SlideShare a Scribd company logo

AWS Security Overview and Best Practices

Amazon Web Services
Amazon Web Services

AWSome Day Online Conference 2019 - Module 3 AWS Security

1 of 35
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 3: Security Overview
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Topics • Introduction to AWS Security • The AWS Shared Responsibility Model • AWS Access Control and Management • AWS Security Resources and Features
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introduction to AWS Security Security is of the utmost importance to AWS. • Approach to security • AWS environment controls • AWS offerings and features
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Keep Your Data Safe • Resilient infrastructure • High security • Strong safeguards
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continual Improvement • Rapid innovation • Constantly evolving security services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Pay For What You Need • Advanced security services • Address real-time emerging risks • Meeting needs at a lower operational cost
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Meet Compliance Requirements Governance-enabled features • Additional oversight • Security control • Central automation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security Products and Features Tools • Access from AWS and partners • Use for monitoring and logging
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Network Security • Built-in firewalls • Encryption in transit • Private/dedicated connections • Distributed denial of service (DDoS) mitigation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Inventory and Configuration Management • Deployment tools • Inventory and configuration tools • Template definition and management tools
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Encryption • Encryption capabilities • Key management options • AWS Key Management Service • Hardware-based cryptographic key storage options • AWS CloudHSM
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Access Control and Management • AWS Identity and Access Management (IAM) • AWS Multi-factor authentication (MFA) • Integration and federation with corporate directories • Amazon Cognito • AWS SSO
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Monitoring and Logging Tools and features to reduce your risk profile: • Deep visibility into API calls • Log aggregation and options • Alert notifications
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Marketplace • Qualified partners to market/sell software to AWS customers • Online software store that can run on AWS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared Responsibility Model
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security of the Cloud Protection of the AWS global infrastructure is top priority Availability of third-party reports
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security of the Cloud • Amazon EC2 • Amazon EBS AWS Foundation Services Unmanaged services Managed Services • Amazon DynamoDB • Amazon RDS • Amazon Redshift • Amazon EMR • Amazon WorkSpaces
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security in the Cloud • What to store • Which AWS services • In what location • In what content format and structure • Who has access
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security in the Cloud • Customers retain control • Changes to model depend on services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Control access to AWS resources • Authentication • Authorization Controls access to services such as: • Compute • Storage • Database • Application services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Create users and groups Grant permissions User Group Permissions Role
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Functionality Manage • Users and their access • Roles and their permissions • Federate users and their permissions IAM Corp
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Account Root User Account root user has complete access to all AWS Services.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Account Root User Recommendations 1. Delete root user access keys. 2. Create an IAM user. 3. Grant administrator access. 4. Use IAM credentials to interact with AWS. IAM
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM: Authentication Programmatic access • Enables access key ID and secret access key Management console access • Uses AWS account name and password • MFA prompts for code
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM: Authorization Access AWS services • Grant authorization Assign permissions • Create an AWS IAM policy
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM: Policy Assignment IAM User IAM Policy IAM Group IAM Roles
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Let’s take a look at the AWS IAM DEMO
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM DEMO
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM Best Practices • Delete AWS root account access keys • Activate multi-factor authentication (MFA) • Give IAM users only the permissions they must have • Use IAM groups • Apply an IAM password policy
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM Best Practices • Roles • Use roles for applications • Use roles instead of sharing credentials • Credentials • Rotate credentials regularly • Remove unnecessary users and credentials • Use policy conditions for extra security • Monitor activity in your AWS account
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recommended

AWSome Day Online Conference 2019 - Module 2 AWS Core Services.pdf
AWSome Day Online Conference 2019 - Module 2 AWS Core Services.pdfAWSome Day Online Conference 2019 - Module 2 AWS Core Services.pdf
AWSome Day Online Conference 2019 - Module 2 AWS Core Services.pdfAmazon Web Services
 
AWSome Day Online Conference 2019 - Module 1 AWS Cloud Concepts.pdf
AWSome Day Online Conference 2019 - Module 1 AWS Cloud Concepts.pdfAWSome Day Online Conference 2019 - Module 1 AWS Cloud Concepts.pdf
AWSome Day Online Conference 2019 - Module 1 AWS Cloud Concepts.pdfAmazon Web Services
 
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdf
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdfAWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdf
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdfAmazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Amazon Web Services
 
Building Mobile Apps with AWS Amplify
Building Mobile Apps with AWS AmplifyBuilding Mobile Apps with AWS Amplify
Building Mobile Apps with AWS AmplifyAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Introduction to Serverless
Introduction to ServerlessIntroduction to Serverless
Introduction to ServerlessAmazon Web Services
 

