SlideShare ist ein Scribd-Unternehmen logo

Governance@scale [Portuguese]

Amazon Web Services
Amazon Web Services

Governança em escala é um conceito cada vez mais importante para os clientes à medida que eles adotam a nuvem AWS. A governança baseia-se na distribuição de cargas de trabalho em contas separadas e no uso de boas práticas de segurança de acordo com as necessidades dos clientes. Esta sessão abordará como usar dezenas ou até centenas de contas para criar um isolamento entre as cargas de trabalho, com base em padrões de implementação e considerando controle de custos. Palestrante: MV Ferreira

1 von 35
Downloaden Sie, um offline zu lesen
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Mv – Marcus Vinicius Ferreira, Sr. SA, Public Sector Governance@Scale Governança em Escala: Implementando Governança com AWS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Mv (mvferr@amazon.com) Marcus Vinicius Ferreira Sr. SA, Public Sector, Education Mv
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Como AWS pode colaborar para uma maior governança e melhor segurança e ainda garantindo inovação em escala? Desafio
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão Conteúdo
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços Fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão Conteúdo
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS: segurança: serviços Virtual Private Cloud Isolated cloud resources Web Application Firewall Filter Malicious Web Traffic Shield DDoS protection Certificate Manager Provision, manage, and deploy SSL/TSL certificates Key Management Service Manage creation and control of encryption keys CloudHSM Hardware-based key storage Server-Side Encryption Flexible data encryption options IAM Manage user access and encryption keys SAML Federation SAML 2.0 support to allow on-prem identity integration Directory Service Host and manage Microsoft Active Directory Organizations Manage settings for multiple accounts Service Catalog Create and use standardized products Config Track resource inventory and changes CloudTrail Track user activity and API usage CloudWatch Monitor resources and applications Inspector Analyze application security Artifact Self-service for AWS’ compliance reports Networking Encryption Identity & Management Compliance
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS: segurança: recursos AWS CloudFormation Amazon CloudWatch AWS Config Config Rules AWS CloudTrail CloudWatch Events Manual configuration Root MFA Alternate contacts IAM Managed Policies Roles Security questions Amazon VPC VPC peering Flow logs Amazon Inspector Amazon Systems Manager
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços Fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão Conteúdo
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality Risk of change Workloads Classify workloads based on impact Higher-impact workloads are more likely to be in accounts managed by central or departmental IT groups and will have more security controls. Lower-impact accounts still have basic security controls, but can be issued freely to end users for test, development, or low impact research and production workloads.
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Risk of change Confidentiality Individual dev/test Web/digital Critical apps Sensitive apps Team dev/test Low-risk apps Exploratory research/analytics Data science dev/test Classify workloads based on impact
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Risk of change Confidentiality Classify workloads based on impact
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality Risk of change Classify workloads based on impact
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Impact levelLESS IMPACT MORE IMPACT Controls Controles de seguraça progressivos Low Medium Medium Medium-High High
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multiple accounts: separation by security risk
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Antipattern: Conflating classification and network zone Push back on: • Classifications on proximity to the Internet • Different tiers (app, db) of the same app in different zones Advocate for: • Classification that follows the data • Different tiers (app, db) of the same app in same account
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços Fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão Conteúdo
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. AD Services: Identity domains Directory services AWS IAM Database authentication Application authentication Local users
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Corporate Data Center Browser interface Identity Store AD Services: Identity and Access Management Federation Integration AD Group Identity and authentication Mapping to specific IAM role with access policy Access to AWS http://docs.aws.amazon.com/directoryservice/latest/admin-guide/manage_apps_services.html
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identities and Access Control Example user types with corresponding access policies IAM Master Create policies IAM Manager Assign policies Audit read-only Access Managers Architect Create landscapes Storage Design and build Network Design and buildDesign DevOps API Access App Owner Landscape owner Application Owners Billing Support UserOther Network Admin Administrator Service Catalog Administrators Managed policies for job functions: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html Database Admin IAM Roles AD Groups
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auth/ LDAP Auth/ LDAP DB RDS for SQL Server Availability Zone Private Subnet 10.0.2.0/24 APPWEB App Server IIS Server Availability Zone Private Subnet 10.0.3.0/24 APPWEB App Server IIS Server Remote Users/Admins Domain Controllers Corporate data center Reference Architecture: AWS Microsoft AD DB RDS SQL Server AWS Managed Services AWS Managed Services Domain Controller DC Domain Controller Trust Application Auth/ LDAP VPN Direct Connect AD Managed AD Managed AD
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Directory Services AWS Microsoft AD Actual Microsoft Active Directory for AWS workloads. Simple AD AD Connector Stand-alone, AD compatible directory with common directory features. Proxy service for connecting your on- premises AD to AWS. Amazon CognitoAmazon Cloud Directory Sign-up and sign-in for web and mobile apps. Specialized store for hierarchical data.
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Directory Services AWS Microsoft AD Actual Microsoft Active Directory for AWS workloads. Simple AD AD Connector Stand-alone, AD compatible directory with common directory features. Proxy service for connecting your on- premises AD to AWS. Amazon CognitoAmazon Cloud Directory Sign-up and sign-in for web and mobile apps. Specialized store for hierarchical data.
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços Fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão Conteúdo
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Account per Biz Cap Dev Team Analytics Team 1 Database Team 7 Infra Team Capital Markets UX Team New App Dev Team DevOpsTeam Random Contractor SecOps Auditor Admin
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Accounts and Cost Centers Projects Management Upper Management Senior Leadership Executive CXO VP Director Manager Manager Director Manager VP Director Manager Manager Project 1 Project 2 Project 3 Project 4 Project 5 Project 6 Project 7 $ $ $ $$ $ $ $ $ $ $ $$ $ $ $ $ $
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Organizations
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços Fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão Conteúdo
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Landing Zone
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Landing Zone
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Landing Zone Analytics Team 1 Database Team 7 Infra Team Capital Markets UX Team New App Dev Team DevOpsTeam Random Contractor SecOps Auditor Admin
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Landing Zone • Landing Zone • automação de multiple-accounts • controle de custos via AWS Organizations • controles de segurança centralizados: AD, logging, transit-VPC
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços Fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Conclusão: Governança em Scala • Estratégia: Multiple Accounts • separação por nível de risco em segurança • separação por custo, centro de custo, projeto • gerenciamento de identidades via AD • Escala • automação via AWS Landing Zones
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Perguntas?
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Obrigado! Mv (mvferr@amazon.com) Marcus Vinicius Ferreira Sr. SA, Public Sector, Education

