尊敬的 微信汇率:1円 ≈ 0.046239 元 支付宝汇率:1円 ≈ 0.04633元 [退出登录]
SlideShare a Scribd company logo

HSBC and AWS Day - Security Identity and Access Management

Amazon Web Services
Amazon Web Services

Security, Identity, and Access Management ·AWS Shared Responsibility Model ·Security measures provided by AWS ·AWS Identity and Access Management (IAM) concepts including users, groups, roles and policies

Technology
1 of 30
Download to read offline
1 06 July 2017 Michael Braendle, AWS Professional Services Hong Kong, Taiwan and Macau Security, Identity, and Access Management HSBC Training Day
2 AWS Shared Responsibility Model AWS Founda+on Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Loca?ons Client-side Data Encryp+on Server-side Data Encryp+on Network Traffic Protec+on PlaDorm, Applica+ons, Iden+ty, and Access Management Opera+ng System, Network, and Firewall Configura+on Customer Applica+ons & Content Customers Customers are responsible for security IN the cloud AWS is responsible for the security OF the cloud © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
3 Physical Security •  24/7 trained security staff •  AWS data centers in nondescript and undisclosed facilities •  Two-factor authentication for authorized staff •  Authorization for data center access © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
4 Hardware, Software, and Network •  Automated change-control process •  Bastion servers that record all access attempts •  Firewall and other boundary devices •  AWS monitoring tools © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
5 Certifications and Accreditations ISO 9001, ISO 27001, ISO 27017, ISO 27018, IRAP (Australia), MLPS Level 3 (China), MTCS Tier 3 Certification (Singapore) and more … © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
6 SSL Endpoints VPC Secure Transmission Use secure endpoints to establish secure communication sessions (HTTPS). Instance Firewalls Use security groups to configure firewall rules for instances. SSL Endpoints Security Groups Network Control Use public and private subnets, NAT, and VPN support in your virtual private cloud to create low-level networking constraints for resource access. SSL Endpoints © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
7 Security Groups SSL Endpoints Security Groups Instance Firewalls Use security groups to configure firewall rules for instances. VPC Secure Transmission Use secure endpoints to establish secure communication sessions (HTTPS). Network Control Use public and private subnets, NAT, and VPN support in your virtual private cloud to create low-level networking constraints for resource access. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
8 AWS Multi-Tier Security Groups © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. www server www server www server app server app server app server Database Tier security group Application Tier security group Web Tier security group db server db server db server Internet Corporate Admin Network ssh/rdp api api (all other ports are blocked)
9 Amazon Virtual Private Cloud (VPC) VPCSSL Endpoints Security Groups Network Control Use public and private subnets, NAT, and VPN support in your virtual private cloud to create low-level networking constraints for resource access. Instance Firewalls Use security groups to configure firewall rules for instances. Secure Transmission Use secure endpoints to establish secure communication sessions (HTTPS). © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
10 AWS Identity and Access Management (IAM) AWS IAM 3 Manage federated users and their permissions 2 Manage AWS IAM roles and their permissions 1 Manage AWS IAM users and their access © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
11 AWS IAM Authentication •  Authentication •  AWS Management Console •  User Name and Password IAM User © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
12 AWS IAM Authentication •  Authentication •  AWS CLI or SDK API •  Access Key and Secret Key Access Key ID: AKIAIOSFODNN7EXAMPLE Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Java Python .NET AWS SDK & APIAWS CLI IAM User © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
13 AWS IAM User Management - Groups User D DevOps Group User C AWS Account TestDev Group User B User A © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
14 AWS IAM Authorization Authorization •  Policies: •  Are JSON documents to describe permissions. •  Are assigned to users, groups or roles. IAM User IAM Group IAM Roles © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
15 AWS IAM Policy Elements { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1453690971587", "Action": [ "ec2:Describe*", "ec2:StartInstances", "ec2:StopInstances” ], "Effect": "Allow", "Resource": "*", "Condition": { "IpAddress": { "aws:SourceIp": "54.64.34.65/32” } } }, { "Sid": "Stmt1453690998327", "Action": [ "s3:GetObject*” ], "Effect": "Allow", "Resource": "arn:aws:s3:::example_bucket/*” } ] } IAM Policy © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
16 AWS IAM Policy Assignment IAM User IAM Group Assigned Assigned IAM Policy © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
17 AWS IAM Policy Assignment IAM User IAM Group IAM Roles Assigned Assigned Assigned IAM Policy © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
18 AWS IAM Roles •  An IAM role uses a policy. •  An IAM role has no associated credentials. •  IAM users, applications, and services may assume IAM roles. IAM Roles © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
19 AWS IAM Policy Assignment IAM User IAM Group IAM Roles Assigned Assigned Assigned IAM Policy IAM User Assumed Assumed AWS Resources © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
20 Example: Application Access to AWS Resources •  Python application hosted on an Amazon EC2 Instance needs to interact with Amazon S3. •  AWS credentials are required: •  Option 1: Store AWS Credentials on the Amazon EC2 instance. •  Option 2: Securely distribute AWS credentials to AWS Services and Applications. IAM Roles © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
21 AWS IAM Roles - Instance Profiles Amazon EC2 App & EC2 MetaData Service http://169.254.169.254/latest/meta-data/iam/security-credentials/rolename Amazon S3 1 2 3 4 Create Instance SelectIAMRole ApplicationinteractswithS3 © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
22 AWS IAM Roles – Assume Role IAM Restricted Policy IAM User A-1 AWS Account A IAM Admin Role IAM Admin Policy Assigned Assume Assigned 1 2 IAM User B-1 AWS Account B Amazon S3 Assume 4 Access 53 Access 1 © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
23 Temporary Security Credentials (AWS STS) Use Cases •  Cross account access •  Federation •  Mobile Users •  Key rotation for Amazon EC2-based apps Session Access Key ID Secret Access Key Session Token Expiration Temporary Security Credentials 15 minutes to 36 hours © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
24 Application Authentication AWS IAM Application No Support No Support OS © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
25 AWS IAM Authentication and Authorization Authentication •  AWS Management Console •  User Name and Password •  AWS CLI or SDK API •  Access Key and Secret Key Authorization •  Policies IAM User IAM Group IAM Roles © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
26 AWS IAM Best Practices •  Delete AWS account (root) access keys. •  Create individual IAM users. •  Use groups to assign permissions to IAM users. •  Grant least privilege. •  Configure a strong password policy. •  Enable MFA for privileged users. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
27 AWS IAM Best Practices (cont.) •  Use roles for applications that run on Amazon EC2 instances. •  Delegate by using roles instead of by sharing credentials. •  Rotate credentials regularly. •  Remove unnecessary users and credentials. •  Use policy conditions for extra security. •  Monitor activity in your AWS account. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
28 AWS CloudTrail •  Records AWS API calls for accounts. •  Delivers log files with information to an Amazon S3 bucket. •  Makes calls using the AWS Management Console, AWS SDKs, AWS CLI and higher-level AWS services. AWS CloudTrail Amazon S3 Bucket Logs © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
29 Knowledge Check Q: Your web application needs to read/write an Amazon DynamoDB table and an Amazon S3 bucket. This operation requires AWS credentials and authorization to use AWS services. What IAM entity should be used? User Group Role Policy © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
30 Instructor Demo IAM

