SlideShare a Scribd company logo

Delivering infrastructure, security, and operations as code with AWS - DEM10-S - Chicago AWS Summit

Amazon Web Services
Amazon Web Services

The move to AWS enables new application and architectural patterns that are in a continual state of change. The only way that your infrastructure, security, and operations can keep pace with these changes is with automation. In this session, we discuss the various automation tools you can use to first deploy the AWS infrastructure (as code), add the VM-Series to protect against threats (security as code), and then automatically update the policy based on Amazon GuardDuty or AWS Security Hub finding (operations as code). A brief demonstration concludes the session. This presentation is brought to you by AWS partner, Palo Alto Networks.

1 of 12
Download to read offline
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T INFRASTRUCTURE, SECURITY AND OPERATIONS “AS CODE” Kambiz Kazemi Consulting Engineer Palo Alto Networks
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T CLOUD AUTOMATION DRIVERS Agility, DevSecOps, Multi-cloud Palo Alto Networks Automation Capabilities Cloud Security Automation Stack Applying Cloud Security Automation Composable Automation Eco-system Distributable Security Cloud Adoption and Benefits
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T NEED FOR AUTOMATION • Rapidly deploy new applications: Dev →Test → Prod • Improve security, increase agility, reduce effort to achieve business goals • Inject security into DevOps → DevSecOps App Network Security Infrastructure as Code Security as Code Ansible AWS CloudFormation Templates Terraform Provider for AWS Terraform Provider for PAN-OS Infrastructure & Ongoing Configuration “as code” Key Stakeholder Involvement Accelerate Adoption Automation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T ACCELERATE SECURE CLOUD DEPLOYMENTS Quick Reproducible Repeatable Scalable Deploy in minutes app1 app2 app3 Region1 Region2
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T CLOUD SECURITY AUTOMATION STACK Infrastructure Build-Out Terraform Cloud Templates (Infrastructure as Code) Security Layer Terraform Provider (PAN-OS) (Security as Code) Operations Terraform Integration (Automated Incident Response) Repeatable, Consistent, Agile, and Secure Other public clouds
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T INFRASTRUCTURE AS CODE: BUILD THE ENVIRONMENT Manual Process: slow, delayed and extended rollouts Infrastructure as Code: deployed in minutes, highly reproducible, agile Region 1 Region 2 Region 1 Untrust Security group VPC Untrust Security group VPC Trust Security group VPC Trust Security group VPC Untrust Security group VPC Untrust Security group VPC Trust Security group VPC Trust Security group VPC Untrust Security group VPC Untrust Security group VPC Trust Security group VPC Trust Security group VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T INFRASTRUCTURE AS CODE: FIREWALL HUB WITH ALB’S • Fully automated • Blueprint developed and pushed out company wide • Huge cost savings • VM-Series natively integrated with cloud capabilities • Next: Automate build out of LOB (Line of Business) applications Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T SECURITY AS CODE: INTEGRATE LOB WITH FIREWALL HUB • Automate the creation of private link tunnels • Automate deployment of NAT and Security policies • Seamless integration: App + Security = business objectives • We can do more! • Next: Feed threat intel to VM- Series to block attacks from new sources. VPN Connection PrivateLink PrivateLink Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer Network Load Balancer Network Load Balancer VPN GW VPN Connection PrivateLink PrivateLink Network Load Balancer Network Load Balancer VPN GW
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T OPS AS CODE: AMAZON GUARDDUTY INTEGRATION 1) Amazon GuardDuty sends security alerts to AWS CloudWatch Malicious IP address 2) Amazon CloudWatch event triggers a Lambda function Policy: Drop Session 4) DAG’s used in security policy to drop matching sessions. Dynamic Address Group 3) Register the malicious IP to a Dynamic Address Group (DAG) using the XML API. Amazon CloudWatch Lambda Function Amazon GuardDuty Untrust Security group VPC Untrust Security group VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T SUMMARY & KEY TAKEAWAYS • Framework developed with real world use case and workflows • Collaboration based on inputs from customers and cloud providers • Readily available templates • Easy to adopt and use • Highly composable • Well defined integration pointsPalo Alto Networks VM-Series Infrastructure Templates Composable Cloud Security Cloud Success with Security Cloud Native Templates Cloud Native Tunnels Automation with Terraform Security Provider devsecops Extensible Foundation Pillars Beams Cupola
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DEMO: CLOUD SECURITY AT THE SPEED OF DEVOPS Firewall admin (Sec Team) Developer (App Team) 1. Push new app 3. Commit app security policy 4. Poll and pull changes 5. Push VM-Series policy using PAN-OS Terraform provider AWS CodeDeploy Repeat / Refine / Update 2. Deploy app 0. Infrastructure as code using Terraform templates web app root volume data volume Availability zone 1 Security group Auto Scaling group Security group
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Speaker Name Contact information

