SlideShare ist ein Scribd-Unternehmen logo

AWS Initiate - Landing Zone: Como saber se sua base está preparada

Als PPTX, PDF herunterladen
Amazon Web Services LATAM
Amazon Web Services LATAM

Apresentação utilizada no AWS Initiate Brasília em 17/09/2019

Technologie
1 von 48
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Landing Zone: Como ter certeza que sua Fundação está preparada Landing Zone: How to Ensure Your Foundation is Ready Mv – Marcus Ferreira, Sr. Solutions Architect
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mv – Marcus Vinicius Ferreira mvferr@amazon.com Sr. SolutionsArchitect BR, Public Sector, Education Previous: Oracle, Sun, Abril, Dinda, NubankMv
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Session Agenda Defining the Problem Landing Zone Overview Components of a Landing Zone Next Steps
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Problem Are We Solving?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality Risk of change Workloads Classify workloads based on impact Higher-impact workloads are more likely to be in accounts managed by central or departmental IT groups and will have more security controls. Lower-impact accounts still have basic security controls, but can be issued freely to end users for test, development, or low impact research and production workloads.
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Risk of change Confidentiality Individual dev/test Web/digital Critical apps Sensitive apps Team dev/test Low-risk apps Exploratory research/analytics Data science dev/test Classify workloads based on impact
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Risk of change Confidentiality Classify workloads based on impact
© 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality Risk of change Classify workloads based on impact
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Control What is it that we need?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Components of Landing Zone
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Components of Landing Zone
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is a Landing Zone? H • AWS best practices • AWS account structure • Patterns based • Standards defined • Adaptable foundation • Governance guardrails • Automation driven • Versioned infrastructure
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Components of Landing Zone
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security/Resource Boundary Limits Billing Separation AWS Account
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. DEV PROD HOMOLOG Initial Account Structure
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Limits Why One Isn’t Enough ManyTeams Isolation Security Controls Business Process Billing
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Organizations Organizational Hierarchy Security Policy Billing Visibility Automation Driven
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. DEV PROD INFOSEC LOG Shared SVC Network Landing Zone Account Structure Organization
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Landing Zone structure - basic Amazon S3 Bucket (manifest file) AWS CodePipeline AWS Service Catalog Account Baseline Core OU AWS SSOAWS Organizations AWS Organizations Account Shared Services Account Log Archive Account Account Baseline Security Account Network Baseline Account Baseline Aggregate CloudTrail and Config Logs Account Baseline Security Cross-Account Roles Security Notifications Organizations Account • Account Provisioning • Account Access (SSO) Shared Services Account • Active Directory • Log Analytics Log Archive • Security Logs Security Account • Audit / Break-glass Amazon GuardDuty Master Parameter store Vended Accounts All other Accounts
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM Roles Federation IAM Users Managed Policies KMS Keys Job/Function Based, Cross Account Leverage existing Directory, Map Roles Limit Use, Rotate Keys, Securely Stored, MFA AWS Managed to start, Limit Inline policies CMK Per Service Identity & Access Foundation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Landing Zone structure – with Add-Ons Amazon S3 Bucket (manifest file) AWS CodePipeline AWS Service Catalog Account Baseline Core OU AWS SSOAWS Organizations AWS Organizations Account Shared Services Account Log Archive Account Account Baseline Security Account Network Baseline Account Baseline Aggregate CloudTrail and Config Logs Account Baseline Security Cross-Account Roles Security Notifications Organizations Account • Directory Connector Shared Services Account • Microsoft AD • Centralized Logging Solution Centralized Logging Solution AWS Microsoft AD Directory Connector Amazon GuardDuty Master Parameter store Vended Accounts All other Accounts
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-AZ Public vs. Private Ingress/ Egress points VPC Design
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. DEV PROD HOMOLOG Accounts and VPCs
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Network Paths
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-account Approach: Landing Zone Developer Sandbox Dev Pre-Prod BU/Product/Resource Accounts Developer Accounts Security Enterprise Accounts AWS Organizations Master Billing Tooling Shared Services Sandbox Direct Connect Internal Audit Data Center Logging Prod Shared Services Orgs: Account management Logging: Centralized logs Security: AWS Config Rules, security tools Shared services: Directory, DNS, limit monitoring Billing Tooling: Cost monitoring Sandbox: Experiments Dev: Development Pre-Prod: Staging Prod: Production
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Log Analysis Cloudwatch Events Config Rules GuardDuty Config VPC Flow Logs CloudTrail Data Gathering Analysis / Enforcement Access Logs Continuous Compliance
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Landing Zone structure – Log Archive Amazon S3 Bucket (manifest file) AWS CodePipeline AWS Service Catalog Account Baseline Core OU AWS SSOAWS Organizations AWS Organizations Account Shared Services Account Log Archive Account Account Baseline Security Account Network Baseline Account Baseline Aggregate CloudTrail and Config Logs Account Baseline Security Cross-Account Roles Security Notifications Centralized Logging • S3 • ELK: ElasticSearch, Kibana, et al... Centralized Logging Solution AWS Microsoft AD Directory Connector Amazon GuardDuty Master Parameter store Vended Accounts All other Accounts
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Directory Code RepoMonitoring AMI / EC2 Management Common Shared Services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFormation StackSets Automation & Change Management Service Catalog Pipeline
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Service Catalog Provides Governance We can be thought of as a “launch plane” onto AWS ADMINISTRATION Provisioned products Product Permissions Constraints Users/groups Portfolios CF Templates/productsTagOptions ConstraintsAccounts Cloud Formation Resource launch END-USER
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. DevOps: What is AWS CloudFormation? Declarative programming language for deploying AWS resources. Uses templates and stacks to provision resources. Create, update, and delete a set of resources as a single unit (stack). Create/delete AWS CloudFormation Create/delete AWS resources Template Stack - Basic definition of resources to create - JSON text file - Collection of AWS resources
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Service Catalog Cycle Catalog Instance Pay for UsageSoftware + Gold AMI Customer
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Brand Your Console lets companies insert their own colors and brands into the AWS Service Catalog console D E FA U LT E X P E R I E N C E B R A N D E D E X P E R I E N C E AWSServiceCatalog BrandYourConsole 43
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Next Steps • YouTube: https://www.youtube.com/watch?v=IF-0WFBw2g8 • Engage with your AWS Account Team • Leverage the APN • Check out new the AWS Landing Zone solution • https://aws.amazon.com/answers/aws-landing-zone/
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-Account Strategy: AWS Landing Zone
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-Account Strategy: AWS Landing Zone
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Perguntas?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. mvferr@amazon.com Obrigado!