Empfohlen

Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...
Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...
Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...Amazon Web Services
 
Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...
Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...
Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...Amazon Web Services
 
Continuously Delivering Your Software on AWS - Adrian White - AWS TechShift A...
Continuously Delivering Your Software on AWS - Adrian White - AWS TechShift A...Continuously Delivering Your Software on AWS - Adrian White - AWS TechShift A...
Continuously Delivering Your Software on AWS - Adrian White - AWS TechShift A...Amazon Web Services
 
Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...Amazon Web Services
 
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018Amazon Web Services
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...Amazon Web Services
 
Enable Your Marketing Teams to Engage Users with Relevant & Personalized Cont...
Enable Your Marketing Teams to Engage Users with Relevant & Personalized Cont...Enable Your Marketing Teams to Engage Users with Relevant & Personalized Cont...
Enable Your Marketing Teams to Engage Users with Relevant & Personalized Cont...Amazon Web Services
 

Empfohlen

Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...
Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...
Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...Amazon Web Services
 
Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...
Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...
Automated Monitoring of Operational Health in the Cloud - Mathew Green - AWS ...Amazon Web Services
 
Continuously Delivering Your Software on AWS - Adrian White - AWS TechShift A...
Continuously Delivering Your Software on AWS - Adrian White - AWS TechShift A...Continuously Delivering Your Software on AWS - Adrian White - AWS TechShift A...
Continuously Delivering Your Software on AWS - Adrian White - AWS TechShift A...Amazon Web Services
 
Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...Amazon Web Services
 
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018Amazon Web Services
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...Amazon Web Services
 
Enable Your Marketing Teams to Engage Users with Relevant & Personalized Cont...
Enable Your Marketing Teams to Engage Users with Relevant & Personalized Cont...Enable Your Marketing Teams to Engage Users with Relevant & Personalized Cont...
Enable Your Marketing Teams to Engage Users with Relevant & Personalized Cont...Amazon Web Services
 
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 Amazon Web Services
 
How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...Amazon Web Services
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Amazon Web Services
 
Simplify Your Front End Apps with Serverless Backend in the Cloud.
Simplify Your Front End Apps with Serverless Backend in the Cloud.Simplify Your Front End Apps with Serverless Backend in the Cloud.
Simplify Your Front End Apps with Serverless Backend in the Cloud.Amazon Web Services
 
