SlideShare a Scribd company logo

Building Secure Architectures on AWS

Amazon Web Services
Amazon Web Services

Amazon Web Services (AWS) approaches security using a shared responsibility model with our customers. We manage and control the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. As part of that model, our customers are responsible for building secure applications. We will provide a complete walkthrough from a blank canvas to a secure architecture from a development perspective. No matter the size of your team, you can implement your IT solutions using industry wide best security practices.

Technology
1 of 21
A Walk through the AWS Cloud: Building Secure Architectures on AWS Oyvind Roti Solutions Architect Amazon Web Services
Migrate existing apps & data to the cloud Build new apps, sites, services & lines of businesses Augment On-Premises resources with cloud capacity How customers use AWS
No Up-Front Capital Expense Pay Only for What You Use Easily Scale Up and Down Improve Agility & Time-to-Market Low Cost Deploy Self-Service Infrastructure
AWS Global Infrastructure Regions Availability Zones Edge Locations Amazon AWS Global Infrastructure - Resilience
Compute AWS Global Infrastructure Regions Availability Zones Edge Locations Amazon AWS Foundation Services Amazon EC2 Storage Database Networking Amazon S3 Amazon EBS Amazon Glacier DynamoDB Amazon RDS Amazon Redshift Route 53 Amazon VPC AWS Direct Connect Foundation Services
Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Amazon AWS Platform Security • SOC 1 (SSAE 16 & ISAE 3204) Type II Audit (was SAS70) • SOC 2 Type 1 Audit, SOC 3 Report • ISO 27001 Certification • Payment Card Industry Data Security Standard (PCI DSS) Level 1 Service Provider • FedRAMP (FISMA), ITAR, FIPS 140-2 • Cloud Security Alliance Questionnaire • MPAA (best practices for storage, processing, delivery)
Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer DataAmazonYou Shared responsibility model
Securing your cloud applications
Resilience and Availability DR in SNG DR in US-WEST
• Security Groups • Inbound traffic must be explicitly specified by protocol, port, and security group • VPC adds outbound filters • VPC also adds Network Access Control Lists (ACLs): inbound and outbound stateless filters • OS Firewall (e.g., iptables) may be implemented • user controlled security layer • granular access control of discrete hosts • logging network events Encrypted File System Encrypted Swap File OSFirewall AmazonSecurityGroups VPCNetworkACL Inbound Traffic Network Security Layers
Virtual Private Cloud – an extension of your DC AWS Direct Connect AWS Virtual Private Cloud
Identity and Access Management (IAM) • Users and Groups within Accounts • Unique security credentials • Access keys • Login/Password • optional MFA device • Policies control access to AWS APIs • API calls must be signed by either: • X.509 certificate • secret key • Deep integration into some Services • S3: policies on objects and buckets • Simple DB: domains • AWS Management Console supports User log on • Not for Operating Systems or Applications • use LDAP, Active Directory/ADFS, etc...
IAM Federation
• Access controls at bucket and object level: – Read, Write, Full • Owner has full control • Customer Encryption • SSL Supported • Durability 99.999999999% • Availability 99.99% • Versioning (MFA Delete) • Detailed Access Logging Amazon S3 Security
• Secure Key Storage: Tamper-resistant, customer controlled hardware security module within your VPC • Only you have access to your keys (including Amazon administrators who manage and maintain the appliance). • Common Criteria EAL4+, NIST FIPS 140-2. • Reliable & Durable Key Storage: available in multiple AZs and Regions, or replicate to on-premise HSMs http://aws.amazon.com/cloudhsm/ CloudHSM (new in 2013)
• Answers to many security & privacy questions • Security whitepaper • Risk and Compliance whitepaper • Security bulletins • Customer penetration testing • Security best practices • More information on: • AWS Identity & Access Management (AWS IAM) • AWS Multi-Factor Authentication (AWS MFA) AWS Security and Compliance Centre http://aws.amazon.com/security

Recommended

AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
Serverless Architecture on AWS
Serverless Architecture on AWSServerless Architecture on AWS
Serverless Architecture on AWS
Rajind Ruparathna
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
Amazon Web Services
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
Amazon Web Services
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 