Empfohlen

AWS Initiate - DevOps do Jeito Amazon
AWS Initiate - DevOps do Jeito AmazonAWS Initiate - DevOps do Jeito Amazon
AWS Initiate - DevOps do Jeito AmazonAmazon Web Services LATAM
 
AWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAmazon Web Services LATAM
 
Tendências na Transformação Digital
Tendências na Transformação DigitalTendências na Transformação Digital
Tendências na Transformação DigitalAmazon Web Services LATAM
 
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...Amazon Web Services LATAM
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesAmazon Web Services
 
AWS Initiate - Transformação Digital Usando Machine Learning
AWS Initiate - Transformação Digital Usando Machine LearningAWS Initiate - Transformação Digital Usando Machine Learning
AWS Initiate - Transformação Digital Usando Machine LearningAmazon Web Services LATAM
 
Becoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseBecoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseAmazon Web Services
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSAmazon Web Services LATAM
 

Empfohlen

AWS Initiate - DevOps do Jeito Amazon
AWS Initiate - DevOps do Jeito AmazonAWS Initiate - DevOps do Jeito Amazon
AWS Initiate - DevOps do Jeito AmazonAmazon Web Services LATAM
 
AWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAmazon Web Services LATAM
 
Tendências na Transformação Digital
Tendências na Transformação DigitalTendências na Transformação Digital
Tendências na Transformação DigitalAmazon Web Services LATAM
 
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...Amazon Web Services LATAM
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesAmazon Web Services
 
AWS Initiate - Transformação Digital Usando Machine Learning
AWS Initiate - Transformação Digital Usando Machine LearningAWS Initiate - Transformação Digital Usando Machine Learning
AWS Initiate - Transformação Digital Usando Machine LearningAmazon Web Services LATAM
 
Becoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseBecoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseAmazon Web Services
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSAmazon Web Services LATAM
 