Recommended

Self-service remediation, managing configuration drift, & automation - SVC311...
Self-service remediation, managing configuration drift, & automation - SVC311...Self-service remediation, managing configuration drift, & automation - SVC311...
Self-service remediation, managing configuration drift, & automation - SVC311...
Amazon Web Services
 
Delivering applications securely with AWS - SVC303 - Chicago AWS Summit
Delivering applications securely with AWS - SVC303 - Chicago AWS SummitDelivering applications securely with AWS - SVC303 - Chicago AWS Summit
Delivering applications securely with AWS - SVC303 - Chicago AWS Summit
Amazon Web Services
 
Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...
Amazon Web Services
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Amazon Web Services
 
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS SummitDeep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Amazon Web Services
 
Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...
Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...
Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...
Amazon Web Services
 
Best practices for queue processing in serverless applications - MAD313 - Chi...
Best practices for queue processing in serverless applications - MAD313 - Chi...Best practices for queue processing in serverless applications - MAD313 - Chi...
Best practices for queue processing in serverless applications - MAD313 - Chi...
Amazon Web Services
 
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Amazon Web Services
 

Recommended

Self-service remediation, managing configuration drift, & automation - SVC311...
Self-service remediation, managing configuration drift, & automation - SVC311...Self-service remediation, managing configuration drift, & automation - SVC311...
Self-service remediation, managing configuration drift, & automation - SVC311...
Amazon Web Services
 
Delivering applications securely with AWS - SVC303 - Chicago AWS Summit
Delivering applications securely with AWS - SVC303 - Chicago AWS SummitDelivering applications securely with AWS - SVC303 - Chicago AWS Summit
Delivering applications securely with AWS - SVC303 - Chicago AWS Summit
Amazon Web Services
 
Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...
Amazon Web Services
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Amazon Web Services
 
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS SummitDeep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Amazon Web Services
 
Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...
Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...
Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...
Amazon Web Services
 
Best practices for queue processing in serverless applications - MAD313 - Chi...
Best practices for queue processing in serverless applications - MAD313 - Chi...Best practices for queue processing in serverless applications - MAD313 - Chi...
Best practices for queue processing in serverless applications - MAD313 - Chi...
Amazon Web Services
 
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Amazon Web Services
 
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Amazon Web Services
 
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Amazon Web Services
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Amazon Web Services
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Amazon Web Services
 
Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...
Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...
Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...
Amazon Web Services
 
Increasing the value of video with machine learning & AWS Media Services - SV...
Increasing the value of video with machine learning & AWS Media Services - SV...Increasing the value of video with machine learning & AWS Media Services - SV...
Increasing the value of video with machine learning & AWS Media Services - SV...
Amazon Web Services
 
Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Using automation to drive continuous-compliance best practices - SVC309 - Chi...Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Amazon Web Services
 
Architecting SAP on Amazon Web Services - SVC216 - Chicago AWS Summit
Architecting SAP on Amazon Web Services - SVC216 - Chicago AWS SummitArchitecting SAP on Amazon Web Services - SVC216 - Chicago AWS Summit
Architecting SAP on Amazon Web Services - SVC216 - Chicago AWS Summit
Amazon Web Services
 
Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...
Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...
Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...
Amazon Web Services
 
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Amazon Web Services
 
Developing serverless applications with .NET using AWS SDK and tools - MAD308...
Developing serverless applications with .NET using AWS SDK and tools - MAD308...Developing serverless applications with .NET using AWS SDK and tools - MAD308...
Developing serverless applications with .NET using AWS SDK and tools - MAD308...
Amazon Web Services
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
Amazon Web Services
 
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitExploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Amazon Web Services
 
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Amazon Web Services
 
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...
Amazon Web Services
 
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Amazon Web Services
 
Unified monitoring of the container environment, containers, and applications...
Unified monitoring of the container environment, containers, and applications...Unified monitoring of the container environment, containers, and applications...
Unified monitoring of the container environment, containers, and applications...
Amazon Web Services
 
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS SummitDeveloping Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Amazon Web Services
 
Making CI/CD pipelines safer with application monitoring and tracing - MAD202...
Making CI/CD pipelines safer with application monitoring and tracing - MAD202...Making CI/CD pipelines safer with application monitoring and tracing - MAD202...
Making CI/CD pipelines safer with application monitoring and tracing - MAD202...
Amazon Web Services
 
Do you need a ledger database or a blockchain? - SVC310 - Chicago AWS Summit
Do you need a ledger database or a blockchain? - SVC310 - Chicago AWS SummitDo you need a ledger database or a blockchain? - SVC310 - Chicago AWS Summit
Do you need a ledger database or a blockchain? - SVC310 - Chicago AWS Summit
Amazon Web Services
 
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Amazon Web Services
 
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Amazon Web Services
 

More Related Content

What's hot

Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Amazon Web Services
 
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Amazon Web Services
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Amazon Web Services
 
Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...
Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...
Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...
Amazon Web Services
 
Increasing the value of video with machine learning & AWS Media Services - SV...
Increasing the value of video with machine learning & AWS Media Services - SV...Increasing the value of video with machine learning & AWS Media Services - SV...
Increasing the value of video with machine learning & AWS Media Services - SV...
Amazon Web Services
 
Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Using automation to drive continuous-compliance best practices - SVC309 - Chi...Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Amazon Web Services
 
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Amazon Web Services
 
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitExploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Amazon Web Services
 
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Amazon Web Services
 
Unified monitoring of the container environment, containers, and applications...
Unified monitoring of the container environment, containers, and applications...Unified monitoring of the container environment, containers, and applications...
Unified monitoring of the container environment, containers, and applications...
Amazon Web Services
 
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS SummitDeveloping Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Amazon Web Services
 

What's hot (20)

Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
 
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
 
Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...
Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...
Mythical Mysfits: Monolith to microservices using Docker and Fargate - MAD309...
 
Increasing the value of video with machine learning & AWS Media Services - SV...
Increasing the value of video with machine learning & AWS Media Services - SV...Increasing the value of video with machine learning & AWS Media Services - SV...
Increasing the value of video with machine learning & AWS Media Services - SV...
 
Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Using automation to drive continuous-compliance best practices - SVC309 - Chi...Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Using automation to drive continuous-compliance best practices - SVC309 - Chi...
 
Architecting SAP on Amazon Web Services - SVC216 - Chicago AWS Summit
Architecting SAP on Amazon Web Services - SVC216 - Chicago AWS SummitArchitecting SAP on Amazon Web Services - SVC216 - Chicago AWS Summit
Architecting SAP on Amazon Web Services - SVC216 - Chicago AWS Summit
 
Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...
Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...
Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...
 
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
 
Developing serverless applications with .NET using AWS SDK and tools - MAD308...
Developing serverless applications with .NET using AWS SDK and tools - MAD308...Developing serverless applications with .NET using AWS SDK and tools - MAD308...
Developing serverless applications with .NET using AWS SDK and tools - MAD308...
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
 
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitExploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
 
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
 
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...
Mythical Mysfits: Build & collaborate on a modern web application on AWS - MA...
 
