IAM Recommended Practices
|
|
- Pamela Butler
- 5 years ago
- Views:
Transcription
1 IAM Recommended Practices Tom Maddox Manager, Solution Architecture 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
2 What to expect from this session We will look at: Best practices To help you get started Versus When to use one technology over another
3 AWS Identity and Access Management (IAM) Enables you to control who can do what in your AWS account Users, groups, roles, and permissions Control Centralised Fine-grained - APIs, resources, and AWS Management Console Security Secure (deny) by default Multiple users, individual security credentials and permissions
4 IAM Best Practices Basic user and permission management Credential management Delegation
5 Basic user and permission management 0. Create individual users. Benefits Unique credentials Individual credential rotation Individual permissions
6 Basic user and permission management 0. Create individual users. 1. Grant least privilege. (and monitor permission usage with the IAM console revoke permissions if they haven t been used for some time period) Benefits Less chance of people making mistakes Easier to relax than tighten up More granular control
7 Basic user and permission management 0. Create individual users. 1. Grant least privilege. 2. Manage permissions with groups. Benefits Easier to assign the same permissions to multiple users Simpler to reassign permissions based on change in responsibilities Only one change to update permissions for multiple users
8 Basic user and permission management 0. Create individual users. 1. Grant least privilege. 2. Manage permissions with groups. 3. Restrict privileged access further with conditions. Benefits Additional granularity when defining permissions Can be enabled for any AWS service API Minimises chances of accidentally performing privileged actions
9 Basic user and permission management 0. Create individual users. 1. Grant least privilege. 2. Manage permissions with groups. 3. Restrict privileged access further with conditions. 4. Enable AWS CloudTrail to get logs of API calls. Benefits Visibility into your user activity by recording AWS API calls to an Amazon S3 bucket
10 Credential management 5. Configure a strong password policy. Benefits Ensures your users and your data are protected
11 Credential management 5. Configure a strong password policy. 6. Rotate security credentials regularly. Benefits Normal best practice (often for compliance reasons)
12 Credential management 5. Configure a strong password policy. 6. Rotate security credentials regularly. 7. Enable MFA for privileged users. Benefits Supplements user name and password to require a one-time code during authentication
13 Delegation 8. Use IAM roles to share access. Benefits No need to share security credentials No need to store long-term credentials Use cases - Cross-account access - Intra-account delegation - Federation
14 Delegation 8. Use IAM roles to share access. 9. Use IAM roles for Amazon EC2 instances. Benefits Easy to manage access keys on EC2 instances Automatic key rotation Assign least privilege to the application AWS SDKs fully integrated AWS CLI fully integrated
15 Delegation 8. Use IAM roles to share access. 9. Use IAM roles for Amazon EC2 instances. 10. Reduce or remove use of root. Benefits Reduce potential for misuse of credentials
16 Top 11 IAM best practices 0. Users Create individual users. 1. Permissions Grant least privilege. 2. Groups Manage permissions with groups. 3. Conditions Restrict privileged access further with conditions. 4. Auditing Enable AWS CloudTrail to get logs of API calls. 5. Password Configure a strong password policy. 6. Rotate Rotate security credentials regularly. 7. MFA Enable MFA for privileged users. 8. Sharing Use IAM roles to share access. 9. Roles Use IAM roles for Amazon EC2 instances. 10. Root Reduce or remove use of root.
17 AWS access keys vs. passwords Versus When should I use?
18
19 IAM users vs. federated users Depends on where you want to manage your users On-premises Federated users (IAM roles) In your AWS account IAM users
20 IAM users vs. federated users Depends on where you want to manage your users On-premises Federated users (IAM roles) In your AWS account IAM users Other important use cases Delegating access to your account Federated users (IAM roles) Mobile application access Should always be federated access Draining PII from AWS / IAM Federated users
21 IAM users vs. federated users Depends on where you want to manage your users On-premises Federated users (IAM roles) In your AWS account IAM users Other important use cases Delegating access to your account Federated users (IAM roles) Mobile application access Should always be federated access Draining PII from AWS / IAM Federated users IMPORTANT: Never share security credentials.