Machine Learning Key Lessons Learned for Developers
Machine Learning Key Lessons Learned for DevelopersMachine Learning Key Lessons Learned for Developers
Machine Learning Key Lessons Learned for DevelopersAmazon Web Services
 
AWS Initiate Day Mexico City | Sesión Plenaria
AWS Initiate Day Mexico City | Sesión PlenariaAWS Initiate Day Mexico City | Sesión Plenaria
AWS Initiate Day Mexico City | Sesión PlenariaAmazon Web Services LATAM
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework ShakedownAmazon Web Services
 
Landing Zone: Como ter certeza que sua Fundação está preparada
Landing Zone: Como ter certeza que sua Fundação está preparadaLanding Zone: Como ter certeza que sua Fundação está preparada
Landing Zone: Como ter certeza que sua Fundação está preparadaAmazon Web Services LATAM
 
AWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAmazon Web Services
 
Moving to DevOps
Moving to DevOpsMoving to DevOps
Moving to DevOpsAmazon Web Services
 
Amazon SageMaker
Amazon SageMakerAmazon SageMaker
Amazon SageMakerAmazon Web Services
 
Welcome Speech - Peter Moore 공공부문 총괄, AWS 아시아태평양 :: AWS Summit Seoul 2019
Welcome Speech - Peter Moore 공공부문 총괄, AWS 아시아태평양 :: AWS Summit Seoul 2019Welcome Speech - Peter Moore 공공부문 총괄, AWS 아시아태평양 :: AWS Summit Seoul 2019
Welcome Speech - Peter Moore 공공부문 총괄, AWS 아시아태평양 :: AWS Summit Seoul 2019Amazon Web Services Korea
 
The Next Wave of Retailing, An AWS Perspective - Tom Litchford 월드와이드 리테일 사업 개...
The Next Wave of Retailing, An AWS Perspective - Tom Litchford 월드와이드 리테일 사업 개...The Next Wave of Retailing, An AWS Perspective - Tom Litchford 월드와이드 리테일 사업 개...
The Next Wave of Retailing, An AWS Perspective - Tom Litchford 월드와이드 리테일 사업 개...Amazon Web Services Korea
 
Operando em Escala Preparando-se para a jornada
Operando em Escala Preparando-se para a jornadaOperando em Escala Preparando-se para a jornada
Operando em Escala Preparando-se para a jornadaAmazon Web Services LATAM
 
AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAmazon Web Services
 
APN-live-hk-opening
APN-live-hk-openingAPN-live-hk-opening
APN-live-hk-openingAmazon Web Services
 
Drive Digital Transformation Using AI
Drive Digital Transformation Using AIDrive Digital Transformation Using AI
Drive Digital Transformation Using AIAmazon Web Services
 
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...Amazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...Amazon Web Services
 
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...Amazon Web Services Korea
 
클라우드 세상에서 CIO로 살아남기 - 이한주 대표이사, Bespin Global :: AWS Summit Seoul 2019
클라우드 세상에서 CIO로 살아남기 - 이한주 대표이사, Bespin Global :: AWS Summit Seoul 2019클라우드 세상에서 CIO로 살아남기 - 이한주 대표이사, Bespin Global :: AWS Summit Seoul 2019
클라우드 세상에서 CIO로 살아남기 - 이한주 대표이사, Bespin Global :: AWS Summit Seoul 2019Amazon Web Services Korea
 
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfWhat's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Keynote: What Transformation Really Means for the Enterprise - Virtual Transf...
Keynote: What Transformation Really Means for the Enterprise - Virtual Transf...Keynote: What Transformation Really Means for the Enterprise - Virtual Transf...
Keynote: What Transformation Really Means for the Enterprise - Virtual Transf...Amazon Web Services
 
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAmazon Web Services
 
Architecting security & governance across your AWS environment
Architecting security & governance across your AWS environmentArchitecting security & governance across your AWS environment
Architecting security & governance across your AWS environmentAmazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Machine Learning Key Lessons Learned for Developers
Machine Learning Key Lessons Learned for DevelopersMachine Learning Key Lessons Learned for Developers
Machine Learning Key Lessons Learned for DevelopersAmazon Web Services
 
AWS Initiate Day Mexico City | Sesión Plenaria
AWS Initiate Day Mexico City | Sesión PlenariaAWS Initiate Day Mexico City | Sesión Plenaria
AWS Initiate Day Mexico City | Sesión PlenariaAmazon Web Services LATAM
 