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...Amazon Web Services
 
Developing Modern Applications in the Cloud
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the CloudAmazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Amazon Web Services
 
The Future of API Management Is Serverless
The Future of API Management Is ServerlessThe Future of API Management Is Serverless
The Future of API Management Is ServerlessChris Munns
 
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Amazon Web Services
 
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...Amazon Web Services
 
Streamlining Application Development with AWS Service Catalog (DEV328) - AWS ...
Streamlining Application Development with AWS Service Catalog (DEV328) - AWS ...Streamlining Application Development with AWS Service Catalog (DEV328) - AWS ...
Streamlining Application Development with AWS Service Catalog (DEV328) - AWS ...Amazon Web Services
 
Building a Customer-Centric Contact Center in a Regulated Environment
Building a Customer-Centric Contact Center in a Regulated EnvironmentBuilding a Customer-Centric Contact Center in a Regulated Environment
Building a Customer-Centric Contact Center in a Regulated EnvironmentAmazon Web Services
 
Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.Amazon Web Services
 
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...Bhavin Desai, CCIE Security
 
Building API Driven Microservices
Building API Driven MicroservicesBuilding API Driven Microservices
Building API Driven MicroservicesChris Munns
 
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Amazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignAmazon Web Services
 
20200520 - Como empezar a desarrollar aplicaciones serverless
20200520 - Como empezar a desarrollar aplicaciones serverless 20200520 - Como empezar a desarrollar aplicaciones serverless
20200520 - Como empezar a desarrollar aplicaciones serverless Marcia Villalba
 
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019 Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019 Amazon Web Services
 
AWS Systems Manager: Bridging Operational Models - SRV212 - Chicago AWS Summit
AWS Systems Manager: Bridging Operational Models - SRV212 - Chicago AWS SummitAWS Systems Manager: Bridging Operational Models - SRV212 - Chicago AWS Summit
AWS Systems Manager: Bridging Operational Models - SRV212 - Chicago AWS SummitAmazon Web Services
 
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 Amazon Web Services
 
How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...Amazon Web Services
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Amazon Web Services
 
Simplify Your Front End Apps with Serverless Backend in the Cloud.
Simplify Your Front End Apps with Serverless Backend in the Cloud.Simplify Your Front End Apps with Serverless Backend in the Cloud.
Simplify Your Front End Apps with Serverless Backend in the Cloud.Amazon Web Services
 
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...Amazon Web Services
 
Developing Modern Applications in the Cloud
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the CloudAmazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Amazon Web Services
 
The Future of API Management Is Serverless
The Future of API Management Is ServerlessThe Future of API Management Is Serverless
The Future of API Management Is ServerlessChris Munns
 
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Amazon Web Services
 
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...Amazon Web Services
 
Streamlining Application Development with AWS Service Catalog (DEV328) - AWS ...
Streamlining Application Development with AWS Service Catalog (DEV328) - AWS ...Streamlining Application Development with AWS Service Catalog (DEV328) - AWS ...
Streamlining Application Development with AWS Service Catalog (DEV328) - AWS ...Amazon Web Services
 
Building a Customer-Centric Contact Center in a Regulated Environment
Building a Customer-Centric Contact Center in a Regulated EnvironmentBuilding a Customer-Centric Contact Center in a Regulated Environment
Building a Customer-Centric Contact Center in a Regulated EnvironmentAmazon Web Services
 
Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.Amazon Web Services
 
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...Bhavin Desai, CCIE Security
 
Building API Driven Microservices
Building API Driven MicroservicesBuilding API Driven Microservices
Building API Driven MicroservicesChris Munns
 
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Amazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignAmazon Web Services
 
20200520 - Como empezar a desarrollar aplicaciones serverless
20200520 - Como empezar a desarrollar aplicaciones serverless 20200520 - Como empezar a desarrollar aplicaciones serverless
20200520 - Como empezar a desarrollar aplicaciones serverless Marcia Villalba
 
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019 Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019 Amazon Web Services
 

Was ist angesagt? (20)

Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019
 
How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...
 
Simplify Your Front End Apps with Serverless Backend in the Cloud.
Simplify Your Front End Apps with Serverless Backend in the Cloud.Simplify Your Front End Apps with Serverless Backend in the Cloud.
Simplify Your Front End Apps with Serverless Backend in the Cloud.
 