22 How does federated access work? Acct ID: Acct ID: STS IAM user: Anders
23 How does federated access work? Acct ID: Acct ID: STS ddb-role IAM user: Anders
24 How does federated access work? Acct ID: Acct ID: STS ddb-role trusts IAM users from the AWS account ( ) { "Statement": [ { "Effect":"Allow", "Principal":{"AWS":" "}, "Action":"sts:AssumeRole" }]} IAM user: Anders ddb-role
25 How does federated access work? Acct ID: Acct ID: STS ddb-role trusts IAM users from the AWS account ( ) { "Statement": [ { "Effect":"Allow", "Principal":{"AWS":" "}, "Action":"sts:AssumeRole" }]} IAM user: Anders ddb-role Permissions assigned to ddb-role { "Statement": [ { "Action": [ "dynamodb:getitem", "dynamodb:batchgetitem", "dynamodb:describetable", "dynamodb:listtables" ], "Effect": "Allow", "Resource": "* }]}
26 How does federated access work? Acct ID: Acct ID: STS ddb-role trusts IAM users from the AWS account ( ) { "Statement": [ { "Effect":"Allow", "Principal":{"AWS":" "}, "Action":"sts:AssumeRole" }]} IAM user: Anders Permissions assigned to Anders granting him permission to assume ddb-role in account B { "Statement": [ { "Effect": "Allow", "Action": "sts:assumerole", "Resource": "arn:aws:iam:: :role/ddb-role" }]} ddb-role Permissions assigned to ddb-role { "Statement": [ { "Action": [ "dynamodb:getitem", "dynamodb:batchgetitem", "dynamodb:describetable", "dynamodb:listtables" ], "Effect": "Allow", "Resource": "* }]}
27 How does federated access work? Acct ID: Authenticate with Anders access keys Acct ID: STS ddb-role trusts IAM users from the AWS account ( ) { "Statement": [ { "Effect":"Allow", "Principal":{"AWS":" "}, "Action":"sts:AssumeRole" }]} IAM user: Anders Permissions assigned to Anders granting him permission to assume ddb-role in account B { "Statement": [ { "Effect": "Allow", "Action": "sts:assumerole", "Resource": "arn:aws:iam:: :role/ddb-role" }]} ddb-role Permissions assigned to ddb-role { "Statement": [ { "Action": [ "dynamodb:getitem", "dynamodb:batchgetitem", "dynamodb:describetable", "dynamodb:listtables" ], "Effect": "Allow", "Resource": "* }]}
28 How does federated access work? Acct ID: Authenticate with Anders access keys Acct ID: STS ddb-role trusts IAM users from the AWS account ( ) { "Statement": [ { "Effect":"Allow", "Principal":{"AWS":" "}, "Action":"sts:AssumeRole" }]} IAM user: Anders Permissions assigned to Anders granting him permission to assume ddb-role in account B Get temporary security credentials for ddb-role { "Statement": [ { "Effect": "Allow", "Action": "sts:assumerole", "Resource": "arn:aws:iam:: :role/ddb-role" }]} ddb-role Permissions assigned to ddb-role { "Statement": [ { "Action": [ "dynamodb:getitem", "dynamodb:batchgetitem", "dynamodb:describetable", "dynamodb:listtables" ], "Effect": "Allow", "Resource": "* }]}
29 How does federated access work? Acct ID: Authenticate with Anders access keys Acct ID: STS ddb-role trusts IAM users from the AWS account ( ) { "Statement": [ { "Effect":"Allow", "Principal":{"AWS":" "}, "Action":"sts:AssumeRole" }]} IAM user: Anders Permissions assigned to Anders granting him permission to assume ddb-role in account B Get temporary security credentials for ddb-role Call AWS APIs using temporary security credentials of ddb-role { "Statement": [ { "Effect": "Allow", "Action": "sts:assumerole", "Resource": "arn:aws:iam:: :role/ddb-role" }]} ddb-role Permissions assigned to ddb-role { "Statement": [ { "Action": [ "dynamodb:getitem", "dynamodb:batchgetitem", "dynamodb:describetable", "dynamodb:listtables" ], "Effect": "Allow", "Resource": "* }]}
30
31 AWS access keys vs. passwords Depends on how your users will access AWS Console Password API, CLI, SDK Access keys
32 AWS access keys vs. passwords Depends on how your users will access AWS Console Password API, CLI, SDK Access keys In either case make sure to rotate credentials regularly Use Credential Report to audit credential rotation. Configure password policy. Configure policy to allow access key rotation.
33 Enabling credential rotation for IAM users (Enable access key rotation sample policy) Access keys { "Version":" ", "Statement": [{ "Effect": "Allow", "Action": [ "iam:createaccesskey", "iam:deleteaccesskey", "iam:listaccesskeys", "iam:updateaccesskey"], "Resource": "arn:aws:iam:: : user/${aws:username}" }]}
34 Enabling credential rotation for IAM users (Enable access key rotation sample policy) Access keys { "Version":" ", "Statement": [{ "Effect": "Allow", "Action": [ "iam:createaccesskey", "iam:deleteaccesskey", "iam:listaccesskeys", "iam:updateaccesskey"], "Resource": "arn:aws:iam:: : user/${aws:username}" }]} Steps to rotate access keys 1. While the first set of credentials is still active, create a second set of credentials, which will also be active by default. 2. Update all applications to use the new credentials. 3. Change the state of the first set of credentials to Inactive. 4. Using only the new credentials, confirm that your applications are working well. 5. Delete the first set of credentials.