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
 
Unified monitoring of the container environment, containers, and applications...
Unified monitoring of the container environment, containers, and applications...Unified monitoring of the container environment, containers, and applications...
Unified monitoring of the container environment, containers, and applications...
 
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS SummitDeveloping Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
 
Making CI/CD pipelines safer with application monitoring and tracing - MAD202...
Making CI/CD pipelines safer with application monitoring and tracing - MAD202...Making CI/CD pipelines safer with application monitoring and tracing - MAD202...
Making CI/CD pipelines safer with application monitoring and tracing - MAD202...
 
Do you need a ledger database or a blockchain? - SVC310 - Chicago AWS Summit
Do you need a ledger database or a blockchain? - SVC310 - Chicago AWS SummitDo you need a ledger database or a blockchain? - SVC310 - Chicago AWS Summit
Do you need a ledger database or a blockchain? - SVC310 - Chicago AWS Summit
 

Similar to Delivering infrastructure, security, and operations as code with AWS - DEM10-S - Chicago AWS Summit

Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A... Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A...
Amazon Web Services
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloud
Amazon Web Services
 
CI/CD for Modern Applications
CI/CD for Modern ApplicationsCI/CD for Modern Applications
CI/CD for Modern Applications
Amazon Web Services
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...
Amazon Web Services
 
CICDforModernApplications_Stockholm.pdf
CICDforModernApplications_Stockholm.pdfCICDforModernApplications_Stockholm.pdf
CICDforModernApplications_Stockholm.pdf
Amazon Web Services
 
CICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdfCICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdf
Amazon Web Services
 

Similar to Delivering infrastructure, security, and operations as code with AWS - DEM10-S - Chicago AWS Summit (20)

Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
 
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
 
Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A... Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A...
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloud
 
Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...Build security into CI/CD pipelines for effective security automation on AWS ...
Build security into CI/CD pipelines for effective security automation on AWS ...
 
AWS Accra Meetup - Developing Modern Applications in the Cloud
AWS Accra Meetup - Developing Modern Applications in the CloudAWS Accra Meetup - Developing Modern Applications in the Cloud
AWS Accra Meetup - Developing Modern Applications in the Cloud
 
[CPT DevOps Meetup] Developing Modern Applications in the Cloud
[CPT DevOps Meetup] Developing Modern Applications in the Cloud[CPT DevOps Meetup] Developing Modern Applications in the Cloud
[CPT DevOps Meetup] Developing Modern Applications in the Cloud
 
AWS Jozi Meetup Developing Modern Applications in the Cloud
AWS Jozi Meetup Developing Modern Applications in the CloudAWS Jozi Meetup Developing Modern Applications in the Cloud
AWS Jozi Meetup Developing Modern Applications in the Cloud
 
CI/CD for Modern Applications
CI/CD for Modern ApplicationsCI/CD for Modern Applications
CI/CD for Modern Applications
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
 
AWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applicationsAWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applications
 
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...
 
CICDforModernApplications_Stockholm.pdf
CICDforModernApplications_Stockholm.pdfCICDforModernApplications_Stockholm.pdf
CICDforModernApplications_Stockholm.pdf
 
CICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdfCICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdf
 
CI/CD best practices for building modern applications - MAD310 - New York AWS...
CI/CD best practices for building modern applications - MAD310 - New York AWS...CI/CD best practices for building modern applications - MAD310 - New York AWS...
CI/CD best practices for building modern applications - MAD310 - New York AWS...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Delivering infrastructure, security, and operations as code with AWS - DEM10-S - Chicago AWS Summit