Recommended

AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
Serverless Architecture on AWS
Serverless Architecture on AWSServerless Architecture on AWS
Serverless Architecture on AWS
Rajind Ruparathna
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
Amazon Web Services
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
Amazon Web Services
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at Rest
Amazon Web Services
 
AWS database services
AWS database servicesAWS database services
AWS database services
Nagesh Ramamoorthy
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
Knoldus Inc.
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
Amazon Web Services
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS Workloads
Amazon Web Services
 
비즈니스 차별화, 민첩성 확보, 리스크 회피를 위한 클라우드 마이그레이션::김효정 (AWS솔루션즈 아키텍트)
비즈니스 차별화, 민첩성 확보, 리스크 회피를 위한 클라우드 마이그레이션::김효정 (AWS솔루션즈 아키텍트)비즈니스 차별화, 민첩성 확보, 리스크 회피를 위한 클라우드 마이그레이션::김효정 (AWS솔루션즈 아키텍트)
비즈니스 차별화, 민첩성 확보, 리스크 회피를 위한 클라우드 마이그레이션::김효정 (AWS솔루션즈 아키텍트)
Amazon Web Services Korea
 
AWS Elastic Container Registry
AWS Elastic Container RegistryAWS Elastic Container Registry
AWS Elastic Container Registry
Richard Boyd, II
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWS
Ian Massingham
 
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
Amazon Web Services Korea
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
AWS로 데이터 마이그레이션을 위한 방안과 옵션 - 박성훈 스토리지 스페셜리스트 테크니컬 어카운트 매니저, AWS :: AWS Summit...
AWS로 데이터 마이그레이션을 위한 방안과 옵션 - 박성훈 스토리지 스페셜리스트 테크니컬 어카운트 매니저, AWS :: AWS Summit...AWS로 데이터 마이그레이션을 위한 방안과 옵션 - 박성훈 스토리지 스페셜리스트 테크니컬 어카운트 매니저, AWS :: AWS Summit...
AWS로 데이터 마이그레이션을 위한 방안과 옵션 - 박성훈 스토리지 스페셜리스트 테크니컬 어카운트 매니저, AWS :: AWS Summit...
Amazon Web Services Korea
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Web Services
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
Amazon Web Services
 
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
Amazon Web Services Korea
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Amazon Web Services
 
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
Amazon Web Services Japan
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
Erik Paulsson
 
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Amazon Web Services
 
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
Amazon Web Services
 

More Related Content

What's hot

Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
Amazon Web Services
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS Workloads
Amazon Web Services
 
비즈니스 차별화, 민첩성 확보, 리스크 회피를 위한 클라우드 마이그레이션::김효정 (AWS솔루션즈 아키텍트)
비즈니스 차별화, 민첩성 확보, 리스크 회피를 위한 클라우드 마이그레이션::김효정 (AWS솔루션즈 아키텍트)비즈니스 차별화, 민첩성 확보, 리스크 회피를 위한 클라우드 마이그레이션::김효정 (AWS솔루션즈 아키텍트)
비즈니스 차별화, 민첩성 확보, 리스크 회피를 위한 클라우드 마이그레이션::김효정 (AWS솔루션즈 아키텍트)
Amazon Web Services Korea
 
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
Amazon Web Services Korea
 
AWS로 데이터 마이그레이션을 위한 방안과 옵션 - 박성훈 스토리지 스페셜리스트 테크니컬 어카운트 매니저, AWS :: AWS Summit...
AWS로 데이터 마이그레이션을 위한 방안과 옵션 - 박성훈 스토리지 스페셜리스트 테크니컬 어카운트 매니저, AWS :: AWS Summit...AWS로 데이터 마이그레이션을 위한 방안과 옵션 - 박성훈 스토리지 스페셜리스트 테크니컬 어카운트 매니저, AWS :: AWS Summit...
AWS로 데이터 마이그레이션을 위한 방안과 옵션 - 박성훈 스토리지 스페셜리스트 테크니컬 어카운트 매니저, AWS :: AWS Summit...
Amazon Web Services Korea
 
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
Amazon Web Services Korea
 

What's hot (20)

Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at Rest
 
AWS database services
AWS database servicesAWS database services
AWS database services
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS Workloads
 