35
36 Inline policies vs. managed policies Use inline policies when you need to: Enforce a strict one-to-one relationship between policy and principal. Avoid the wrong policy being attached to a principal. Ensure the policy is deleted when deleting the principal.
37 Inline policies vs. managed policies Use inline policies when you need to: Enforce a strict one-to-one relationship between policy and principal. Avoid the wrong policy being attached to a principal. Ensure the policy is deleted when deleting the principal. Use managed policies when you need: Reusability. Central change management. Versioning and rollback. Delegation of permissions management. Automatic updates for AWS managed policies. Larger policy size.
38
39 Groups vs. managed policies Provide similar benefits Can be used to assign the same permission to many users. Central location to manage permissions. Policy updates affect multiple users.
40 Groups vs. managed policies Provide similar benefits Can be used to assign the same permission to many users. Central location to manage permissions. Policy updates affect multiple users. Use groups when you need to Logically group and manage users.
41 Groups vs. managed policies Provide similar benefits Can be used to assign the same permission to many users. Central location to manage permissions. Policy updates affect multiple users. Use groups when you need to Logically group and manage users. Use managed policies when you need to Assign the same policy to users, groups, and roles.
42 Combine the power of groups AND managed policies Use groups to organize your users into logical clusters. Attach managed policies to those groups with the permissions those groups need. Pro tip: Create managed policies based on logically separated permissions such as AWS service or project, and attach managed policies mix-andmatch style to your groups.
43
44 Resource-specific policy vs. tag-based access control Use resource-specific policy when you need to: Control access to a specific resource. Control access to most AWS service resources.
45 Resource-specific policy vs. tag-based access control Use resource-specific policy when you need to: Control access to a specific resource. Control access to most AWS service resources. Use tag-based access control when you need to: Treat resources as a unit, such as a project. Automatically enforce permissions when new resources are created.
46 Resource-specific policy vs. tag-based access control Use resource-specific policy when you need to: Control access to a specific resource. Control access to most AWS service resources. Use tag-based access control when you need to: Treat resources as a unit, such as a project. Automatically enforce permissions when new resources are created. NOTE: The following services currently support tag-based access control: Amazon EC2, Amazon VPC, Amazon EBS, Amazon RDS, Amazon Simple Workflow Service, and AWS Data Pipeline
47 How does tag-based access control work? Permissions assigned to Anders granting him permission to perform any EC2 action on resources tagged with Project=Blue { } "Version": " ", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": "*", "Condition": { "StringEquals": { "ec2:resourcetag/project" : "Blue" } } } ] IAM user: Anders
48 How does tag-based access control work? Permissions assigned to Anders granting him permission to perform any EC2 action on resources tagged with Project=Blue { } "Version": " ", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": "*", "Condition": { "StringEquals": { "ec2:resourcetag/project" : "Blue" } } } ] IAM user: Anders i-a1234b12 Project=Blue
49 How does tag-based access control work? Permissions assigned to Anders granting him permission to perform any EC2 action on resources tagged with Project=Blue { } "Version": " ", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": "*", "Condition": { "StringEquals": { "ec2:resourcetag/project" : "Blue" } } } ] IAM user: Anders i-a1234b12 Project=Blue
50 How does tag-based access control work? Permissions assigned to Anders granting him permission to perform any EC2 action on resources tagged with Project=Blue { } "Version": " ", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": "*", "Condition": { "StringEquals": { "ec2:resourcetag/project" : "Blue" } } } ] IAM user: Anders i-a1234b12 Project=Blue i-a4321b12 Project=Blue
51 How does tag-based access control work? Permissions assigned to Anders granting him permission to perform any EC2 action on resources tagged with Project=Blue { } "Version": " ", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": "*", "Condition": { "StringEquals": { "ec2:resourcetag/project" : "Blue" } } } ] IAM user: Anders i-a1234b12 i-a4321b12 Project=Blue
52 How does tag-based access control work? Permissions assigned to Anders granting him permission to perform any EC2 action on resources tagged with Project=Blue { } "Version": " ", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": "*", "Condition": { "StringEquals": { "ec2:resourcetag/project" : "Blue" } } } ] IAM user: Anders i-a1234b12 i-a4321b12 Project=Blue
53 How does tag-based access control work? Permissions assigned to Anders granting him permission to perform any EC2 action on resources tagged with Project=Blue { } "Version": " ", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": "*", "Condition": { "StringEquals": { "ec2:resourcetag/project" : "Blue" } } } ] IAM user: Anders i-a1234b12 i-a4321b12 i-a4321b12 Project=Green Project=Blue
54
55 One AWS account vs. multiple AWS accounts? Use a single AWS account when you: Want simpler control of who does what in your AWS environment. Have no need to isolate projects/products/teams. Have no need for breaking up the cost.
