SlideShare une entreprise Scribd logo

Security in the AWS Cloud - Steve Riley

Amazon Web Services
Amazon Web Services

This document discusses security in the AWS cloud. It outlines the various AWS services like S3, EC2, VPC and how security groups can be used to restrict access between tiers (web, application, database). It also mentions that AWS provides strong security through control of physical infrastructure, access controls, audits and compliance with regulations like HIPAA and SOX. Customer data is protected and isolated from other customers.

Technologie
1  sur  22
Securityin theAWS Cloud Steve Rileysteriley@amazon.com@steveriley@awscloud http://stvrly.wordpress.com
Amazon Web Services Amazon CloudFront
Amazon S3 Amazon SimpleDB Amazon RDS (multi AZ) Amazon EBS Amazon RDS (one AZ) Amazon EC2 ++ ++ ++
Customer 1 Customer 2 Customern … Customer only SSH, ID/pw, X.509 Root/admin control Customer 1virtual interfaces Customer 2virtual interfaces Customernvirtual interfaces … Customer only Inbound flows Default deny Hypervisor layer Customer 1securitygroups Customer 2securitygroups Customernsecurity groups … AWS firewall AWS admins only SSH via bastions Audits reviewed Physical interfaces
0 / 0 / 0 / 0 / 0 / 0 / 0 / 0 / 0 / 0 0 / / 0 / 0 / 0 / 0 0 / /
Web tier Application tier Database tier HTTP/HTTPS from Internet SSH/RDP management from corpnet SSH/RDP management from corpnet, vendor SSH/RDP management from corpnet
ec2-authorize WebSG -P tcp -p 80 -s 0.0.0.0/0 ec2-authorize WebSG -P tcp -p 443 -s 0.0.0.0/0 ec2-authorize WebSG-P tcp-p 22|3389-s CorpNet ec2-authorize AppSG -P prot-p AppPortRange -o WebSG ec2-authorize AppSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG-P prot -p DBPortRange-o AppSG ec2-authorize DBSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG -P tcp -p 22|3389 -s Vendor
Your VPC AmazonWeb Services Cloud Your corporate network
Currently ,[object Object]
EBS
CloudWatch
Linux/Unix and Windows
US-East, EU-WestUpcoming ,[object Object]
Outbound Internet
Elastic IPs

Recommandé

Security compute services_whitepaper
Security compute services_whitepaperSecurity compute services_whitepaper
Security compute services_whitepapersaifam
 
Cloud Insecurity
Cloud InsecurityCloud Insecurity
Cloud InsecurityMarco Arena
 
AWS BootCamp
AWS BootCampAWS BootCamp
AWS BootCampSammy Lin
 
AWS Summit Nordics - Getting Started With AWS
AWS Summit Nordics - Getting Started With AWSAWS Summit Nordics - Getting Started With AWS
AWS Summit Nordics - Getting Started With AWSAmazon Web Services
 
Azure powershell management
Azure powershell managementAzure powershell management
Azure powershell managementChristian Toinard
 
Amazon EC2 to Amazon VPC: A case study (CPN301) | AWS re:Invent 2013
Amazon EC2 to Amazon VPC: A case study (CPN301) | AWS re:Invent 2013Amazon EC2 to Amazon VPC: A case study (CPN301) | AWS re:Invent 2013
Amazon EC2 to Amazon VPC: A case study (CPN301) | AWS re:Invent 2013Amazon Web Services
 
Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.AOE
 
Amazon cloudtutorial
Amazon cloudtutorialAmazon cloudtutorial
Amazon cloudtutorialChris Buenaventura
 

Recommandé

Security compute services_whitepaper
Security compute services_whitepaperSecurity compute services_whitepaper
Security compute services_whitepapersaifam
 
Cloud Insecurity
Cloud InsecurityCloud Insecurity
Cloud InsecurityMarco Arena
 
AWS BootCamp
AWS BootCampAWS BootCamp
AWS BootCampSammy Lin
 
AWS Summit Nordics - Getting Started With AWS
AWS Summit Nordics - Getting Started With AWSAWS Summit Nordics - Getting Started With AWS
AWS Summit Nordics - Getting Started With AWSAmazon Web Services
 
Azure powershell management
Azure powershell managementAzure powershell management
Azure powershell managementChristian Toinard
 
