Embed Size (px)
Citation preview
Aurelijus Banelis
How AWS handles security
VilniusPHP 0x522019-09-05
Aurelijus Banelis
PGP 0x320205E7539B6203130D C446 1F1A 2E50 D6E33DA8 3202 05E7 539B 6203
Backend/[email protected]
Security patternsin AWS
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
AWS
AWSInfrastructure as a service
Pay on demand
Cloud vs Hosting
Cloud vs Hosting
Innovate with provider
Thinking model
Security toolsNetwork, storage, auditing, reaction,
application level
Complex system
Security toolsNetwork, storage, auditing, reaction,
application level
Complex system
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
Monolithicvs
Distributed
Monolithic
Onion-like architecture
Distributed
Sidecar-like architecture
Monolithicvs
Distributed
Traditionalvs
Cloud-native
Traditional
Enforced and validated by humans
Cloud-native
Enforced and validated by computers
Traditionalvs
Cloud-native
Hierarchical vs
graph-based
Hierarchical
Graph-based
Hierarchical vs
graph-based
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
Upload from frontend
https://gist.github.com/aurelijusb/87ceabc1fa980dd27278063ea49d1e6e
Automation without root
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
Problemsharder
Perspectivewider
● AWS Best practices: https://aws.amazon.com/architecture/well-architected/
● Summaries as illustrations:https://www.awsgeek.com/
● Community managed resources:https://github.com/open-guides/og-aws#security-and-iam
● Thinking about the Cloud: from application perspective:http://shop.oreilly.com/product/0636920072768.do
● Thinking about the Cloud: from infrastructure tools perspective:http://shop.oreilly.com/product/0636920075837.do
References and further reading
Aurelijus Banelis
How AWS handles security
VilniusPHP 0x522019-09-05
Thank youDiscussion?
Like what we do here @ NFQ?
By the way I am searching for a new team member…
...and I split bonuswith them (current colleaguescan prove that)
![[AWSマイスターシリーズ] AWS CLI / AWS Tools for Windows PowerShell](https://img.dokumen.tips/doc/110x75/54c666a74a795928268b45ac/aws-aws-cli-aws-tools-for-windows-powershell.jpg)
![[AWSマイスターシリーズ] AWS OpsWorks](https://img.dokumen.tips/doc/110x75/54b75fe54a7959f71f8b4650/aws-aws-opsworks.jpg)
![[AWSマイスターシリーズ] AWS Elastic Beanstalk](https://img.dokumen.tips/doc/110x75/54b774da4a795918738b45b7/aws-aws-elastic-beanstalk.jpg)
![[AWSマイスターシリーズ]AWS Storage Gateway](https://img.dokumen.tips/doc/110x75/546ca885b4af9f702c8b5116/awsaws-storage-gateway.jpg)
![[AWSマイスターシリーズ] AWS CloudFormation](https://img.dokumen.tips/doc/110x75/54b73ef54a795989698b456c/aws-aws-cloudformation.jpg)
![[AWS Black Belt Online Seminar] · • AWS Auto Scaling - AWS Auto Scaling —](https://img.dokumen.tips/doc/110x75/5e7cc4003fe1a42cb5070da9/aws-black-belt-online-seminar-a-aws-auto-scaling-aws-auto-scaling-a.jpg)