Recommended

SRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentSRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application Development
Amazon Web Services
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017
Amazon Web Services
 
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
Amazon Web Services
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWS
Kristana Kane
 
Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)
Adrian Hornsby
 
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T... Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...
Amazon Web Services
 
Shared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account StructuresShared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account Structures
Amazon Web Services
 
SMC301 The State of Serverless Computing
SMC301 The State of Serverless ComputingSMC301 The State of Serverless Computing
SMC301 The State of Serverless Computing
Amazon Web Services
 

Recommended

SRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentSRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application Development
Amazon Web Services
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017
Amazon Web Services
 
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
Amazon Web Services
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWS
Kristana Kane
 
Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)
Adrian Hornsby
 
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T... Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...
Getting Started with AWS Lambda and the Serverless Cloud - AWS Summit Cape T...
Amazon Web Services
 
Shared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account StructuresShared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account Structures
Amazon Web Services
 
SMC301 The State of Serverless Computing
SMC301 The State of Serverless ComputingSMC301 The State of Serverless Computing
SMC301 The State of Serverless Computing
Amazon Web Services
 
ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New Launches
Amazon Web Services
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
Kristana Kane
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Amazon Web Services
 
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Amazon Web Services
 
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
Amazon Web Services
 
SRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and DockerSRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and Docker
Amazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
Amazon Web Services
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
Amazon Web Services
 
serverless_architecture_patterns_london_loft.pdf
serverless_architecture_patterns_london_loft.pdfserverless_architecture_patterns_london_loft.pdf
serverless_architecture_patterns_london_loft.pdf
Amazon Web Services
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWS
Amazon Web Services
 
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
Amazon Web Services
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
Amazon Web Services
 
