1 / 29

AWS Security Best Practices For the Three Layers of Compute

AWS Security Best Practices For the Three Layers of Compute. Anand Iyer | Principal Solutions Architect. Three Layers of Compute. Virtual server instances in the cloud. Three Layers of Compute. Virtual server instances in the cloud. Services for running Docker containers.

mhuie
Télécharger la présentation

AWS Security Best Practices For the Three Layers of Compute

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AWS SecurityBest PracticesFor the Three Layers of Compute Anand Iyer | Principal Solutions Architect

  2. Three Layers of Compute.. Virtual server instances in the cloud

  3. Three Layers of Compute.. Virtual server instances in the cloud Services for running Dockercontainers

  4. Three Layers of Compute.. Virtual server instances in the cloud Services for running Dockercontainers Serverless execution in response to events

  5. AWS Security Services (Preventative) AWS Identity and Access Management AWS Shield AWS Key Management Service AWS WAF AWS Control Tower AWS Well-Architected Tool

  6. AWS Security Services (Preventative) AWS Identity and Access Management AWS Shield AWS Key Management Service AWS WAF AWS Control Tower AWS Well-Architected Tool

  7. AWS Security Services (Preventative) AWS Identity and Access Management AWS Shield AWS Key Management Service AWS WAF AWS Control Tower AWS Well-Architected Tool

  8. AWS Security Services (Preventative) AWS Identity and Access Management AWS Shield AWS Key Management Service AWS WAF AWS Control Tower AWS Well-Architected Tool

  9. AWS Security Services (Detective) AWS Security Hub AWS Config Amazon GuardDuty Amazon CloudWatch AWS CloudTrail AWS Trusted Advisor

  10. AWS Security Services (Detective) AWS Security Hub AWS Config Amazon GuardDuty Amazon CloudWatch AWS CloudTrail AWS Trusted Advisor

  11. AWS Security Services (Detective) AWS Security Hub AWS Config Amazon GuardDuty Amazon CloudWatch AWS CloudTrail AWS Trusted Advisor

  12. AWS Security Services (Detective) AWS Security Hub AWS Config Amazon GuardDuty Amazon CloudWatch AWS CloudTrail AWS Trusted Advisor

  13. AWS Security Services (Detective) AWS Security Hub AWS Config Amazon GuardDuty Amazon CloudWatch AWS CloudTrail AWS Trusted Advisor

  14. Other Security Activities (App Layer)

  15. The Things AWS Isn’t Doing • Protect your customer data and applications with • Configuration of access controls • Configuring encryption • Application monitoring • Intrusion detection/prevention • Application runtime analysis • Backups • Disaster Recovery

  16. Infrastructure Services Virtual server instances in the cloud Services for running Dockercontainers Serverless execution in response to events

  17. Shared Security Model (Infra Services) • Examples: Amazon EC2, Amazon EBS, and Amazon VPC Managed By AWS Customers Customer IAM Customer Data Platform & Application Management Operating System, Network & Firewall Configuration Client-side encryption Data integrity Authentication Server-side encryption File system and/or data Network traffic protection Encryption, integrity, identity (Optional) Opaque Data: 0s and 1s Foundation Services Managed By Amazon Web Services AWS Endpoints AWS IAM Compute Storage Databases Networking AWS Global Infrastructure Regions Availability Zones Edge Locations

  18. AWS Security Services for Infrastructure Amazon EC2 Auto Scaling AWS Config AWS OpsWorks Amazon GuardDuty AWS Systems Manager AWS Well-Architected Tool

  19. Container Services Virtual server instances in the cloud Services for running Dockercontainers Serverless execution in response to events

  20. Shared Security Model (Container Services) • Examples: Amazon ECS, Amazon EKS and AWSFargate Managed By AWS Customers Customer Data Customer IAM Application Management Firewall Configuration Client-side encryption Data integrity Authentication Server-side encryption File system and/or data Network traffic protection Encryption, integrity, identity (Optional) Opaque Data: 0s and 1s Operating System, Network & Platform Management AWS IAM Managed By Amazon Web Services Foundation Services AWS Endpoints Compute Storage Databases Networking AWS Global Infrastructure Regions Availability Zones Edge Locations

  21. Container Services • Select, install, configure, harden, patch, monitor, perform break/fix, upgrade and eventually decommission: • Container assembly • Application dependencies (example: NodeJS packages) • Business application

  22. AWS Security Services for Containers AWS Config AWS OpsWorks Amazon EC2 Auto Scaling Amazon GuardDuty AWS Well-Architected Tool

  23. Abstract / Serverless Services Virtual server instances in the cloud Services for running Dockercontainers Serverless execution in response to events

  24. Shared Security Model (Serverless Services) Examples: AWS Lambda, Amazon S3 and Amazon DynamoDB Managed By AWS Customers AWS IAM Customer Data (Optional) Opaque Data: 0s and 1s Client-side encryption, data integrity and authentication Server-side encryption provided by the platform Managed By Amazon Web Services Network traffic protection provided by the platform Platform & Application Management Operating System, Network & Firewall Configuration Foundation Services AWS Endpoints Compute Storage Databases Networking AWS Global Infrastructure Regions Availability Zones Edge Locations

  25. AWS Security Services for Serverless Amazon GuardDuty AWS Config AWS Well-Architected Tool

  26. High-level Services Are Better Serverless Containers Infrastructure

  27. AWS Security Solutions Detectivecontrol Infrastructuresecurity Dataprotection Incidentresponse Identity AWS Identity & Access Management (IAM) AWS Organizations AWS Cognito AWS Directory Service AWS Single Sign-On AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie Certificate Manager Server Side Encryption AWS Config Rules AWS Lambda AWS Security Hub AWS CloudTrail AWS Config AmazonCloudWatch Amazon GuardDuty VPC Flow Logs AWS Control Tower Amazon EC2Systems Manager AWS Shield AWS Web Application Firewall (WAF) Amazon Inspector Amazon Virtual Private Cloud (VPC)

  28. THANK YOU! Anand Iyer | Principal Solutions Architect, AISPL

More Related