비즈니스 차별화, 민첩성 확보, 리스크 회피를 위한 클라우드 마이그레이션::김효정 (AWS솔루션즈 아키텍트)
비즈니스 차별화, 민첩성 확보, 리스크 회피를 위한 클라우드 마이그레이션::김효정 (AWS솔루션즈 아키텍트)비즈니스 차별화, 민첩성 확보, 리스크 회피를 위한 클라우드 마이그레이션::김효정 (AWS솔루션즈 아키텍트)
비즈니스 차별화, 민첩성 확보, 리스크 회피를 위한 클라우드 마이그레이션::김효정 (AWS솔루션즈 아키텍트)
 
AWS Elastic Container Registry
AWS Elastic Container RegistryAWS Elastic Container Registry
AWS Elastic Container Registry
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWS
 
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
AWS로 데이터 마이그레이션을 위한 방안과 옵션 - 박성훈 스토리지 스페셜리스트 테크니컬 어카운트 매니저, AWS :: AWS Summit...
AWS로 데이터 마이그레이션을 위한 방안과 옵션 - 박성훈 스토리지 스페셜리스트 테크니컬 어카운트 매니저, AWS :: AWS Summit...AWS로 데이터 마이그레이션을 위한 방안과 옵션 - 박성훈 스토리지 스페셜리스트 테크니컬 어카운트 매니저, AWS :: AWS Summit...
AWS로 데이터 마이그레이션을 위한 방안과 옵션 - 박성훈 스토리지 스페셜리스트 테크니컬 어카운트 매니저, AWS :: AWS Summit...
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
 
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
 
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
 

Viewers also liked

Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Amazon Web Services
 
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
Amazon Web Services
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Amazon Web Services
 

Viewers also liked (6)

Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
 
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
 
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
 
AWS Governance Overview - Beach
AWS Governance Overview - BeachAWS Governance Overview - Beach
AWS Governance Overview - Beach
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
 

Similar to Building Secure Architectures on AWS

AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...
AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...
AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...
Amazon Web Services
 
Hybrid cloud for financial sector :: Felix Candelario :: AWS Finance Seminar
Hybrid cloud for financial sector :: Felix Candelario :: AWS Finance SeminarHybrid cloud for financial sector :: Felix Candelario :: AWS Finance Seminar
Hybrid cloud for financial sector :: Felix Candelario :: AWS Finance Seminar
Amazon Web Services Korea
 
AWS를 활용한 금융권 hybrid cloud 구축하기 :: Felix Candelario :: AWS ...
AWS를 활용한 금융권 hybrid cloud 구축하기 :: Felix Candelario :: AWS ...AWS를 활용한 금융권 hybrid cloud 구축하기 :: Felix Candelario :: AWS ...
AWS를 활용한 금융권 hybrid cloud 구축하기 :: Felix Candelario :: AWS ...
Amazon Web Services Korea
 
Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2
Amazon Web Services
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto
Amazon Web Services
 
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Amazon Web Services
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
Amazon Web Services Korea
 
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Amazon Web Services
 
16h30 aws gru security deck
16h30 aws gru security deck16h30 aws gru security deck
16h30 aws gru security deck
infolive
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS
Amazon Web Services
 

Similar to Building Secure Architectures on AWS (20)

AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...
AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...
AWS re:Invent 2016: Simplifying Microsoft Architectures with AWS services (WI...
 
Hybrid cloud for financial sector :: Felix Candelario :: AWS Finance Seminar
Hybrid cloud for financial sector :: Felix Candelario :: AWS Finance SeminarHybrid cloud for financial sector :: Felix Candelario :: AWS Finance Seminar
Hybrid cloud for financial sector :: Felix Candelario :: AWS Finance Seminar
 
AWS를 활용한 금융권 hybrid cloud 구축하기 :: Felix Candelario :: AWS ...
AWS를 활용한 금융권 hybrid cloud 구축하기 :: Felix Candelario :: AWS ...AWS를 활용한 금융권 hybrid cloud 구축하기 :: Felix Candelario :: AWS ...
AWS를 활용한 금융권 hybrid cloud 구축하기 :: Felix Candelario :: AWS ...
 
Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Running Microsoft SharePoint On AWS - Smartronix and AWS - Webinar
Running Microsoft SharePoint On AWS - Smartronix and AWS - WebinarRunning Microsoft SharePoint On AWS - Smartronix and AWS - Webinar
Running Microsoft SharePoint On AWS - Smartronix and AWS - Webinar
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
APN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA PartnersAPN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA Partners
 
Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto
 
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
 
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
 
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
 
AWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman Shakeel
 
16h30 aws gru security deck
16h30 aws gru security deck16h30 aws gru security deck
16h30 aws gru security deck
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Recently uploaded (20)

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Building Secure Architectures on AWS

  • 1. A Walk through the AWS Cloud: Building Secure Architectures on AWS Oyvind Roti Solutions Architect Amazon Web Services
  • 2.
  • 3. Migrate existing apps & data to the cloud Build new apps, sites, services & lines of businesses Augment On-Premises resources with cloud capacity How customers use AWS
  • 4. No Up-Front Capital Expense Pay Only for What You Use Easily Scale Up and Down Improve Agility & Time-to-Market Low Cost Deploy Self-Service Infrastructure
  • 5. AWS Global Infrastructure Regions Availability Zones Edge Locations Amazon AWS Global Infrastructure - Resilience
  • 6. Compute AWS Global Infrastructure Regions Availability Zones Edge Locations Amazon AWS Foundation Services Amazon EC2 Storage Database Networking Amazon S3 Amazon EBS Amazon Glacier DynamoDB Amazon RDS Amazon Redshift Route 53 Amazon VPC AWS Direct Connect Foundation Services
  • 7. Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Amazon AWS Platform Security • SOC 1 (SSAE 16 & ISAE 3204) Type II Audit (was SAS70) • SOC 2 Type 1 Audit, SOC 3 Report • ISO 27001 Certification • Payment Card Industry Data Security Standard (PCI DSS) Level 1 Service Provider • FedRAMP (FISMA), ITAR, FIPS 140-2 • Cloud Security Alliance Questionnaire • MPAA (best practices for storage, processing, delivery)
  • 8. Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer DataAmazonYou Shared responsibility model
  • 10. Resilience and Availability DR in SNG DR in US-WEST
  • 11. • Security Groups • Inbound traffic must be explicitly specified by protocol, port, and security group • VPC adds outbound filters • VPC also adds Network Access Control Lists (ACLs): inbound and outbound stateless filters • OS Firewall (e.g., iptables) may be implemented • user controlled security layer • granular access control of discrete hosts • logging network events Encrypted File System Encrypted Swap File OSFirewall AmazonSecurityGroups VPCNetworkACL Inbound Traffic Network Security Layers
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. Virtual Private Cloud – an extension of your DC AWS Direct Connect AWS Virtual Private Cloud
  • 17. Identity and Access Management (IAM) • Users and Groups within Accounts • Unique security credentials • Access keys • Login/Password • optional MFA device • Policies control access to AWS APIs • API calls must be signed by either: • X.509 certificate • secret key • Deep integration into some Services • S3: policies on objects and buckets • Simple DB: domains • AWS Management Console supports User log on • Not for Operating Systems or Applications • use LDAP, Active Directory/ADFS, etc...
  • 19. • Access controls at bucket and object level: – Read, Write, Full • Owner has full control • Customer Encryption • SSL Supported • Durability 99.999999999% • Availability 99.99% • Versioning (MFA Delete) • Detailed Access Logging Amazon S3 Security
  • 20. • Secure Key Storage: Tamper-resistant, customer controlled hardware security module within your VPC • Only you have access to your keys (including Amazon administrators who manage and maintain the appliance). • Common Criteria EAL4+, NIST FIPS 140-2. • Reliable & Durable Key Storage: available in multiple AZs and Regions, or replicate to on-premise HSMs http://aws.amazon.com/cloudhsm/ CloudHSM (new in 2013)
  • 21. • Answers to many security & privacy questions • Security whitepaper • Risk and Compliance whitepaper • Security bulletins • Customer penetration testing • Security best practices • More information on: • AWS Identity & Access Management (AWS IAM) • AWS Multi-Factor Authentication (AWS MFA) AWS Security and Compliance Centre http://aws.amazon.com/security