Deep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSDeep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECS
Amazon Web Services
 
AWS re:Invent 2016: 6 Million New Registrations in 30 Days: How the Chick-fil...
AWS re:Invent 2016: 6 Million New Registrations in 30 Days: How the Chick-fil...AWS re:Invent 2016: 6 Million New Registrations in 30 Days: How the Chick-fil...
AWS re:Invent 2016: 6 Million New Registrations in 30 Days: How the Chick-fil...
Amazon Web Services
 
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Amazon Web Services
 
Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017
Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017
Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017
Amazon Web Services
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
ENT309 scaling up to your first 10 million users
ENT309 scaling up to your first 10 million usersENT309 scaling up to your first 10 million users
ENT309 scaling up to your first 10 million users
Amazon Web Services
 
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceBDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
Amazon Web Services
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Amazon Web Services
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Amazon Web Services
 

More Related Content

What's hot

ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New Launches
Amazon Web Services
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
Kristana Kane
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Amazon Web Services
 
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Amazon Web Services
 
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
Amazon Web Services
 
SRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and DockerSRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and Docker
Amazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
Amazon Web Services
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
Amazon Web Services
 
serverless_architecture_patterns_london_loft.pdf
serverless_architecture_patterns_london_loft.pdfserverless_architecture_patterns_london_loft.pdf
serverless_architecture_patterns_london_loft.pdf
Amazon Web Services
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWS
Amazon Web Services
 
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
Amazon Web Services
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
Amazon Web Services
 
Deep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSDeep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECS
Amazon Web Services
 
AWS re:Invent 2016: 6 Million New Registrations in 30 Days: How the Chick-fil...
AWS re:Invent 2016: 6 Million New Registrations in 30 Days: How the Chick-fil...AWS re:Invent 2016: 6 Million New Registrations in 30 Days: How the Chick-fil...
AWS re:Invent 2016: 6 Million New Registrations in 30 Days: How the Chick-fil...
Amazon Web Services
 
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Amazon Web Services
 
Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017
Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017
Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017
Amazon Web Services
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
ENT309 scaling up to your first 10 million users
ENT309 scaling up to your first 10 million usersENT309 scaling up to your first 10 million users
ENT309 scaling up to your first 10 million users
Amazon Web Services
 
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceBDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
Amazon Web Services
 

What's hot (20)

ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New Launches
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
 
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
 
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
 
SRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and DockerSRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and Docker
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
serverless_architecture_patterns_london_loft.pdf
serverless_architecture_patterns_london_loft.pdfserverless_architecture_patterns_london_loft.pdf
serverless_architecture_patterns_london_loft.pdf
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWS
 
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
Deep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSDeep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECS
 
AWS re:Invent 2016: 6 Million New Registrations in 30 Days: How the Chick-fil...
AWS re:Invent 2016: 6 Million New Registrations in 30 Days: How the Chick-fil...AWS re:Invent 2016: 6 Million New Registrations in 30 Days: How the Chick-fil...
AWS re:Invent 2016: 6 Million New Registrations in 30 Days: How the Chick-fil...
 
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
 
Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017
Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017
Deep Dive on Microservices and Docker - AWS Summit Cape Town 2017
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
ENT309 scaling up to your first 10 million users
ENT309 scaling up to your first 10 million usersENT309 scaling up to your first 10 million users
ENT309 scaling up to your first 10 million users
 
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceBDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log Analytics with Amazon Elasticsearch Service
 

Similar to HSBC and AWS Day - Security Identity and Access Management

Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Amazon Web Services
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
AWSome Day 2016 - Module 3: Security, Identity, and Access Management
AWSome Day 2016 - Module 3: Security, Identity, and Access ManagementAWSome Day 2016 - Module 3: Security, Identity, and Access Management
AWSome Day 2016 - Module 3: Security, Identity, and Access Management
Amazon Web Services
 
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Amazon Web Services
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
Amazon Web Services
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
Amazon Web Services
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
Amazon Web Services
 
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Amazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
Amazon Web Services
 
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesProtecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and Features
Amazon Web Services
 
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Amazon Web Services
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
Vladimir Simek
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
Alert Logic
 
Introduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptxIntroduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptx
GauravSharma164138
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural Patterns
Amazon Web Services
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural Patterns
Adrian Hornsby
 

Similar to HSBC and AWS Day - Security Identity and Access Management (20)

Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWSome Day 2016 - Module 3: Security, Identity, and Access Management
AWSome Day 2016 - Module 3: Security, Identity, and Access ManagementAWSome Day 2016 - Module 3: Security, Identity, and Access Management
AWSome Day 2016 - Module 3: Security, Identity, and Access Management
 
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...
 