Landing Zone: Como ter certeza que sua Fundação está preparada
Landing Zone: Como ter certeza que sua Fundação está preparadaLanding Zone: Como ter certeza que sua Fundação está preparada
Landing Zone: Como ter certeza que sua Fundação está preparadaAmazon Web Services LATAM
 
AWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAmazon Web Services
 
Welcome Speech - Peter Moore 공공부문 총괄, AWS 아시아태평양 :: AWS Summit Seoul 2019
Welcome Speech - Peter Moore 공공부문 총괄, AWS 아시아태평양 :: AWS Summit Seoul 2019Welcome Speech - Peter Moore 공공부문 총괄, AWS 아시아태평양 :: AWS Summit Seoul 2019
Welcome Speech - Peter Moore 공공부문 총괄, AWS 아시아태평양 :: AWS Summit Seoul 2019Amazon Web Services Korea
 
The Next Wave of Retailing, An AWS Perspective - Tom Litchford 월드와이드 리테일 사업 개...
The Next Wave of Retailing, An AWS Perspective - Tom Litchford 월드와이드 리테일 사업 개...The Next Wave of Retailing, An AWS Perspective - Tom Litchford 월드와이드 리테일 사업 개...
The Next Wave of Retailing, An AWS Perspective - Tom Litchford 월드와이드 리테일 사업 개...Amazon Web Services Korea
 
Operando em Escala Preparando-se para a jornada
Operando em Escala Preparando-se para a jornadaOperando em Escala Preparando-se para a jornada
Operando em Escala Preparando-se para a jornadaAmazon Web Services LATAM
 
AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAmazon Web Services
 
Drive Digital Transformation Using AI
Drive Digital Transformation Using AIDrive Digital Transformation Using AI
Drive Digital Transformation Using AIAmazon Web Services
 
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...Amazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...Amazon Web Services
 
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...Amazon Web Services Korea
 
클라우드 세상에서 CIO로 살아남기 - 이한주 대표이사, Bespin Global :: AWS Summit Seoul 2019
클라우드 세상에서 CIO로 살아남기 - 이한주 대표이사, Bespin Global :: AWS Summit Seoul 2019클라우드 세상에서 CIO로 살아남기 - 이한주 대표이사, Bespin Global :: AWS Summit Seoul 2019
클라우드 세상에서 CIO로 살아남기 - 이한주 대표이사, Bespin Global :: AWS Summit Seoul 2019Amazon Web Services Korea
 
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfWhat's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Keynote: What Transformation Really Means for the Enterprise - Virtual Transf...
Keynote: What Transformation Really Means for the Enterprise - Virtual Transf...Keynote: What Transformation Really Means for the Enterprise - Virtual Transf...
Keynote: What Transformation Really Means for the Enterprise - Virtual Transf...Amazon Web Services
 

Was ist angesagt? (20)

Machine Learning Key Lessons Learned for Developers
Machine Learning Key Lessons Learned for DevelopersMachine Learning Key Lessons Learned for Developers
Machine Learning Key Lessons Learned for Developers
 
AWS Initiate Day Mexico City | Sesión Plenaria
AWS Initiate Day Mexico City | Sesión PlenariaAWS Initiate Day Mexico City | Sesión Plenaria
AWS Initiate Day Mexico City | Sesión Plenaria
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework Shakedown
 
Landing Zone: Como ter certeza que sua Fundação está preparada
Landing Zone: Como ter certeza que sua Fundação está preparadaLanding Zone: Como ter certeza que sua Fundação está preparada
Landing Zone: Como ter certeza que sua Fundação está preparada
 
AWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
 
Moving to DevOps
Moving to DevOpsMoving to DevOps
Moving to DevOps
 
Amazon SageMaker
Amazon SageMakerAmazon SageMaker
Amazon SageMaker
 
Welcome Speech - Peter Moore 공공부문 총괄, AWS 아시아태평양 :: AWS Summit Seoul 2019
Welcome Speech - Peter Moore 공공부문 총괄, AWS 아시아태평양 :: AWS Summit Seoul 2019Welcome Speech - Peter Moore 공공부문 총괄, AWS 아시아태평양 :: AWS Summit Seoul 2019
Welcome Speech - Peter Moore 공공부문 총괄, AWS 아시아태평양 :: AWS Summit Seoul 2019
 
The Next Wave of Retailing, An AWS Perspective - Tom Litchford 월드와이드 리테일 사업 개...
The Next Wave of Retailing, An AWS Perspective - Tom Litchford 월드와이드 리테일 사업 개...The Next Wave of Retailing, An AWS Perspective - Tom Litchford 월드와이드 리테일 사업 개...
The Next Wave of Retailing, An AWS Perspective - Tom Litchford 월드와이드 리테일 사업 개...
 