56 One AWS account vs. multiple AWS accounts? Use a single AWS account when you: Want simpler control of who does what in your AWS environment. Have no need to isolate projects/products/teams. Have no need for breaking up the cost. Use multiple AWS accounts when you: Need full isolation between projects/teams/environments. Want to isolate recovery data and/or auditing data (e.g., writing your CloudTrail logs to a different account). Want something close to Mandatory Access Control Need a single bill, but want to break out the cost and usage.
57 Cross-account access with IAM roles Acct ID: Acct ID: Acct ID: IAM user: Anders
58 Cross-account access with IAM roles Acct ID: Acct ID: Acct ID: IAM user: Anders
59 Cross-account access with IAM roles Acct ID: Acct ID: Acct ID: IAM user: Anders
60 Cross-account access with IAM roles Acct ID: Acct ID: Acct ID: IAM user: Anders
61 Cross-account access with IAM roles Acct ID: Acct ID: Acct ID: IAM user: Anders
62 Cross-account access with IAM roles Acct ID: Acct ID: Acct ID: IAM user: Anders
63 Cross-account access with IAM roles Acct ID: Acct ID: Acct ID: IAM user: Anders
64 Cross-account access with IAM roles External identity provider Acct ID: Acct ID: Acct ID: Acct ID: IAM user: Anders IAM user: Bob
65 Cross-account access with IAM roles External identity provider Acct ID: Acct ID: Acct ID: Acct ID: IAM user: Anders IAM user: Bob
66 What did we cover? 1. Top 1011 X best practices. 2. IAM users vs. federated users. 3. Access keys vs. passwords. 4. Inline policies vs. managed policies. 5. Groups vs. managed policies. 6. Resource-specific policy vs. tag-based access control. 7. One AWS account vs. multiple AWS accounts.
67 Thank You Tom Maddox Manager, Solution Architecture 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Simple Security for Startups. Mark Bate, AWS Solutions Architect
BERLIN Simple Security for Startups Mark Bate, AWS Solutions Architect Agenda Our Security Compliance Your Security Account Management (the keys to the kingdom) Service Isolation Visibility and Auditing
More informationLook Who s Hiring! AWS Solution Architect AWS Cloud TAM
Look Who s Hiring! AWS Solution Architect https://www.amazon.jobs/en/jobs/362237 AWS Cloud TAM https://www.amazon.jobs/en/jobs/347275 AWS Principal Cloud Architect (Professional Services) http://www.reqcloud.com/jobs/701617/?k=wxb6e7km32j+es2yp0jy3ikrsexr
More informationSecurity on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance
Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Agenda: Overview AWS Regions Availability Zones Shared Responsibility Security Features Best Practices
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationCloud Computing /AWS Course Content
Cloud Computing /AWS Course Content 1. Amazon VPC What is Amazon VPC? How to Get Started with Amazon VPC Create New VPC Launch an instance (Server) to use this VPC Security in Your VPC Networking in Your
More informationAWS Security. Stephen E. Schmidt, Directeur de la Sécurité
AWS Security Stephen E. Schmidt, Directeur de la Sécurité 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express
More informationBest Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ
Best Practices for Cloud Security at Scale Phil Rodrigues Security Solutions Architect Web Services, ANZ www.cloudsec.com #CLOUDSEC Best Practices for Security at Scale Best of the Best tips for Security
More informationNetwork Security & Access Control in AWS
Network Security & Access Control in AWS Ian Massingham, Technical Evangelist @IanMmmm 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Account Security Day One Governance Account
More informationHardening AWS Environments. Automating Incident Response. AWS Compromises
Hardening AWS Environments and Automating Incident Response for AWS Compromises Hardening AWS Environments and Automating Incident Response for AWS Compromises Andrew Krug and Alex McCormack Agenda: Preparing
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationMapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd
Berlin Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd AWS Compliance Display Cabinet Certificates: Programmes:
More informationAWS Iden)ty And Access Management (IAM) Manohar Rapolu
AWS Iden)ty And Access Management (IAM) Manohar Rapolu Topics Introduc5on Principals Authen5ca5on Authoriza5on Other Key Feature -> Mul5 Factor Authen5ca5on -> Rota5ng Keys -> Resolving Mul5ple Permissions
More informationMonitoring Serverless Architectures in AWS
Monitoring Serverless Architectures in AWS The introduction of serverless architectures is a positive development from a security perspective. Splitting up services into single-purpose functions with well-defined
More informationCloudHealth. AWS and Azure On-Boarding
CloudHealth AWS and Azure On-Boarding Contents 1. Enabling AWS Accounts... 3 1.1 Setup Usage & Billing Reports... 3 1.2 Setting Up a Read-Only IAM Role... 3 1.3 CloudTrail Setup... 5 1.4 Cost and Usage
More informationAWS Security Overview. Bill Shinn Principal Security Solutions Architect
AWS Security Overview Bill Shinn Principal Security Solutions Architect Accelerating Security with AWS AWS Overview / Risk Management / Compliance Overview Identity / Privilege Isolation Roles for EC2
More informationAWS IAM Roles How To. Qubole AWS Account ID. External ID. Qubole Inc. AWS IAM Roles How To qubole.com/education
The following guide will walk through configuring Identity and Access Management Roles inside of Amazon Web Services and connecting to Qubole. This document contains code which is intended for use inside
More informationAmazon Web Services (AWS) Solutions Architect Intermediate Level Course Content
Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content Introduction to Cloud Computing A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction
More informationSecurity Camp 2016 Cloud Security. August 18, 2016
Security Camp 2016 Cloud Security What I ll be discussing Cloud Security Topics Cloud overview The VPC and structures Cloud Access Methods Who owns your data? Cover your Cloud trail? Protection approaches
More informationCreating an AWS Account: Beyond the Basics
Creating an AWS Account: Beyond the Basics Best practices to build a strong foundation for enterprise cloud adoption Updated August 2016 Aaron Wilson Table of Contents Introduction... 3 Before You Begin...