Recommended

AWSome Day Online Conference 2019 - Module 2 AWS Core Services.pdf
AWSome Day Online Conference 2019 - Module 2 AWS Core Services.pdfAWSome Day Online Conference 2019 - Module 2 AWS Core Services.pdf
AWSome Day Online Conference 2019 - Module 2 AWS Core Services.pdfAmazon Web Services
 
AWSome Day Online Conference 2019 - Module 1 AWS Cloud Concepts.pdf
AWSome Day Online Conference 2019 - Module 1 AWS Cloud Concepts.pdfAWSome Day Online Conference 2019 - Module 1 AWS Cloud Concepts.pdf
AWSome Day Online Conference 2019 - Module 1 AWS Cloud Concepts.pdfAmazon Web Services
 
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdf
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdfAWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdf
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdfAmazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Amazon Web Services
 
Building Mobile Apps with AWS Amplify
Building Mobile Apps with AWS AmplifyBuilding Mobile Apps with AWS Amplify
Building Mobile Apps with AWS AmplifyAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Introduction to Serverless
Introduction to ServerlessIntroduction to Serverless
Introduction to ServerlessAmazon Web Services
 
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelAmazon Web Services
 
Fundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWSFundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWSBhuvaneswari Subramani
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS SecurityAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: SecurityAmazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
Building Event-driven Architectures with Amazon EventBridge
Building Event-driven Architectures with Amazon EventBridge Building Event-driven Architectures with Amazon EventBridge
Building Event-driven Architectures with Amazon EventBridge James Beswick
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
 
[NEW LAUNCH!] Introduction to AWS Global Accelerator (NET330) - AWS re:Invent...
[NEW LAUNCH!] Introduction to AWS Global Accelerator (NET330) - AWS re:Invent...[NEW LAUNCH!] Introduction to AWS Global Accelerator (NET330) - AWS re:Invent...
[NEW LAUNCH!] Introduction to AWS Global Accelerator (NET330) - AWS re:Invent...Amazon Web Services
 
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019Amazon Web Services Korea
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
Accelerating App Development with AWS Amplify
Accelerating App Development with AWS AmplifyAccelerating App Development with AWS Amplify
Accelerating App Development with AWS AmplifyAmazon Web Services
 
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019Amazon Web Services
 
Identity and Access Management and Directory Services
Identity and Access Management and Directory ServicesIdentity and Access Management and Directory Services
Identity and Access Management and Directory ServicesAmazon Web Services
 

More Related Content

What's hot

CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
Building Event-driven Architectures with Amazon EventBridge
Building Event-driven Architectures with Amazon EventBridge Building Event-driven Architectures with Amazon EventBridge
Building Event-driven Architectures with Amazon EventBridge James Beswick
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
 
[NEW LAUNCH!] Introduction to AWS Global Accelerator (NET330) - AWS re:Invent...
[NEW LAUNCH!] Introduction to AWS Global Accelerator (NET330) - AWS re:Invent...[NEW LAUNCH!] Introduction to AWS Global Accelerator (NET330) - AWS re:Invent...
[NEW LAUNCH!] Introduction to AWS Global Accelerator (NET330) - AWS re:Invent...Amazon Web Services
 
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...Amazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019Amazon Web Services Korea
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
Accelerating App Development with AWS Amplify
Accelerating App Development with AWS AmplifyAccelerating App Development with AWS Amplify
Accelerating App Development with AWS AmplifyAmazon Web Services
 

What's hot (20)

CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day Israel
 
Fundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWSFundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWS
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
 
Building Event-driven Architectures with Amazon EventBridge
Building Event-driven Architectures with Amazon EventBridge Building Event-driven Architectures with Amazon EventBridge
Building Event-driven Architectures with Amazon EventBridge
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
 
[NEW LAUNCH!] Introduction to AWS Global Accelerator (NET330) - AWS re:Invent...
[NEW LAUNCH!] Introduction to AWS Global Accelerator (NET330) - AWS re:Invent...[NEW LAUNCH!] Introduction to AWS Global Accelerator (NET330) - AWS re:Invent...
[NEW LAUNCH!] Introduction to AWS Global Accelerator (NET330) - AWS re:Invent...
 
