Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Similar documents
Security & Compliance in the AWS Cloud. Amazon Web Services

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

BERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Energy Management with AWS

Expected Learning Outcomes Introduction To AWS

Vernetzte Fahrerassistenzsysteme (BMW + AWS ) Hazard Preview

AWS Solution Architect Associate

Introduction to Amazon Cloud & EC2 Overview

Grischa Baelden AWS Public Sector Account Manager, DACH. Brendan Bouffler. Worldwide Research and Technical Computing Lead

The Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter

AWS 101. Patrick Pierson, IonChannel

AWS Well Architected Framework

Getting started with AWS security

Amazon Web Services Training. Training Topics:

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

Amazon Web Services. Foundational Services for Research Computing. April Mike Kuentz, WWPS Solutions Architect

Amazon Linux: Operating System of the Cloud

Scaling on AWS. From 1 to 10 Million Users. Matthias Jung, Solutions Architect

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

Amazon Web Services (AWS) Training Course Content

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Crypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH

What s New at AWS? A selection of some new stuff. Constantin Gonzalez, Principal Solutions Architect, Amazon Web Services

Getting started with AWS security

Enroll Now to Take online Course Contact: Demo video By Chandra sir

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Corriendo R sobre un ambiente Serverless: Amazon Athena

Training on Amazon AWS Cloud Computing. Course Content

Serverless Computing. Redefining the Cloud. Roger S. Barga, Ph.D. General Manager Amazon Web Services

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

AWS IoT Overview. July 2016 Thomas Jones, Partner Solutions Architect

Werden Sie ein Teil von Internet der Dinge auf AWS. AWS Enterprise Summit 2015 Dr. Markus Schmidberger -

Certificate of Registration

Microservices on AWS. Matthias Jung, Solutions Architect AWS

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

Getting Started with AWS Security

High School Technology Services myhsts.org Certification Courses

Introduction to Amazon Cloud & EC2 Overview

LINUX, WINDOWS(MCSE),

Protecting Your Data in AWS. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

About Intellipaat. About the Course. Why Take This Course?

Cloud Computing. Amazon Web Services (AWS)

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

AWS Service Drill Downs

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cloud Computing /AWS Course Content

Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.

Microservices Architekturen aufbauen, aber wie?

We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info

Cloud Analytics and Business Intelligence on AWS

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

AWS Data Security Security Update

Amazon ElastiCache. User Guide API Version

Cloud and Storage. Transforming IT with AWS and Zadara. Doug Cliche, Storage Solutions Architect June 5, 2018

Azure Everywhere. Brandon Murray, Cami Williams, David Haver, Kevin Carter, Russ Henderson

Network Security & Access Control in AWS

AWS Certifications. Columbus Amazon Web Services Meetup - February 2018

Splunk & AWS. Gain real-time insights from your data at scale. Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk

ActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD

Amazon Web Services. Amazon Web Services

Joakim Stolpe AWS Nordics

Deliver High- quality Streaming Media Globally with AWS and Wowza

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Amazon Search Services. Christoph Schmitter

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

Going Serverless. Building Production Applications Without Managing Infrastructure

What to expect from the session Technical recap VMware Cloud on AWS {Sample} Integration use case Services introduction & solution designs Solution su

MONITORING SERVERLESS ARCHITECTURES

AWS Security Overview. Bill Shinn Principal Security Solutions Architect

Mid-Atlantic CIO Forum

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

Reactive Microservices Architecture on AWS

Securing Microservices Containerized Security in AWS

Exam : Implementing Microsoft Azure Infrastructure Solutions

Additional Security Services on AWS

Introduction to Cloud Computing

re:cap 2015 Mark Bate AWS Solutions Architect 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Vom Server bis zum WorkSpace: Windows Anwendungen auf AWS

Video on Demand on AWS

Analytics"in"the"Cloud"from"AWS

Architecting Microsoft Azure Solutions (proposed exam 535)

Containers or Serverless? Mike Gillespie Solutions Architect, AWS Solutions Architecture

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Store, Protect, Optimize Your Healthcare Data in AWS

Title: Planning AWS Platform Security Assessment?