More informationAmazon WorkDocs. Administration Guide
Amazon WorkDocs Administration Guide Amazon WorkDocs: Administration Guide Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not
More informationMinfy MS Workloads Use Case
Contents Scope... 3 About CUSTOMER... Error! Bookmark not defined. Use Case Description... 3 Technical Stack... 3 AWS Architecture... Error! Bookmark not defined. AWS Solution Overview... 4 Risk Identified
More informationAmazon Web Services Training. Training Topics:
Amazon Web Services Training Training Topics: SECTION1: INTRODUCTION TO CLOUD COMPUTING A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction to Cloud Computing
More informationMinfy MS Workloads Use Case
Contents Scope... 3 About Customer... 3 Use Case Description... 3 Technical Stack... 3 AWS Solution... 4 Security... 4 Benefits... 5 Scope This document provides a detailed use case study on Hosting GSP
More informationAmazon Web Services (AWS) Training Course Content
Amazon Web Services (AWS) Training Course Content SECTION 1: CLOUD COMPUTING INTRODUCTION History of Cloud Computing Concept of Client Server Computing Distributed Computing and it s Challenges What is
More informationMinfy-Vara Migration Use Case
Document Details Use Case Name Minfy Migration - Use Case01 First Draft 30 Jul 2018 Author Amrendra Kumar Reviewed By Pradeep Narayanaswamy Contents Scope... 4 About Customer... 4 Use Case Description...
More informationPRAGMATIC SECURITY AUTOMATION FOR CLOUD
SESSION ID: CSV-R04 PRAGMATIC SECURITY AUTOMATION FOR CLOUD Rich Mogull Analyst/VP of Product Securosis/DisruptOPS rmogull@disruptops.com @rmogull Cloud is Fundamentally Different Abstraction Automation
More informationHackproof Your Cloud Responding to 2016 Threats
Hackproof Your Cloud Responding to 2016 Threats Aaron Klein, CloudCheckr Tuesday, June 30 th 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Changing Your Perspective Moving
More informationOracle WebLogic Server 12c on AWS. December 2018
Oracle WebLogic Server 12c on AWS December 2018 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationArchitecting for Greater Security in AWS
Architecting for Greater Security in AWS Jonathan Desrocher Security Solutions Architect, Amazon Web Services. Guy Tzur Director of Ops, Totango. 2015, Amazon Web Services, Inc. or its affiliates. All
More informationCPM. Quick Start Guide V2.4.0
CPM Quick Start Guide V2.4.0 1 Content 1 Introduction... 3 Launching the instance... 3 CloudFormation... 3 CPM Server Instance Connectivity... 3 2 CPM Server Instance Configuration... 4 CPM Server Configuration...
More informationRED TEAM VS. BLUE TEAM ON AWS
SESSION ID: CSV-R12 RED TEAM VS. BLUE TEAM ON AWS Teri Radichel CEO 2nd Sight Lab @teriradichel Kolby Allen DevOps Engineer Zipwhip @kolbyallen Attacker vs. Defender 2 Cloud Admin Duh Duh Duh. 3 Would
More informationActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD
ActiveNET #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD-500018 9848111288 activesurya@ @gmail.com wwww.activenetinformatics.com y Suryanaray yana By AWS Course Content 1. Introduction to Cloud
More informationCloud security 2.0: Joko nyt pilveen voi luottaa?