Operando em Escala Preparando-se para a jornada
Operando em Escala Preparando-se para a jornadaOperando em Escala Preparando-se para a jornada
Operando em Escala Preparando-se para a jornada
 
AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
 
APN-live-hk-opening
APN-live-hk-openingAPN-live-hk-opening
APN-live-hk-opening
 
Drive Digital Transformation Using AI
Drive Digital Transformation Using AIDrive Digital Transformation Using AI
Drive Digital Transformation Using AI
 
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
 
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
 
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
 
클라우드 세상에서 CIO로 살아남기 - 이한주 대표이사, Bespin Global :: AWS Summit Seoul 2019
클라우드 세상에서 CIO로 살아남기 - 이한주 대표이사, Bespin Global :: AWS Summit Seoul 2019클라우드 세상에서 CIO로 살아남기 - 이한주 대표이사, Bespin Global :: AWS Summit Seoul 2019
클라우드 세상에서 CIO로 살아남기 - 이한주 대표이사, Bespin Global :: AWS Summit Seoul 2019
 
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfWhat's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
 
Keynote: What Transformation Really Means for the Enterprise - Virtual Transf...
Keynote: What Transformation Really Means for the Enterprise - Virtual Transf...Keynote: What Transformation Really Means for the Enterprise - Virtual Transf...
Keynote: What Transformation Really Means for the Enterprise - Virtual Transf...
 

Ähnlich wie AWS Initiate - Landing Zone: Como saber se sua base está preparada

AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAmazon Web Services
 
Architecting security & governance across your AWS environment
Architecting security & governance across your AWS environmentArchitecting security & governance across your AWS environment
Architecting security & governance across your AWS environmentAmazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Control your cloud environment with AWS management tools
Control your cloud environment with AWS management toolsControl your cloud environment with AWS management tools
Control your cloud environment with AWS management toolsAmazon Web Services
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
 
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summits
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Amazon Web Services
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Amazon Web Services
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...Amazon Web Services
 
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitThreat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitAmazon Web Services
 
以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構Amazon Web Services
 
AWS re:Invent Comes to London 2019 - Management Tools
AWS re:Invent Comes to London 2019 - Management ToolsAWS re:Invent Comes to London 2019 - Management Tools
AWS re:Invent Comes to London 2019 - Management ToolsAmazon Web Services
 
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitThreat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitAmazon Web Services
 

Ähnlich wie AWS Initiate - Landing Zone: Como saber se sua base está preparada (20)

AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
 
Architecting security & governance across your AWS environment
Architecting security & governance across your AWS environmentArchitecting security & governance across your AWS environment
Architecting security & governance across your AWS environment
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
 
Control your cloud environment with AWS management tools
Control your cloud environment with AWS management toolsControl your cloud environment with AWS management tools
Control your cloud environment with AWS management tools
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
 
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
 
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitThreat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構
 
AWS re:Invent Comes to London 2019 - Management Tools
AWS re:Invent Comes to London 2019 - Management ToolsAWS re:Invent Comes to London 2019 - Management Tools
AWS re:Invent Comes to London 2019 - Management Tools
 
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitThreat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
 

Mehr von Amazon Web Services LATAM

AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAmazon Web Services LATAM
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAmazon Web Services LATAM
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAmazon Web Services LATAM
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAmazon Web Services LATAM
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.Amazon Web Services LATAM
 
Automatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAutomatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAmazon Web Services LATAM
 
Automatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWSAutomatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWSAmazon Web Services LATAM
 
Ransomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWSRansomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWSAmazon Web Services LATAM
 
Ransomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWSRansomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWSAmazon Web Services LATAM
 
Aprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWSAprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWSAmazon Web Services LATAM
 
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWSAprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWSAmazon Web Services LATAM
 
Cómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administradosCómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administradosAmazon Web Services LATAM
 