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesProtecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and Features
 
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
 
Introduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptxIntroduction_to_AWS_Services__Networking,_Security.pptx
Introduction_to_AWS_Services__Networking,_Security.pptx
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural Patterns
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural Patterns
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
ScyllaDB
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
An Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise IntegrationAn Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise Integration
Safe Software
 
Cyber Recovery Wargame
Cyber Recovery WargameCyber Recovery Wargame
Cyber Recovery Wargame
Databarracks
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
ScyllaDB
 
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
dipikamodels1
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
ScyllaDB
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
ScyllaDB
 
Multivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back againMultivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back again
Kieran Kunhya
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
manji sharman06
 
Introduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER WebinarIntroduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER Webinar
ThousandEyes
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
APJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes WebinarAPJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes Webinar
ThousandEyes
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
Facilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptxFacilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptx
Knoldus Inc.
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
Day 4 - Excel Automation and Data Manipulation
Day 4 - Excel Automation and Data ManipulationDay 4 - Excel Automation and Data Manipulation
Day 4 - Excel Automation and Data Manipulation
UiPathCommunity
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
UmmeSalmaM1
 

Recently uploaded (20)

So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
An Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise IntegrationAn Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise Integration
 
Cyber Recovery Wargame
Cyber Recovery WargameCyber Recovery Wargame
Cyber Recovery Wargame
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
 
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
 
Multivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back againMultivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back again
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
 
Introduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER WebinarIntroduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER Webinar
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
APJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes WebinarAPJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes Webinar
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
Facilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptxFacilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptx
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
Day 4 - Excel Automation and Data Manipulation
Day 4 - Excel Automation and Data ManipulationDay 4 - Excel Automation and Data Manipulation
Day 4 - Excel Automation and Data Manipulation
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
 