Cloud security 2.0: Joko nyt pilveen voi luottaa? www.nordcloud.com 11 04 2017 Helsinki 2 Teemu Lehtonen Senior Cloud architect, Security teemu.lehtonen@nordcloud.com +358 40 6329445 Nordcloud Finland
More informationSet Up a Compliant Archive. November 2016
Set Up a Compliant Archive November 2016 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents AWS s current
More informationAmazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India
(AWS) Overview: AWS is a cloud service from Amazon, which provides services in the form of building blocks, these building blocks can be used to create and deploy various types of application in the cloud.
More informationMcAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide
McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : SAA-C01 Title : AWS Certified Solutions Architect - Associate (Released February 2018)
More informationSecuring Microservices Containerized Security in AWS
Securing Microservices Containerized Security in AWS Mike Gillespie, Solutions Architect, Amazon Web Services Splitting Monoliths Ten Years Ago Splitting Monoliths Ten Years Ago XML & SOAP Splitting Monoliths
More informationAt Course Completion Prepares you as per certification requirements for AWS Developer Associate.
[AWS-DAW]: AWS Cloud Developer Associate Workshop Length Delivery Method : 4 days : Instructor-led (Classroom) At Course Completion Prepares you as per certification requirements for AWS Developer Associate.
More informationOverview of AWS Security - Database Services
Overview of AWS Security - Database Services June 2016 (Please consult http://aws.amazon.com/security/ for the latest version of this paper) 2016, Amazon Web Services, Inc. or its affiliates. All rights
More informationSECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS
WHITE PAPER SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS The Challenges Of Securing AWS Access and How To Address Them In The Modern Enterprise Executive Summary When operating in Amazon Web Services
More informationINTRO TO AWS: SECURITY
INTRO TO AWS: SECURITY Rob Whitmore Solutions Architect 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Security is the foundation Familiar security model Validated by security experts
More informationAccess Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions
Access Governance in a Cloudy Environment Nabeel Nizar VP Worldwide Solutions Engineering @nabeelnizar Nabeel.Nizar@saviynt.com How do I manage multiple cloud instances from a single place? Is my sensitive
More informationAdopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security
Adopting Modern Practices for Improved Cloud Security Cox Automotive - Enterprise Risk & Security 1 About Cox Automotive Cox Automotive is a leading provider of products and services that span the automotive
More information4) An organization needs a data store to handle the following data types and access patterns:
1) A company needs to deploy a data lake solution for their data scientists in which all company data is accessible and stored in a central S3 bucket. The company segregates the data by business unit,
More informationAmazon Search Services. Christoph Schmitter
Amazon Search Services Christoph Schmitter csc@amazon.de What we'll cover Overview of Amazon Search Services Understand the difference between Cloudsearch and Amazon ElasticSearch Service Q&A Amazon Search
More informationAWS Serverless Application Repository. Developer Guide
AWS Serverless Application Repository Developer Guide AWS Serverless Application Repository: Developer Guide Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's
More informationEnroll Now to Take online Course Contact: Demo video By Chandra sir
Enroll Now to Take online Course www.vlrtraining.in/register-for-aws Contact:9059868766 9985269518 Demo video By Chandra sir www.youtube.com/watch?v=8pu1who2j_k Chandra sir Class 01 https://www.youtube.com/watch?v=fccgwstm-cc
More informationSecurity and Privacy Overview
Security and Privacy Overview Cloud Application Security, Data Security and Privacy, and Password Management 1 Overview Security is a growing concern and should not be taken lightly across an organization.
More informationAWS Security Best Practices
AWS Security Best Practices August 2016 We welcome your feedback. Please share your thoughts at this link. 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationIdentity and Access Management Level 200
Identity and Access Management Level 200 Flavio Pereira November 2018 1 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationConfiguring AWS for Zerto Virtual Replication
Configuring AWS for Zerto Virtual Replication VERSION 1 MARCH 2018 Table of Contents 1. Prerequisites... 2 1.1. AWS Prerequisites... 2 1.2. Additional AWS Resources... 3 2. AWS Workflow... 3 3. Setting
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationLINUX, WINDOWS(MCSE),
Virtualization Foundation Evolution of Virtualization Virtualization Basics Virtualization Types (Type1 & Type2) Virtualization Demo (VMware ESXi, Citrix Xenserver, Hyper-V, KVM) Cloud Computing Foundation
More informationSecurity Overview of the BGI Online Platform
WHITEPAPER 2015 BGI Online All rights reserved Version: Draft v3, April 2015 Security Overview of the BGI Online Platform Data security is, in general, a very important aspect in computing. We put extra
More informationMinfy-SREI Migration Use Case
Document Details Use Case Name Minfy Migration - Use Case02 First Draft 15 Jan 2018 Author Atanu Sarkar Reviewed By Pradeep Narayanaswamy Contents 1. Scope... 4 2. About Customer... 4 3. Use Case Description...