Amazon EC2 to Amazon VPC: A case study (CPN301) | AWS re:Invent 2013
Amazon EC2 to Amazon VPC: A case study (CPN301) | AWS re:Invent 2013Amazon EC2 to Amazon VPC: A case study (CPN301) | AWS re:Invent 2013
Amazon EC2 to Amazon VPC: A case study (CPN301) | AWS re:Invent 2013Amazon Web Services
 
Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.AOE
 
Amazon cloudtutorial
Amazon cloudtutorialAmazon cloudtutorial
Amazon cloudtutorialChris Buenaventura
 
Andy Jassy Keynote Sydney Customer Appreciation Day
Andy Jassy Keynote Sydney Customer Appreciation DayAndy Jassy Keynote Sydney Customer Appreciation Day
Andy Jassy Keynote Sydney Customer Appreciation DayAmazon Web Services
 
Relational Databases Redefined with AWS
Relational Databases Redefined with AWSRelational Databases Redefined with AWS
Relational Databases Redefined with AWSAmazon Web Services
 
Media Success Stories from the Cloud
Media Success Stories from the CloudMedia Success Stories from the Cloud
Media Success Stories from the CloudAmazon Web Services
 
AWS Summit 2011: Customer Presentation - NYTimes
AWS Summit 2011: Customer Presentation - NYTimesAWS Summit 2011: Customer Presentation - NYTimes
AWS Summit 2011: Customer Presentation - NYTimesAmazon Web Services
 
Security Day - Intro
Security Day - IntroSecurity Day - Intro
Security Day - IntroAmazon Web Services
 
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L... AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...Amazon Web Services
 
Go Global Right Now (Yes Now!)
Go Global Right Now (Yes Now!)Go Global Right Now (Yes Now!)
Go Global Right Now (Yes Now!)Amazon Web Services
 
(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument
(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument
(DVO205) Monitoring Evolution: Flying Blind to Flying by InstrumentAmazon Web Services
 
0. series overview
0. series overview0. series overview
0. series overviewAmazon Web Services
 
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYC
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYCAccelerating Organizations with Flexible IT - AWS Summit 2012 - NYC
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYCAmazon Web Services
 
AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWS
AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWSAWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWS
AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWSAmazon Web Services
 
善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶Amazon Web Services
 
MBL302 Using the AWS Mobile SDKs - AWS re: Invent 2012
MBL302 Using the AWS Mobile SDKs - AWS re: Invent 2012MBL302 Using the AWS Mobile SDKs - AWS re: Invent 2012
MBL302 Using the AWS Mobile SDKs - AWS re: Invent 2012Amazon Web Services
 
Amazon Machine Learning: Empowering Developers to Build Smart Applications
Amazon Machine Learning: Empowering Developers to Build Smart ApplicationsAmazon Machine Learning: Empowering Developers to Build Smart Applications
Amazon Machine Learning: Empowering Developers to Build Smart ApplicationsAmazon Web Services
 
BDT305 Transforming Big Data with Spark and Shark - AWS re: Invent 2012
BDT305 Transforming Big Data with Spark and Shark - AWS re: Invent 2012BDT305 Transforming Big Data with Spark and Shark - AWS re: Invent 2012
BDT305 Transforming Big Data with Spark and Shark - AWS re: Invent 2012Amazon Web Services
 
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWSAWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWSAmazon Web Services
 
AWS Sydney Summit 2013 - Understanding your AWS Storage Options
AWS Sydney Summit 2013 - Understanding your AWS Storage OptionsAWS Sydney Summit 2013 - Understanding your AWS Storage Options
AWS Sydney Summit 2013 - Understanding your AWS Storage OptionsAmazon Web Services
 
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...Amazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
Next Generation of Storage Sydney Customer Appreciation Day
Next Generation of Storage Sydney Customer Appreciation DayNext Generation of Storage Sydney Customer Appreciation Day
Next Generation of Storage Sydney Customer Appreciation DayAmazon Web Services
 
Securing The AWS Cloud, Steve Riley, AWS Events, April 2010
Securing The AWS Cloud, Steve Riley, AWS Events, April 2010Securing The AWS Cloud, Steve Riley, AWS Events, April 2010
Securing The AWS Cloud, Steve Riley, AWS Events, April 2010Amazon Web Services
 
Cloud Security with Amazon Web Services
Cloud Security with Amazon Web ServicesCloud Security with Amazon Web Services
Cloud Security with Amazon Web ServicesRightScale
 

Contenu connexe

En vedette

Andy Jassy Keynote Sydney Customer Appreciation Day
Andy Jassy Keynote Sydney Customer Appreciation DayAndy Jassy Keynote Sydney Customer Appreciation Day
Andy Jassy Keynote Sydney Customer Appreciation DayAmazon Web Services
 
Relational Databases Redefined with AWS
Relational Databases Redefined with AWSRelational Databases Redefined with AWS
Relational Databases Redefined with AWSAmazon Web Services
 
Media Success Stories from the Cloud
Media Success Stories from the CloudMedia Success Stories from the Cloud
Media Success Stories from the CloudAmazon Web Services
 
AWS Summit 2011: Customer Presentation - NYTimes
AWS Summit 2011: Customer Presentation - NYTimesAWS Summit 2011: Customer Presentation - NYTimes
AWS Summit 2011: Customer Presentation - NYTimesAmazon Web Services
 
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L... AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...Amazon Web Services
 
(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument
(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument
(DVO205) Monitoring Evolution: Flying Blind to Flying by InstrumentAmazon Web Services
 
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYC
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYCAccelerating Organizations with Flexible IT - AWS Summit 2012 - NYC
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYCAmazon Web Services
 
AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWS
AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWSAWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWS
AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWSAmazon Web Services
 
善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶Amazon Web Services
 
MBL302 Using the AWS Mobile SDKs - AWS re: Invent 2012
MBL302 Using the AWS Mobile SDKs - AWS re: Invent 2012MBL302 Using the AWS Mobile SDKs - AWS re: Invent 2012
MBL302 Using the AWS Mobile SDKs - AWS re: Invent 2012Amazon Web Services
 
Amazon Machine Learning: Empowering Developers to Build Smart Applications
Amazon Machine Learning: Empowering Developers to Build Smart ApplicationsAmazon Machine Learning: Empowering Developers to Build Smart Applications
Amazon Machine Learning: Empowering Developers to Build Smart ApplicationsAmazon Web Services
 
BDT305 Transforming Big Data with Spark and Shark - AWS re: Invent 2012
BDT305 Transforming Big Data with Spark and Shark - AWS re: Invent 2012BDT305 Transforming Big Data with Spark and Shark - AWS re: Invent 2012
BDT305 Transforming Big Data with Spark and Shark - AWS re: Invent 2012Amazon Web Services
 
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWSAWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWSAmazon Web Services
 
AWS Sydney Summit 2013 - Understanding your AWS Storage Options
AWS Sydney Summit 2013 - Understanding your AWS Storage OptionsAWS Sydney Summit 2013 - Understanding your AWS Storage Options
AWS Sydney Summit 2013 - Understanding your AWS Storage OptionsAmazon Web Services
 
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...Amazon Web Services
 
Next Generation of Storage Sydney Customer Appreciation Day
Next Generation of Storage Sydney Customer Appreciation DayNext Generation of Storage Sydney Customer Appreciation Day
Next Generation of Storage Sydney Customer Appreciation DayAmazon Web Services
 

En vedette (20)

Andy Jassy Keynote Sydney Customer Appreciation Day
Andy Jassy Keynote Sydney Customer Appreciation DayAndy Jassy Keynote Sydney Customer Appreciation Day
Andy Jassy Keynote Sydney Customer Appreciation Day
 
Relational Databases Redefined with AWS
Relational Databases Redefined with AWSRelational Databases Redefined with AWS
Relational Databases Redefined with AWS
 
Media Success Stories from the Cloud
Media Success Stories from the CloudMedia Success Stories from the Cloud
Media Success Stories from the Cloud
 
AWS Summit 2011: Customer Presentation - NYTimes
AWS Summit 2011: Customer Presentation - NYTimesAWS Summit 2011: Customer Presentation - NYTimes
AWS Summit 2011: Customer Presentation - NYTimes
 
Security Day - Intro
Security Day - IntroSecurity Day - Intro
Security Day - Intro
 
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L... AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...
 
Go Global Right Now (Yes Now!)
Go Global Right Now (Yes Now!)Go Global Right Now (Yes Now!)
Go Global Right Now (Yes Now!)
 
(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument
(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument
(DVO205) Monitoring Evolution: Flying Blind to Flying by Instrument
 
0. series overview
0. series overview0. series overview
0. series overview
 
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYC
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYCAccelerating Organizations with Flexible IT - AWS Summit 2012 - NYC
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYC
 
AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWS
AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWSAWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWS
AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWS
 
善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶
 
MBL302 Using the AWS Mobile SDKs - AWS re: Invent 2012
MBL302 Using the AWS Mobile SDKs - AWS re: Invent 2012MBL302 Using the AWS Mobile SDKs - AWS re: Invent 2012
MBL302 Using the AWS Mobile SDKs - AWS re: Invent 2012
 
Amazon Machine Learning: Empowering Developers to Build Smart Applications
Amazon Machine Learning: Empowering Developers to Build Smart ApplicationsAmazon Machine Learning: Empowering Developers to Build Smart Applications
Amazon Machine Learning: Empowering Developers to Build Smart Applications
 
BDT305 Transforming Big Data with Spark and Shark - AWS re: Invent 2012
BDT305 Transforming Big Data with Spark and Shark - AWS re: Invent 2012BDT305 Transforming Big Data with Spark and Shark - AWS re: Invent 2012
BDT305 Transforming Big Data with Spark and Shark - AWS re: Invent 2012
 
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWSAWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS
 
AWS Sydney Summit 2013 - Understanding your AWS Storage Options
AWS Sydney Summit 2013 - Understanding your AWS Storage OptionsAWS Sydney Summit 2013 - Understanding your AWS Storage Options
AWS Sydney Summit 2013 - Understanding your AWS Storage Options
 
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Next Generation of Storage Sydney Customer Appreciation Day
Next Generation of Storage Sydney Customer Appreciation DayNext Generation of Storage Sydney Customer Appreciation Day
Next Generation of Storage Sydney Customer Appreciation Day
 

Similaire à Security in the AWS Cloud - Steve Riley

Securing The AWS Cloud, Steve Riley, AWS Events, April 2010
Securing The AWS Cloud, Steve Riley, AWS Events, April 2010Securing The AWS Cloud, Steve Riley, AWS Events, April 2010
Securing The AWS Cloud, Steve Riley, AWS Events, April 2010Amazon Web Services
 
Cloud Security with Amazon Web Services
Cloud Security with Amazon Web ServicesCloud Security with Amazon Web Services
Cloud Security with Amazon Web ServicesRightScale
 
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Amazon Web Services
 
Best Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSBest Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSZlatan Dzinic
 
Running Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web ServicesRunning Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web ServicesAmazon Web Services
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 
Security and Privacy in the AWS Cloud, Steve Schmidt, CIS Officer, AWS
Security and Privacy in the AWS Cloud, Steve Schmidt, CIS Officer, AWSSecurity and Privacy in the AWS Cloud, Steve Schmidt, CIS Officer, AWS
Security and Privacy in the AWS Cloud, Steve Schmidt, CIS Officer, AWSAmazon Web Services
 
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018Amazon Web Services
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionAmazon Web Services
 
Best Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSBest Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSAmazon Web Services
 
AWS Cyber Security Best Practices
AWS Cyber Security Best PracticesAWS Cyber Security Best Practices
AWS Cyber Security Best PracticesDoiT International
 
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...Vladimir Samoylov
 
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 AustraliaSecurity and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 AustraliaAmazon Web Services
 
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYC
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYCAWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYC
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYCAmazon Web Services
 
Amazon Web Services Federation Integration Governance Workshop with Layer 7
Amazon Web Services Federation Integration Governance Workshop with Layer 7Amazon Web Services Federation Integration Governance Workshop with Layer 7
Amazon Web Services Federation Integration Governance Workshop with Layer 7CA API Management
 
16h30 aws gru security deck
16h30 aws gru security deck16h30 aws gru security deck
16h30 aws gru security deckinfolive
 

Similaire à Security in the AWS Cloud - Steve Riley (20)

Securing The AWS Cloud, Steve Riley, AWS Events, April 2010
Securing The AWS Cloud, Steve Riley, AWS Events, April 2010Securing The AWS Cloud, Steve Riley, AWS Events, April 2010
Securing The AWS Cloud, Steve Riley, AWS Events, April 2010
 
Cloud Security with Amazon Web Services
Cloud Security with Amazon Web ServicesCloud Security with Amazon Web Services
Cloud Security with Amazon Web Services
 
Brief Security Overview
Brief Security OverviewBrief Security Overview
Brief Security Overview
 
AWS Security
AWS SecurityAWS Security
AWS Security
 
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
 
Best Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSBest Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWS
 
Running Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web ServicesRunning Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web Services
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
Security and Privacy in the AWS Cloud, Steve Schmidt, CIS Officer, AWS
Security and Privacy in the AWS Cloud, Steve Schmidt, CIS Officer, AWSSecurity and Privacy in the AWS Cloud, Steve Schmidt, CIS Officer, AWS
Security and Privacy in the AWS Cloud, Steve Schmidt, CIS Officer, AWS
 
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
 
Security Overview
Security Overview Security Overview
Security Overview
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced Session
 
Best Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSBest Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWS
 
AWS Cyber Security Best Practices
AWS Cyber Security Best PracticesAWS Cyber Security Best Practices
AWS Cyber Security Best Practices
 
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
 
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 AustraliaSecurity and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
 
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYC
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYCAWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYC
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYC
 
Amazon Web Services Federation Integration Governance Workshop with Layer 7
Amazon Web Services Federation Integration Governance Workshop with Layer 7Amazon Web Services Federation Integration Governance Workshop with Layer 7
Amazon Web Services Federation Integration Governance Workshop with Layer 7
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
16h30 aws gru security deck
16h30 aws gru security deck16h30 aws gru security deck
16h30 aws gru security deck
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Dernier

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Dernier (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Security in the AWS Cloud - Steve Riley

  • 1. Securityin theAWS Cloud Steve Rileysteriley@amazon.com@steveriley@awscloud http://stvrly.wordpress.com
  • 2. Amazon Web Services Amazon CloudFront
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. Amazon S3 Amazon SimpleDB Amazon RDS (multi AZ) Amazon EBS Amazon RDS (one AZ) Amazon EC2 ++ ++ ++
  • 10. Customer 1 Customer 2 Customern … Customer only SSH, ID/pw, X.509 Root/admin control Customer 1virtual interfaces Customer 2virtual interfaces Customernvirtual interfaces … Customer only Inbound flows Default deny Hypervisor layer Customer 1securitygroups Customer 2securitygroups Customernsecurity groups … AWS firewall AWS admins only SSH via bastions Audits reviewed Physical interfaces
  • 11. 0 / 0 / 0 / 0 / 0 / 0 / 0 / 0 / 0 / 0 0 / / 0 / 0 / 0 / 0 0 / /
  • 12. Web tier Application tier Database tier HTTP/HTTPS from Internet SSH/RDP management from corpnet SSH/RDP management from corpnet, vendor SSH/RDP management from corpnet
  • 13.
  • 14. ec2-authorize WebSG -P tcp -p 80 -s 0.0.0.0/0 ec2-authorize WebSG -P tcp -p 443 -s 0.0.0.0/0 ec2-authorize WebSG-P tcp-p 22|3389-s CorpNet ec2-authorize AppSG -P prot-p AppPortRange -o WebSG ec2-authorize AppSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG-P prot -p DBPortRange-o AppSG ec2-authorize DBSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG -P tcp -p 22|3389 -s Vendor
  • 15. Your VPC AmazonWeb Services Cloud Your corporate network
  • 16.
  • 17. EBS
  • 20.
  • 26. Inter-subnet security groupsYour VPC AmazonWeb Services Cloud Your corporate network
  • 27.
  • 28. Write
  • 29. Full
  • 30. Read
  • 31. Write
  • 32. Full“Key” = name of object
  • 33.
  • 34.
  • 35. Compliance Sarbanes-Oxley Act Ongoing HIPAA Current customer deployments Whitepaper describes the specifics SAS 70 type II Complete Physical security, access controls, change management, operations
  • 36.
  • 37. Thank you very much! Steve Rileysteriley@amazon.com@steveriley@awscloud http://stvrly.wordpress.com