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
Account automation and temporary AWS credential service - GRC328 - AWS re:Inf...
 
Developing Modern Applications in the Cloud
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the Cloud
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
 
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
 
The Future of API Management Is Serverless
The Future of API Management Is ServerlessThe Future of API Management Is Serverless
The Future of API Management Is Serverless
 
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
 
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...
 
Streamlining Application Development with AWS Service Catalog (DEV328) - AWS ...
Streamlining Application Development with AWS Service Catalog (DEV328) - AWS ...Streamlining Application Development with AWS Service Catalog (DEV328) - AWS ...
Streamlining Application Development with AWS Service Catalog (DEV328) - AWS ...
 
Building a Customer-Centric Contact Center in a Regulated Environment
Building a Customer-Centric Contact Center in a Regulated EnvironmentBuilding a Customer-Centric Contact Center in a Regulated Environment
Building a Customer-Centric Contact Center in a Regulated Environment
 
Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.Cybersecurity: scenario e strategie.
Cybersecurity: scenario e strategie.
 
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
AWS re:Inforce 2019 Builders session: Simplify and secure your network archit...
 
Building API Driven Microservices
Building API Driven MicroservicesBuilding API Driven Microservices
Building API Driven Microservices
 
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
 
20200520 - Como empezar a desarrollar aplicaciones serverless
20200520 - Como empezar a desarrollar aplicaciones serverless 20200520 - Como empezar a desarrollar aplicaciones serverless
20200520 - Como empezar a desarrollar aplicaciones serverless
 
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019 Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
 

Ähnlich wie Governance@scale [Portuguese]

AWS Systems Manager: Bridging Operational Models - SRV212 - Chicago AWS Summit
AWS Systems Manager: Bridging Operational Models - SRV212 - Chicago AWS SummitAWS Systems Manager: Bridging Operational Models - SRV212 - Chicago AWS Summit
AWS Systems Manager: Bridging Operational Models - SRV212 - Chicago AWS SummitAmazon Web Services
 
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...Amazon Web Services
 
AWS Systems Manage: Bridging Operational Models
AWS Systems Manage: Bridging Operational Models AWS Systems Manage: Bridging Operational Models
AWS Systems Manage: Bridging Operational Models Amazon Web Services
 
The Future of Enterprise IT - Lessons Learned
The Future of Enterprise IT - Lessons LearnedThe Future of Enterprise IT - Lessons Learned
The Future of Enterprise IT - Lessons LearnedAmazon Web Services
 
Transforming Enterprise IT - AWS Transformation Day Boston 2018
Transforming Enterprise IT - AWS Transformation Day Boston 2018Transforming Enterprise IT - AWS Transformation Day Boston 2018
Transforming Enterprise IT - AWS Transformation Day Boston 2018Amazon Web Services
 
Hitchhiker's Guide to Cloud Ops
Hitchhiker's Guide to Cloud Ops Hitchhiker's Guide to Cloud Ops
Hitchhiker's Guide to Cloud Ops Amazon Web Services
 
Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018
Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018
Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018Amazon Web Services
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Amazon Web Services
 
So You Want to be Well-Architected?
So You Want to be Well-Architected?So You Want to be Well-Architected?
So You Want to be Well-Architected?Amazon Web Services
 
Transforming Enterprise IT - AWS Transformation Day: Santa Clara 2018
Transforming Enterprise IT - AWS Transformation Day: Santa Clara 2018Transforming Enterprise IT - AWS Transformation Day: Santa Clara 2018
Transforming Enterprise IT - AWS Transformation Day: Santa Clara 2018Amazon Web Services
 
AWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_SingaporeAWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_SingaporeAmazon Web Services
 
Landing zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsLanding zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsAli Asgar Juzer
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Amazon Web Services
 
Cloud Migration Insights Forum, Sydney
Cloud Migration Insights Forum, SydneyCloud Migration Insights Forum, Sydney
Cloud Migration Insights Forum, SydneyAmazon Web Services
 
Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...
Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...
Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...Amazon Web Services
 
Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...
Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...
Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...Amazon Web Services
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
 

Ähnlich wie Governance@scale [Portuguese] (20)

AWS Systems Manager: Bridging Operational Models - SRV212 - Chicago AWS Summit
AWS Systems Manager: Bridging Operational Models - SRV212 - Chicago AWS SummitAWS Systems Manager: Bridging Operational Models - SRV212 - Chicago AWS Summit
AWS Systems Manager: Bridging Operational Models - SRV212 - Chicago AWS Summit
 