More informationMinfy-SREI Migration Use Case
Document Details Use Case Name Minfy Migration - Use Case02 First Draft 15 Jan 2018 Author Atanu Sarkar Reviewed By Pradeep Narayanaswamy Contents Scope... 4 About Customer... 4 Use Case Description...
More informationLift and Shift, Don t Lift and Pray: Pragmatic Cloud Migration Strategies
SESSION ID: STR-T08 Lift and Shift, Don t Lift and Pray: Pragmatic Cloud Migration Strategies Rich Mogull Analyst/CEO Securosis VP of Product DisruptOps rmogull@securosis.com Reality Bites There is relentless
More informationAWS Well Architected Framework
AWS Well Architected Framework What We Will Cover The Well-Architected Framework Key Best Practices How to Get Started Resources Main Pillars Security Reliability Performance Efficiency Cost Optimization
More informationAWS Security. Staying on Top of the Cloud
AWS Security Staying on Top of the Cloud Intro Kurtis Miller, a Principal Security Consultant for Previously: Global Security Engineering Manager for Senior Security Consultant for First Security Engineer
More informationAWS Solution Architect Associate
AWS Solution Architect Associate 1. Introduction to Amazon Web Services Overview Introduction to Cloud Computing History of Amazon Web Services Why we should Care about Amazon Web Services Overview of
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationAWS Landing Zone. AWS User Guide. November 2018
AWS Landing Zone AWS User Guide November 2018 Copyright (c) 2018 by Amazon.com, Inc. or its affiliates. AWS Landing Zone User Guide is licensed under the terms of the Amazon Software License available
More informationCPM Quick Start Guide V2.2.0
CPM Quick Start Guide V2.2.0 1 Content 1 Introduction... 3 1.1 Launching the instance... 3 1.2 CPM Server Instance Connectivity... 3 2 CPM Server Instance Configuration... 3 3 Creating a Simple Backup
More informationUsing SQL Server on Amazon Web Services
Using SQL Server on Amazon Web Services High Availability and Reliability in the Cloud Michael Barras, Sr. Database Engineer August 26, 2017 2017, Amazon Web Services, Inc. or its Affiliates. All rights
More informationHigh School Technology Services myhsts.org Certification Courses
AWS Associate certification training Last updated on June 2017 a- AWS Certified Solutions Architect (40 hours) Amazon Web Services (AWS) Certification is fast becoming the must have certificates for any
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS 03 EXECUTIVE OVERVIEW 05 INTRODUCTION 07 MORE CLOUD DEPLOYMENTS MEANS MORE ACCESS 09 IDENTITY FEDERATION IN
More informationCrypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH
Crypto-Options on AWS Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH Amazon.com, Inc. and its affiliates. All rights reserved. Agenda
More informationAWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager
AWS Agility + Splunk Visibility = Cloud Success Splunk App for AWS Demo Laura Ripans, AWS Alliance Manager Disruptive innovation and business transformation starts with data I HAVE BEEN GIVEN AN AWS ACCOUNT!!!
More informationCloud Infrastructure Security Report. Prepared for Acme Corp
Cloud Infrastructure Security Report Prepared for Acme Corp From: Jul 24, 2016 at 09:08 PDT To: Jul 24, 2017 at 09:08 PDT Cloud Account(s): Dev Account, Staging Account, Production Account Table of Contents
More informationUnderstanding Perimeter Security
Understanding Perimeter Security In Amazon Web Services Aaron C. Newman Founder, CloudCheckr Aaron.Newman@CloudCheckr.com Changing Your Perspective How do I securing my business applications in AWS? Moving
More informationProtecting Your Data in AWS. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Protecting Your Data in AWS 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encrypting Data in AWS AWS Key Management Service, CloudHSM and other options What to expect from this
More informationAmazon GuardDuty. Amazon Guard Duty User Guide
Amazon GuardDuty Amazon Guard Duty User Guide Amazon GuardDuty: Amazon Guard Duty User Guide Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and
More informationCLOUD AND AWS TECHNICAL ESSENTIALS PLUS
1 P a g e CLOUD AND AWS TECHNICAL ESSENTIALS PLUS Contents Description... 2 Course Objectives... 2 Cloud computing essentials:... 2 Pre-Cloud and Need for Cloud:... 2 Cloud Computing and in-depth discussion...