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
 
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar
 
Accelerating App Development with AWS Amplify
Accelerating App Development with AWS AmplifyAccelerating App Development with AWS Amplify
Accelerating App Development with AWS Amplify
 

Similar to AWS Security Overview and Best Practices

Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019Amazon Web Services
 
Identity and Access Management and Directory Services
Identity and Access Management and Directory ServicesIdentity and Access Management and Directory Services
Identity and Access Management and Directory ServicesAmazon Web Services
 
AWS Identity Access Management
AWS Identity Access ManagementAWS Identity Access Management
AWS Identity Access ManagementRichard Harvey
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Amazon Web Services
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Amazon Web Services
 
Pitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewPitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewEagleDream Technologies
 
AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3Amazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Amazon Web Services
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 
AWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAmazon Web Services
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAmazon Web Services
 
HSBC and AWS Day - Security Identity and Access Management
HSBC and AWS Day - Security Identity and Access ManagementHSBC and AWS Day - Security Identity and Access Management
HSBC and AWS Day - Security Identity and Access ManagementAmazon Web Services
 
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAmazon Web Services
 
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceAmazon Web Services
 
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAmazon Web Services
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by designRichard Harvey
 

Similar to AWS Security Overview and Best Practices (20)

Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
Module 4: Secure your cloud applications - AWSome Day Online Conference 2019
 
Identity and Access Management and Directory Services
Identity and Access Management and Directory ServicesIdentity and Access Management and Directory Services
Identity and Access Management and Directory Services
 
AWS Identity Access Management
AWS Identity Access ManagementAWS Identity Access Management
AWS Identity Access Management
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
 
Pitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewPitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overview
 
AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWS
 
AWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applications
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
 
HSBC and AWS Day - Security Identity and Access Management
HSBC and AWS Day - Security Identity and Access ManagementHSBC and AWS Day - Security Identity and Access Management
HSBC and AWS Day - Security Identity and Access Management
 
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
 
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practice
 
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by design
 
How AI is disrupting the world
How AI is disrupting the world How AI is disrupting the world
How AI is disrupting the world
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS Security Overview and Best Practices

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Module 3: Security Overview
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Topics • Introduction to AWS Security • The AWS Shared Responsibility Model • AWS Access Control and Management • AWS Security Resources and Features
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introduction to AWS Security Security is of the utmost importance to AWS. • Approach to security • AWS environment controls • AWS offerings and features
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Keep Your Data Safe • Resilient infrastructure • High security • Strong safeguards
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continual Improvement • Rapid innovation • Constantly evolving security services
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Pay For What You Need • Advanced security services • Address real-time emerging risks • Meeting needs at a lower operational cost
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Meet Compliance Requirements Governance-enabled features • Additional oversight • Security control • Central automation
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security Products and Features Tools • Access from AWS and partners • Use for monitoring and logging
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Network Security • Built-in firewalls • Encryption in transit • Private/dedicated connections • Distributed denial of service (DDoS) mitigation
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Inventory and Configuration Management • Deployment tools • Inventory and configuration tools • Template definition and management tools
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Encryption • Encryption capabilities • Key management options • AWS Key Management Service • Hardware-based cryptographic key storage options • AWS CloudHSM
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Access Control and Management • AWS Identity and Access Management (IAM) • AWS Multi-factor authentication (MFA) • Integration and federation with corporate directories • Amazon Cognito • AWS SSO
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Monitoring and Logging Tools and features to reduce your risk profile: • Deep visibility into API calls • Log aggregation and options • Alert notifications
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Marketplace • Qualified partners to market/sell software to AWS customers • Online software store that can run on AWS
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared Responsibility Model
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security of the Cloud Protection of the AWS global infrastructure is top priority Availability of third-party reports
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security of the Cloud • Amazon EC2 • Amazon EBS AWS Foundation Services Unmanaged services Managed Services • Amazon DynamoDB • Amazon RDS • Amazon Redshift • Amazon EMR • Amazon WorkSpaces
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security in the Cloud • What to store • Which AWS services • In what location • In what content format and structure • Who has access
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security in the Cloud • Customers retain control • Changes to model depend on services
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Control access to AWS resources • Authentication • Authorization Controls access to services such as: • Compute • Storage • Database • Application services
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Create users and groups Grant permissions User Group Permissions Role
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Functionality Manage • Users and their access • Roles and their permissions • Federate users and their permissions IAM Corp
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Account Root User Account root user has complete access to all AWS Services.
  • 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Account Root User Recommendations 1. Delete root user access keys. 2. Create an IAM user. 3. Grant administrator access. 4. Use IAM credentials to interact with AWS. IAM
  • 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM: Authentication Programmatic access • Enables access key ID and secret access key Management console access • Uses AWS account name and password • MFA prompts for code
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM: Authorization Access AWS services • Grant authorization Assign permissions • Create an AWS IAM policy
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM: Policy Assignment IAM User IAM Policy IAM Group IAM Roles
  • 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Let’s take a look at the AWS IAM DEMO
  • 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS IAM DEMO
  • 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM Best Practices • Delete AWS root account access keys • Activate multi-factor authentication (MFA) • Give IAM users only the permissions they must have • Use IAM groups • Apply an IAM password policy
  • 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM Best Practices • Roles • Use roles for applications • Use roles instead of sharing credentials • Credentials • Rotate credentials regularly • Remove unnecessary users and credentials • Use policy conditions for extra security • Monitor activity in your AWS account
  • 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.