Os benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWSOs benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWSAmazon Web Services LATAM
 

Mehr von Amazon Web Services LATAM (20)

AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
 
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
 
Automatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAutomatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWS
 
Automatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWSAutomatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWS
 
Cómo empezar con Amazon EKS
Cómo empezar con Amazon EKSCómo empezar con Amazon EKS
Cómo empezar con Amazon EKS
 
Como começar com Amazon EKS
Como começar com Amazon EKSComo começar com Amazon EKS
Como começar com Amazon EKS
 
Ransomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWSRansomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWS
 
Ransomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWSRansomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWS
 
Ransomware: Estratégias de Mitigação
Ransomware: Estratégias de MitigaçãoRansomware: Estratégias de Mitigação
Ransomware: Estratégias de Mitigação
 
Ransomware: Estratégias de Mitigación
Ransomware: Estratégias de MitigaciónRansomware: Estratégias de Mitigación
Ransomware: Estratégias de Mitigación
 
Aprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWSAprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWS
 
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWSAprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
 
Cómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administradosCómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administrados
 
Simplifique su BI con AWS
Simplifique su BI con AWSSimplifique su BI con AWS
Simplifique su BI con AWS
 
Simplifique o seu BI com a AWS
Simplifique o seu BI com a AWSSimplifique o seu BI com a AWS
Simplifique o seu BI com a AWS
 
Os benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWSOs benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWS
 