More informationAWS Elemental MediaLive. User Guide
AWS Elemental MediaLive User Guide AWS Elemental MediaLive: User Guide Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be
More informationAWS Service Catalog. User Guide
AWS Service Catalog User Guide AWS Service Catalog: User Guide Copyright 2017 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in
More informationForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3
ForeScout CounterACT Hybrid Cloud Module: Amazon Web Services (AWS) Plugin Version 1.3 Table of Contents Amazon Web Services Plugin Overview... 4 Use Cases... 5 Providing Consolidated Visibility... 5 Dynamic
More informationNEXT GENERATION CLOUD SECURITY
SESSION ID: CMI-F02 NEXT GENERATION CLOUD SECURITY Myles Hosford Head of FSI Security & Compliance Asia Amazon Web Services Agenda Introduction to Cloud Security Benefits of Cloud Security Cloud APIs &
More informationTraining on Amazon AWS Cloud Computing. Course Content
Training on Amazon AWS Cloud Computing Course Content 15 Amazon Web Services (AWS) Cloud Computing 1) Introduction to cloud computing Introduction to Cloud Computing Why Cloud Computing? Benefits of Cloud
More informationExam Questions AWS-Certified- Developer-Associate
Exam Questions AWS-Certified- Developer-Associate Amazon AWS Certified Developer Associate https://www.2passeasy.com/dumps/aws-certified- Developer-Associate/ 1. When using Amazon SQS how much data can
More informationMinfy-Magnaquest Migration Use Case
Document Details Use Case Name Minfy Migration Use Case04 First Draft 15 th August 2018 Author Prabhakar D Reviewed By Pradeep Narayanaswamy Scope This document provides a detailed use case study on data
More informationSecurity & Compliance in the AWS Cloud. Amazon Web Services
Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any
More informationInstallation Guide Revision B. McAfee Cloud Workload Security 5.0.0
Installation Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,
More informationAbout Intellipaat. About the Course. Why Take This Course?
About Intellipaat Intellipaat is a fast growing professional training provider that is offering training in over 150 most sought-after tools and technologies. We have a learner base of 600,000 in over
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationSecurity & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web
Security & Compliance in the AWS Cloud Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Services @awscloud www.cloudsec.com #CLOUDSEC Security & Compliance in the AWS Cloud TECHNICAL & BUSINESS
More informationAmazon Web Services Hands On S3 January, 2012
Amazon Web Services Hands On S3 January, 2012 Copyright 2011-2012, Amazon Web Services, All Rights Reserved Page 1-8 Table of Contents Overview... 3 Create S3 Bucket... 3 Upload Content and Set Permissions...
More informationDatabricks Enterprise Security Guide
Databricks Enterprise Security Guide 1 Databricks is committed to building a platform where data scientists, data engineers, and data analysts can trust that their data is secure. Through implementing
More informationSignalFx Platform: Security and Compliance MARZENA FULLER. Chief Security Officer
SignalFx Platform: Security and Compliance MARZENA FULLER Chief Security Officer SignalFx Platform: Security and Compliance INTRODUCTION COMPLIANCE PROGRAM GENERAL DATA PROTECTION DATA SECURITY Data types
More informationTestkingPass. Reliable test dumps & stable pass king & valid test questions
TestkingPass http://www.testkingpass.com Reliable test dumps & stable pass king & valid test questions Exam : AWS-Solutions-Architect- Associate Title : AWS Certified Solutions Architect - Associate Vendor
More informationGetting started with AWS security
Getting started with AWS security Take a prescriptive approach Stephen Quigg Principal Security Solutions Architect 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why is enterprise
More informationIntroduction to Cloud Computing
You will learn how to: Build and deploy cloud applications and develop an effective implementation strategy Leverage cloud vendors Amazon EC2 and Amazon S3 Exploit Software as a Service (SaaS) to optimize
More informationNetflix OSS Spinnaker on the AWS Cloud
Netflix OSS Spinnaker on the AWS Cloud Quick Start Reference Deployment August 2016 Huy Huynh and Tony Vattathil Solutions Architects, Amazon Web Services Contents Overview... 2 Architecture... 3 Prerequisites...
More informationGetting started with AWS security
Getting started with AWS security Take a prescriptive approach Stella Lee Manager, Enterprise Business Development $ 2 0 B + R E V E N U E R U N R A T E (Annualized from Q4 2017) 4 5 % Y / Y G R O W T
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationHOW SNOWFLAKE SETS THE STANDARD WHITEPAPER
Cloud Data Warehouse Security HOW SNOWFLAKE SETS THE STANDARD The threat of a data security breach, someone gaining unauthorized access to an organization s data, is what keeps CEOs and CIOs awake at night.
More informationISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems
ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built
More informationCIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products
CIAM: Need for Identity Governance & Assurance Yash Prakash VP of Products Key Tenets of CIAM Solution Empower consumers, CSRs & administrators Scale to millions of entities, cloud based service Security
More informationAWS Elemental MediaStore. User Guide
AWS Elemental MediaStore User Guide AWS Elemental MediaStore: User Guide Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not
More information