Documente Academic
Documente Profesional
Documente Cultură
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security is our top priority
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security of the cloud
Foundation services
Compute Storage Database Network
AWS
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security in the cloud
Customer data
Customer
Considerations
• What you should store • In what content format and
• Which AWS services you structure
should use • Who has access
• Which region to store in
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS shared responsibility model
Customer data
Customer
Foundation services
Compute Storage Database Network
AWS
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security, identity, and compliance products
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Manage authentication and
authorization
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Identity and Access Management (IAM)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Authentication: Who are you?
$ aws
AWS
CLI IAM
AWS
SDKS IAM USER IAM GROUP
AWS
Management
Console
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Authorization: What can you do?
$ aws AWS
Full CLI
access
IAM policies
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IAM roles
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Using roles for temporary security credentials
EC2
instance
Application
Amazon
S3 bucket
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Using roles for temporary security credentials
EC2
instance
Application
Amazon
S3 bucket
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Using roles for temporary security credentials
EC2
instance
Application
Amazon
S3 bucket
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Using roles for temporary security credentials
EC2
instance
Application
Amazon
S3 bucket
Assume
IAM Role IAM Policy
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Using roles for temporary security credentials
EC2
instance
Application
Amazon
S3 bucket
Assume
IAM Role IAM Policy
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Best practices
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Access your security and compliance
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Challenges of threat assessment
• Expensive
• Complex
• Time-consuming
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Amazon Inspector?
Automated security
assessment as a service
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Inspector findings
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Remediation recommendation
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Protect your infrastructure from
Distributed Denial of Service (DDoS) attacks
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is DDoS?
DDoS
DDoS DDoS
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
DDoS mitigation challenges
Limited Involves
Complex bandwidth rearchitecting Manual
Time- Degraded
consuming performance Expensive
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is AWS Shield? • A managed DDoS protection service
• Always-on detection and mitigations
• Seamless integration and deployment
• Cost-efficient and customizable protection
DDoS
DDoS DDoS
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Shield Standard and AWS Shield Advanced
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS security compliance
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Assurance programs
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How AWS helps customers achieve compliance
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customer responsibility
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.