HSBC and AWS Day - Security Identity and Access Management

  • 1. 1 06 July 2017 Michael Braendle, AWS Professional Services Hong Kong, Taiwan and Macau Security, Identity, and Access Management HSBC Training Day
  • 2. 2 AWS Shared Responsibility Model AWS Founda+on Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Loca?ons Client-side Data Encryp+on Server-side Data Encryp+on Network Traffic Protec+on PlaDorm, Applica+ons, Iden+ty, and Access Management Opera+ng System, Network, and Firewall Configura+on Customer Applica+ons & Content Customers Customers are responsible for security IN the cloud AWS is responsible for the security OF the cloud © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 3. 3 Physical Security •  24/7 trained security staff •  AWS data centers in nondescript and undisclosed facilities •  Two-factor authentication for authorized staff •  Authorization for data center access © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 4. 4 Hardware, Software, and Network •  Automated change-control process •  Bastion servers that record all access attempts •  Firewall and other boundary devices •  AWS monitoring tools © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 5. 5 Certifications and Accreditations ISO 9001, ISO 27001, ISO 27017, ISO 27018, IRAP (Australia), MLPS Level 3 (China), MTCS Tier 3 Certification (Singapore) and more … © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 6. 6 SSL Endpoints VPC Secure Transmission Use secure endpoints to establish secure communication sessions (HTTPS). Instance Firewalls Use security groups to configure firewall rules for instances. SSL Endpoints Security Groups Network Control Use public and private subnets, NAT, and VPN support in your virtual private cloud to create low-level networking constraints for resource access. SSL Endpoints © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 7. 7 Security Groups SSL Endpoints Security Groups Instance Firewalls Use security groups to configure firewall rules for instances. VPC Secure Transmission Use secure endpoints to establish secure communication sessions (HTTPS). Network Control Use public and private subnets, NAT, and VPN support in your virtual private cloud to create low-level networking constraints for resource access. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 8. 8 AWS Multi-Tier Security Groups © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. www server www server www server app server app server app server Database Tier security group Application Tier security group Web Tier security group db server db server db server Internet Corporate Admin Network ssh/rdp api api (all other ports are blocked)
  • 9. 9 Amazon Virtual Private Cloud (VPC) VPCSSL Endpoints Security Groups Network Control Use public and private subnets, NAT, and VPN support in your virtual private cloud to create low-level networking constraints for resource access. Instance Firewalls Use security groups to configure firewall rules for instances. Secure Transmission Use secure endpoints to establish secure communication sessions (HTTPS). © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 10. 10 AWS Identity and Access Management (IAM) AWS IAM 3 Manage federated users and their permissions 2 Manage AWS IAM roles and their permissions 1 Manage AWS IAM users and their access © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 11. 11 AWS IAM Authentication •  Authentication •  AWS Management Console •  User Name and Password IAM User © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 12. 12 AWS IAM Authentication •  Authentication •  AWS CLI or SDK API •  Access Key and Secret Key Access Key ID: AKIAIOSFODNN7EXAMPLE Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Java Python .NET AWS SDK & APIAWS CLI IAM User © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 13. 13 AWS IAM User Management - Groups User D DevOps Group User C AWS Account TestDev Group User B User A © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 14. 14 AWS IAM Authorization Authorization •  Policies: •  Are JSON documents to describe permissions. •  Are assigned to users, groups or roles. IAM User IAM Group IAM Roles © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 15. 15 AWS IAM Policy Elements { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1453690971587", "Action": [ "ec2:Describe*", "ec2:StartInstances", "ec2:StopInstances” ], "Effect": "Allow", "Resource": "*", "Condition": { "IpAddress": { "aws:SourceIp": "54.64.34.65/32” } } }, { "Sid": "Stmt1453690998327", "Action": [ "s3:GetObject*” ], "Effect": "Allow", "Resource": "arn:aws:s3:::example_bucket/*” } ] } IAM Policy © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 16. 16 AWS IAM Policy Assignment IAM User IAM Group Assigned Assigned IAM Policy © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 17. 17 AWS IAM Policy Assignment IAM User IAM Group IAM Roles Assigned Assigned Assigned IAM Policy © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 18. 18 AWS IAM Roles •  An IAM role uses a policy. •  An IAM role has no associated credentials. •  IAM users, applications, and services may assume IAM roles. IAM Roles © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 19. 19 AWS IAM Policy Assignment IAM User IAM Group IAM Roles Assigned Assigned Assigned IAM Policy IAM User Assumed Assumed AWS Resources © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 20. 20 Example: Application Access to AWS Resources •  Python application hosted on an Amazon EC2 Instance needs to interact with Amazon S3. •  AWS credentials are required: •  Option 1: Store AWS Credentials on the Amazon EC2 instance. •  Option 2: Securely distribute AWS credentials to AWS Services and Applications. IAM Roles © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 21. 21 AWS IAM Roles - Instance Profiles Amazon EC2 App & EC2 MetaData Service http://169.254.169.254/latest/meta-data/iam/security-credentials/rolename Amazon S3 1 2 3 4 Create Instance SelectIAMRole ApplicationinteractswithS3 © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 22. 22 AWS IAM Roles – Assume Role IAM Restricted Policy IAM User A-1 AWS Account A IAM Admin Role IAM Admin Policy Assigned Assume Assigned 1 2 IAM User B-1 AWS Account B Amazon S3 Assume 4 Access 53 Access 1 © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 23. 23 Temporary Security Credentials (AWS STS) Use Cases •  Cross account access •  Federation •  Mobile Users •  Key rotation for Amazon EC2-based apps Session Access Key ID Secret Access Key Session Token Expiration Temporary Security Credentials 15 minutes to 36 hours © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 24. 24 Application Authentication AWS IAM Application No Support No Support OS © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 25. 25 AWS IAM Authentication and Authorization Authentication •  AWS Management Console •  User Name and Password •  AWS CLI or SDK API •  Access Key and Secret Key Authorization •  Policies IAM User IAM Group IAM Roles © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 26. 26 AWS IAM Best Practices •  Delete AWS account (root) access keys. •  Create individual IAM users. •  Use groups to assign permissions to IAM users. •  Grant least privilege. •  Configure a strong password policy. •  Enable MFA for privileged users. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 27. 27 AWS IAM Best Practices (cont.) •  Use roles for applications that run on Amazon EC2 instances. •  Delegate by using roles instead of by sharing credentials. •  Rotate credentials regularly. •  Remove unnecessary users and credentials. •  Use policy conditions for extra security. •  Monitor activity in your AWS account. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 28. 28 AWS CloudTrail •  Records AWS API calls for accounts. •  Delivers log files with information to an Amazon S3 bucket. •  Makes calls using the AWS Management Console, AWS SDKs, AWS CLI and higher-level AWS services. AWS CloudTrail Amazon S3 Bucket Logs © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 29. 29 Knowledge Check Q: Your web application needs to read/write an Amazon DynamoDB table and an Amazon S3 bucket. This operation requires AWS credentials and authorization to use AWS services. What IAM entity should be used? User Group Role Policy © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  翻译: