Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Improve Governance over Configuration Changes

463 vues

Publié le

AWS Config enables you to discover what resources are used on AWS, understand how resources are configured and gives you unprecedented visibility into changes to configurations over time – all without disrupting end user productivity. With Config Rules, you can continuously evaluate whether changes to resources are compliant with policies. You can set up predefined rules, provided and managed by AWS, or author your own rules using Amazon Lambda, and these rules are evaluated whenever relevant resources are modified. You can use this visibility and control to assess and improve your security and compliance posture.

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Improve Governance over Configuration Changes

  1. 1. Improve Governance Over Configuration Changes Liron Dor, Technical Account Manager
  2. 2. Governance Requirements • Allow our organization to move fast • Visibility over used resources • Define Best Practices and enforce them • Meet Compliance and Regulations • Validate compliance continuously • Alerting and Auto-healing • Automatic control over Manual control © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  3. 3. Governance Challenges • Dynamic environments • High complexity • Different requirements for different environments • Multiple Accounts © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  4. 4. Tools We Offer • Tracking • AWS Config • AWS CloudTrail • VPC Flow Logs • Amazon Inspector • Track / Log • Amazon CloudWatch Logs • Amazon DynamoDB • Amazon ElasticSearch • Alert • AWS Config Rules • Amazon Simple Notification Service (SNS) • AWS Trusted Advisor • Amazon CloudWatch Events • And More… © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  5. 5. AWS Config • Records configuration changes continuously • Capturing the state of your AWS resources • “Configuration Item” contains all attributes for a resource • Capturing the relationship between resources • Discover resources that exists or deleted • Receive notifications on configuration changes © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  6. 6. AWS Config Rules © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  7. 7. AWS Config Rules • Validate configuration record • Enforce Best Practices and procedures • Result is either “compliant” or “non-compliant” © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  8. 8. AWS Config Rules Demo • “Center of Internet Security” (CIS) is a Non Profit organization dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. • Published “CIS AWS Foundations” Security Best Practices document • AWS Config Rules Repository © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  9. 9. Demo © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  10. 10. Summary • Allow our organization to move fast • Know your account, wanted and unwanted changes • Automate your best practices / compliance metrics • Use Logs for forensic, Alerts for immediate actions © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  11. 11. lirondor@amazon.com

×