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
 
AWS Systems Manage: Bridging Operational Models
AWS Systems Manage: Bridging Operational Models AWS Systems Manage: Bridging Operational Models
AWS Systems Manage: Bridging Operational Models
 
The Future of Enterprise IT - Lessons Learned
The Future of Enterprise IT - Lessons LearnedThe Future of Enterprise IT - Lessons Learned
The Future of Enterprise IT - Lessons Learned
 
Transforming Enterprise IT - AWS Transformation Day Boston 2018
Transforming Enterprise IT - AWS Transformation Day Boston 2018Transforming Enterprise IT - AWS Transformation Day Boston 2018
Transforming Enterprise IT - AWS Transformation Day Boston 2018
 
Hitchhiker's Guide to Cloud Ops
Hitchhiker's Guide to Cloud Ops Hitchhiker's Guide to Cloud Ops
Hitchhiker's Guide to Cloud Ops
 
Cheat your Way into the Cloud
Cheat your Way into the CloudCheat your Way into the Cloud
Cheat your Way into the Cloud
 
Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018
Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018
Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
 
So You Want to be Well-Architected?
So You Want to be Well-Architected?So You Want to be Well-Architected?
So You Want to be Well-Architected?
 
Transforming Enterprise IT - AWS Transformation Day: Santa Clara 2018
Transforming Enterprise IT - AWS Transformation Day: Santa Clara 2018Transforming Enterprise IT - AWS Transformation Day: Santa Clara 2018
Transforming Enterprise IT - AWS Transformation Day: Santa Clara 2018
 
AWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_SingaporeAWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_Singapore
 
Landing zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsLanding zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS Migrations
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
 
Cloud Migration Insights Forum, Sydney
Cloud Migration Insights Forum, SydneyCloud Migration Insights Forum, Sydney
Cloud Migration Insights Forum, Sydney
 
Getting started with AWS
Getting started with AWSGetting started with AWS
Getting started with AWS
 
Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...
Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...
Governance@scale - Governance of Multi-Account, Large-Scale AWS Environments ...
 
AWSome Day Online Keynote
AWSome Day Online KeynoteAWSome Day Online Keynote
AWSome Day Online Keynote
 
Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...
Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...
Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Governance@scale [Portuguese]