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T INFRASTRUCTURE, SECURITY AND OPERATIONS “AS CODE” Kambiz Kazemi Consulting Engineer Palo Alto Networks
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T CLOUD AUTOMATION DRIVERS Agility, DevSecOps, Multi-cloud Palo Alto Networks Automation Capabilities Cloud Security Automation Stack Applying Cloud Security Automation Composable Automation Eco-system Distributable Security Cloud Adoption and Benefits
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T NEED FOR AUTOMATION • Rapidly deploy new applications: Dev →Test → Prod • Improve security, increase agility, reduce effort to achieve business goals • Inject security into DevOps → DevSecOps App Network Security Infrastructure as Code Security as Code Ansible AWS CloudFormation Templates Terraform Provider for AWS Terraform Provider for PAN-OS Infrastructure & Ongoing Configuration “as code” Key Stakeholder Involvement Accelerate Adoption Automation
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T ACCELERATE SECURE CLOUD DEPLOYMENTS Quick Reproducible Repeatable Scalable Deploy in minutes app1 app2 app3 Region1 Region2
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T CLOUD SECURITY AUTOMATION STACK Infrastructure Build-Out Terraform Cloud Templates (Infrastructure as Code) Security Layer Terraform Provider (PAN-OS) (Security as Code) Operations Terraform Integration (Automated Incident Response) Repeatable, Consistent, Agile, and Secure Other public clouds
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T INFRASTRUCTURE AS CODE: BUILD THE ENVIRONMENT Manual Process: slow, delayed and extended rollouts Infrastructure as Code: deployed in minutes, highly reproducible, agile Region 1 Region 2 Region 1 Untrust Security group VPC Untrust Security group VPC Trust Security group VPC Trust Security group VPC Untrust Security group VPC Untrust Security group VPC Trust Security group VPC Trust Security group VPC Untrust Security group VPC Untrust Security group VPC Trust Security group VPC Trust Security group VPC
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T INFRASTRUCTURE AS CODE: FIREWALL HUB WITH ALB’S • Fully automated • Blueprint developed and pushed out company wide • Huge cost savings • VM-Series natively integrated with cloud capabilities • Next: Automate build out of LOB (Line of Business) applications Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T SECURITY AS CODE: INTEGRATE LOB WITH FIREWALL HUB • Automate the creation of private link tunnels • Automate deployment of NAT and Security policies • Seamless integration: App + Security = business objectives • We can do more! • Next: Feed threat intel to VM- Series to block attacks from new sources. VPN Connection PrivateLink PrivateLink Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer Application Load Balancer Ingress Ingress Ingress Ingress Ingress Application Load Balancer Network Load Balancer Network Load Balancer VPN GW VPN Connection PrivateLink PrivateLink Network Load Balancer Network Load Balancer VPN GW
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T OPS AS CODE: AMAZON GUARDDUTY INTEGRATION 1) Amazon GuardDuty sends security alerts to AWS CloudWatch Malicious IP address 2) Amazon CloudWatch event triggers a Lambda function Policy: Drop Session 4) DAG’s used in security policy to drop matching sessions. Dynamic Address Group 3) Register the malicious IP to a Dynamic Address Group (DAG) using the XML API. Amazon CloudWatch Lambda Function Amazon GuardDuty Untrust Security group VPC Untrust Security group VPC
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T SUMMARY & KEY TAKEAWAYS • Framework developed with real world use case and workflows • Collaboration based on inputs from customers and cloud providers • Readily available templates • Easy to adopt and use • Highly composable • Well defined integration pointsPalo Alto Networks VM-Series Infrastructure Templates Composable Cloud Security Cloud Success with Security Cloud Native Templates Cloud Native Tunnels Automation with Terraform Security Provider devsecops Extensible Foundation Pillars Beams Cupola
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DEMO: CLOUD SECURITY AT THE SPEED OF DEVOPS Firewall admin (Sec Team) Developer (App Team) 1. Push new app 3. Commit app security policy 4. Poll and pull changes 5. Push VM-Series policy using PAN-OS Terraform provider AWS CodeDeploy Repeat / Refine / Update 2. Deploy app 0. Infrastructure as code using Terraform templates web app root volume data volume Availability zone 1 Security group Auto Scaling group Security group
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Speaker Name Contact information