tools
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Network Security
Built-in firewalls
Encryption in transit
Private/dedicated connections
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Inventory and Configuration Management
Deployment tools
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Data Encryption
Encryption capabilities
• AWS CloudHSM
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Access Control and Management
Amazon Cognito
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Monitoring and Logging
• Alert notifications
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Marketplace
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Shared Responsibility Model
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security of the Cloud
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security of the Cloud
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IAM
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IAM
Functionality
Manage
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Account Root User
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Account Root User
Recommendations
IAM
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IAM: Authentication
Programmatic access
• Enables access key ID and secret access key
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IAM: Authorization
Assign permissions
• Create an AWS IAM policy
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IAM: Policy Assignment
IAM Policy
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IAM Best Practices
Roles
• Use roles for applications
• Use roles instead of sharing credentials
Credentials
• Rotate credentials regularly
• Remove unnecessary users and credentials
Use policy conditions for extra security
Monitor activity in your AWS account
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!
Leo Drakopoulos
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.