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Mv – Marcus Vinicius Ferreira, Sr. SA, Public Sector Governance@Scale Governança em Escala: Implementando Governança com AWS
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Mv (mvferr@amazon.com) Marcus Vinicius Ferreira Sr. SA, Public Sector, Education Mv
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Como AWS pode colaborar para uma maior governança e melhor segurança e ainda garantindo inovação em escala? Desafio
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão Conteúdo
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços Fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão Conteúdo
  • 6. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS: segurança: serviços Virtual Private Cloud Isolated cloud resources Web Application Firewall Filter Malicious Web Traffic Shield DDoS protection Certificate Manager Provision, manage, and deploy SSL/TSL certificates Key Management Service Manage creation and control of encryption keys CloudHSM Hardware-based key storage Server-Side Encryption Flexible data encryption options IAM Manage user access and encryption keys SAML Federation SAML 2.0 support to allow on-prem identity integration Directory Service Host and manage Microsoft Active Directory Organizations Manage settings for multiple accounts Service Catalog Create and use standardized products Config Track resource inventory and changes CloudTrail Track user activity and API usage CloudWatch Monitor resources and applications Inspector Analyze application security Artifact Self-service for AWS’ compliance reports Networking Encryption Identity & Management Compliance
  • 7. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS: segurança: recursos AWS CloudFormation Amazon CloudWatch AWS Config Config Rules AWS CloudTrail CloudWatch Events Manual configuration Root MFA Alternate contacts IAM Managed Policies Roles Security questions Amazon VPC VPC peering Flow logs Amazon Inspector Amazon Systems Manager
  • 8. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços Fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão Conteúdo
  • 9. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality Risk of change Workloads Classify workloads based on impact Higher-impact workloads are more likely to be in accounts managed by central or departmental IT groups and will have more security controls. Lower-impact accounts still have basic security controls, but can be issued freely to end users for test, development, or low impact research and production workloads.
  • 10. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Risk of change Confidentiality Individual dev/test Web/digital Critical apps Sensitive apps Team dev/test Low-risk apps Exploratory research/analytics Data science dev/test Classify workloads based on impact
  • 11. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Risk of change Confidentiality Classify workloads based on impact
  • 12. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality Risk of change Classify workloads based on impact
  • 13. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Impact levelLESS IMPACT MORE IMPACT Controls Controles de seguraça progressivos Low Medium Medium Medium-High High
  • 14. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multiple accounts: separation by security risk
  • 15. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Antipattern: Conflating classification and network zone Push back on: • Classifications on proximity to the Internet • Different tiers (app, db) of the same app in different zones Advocate for: • Classification that follows the data • Different tiers (app, db) of the same app in same account
  • 16. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços Fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão Conteúdo
  • 17. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. AD Services: Identity domains Directory services AWS IAM Database authentication Application authentication Local users
  • 18. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Corporate Data Center Browser interface Identity Store AD Services: Identity and Access Management Federation Integration AD Group Identity and authentication Mapping to specific IAM role with access policy Access to AWS http://docs.aws.amazon.com/directoryservice/latest/admin-guide/manage_apps_services.html
  • 19. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identities and Access Control Example user types with corresponding access policies IAM Master Create policies IAM Manager Assign policies Audit read-only Access Managers Architect Create landscapes Storage Design and build Network Design and buildDesign DevOps API Access App Owner Landscape owner Application Owners Billing Support UserOther Network Admin Administrator Service Catalog Administrators Managed policies for job functions: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html Database Admin IAM Roles AD Groups
  • 20. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auth/ LDAP Auth/ LDAP DB RDS for SQL Server Availability Zone Private Subnet 10.0.2.0/24 APPWEB App Server IIS Server Availability Zone Private Subnet 10.0.3.0/24 APPWEB App Server IIS Server Remote Users/Admins Domain Controllers Corporate data center Reference Architecture: AWS Microsoft AD DB RDS SQL Server AWS Managed Services AWS Managed Services Domain Controller DC Domain Controller Trust Application Auth/ LDAP VPN Direct Connect AD Managed AD Managed AD
  • 21. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Directory Services AWS Microsoft AD Actual Microsoft Active Directory for AWS workloads. Simple AD AD Connector Stand-alone, AD compatible directory with common directory features. Proxy service for connecting your on- premises AD to AWS. Amazon CognitoAmazon Cloud Directory Sign-up and sign-in for web and mobile apps. Specialized store for hierarchical data.
  • 22. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Directory Services AWS Microsoft AD Actual Microsoft Active Directory for AWS workloads. Simple AD AD Connector Stand-alone, AD compatible directory with common directory features. Proxy service for connecting your on- premises AD to AWS. Amazon CognitoAmazon Cloud Directory Sign-up and sign-in for web and mobile apps. Specialized store for hierarchical data.
  • 23. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços Fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão Conteúdo
  • 24. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Account per Biz Cap Dev Team Analytics Team 1 Database Team 7 Infra Team Capital Markets UX Team New App Dev Team DevOpsTeam Random Contractor SecOps Auditor Admin
  • 25. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Accounts and Cost Centers Projects Management Upper Management Senior Leadership Executive CXO VP Director Manager Manager Director Manager VP Director Manager Manager Project 1 Project 2 Project 3 Project 4 Project 5 Project 6 Project 7 $ $ $ $$ $ $ $ $ $ $ $$ $ $ $ $ $
  • 26. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Organizations
  • 27. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços Fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão Conteúdo
  • 28. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Landing Zone
  • 29. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Landing Zone
  • 30. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Landing Zone Analytics Team 1 Database Team 7 Infra Team Capital Markets UX Team New App Dev Team DevOpsTeam Random Contractor SecOps Auditor Admin
  • 31. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Account Strategy: AWS Landing Zone • Landing Zone • automação de multiple-accounts • controle de custos via AWS Organizations • controles de segurança centralizados: AD, logging, transit-VPC
  • 32. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serviços Fundamentais: core capabilities Estratégia: classificando workloads Estratégia: gerenciamento de identidades Estratégia: separando por custo Best Practice: AWS Landing Zone Conclusão
  • 33. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Conclusão: Governança em Scala • Estratégia: Multiple Accounts • separação por nível de risco em segurança • separação por custo, centro de custo, projeto • gerenciamento de identidades via AD • Escala • automação via AWS Landing Zones
  • 34. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Perguntas?
  • 35. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Obrigado! Mv (mvferr@amazon.com) Marcus Vinicius Ferreira Sr. SA, Public Sector, Education