Developing Microsoft Azure Solutions (70-532) Syllabus

TECHNICAL WORKBOOK. PCI Compliance in the AWS Cloud A NITIAN. Report Date: October 17, Jordan Wiseman, QSA

AWS Solutions Architect Exam Tips

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

AWS Storage Gateway. Amazon S3. Amazon EFS. Amazon Glacier. Amazon EBS. Amazon EC2 Instance. storage. File Block Object. Hybrid integrated.

Splunk & Amazon Web Services

Accenture Cloud Platform Serverless Journey

VMware Cloud on AWS The Next Generation Hybrid Cloud Architecture

Cloud Transformation and Significance of Security

VMware Cloud on AWS Adoption in the Enterprise

Amazon Web Services Course Outline

Transcription:

Security Aspekts on Services for Serverless Architectures Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Agenda: Security in General Services in Scope Aspects of Services for Serverless Architectures API Endpoint Concept API Calls Some Service Details

What is? Deployment & Administration Application Services Compute Storage Database Networking Global Infrastructure

Service in Scope I Architect should not care about AZ setup Architect should not care about scaling Architect should not care about availability Architect should not care about sizing Architect should not care about serivce side communication Architect should not take action on service side security

TECHNICAL & BUSINESS SUPPORT Support Professional Services Partner Ecosystem Training & Certification Solutions Architects HYBRID ARCHITECTURE Integrated Networking Direct Connect Identity Federation Integrated App Deployments Business Apps ANALYTICS Data Warehousing Business Intelligence Hadoop/ Spark Streaming Data Analysis Streaming Data Collection Machine Learning Elastic Search Identity Business Intelligence APP SERVICES Access Control Queuing & Notifications Workflow Search Email Transcoding DevOps Tools Key & Storage MOBILE SERVICES API Gateway Identity Sync Mobile Analytics Single Integrated Console Push Notifications MARKETPLACE Security DEVELOPMENT & OPERATIONS One-click App Deployment DevOps Resource Application Lifecycle Containers Triggers SECURITY & COMPLIANCE Monitoring & Logs Resource Templates Configuration Compliance Networking Web application firewall Databases IoT Rules Engine Device Shadows Device SDKs Device Gateway Registry Assessment and reporting Storage ENTERPRISE APPS Virtual Desktops Sharing & Collaboration Corporate Email Backup Resource & Usage Auditing Account Data Backups Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export CORE SERVICES CDN Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS Security & Pricing Reports Integrated Resource Regions INFRASTRUCTURE Availability Zones Points of Presence

TECHNICAL & BUSINESS SUPPORT Support Professional Services Partner Ecosystem Training & Certification Solutions Architects HYBRID ARCHITECTURE Integrated Networking Direct Connect Identity Federation Integrated App Deployments Business Apps ANALYTICS Data Warehousing Business Intelligence Hadoop/ Spark Streaming Data Analysis Streaming Data Collection Machine Learning Elastic Search Identity Business Intelligence APP SERVICES Access Control Queuing & Notifications Workflow Search Email Transcoding DevOps Tools Key & Storage MOBILE SERVICES API Gateway Identity Sync Mobile Analytics Single Integrated Console Push Notifications MARKETPLACE Security DEVELOPMENT & OPERATIONS One-click App Deployment DevOps Resource Application Lifecycle Containers Triggers SECURITY & COMPLIANCE Monitoring & Logs Resource Templates Configuration Compliance Networking Web application firewall Databases IoT Rules Engine Device Shadows Device SDKs Device Gateway Registry Assessment and reporting Storage ENTERPRISE APPS Virtual Desktops Sharing & Collaboration Corporate Email Backup Resource & Usage Auditing Account Data Backups Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export CORE SERVICES CDN Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS Security & Pricing Reports Integrated Resource Regions INFRASTRUCTURE Availability Zones Points of Presence

Global Footprint US West (Oregon) GovCloud EU West (Ireland) EU Central (Frankfurt) China (Beijing) Korea (Seul) Asia Pacific (Tokyo) US East (Virginia) Region US West (N.California) An independent collection of resources in a defined geography A solid foundation for meeting locationdependent privacy and compliance requirements Asia Pacific (Sydney) São Paulo Asia Pacific (Singapore)