Kürzlich hochgeladen

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 

Kürzlich hochgeladen (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 

AWS Initiate - Landing Zone: Como saber se sua base está preparada

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Landing Zone: Como ter certeza que sua Fundação está preparada Landing Zone: How to Ensure Your Foundation is Ready Mv – Marcus Ferreira, Sr. Solutions Architect
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mv – Marcus Vinicius Ferreira mvferr@amazon.com Sr. SolutionsArchitect BR, Public Sector, Education Previous: Oracle, Sun, Abril, Dinda, NubankMv
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Session Agenda Defining the Problem Landing Zone Overview Components of a Landing Zone Next Steps
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What Problem Are We Solving?
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 8. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality Risk of change Workloads Classify workloads based on impact Higher-impact workloads are more likely to be in accounts managed by central or departmental IT groups and will have more security controls. Lower-impact accounts still have basic security controls, but can be issued freely to end users for test, development, or low impact research and production workloads.
  • 9. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Risk of change Confidentiality Individual dev/test Web/digital Critical apps Sensitive apps Team dev/test Low-risk apps Exploratory research/analytics Data science dev/test Classify workloads based on impact
  • 10. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Risk of change Confidentiality Classify workloads based on impact
  • 11. © 2018 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality Risk of change Classify workloads based on impact
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Control What is it that we need?
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Components of Landing Zone
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Components of Landing Zone
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is a Landing Zone? H • AWS best practices • AWS account structure • Patterns based • Standards defined • Adaptable foundation • Governance guardrails • Automation driven • Versioned infrastructure
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Components of Landing Zone
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security/Resource Boundary Limits Billing Separation AWS Account
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. DEV PROD HOMOLOG Initial Account Structure
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Limits Why One Isn’t Enough ManyTeams Isolation Security Controls Business Process Billing
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Organizations Organizational Hierarchy Security Policy Billing Visibility Automation Driven
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. DEV PROD INFOSEC LOG Shared SVC Network Landing Zone Account Structure Organization
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Landing Zone structure - basic Amazon S3 Bucket (manifest file) AWS CodePipeline AWS Service Catalog Account Baseline Core OU AWS SSOAWS Organizations AWS Organizations Account Shared Services Account Log Archive Account Account Baseline Security Account Network Baseline Account Baseline Aggregate CloudTrail and Config Logs Account Baseline Security Cross-Account Roles Security Notifications Organizations Account • Account Provisioning • Account Access (SSO) Shared Services Account • Active Directory • Log Analytics Log Archive • Security Logs Security Account • Audit / Break-glass Amazon GuardDuty Master Parameter store Vended Accounts All other Accounts
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM Roles Federation IAM Users Managed Policies KMS Keys Job/Function Based, Cross Account Leverage existing Directory, Map Roles Limit Use, Rotate Keys, Securely Stored, MFA AWS Managed to start, Limit Inline policies CMK Per Service Identity & Access Foundation
  • 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Landing Zone structure – with Add-Ons Amazon S3 Bucket (manifest file) AWS CodePipeline AWS Service Catalog Account Baseline Core OU AWS SSOAWS Organizations AWS Organizations Account Shared Services Account Log Archive Account Account Baseline Security Account Network Baseline Account Baseline Aggregate CloudTrail and Config Logs Account Baseline Security Cross-Account Roles Security Notifications Organizations Account • Directory Connector Shared Services Account • Microsoft AD • Centralized Logging Solution Centralized Logging Solution AWS Microsoft AD Directory Connector Amazon GuardDuty Master Parameter store Vended Accounts All other Accounts
  • 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-AZ Public vs. Private Ingress/ Egress points VPC Design
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. DEV PROD HOMOLOG Accounts and VPCs
  • 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Network Paths
  • 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-account Approach: Landing Zone Developer Sandbox Dev Pre-Prod BU/Product/Resource Accounts Developer Accounts Security Enterprise Accounts AWS Organizations Master Billing Tooling Shared Services Sandbox Direct Connect Internal Audit Data Center Logging Prod Shared Services Orgs: Account management Logging: Centralized logs Security: AWS Config Rules, security tools Shared services: Directory, DNS, limit monitoring Billing Tooling: Cost monitoring Sandbox: Experiments Dev: Development Pre-Prod: Staging Prod: Production
  • 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Log Analysis Cloudwatch Events Config Rules GuardDuty Config VPC Flow Logs CloudTrail Data Gathering Analysis / Enforcement Access Logs Continuous Compliance
  • 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Landing Zone structure – Log Archive Amazon S3 Bucket (manifest file) AWS CodePipeline AWS Service Catalog Account Baseline Core OU AWS SSOAWS Organizations AWS Organizations Account Shared Services Account Log Archive Account Account Baseline Security Account Network Baseline Account Baseline Aggregate CloudTrail and Config Logs Account Baseline Security Cross-Account Roles Security Notifications Centralized Logging • S3 • ELK: ElasticSearch, Kibana, et al... Centralized Logging Solution AWS Microsoft AD Directory Connector Amazon GuardDuty Master Parameter store Vended Accounts All other Accounts
  • 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Directory Code RepoMonitoring AMI / EC2 Management Common Shared Services
  • 38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account Structure Network Design Identity / Access Components of Landing Zone Security / Visibility Shared Services Automation / Change
  • 39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFormation StackSets Automation & Change Management Service Catalog Pipeline
  • 40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Service Catalog Provides Governance We can be thought of as a “launch plane” onto AWS ADMINISTRATION Provisioned products Product Permissions Constraints Users/groups Portfolios CF Templates/productsTagOptions ConstraintsAccounts Cloud Formation Resource launch END-USER
  • 41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. DevOps: What is AWS CloudFormation? Declarative programming language for deploying AWS resources. Uses templates and stacks to provision resources. Create, update, and delete a set of resources as a single unit (stack). Create/delete AWS CloudFormation Create/delete AWS resources Template Stack - Basic definition of resources to create - JSON text file - Collection of AWS resources
  • 42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Service Catalog Cycle Catalog Instance Pay for UsageSoftware + Gold AMI Customer
  • 43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Brand Your Console lets companies insert their own colors and brands into the AWS Service Catalog console D E FA U LT E X P E R I E N C E B R A N D E D E X P E R I E N C E AWSServiceCatalog BrandYourConsole 43
  • 44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Next Steps • YouTube: https://www.youtube.com/watch?v=IF-0WFBw2g8 • Engage with your AWS Account Team • Leverage the APN • Check out new the AWS Landing Zone solution • https://aws.amazon.com/answers/aws-landing-zone/
  • 45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-Account Strategy: AWS Landing Zone
  • 46. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-Account Strategy: AWS Landing Zone
  • 47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Perguntas?
  • 48. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. mvferr@amazon.com Obrigado!

Hinweis der Redaktion

  1. https://www.istockphoto.com/photo/traffic-lights-gm671167014-122997487
  2. https://www.istockphoto.com/photo/eggs-gm145831917-5551969 Inconsistency starts to rear its head. Different groups are doing things differently
  3. Resulting in a big ball of Spaghetti.
  4. What you are lacking is the feeling of Control. We don’t want to be in the way of making progress, but we have to be in Control of what is being deployed. The Concept of a Landing Zone does just that.
  5. Landing Zones are a culmination of AWS Best practices that have been identified over the years in our work with customers. Identify and define the Patterns and Standards that you want to build to. This will drive consistency as well as help you to define the Preventative and Corresponding Detective/Responsive controls you have in place for your Organization's Security & Compliance Directives. Defining and building your Governance posture into your infrastructure allows you to strike the balance of Speed/Agilty/Autonomy but with the must have Guardrails in place. When you provision a new account, VPC, application, what are your must haves? This will change over time, so incorporate those lessons learned into your evolving baseline. Treating your infrastructure and associate baseline as version code allows you to consistently maintain your quality and governance standards. Adopting Automation into your Change/Configuration methods is critical. AWS provides some powerful capabilities in this area, but yours may work just fine as well.
  6. Core Accounts Organizations Master account: AWS Organizations enabled with governance over three additional Core Accounts - Security, Shared Services, Logging. Security account: The Security account creates auditor (read-only) and administrator (full-access) cross-account roles from a Security account to all AWS Landing Zone managed accounts. The intent of these roles is to be used by security and compliance team operational tooling to audit (such as hosting custom AWS Config Rule lambda functions) or perform automated security operations (such as perform automated remediation actions). As a result, we strongly recommend that this account be restricted to authorized security and compliance personnel, and their related security or audit tools. Shared services account: a core shared services account will be created for hosting landing zone infrastructure dependencies. Log archive account: a dedicated account for securely storing logs for archiving and forensic activities Service Catalog enabled as 'Account Vending Machine' with a Minimally Secured Account product already configured and ready to deploy Account Security AWS CloudTrail with remote trail logging to the an S3 bucket in the central logging account AWS Config and configuring configuration logging to an S3 bucket in the central logging account Provision security account audit and administrative access (Admin and Read Only roles in Security account and execution roles in all other accounts) Configure account security SNS notifications Amazon GuardDuty Master to view and manage Amazon GuardDuty findings from security and their member accounts Network Security Deletes the default VPC in all regions Logging Centralized location for log storage Data Security Enables Config Rules for monitoring EBS volume encryption
  7. Organizations Account: Option for Directory Connector Add-On Amazon Elasticsearch Service integration Kibana-based log reporting and analysis AWS CloudTrail Amazon VPC Flow Logs Amazon CloudWatch Logs (Apache web server, Common Log Format, Space Delimited, JSON Account Security Option for Microsoft AD Add-On Option for Centralized Logging Add-On
  8. That icon is stacksets
  9. Organizations Account: Option for Directory Connector Add-On Amazon Elasticsearch Service integration Kibana-based log reporting and analysis AWS CloudTrail Amazon VPC Flow Logs Amazon CloudWatch Logs (Apache web server, Common Log Format, Space Delimited, JSON Account Security Option for Microsoft AD Add-On Option for Centralized Logging Add-On
  10. AWS CloudFormation enables you to create and provision AWS infrastructure deployments in a predictable, repeatable, and automated fashion. You can create templates for the service or application architectures you want and then have  AWS CloudFormation use those templates for quick and reliable provisioning of the services or applications (called “stacks”). When you use AWS CloudFormation, you work with templates and stacks.   An AWS CloudFormation template is a JSON text file used to describe the AWS resources and their properties in your infrastructure. For example, in a template, you can describe an Amazon EC2 instance, such as the instance type, the AMI ID, block device mappings, and its Amazon EC2 key pair name. You use these templates to create a stack. A stack is a collection of AWS resources that has been created from a template. You may provision (create) a stack numerous times.   When a stack is provisioned, the AWS resources specified by its template are created. Any AWS usage changes  incurred from using these services will start accruing as they are created as part of the AWS CloudFormation stack. When a stack is deleted, the resources associated with the stack are deleted. The order of deletion is determined by AWS CloudFormation; you do not have direct control over what gets deleted when.
  11. Private Image Build enables customers to build and run private custom Amazon Machine Images (AMIs) that combine their “gold images” with installable packages provided by AWS Marketplace software vendors. This helps customers comply with their own specific IT policies and server hardening requirements while still taking advantage of all the conveniences of AWS Marketplace, including consolidated AWS billing, AWS Marketplace pricing and licensing models, and rapid, automated deployment