Global Footprint Availability Zone Designed as independent failure zones Physically separated within a typical metropolitan region

Shared Responsibility Managed by Customer Optimized Network/OS/App Controls Service-specific Controls Cross-service Controls Security in the Cloud Managed by Cloud Service Provider Controls ISO 27000 ISO 9001 Security of the Cloud Request reports at: aws.amazon.com/compliance/#contact

Service in Scope II Architect needs to care about IAM Architect must secuire his access keys Architect should be aware of service features Architect should cross check service against compliance setup Architect must take care of encryption Knowledge of the service features Know how to work his own encryption into the architecture

TECHNICAL & BUSINESS SUPPORT Support Professional Services Partner Ecosystem Training & Certification Solutions Architects HYBRID ARCHITECTURE Integrated Networking Direct Connect Identity Federation Integrated App Deployments Business Apps ANALYTICS Data Warehousing Business Intelligence Hadoop/ Spark Streaming Data Analysis Streaming Data Collection Machine Learning Elastic Search Identity Business Intelligence APP SERVICES Access Control Queuing & Notifications Workflow Search Email Transcoding DevOps Tools Key & Storage MOBILE SERVICES API Gateway Identity Sync Mobile Analytics Single Integrated Console Push Notifications MARKETPLACE Security DEVELOPMENT & OPERATIONS One-click App Deployment DevOps Resource Application Lifecycle Containers Triggers SECURITY & COMPLIANCE Monitoring & Logs Resource Templates Configuration Compliance Networking Web application firewall Databases IoT Rules Engine Device Shadows Device SDKs Device Gateway Registry Assessment and reporting Storage ENTERPRISE APPS Virtual Desktops Sharing & Collaboration Corporate Email Backup Resource & Usage Auditing Account Data Backups Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export CORE SERVICES CDN Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS Security & Pricing Reports Integrated Resource Regions INFRASTRUCTURE Availability Zones Points of Presence

API API Features DDoS Protected Architect WebInterface CLI SDK API IAM Amazon SQS Amazon S3 MultiAZ Available Encryption in Transport Authenticated Logging Amazon DynamoDB Resource / Application User Application Amazon API Gateway Amazon SES

Services for Serverless Architectures Full Flexible Sizing Needed Sizing/Communication Route53 CloudFront Lambda API Gateway S3 SNS SQS KMS SWF ELB Kinesis DynamoDB Elasticsearch Redshift RDS

Aws Shared Responsibility Secure Infrastructure (Physics/Logic/Certification) Tennant Isolation Availability Platform Scaling In some services: Crypto Options

Security related features which need to be instrumented by the Architect Amazon S3 Secure Transport Sever Side Encryption Individual Vector for each object Re-Encryption through copy and versioning KMS Integration Customer Managed KEYs IAM integration Versioning MFA Delete Storage Class S3 Logging

A view on S3 Amazon S3 Datapath HTTP(s) Command PATH IAM S3 Endpoints Region S3 Bucket Policy Object Policy User Policy S3 Logging WebInterface CLI SDK API Admin For instrumentation Bucket with Objects Bucket with Objects

Security related features which need to be instrumented by the Architect Amazon API Gateway Secure Transport Setup of Paths Secure coding inside the Lambda functions Client Certificates CloudWatchLogs Logging

A view on API Gateway Amazon API Gateway Datapath HTTP(s) Command PATH IAM APP GW Endpoints Region CloudWatch Logs WebInterface CLI SDK API Admin For instrumentation Mockups Proxy

Possibilities which need to be instrumented by the Architect Lambda IAM Role needs to be focussed Secure Coding CloudWatchLogs Logging Well choosen triggers

A view on Lambda Lambda Datapath HTTP(s) Command PATH IAM APP GW Endpoints Region CloudWatch Logs WebInterface CLI SDK API Admin For instrumentation Other Services

Amazon SQS Amazon SES IAM Role needs to be focussed What data dou you send Subscribers Take care of logging

A view on Messaging Amazon SQS Amazon SES Datapath HTTP(s) Command PATH IAM APP GW Endpoints Region CloudTrail WebInterface CLI SDK API Admin For instrumentation Other Services

Thank You Bertram Dorn

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback