SlideShare a Scribd company logo

AWSUGKOCHI - SEP - 2019 - Meetup - An Introduction in to AWS Infrastructure Security Best Practices

AWS User Group Kochi
AWS User Group Kochi

AWSUGKOCHI - September 2019 Meetup Presentation An Introduction in to AWS Infrastructure Security Best Practices by Shibu Basheer, CTO - Cabot Technology Solutions

Technology
1 of 18
AWS Security Best Practices Shibu Basheer CTO Cabot Technology Solutions Pvt Ltd
Topics 1. IAM 2. STS 3. Organisation 4. Cloudtrail 5. Cloudwatch 6. AWS Config 7. Secret Manager 8. Others
Policies / Compliance Well Architected Framework
IAM ● Create individual users ● MFA ● Use groups to assign to assign permissions to users. ● Grant Least Privilege ● Use AWS Managed Policies ● Do not share access keys ● Use Roles for Applications that run in EC2 ● Use STS to generate temporary security credentials (apps, web applications)
STS ● Security Token Service ● Avoid hard coding access key IDs in code ● Use STS for temporary access to aws services ● STS service will generate temporary accessKeyID, secretAccessKey and sessionToken ● Cognito ● OpenId connect
AWS Organizations ● Manage multiple aws accounts under one account ● Restrict resources ● Billing Entities ● Business Units ● Environments (dev, test, prod)
Cloudtrail ● Log/Record every API call. ● Used for auditing any information ● Automate remediation on incidents
Cloudwatch ● Logs from things - Applications, devices, services ● Alarms ● Rules ● Logs ● Dashboard
AWS Config ● Infrastructure keeps changing ● AWS Config keeps track of everything that changed in AWS ● Compliance Rules ○ E.g. EIP Attached ○ Cloudtrail Enabled ● Prebuilt and Custom Rules
Secret Manager ● Rotate RDS passwords ● Store security credentials ● Retrieve via API calls. ● No hard coding of DB passwords in code
Other items ● VPC Flow logs ● Security Groups ● EC2 Key Pairs
Other Services ● AWS Inspector ○ Security Assessment Service ○ Scan vulnerabilities ● Macie ○ Discover sensitive data stored in your infrastructure ● Guard Duty ○ Threat detection service ○ Uses data from vpc flow logs, cloudtrail logs, and dns ● KMS (Key management Service) ○ Store keys that encrypts your data
Thank you! Shibu Basheer Linkedin / Twitter / Instagram @shibubasheer shibu@cabotsolutions.com

Recommended

ACDKOCHI19 - Medlife's journey on AWS from ZERO Orders to 6 digits mark
ACDKOCHI19 - Medlife's journey on AWS from ZERO Orders to 6 digits markACDKOCHI19 - Medlife's journey on AWS from ZERO Orders to 6 digits mark
ACDKOCHI19 - Medlife's journey on AWS from ZERO Orders to 6 digits markAWS User Group Kochi
 
ACDKOCHI19 - Become Thanos of the Lambda Land: Wield all the Infinity Stones
ACDKOCHI19 - Become Thanos of the Lambda Land: Wield all the Infinity StonesACDKOCHI19 - Become Thanos of the Lambda Land: Wield all the Infinity Stones
ACDKOCHI19 - Become Thanos of the Lambda Land: Wield all the Infinity StonesAWS User Group Kochi
 
ACDKOCHI19 - Rapid development, CI/CD for Chatbots on AWS
ACDKOCHI19 - Rapid development, CI/CD for Chatbots on AWSACDKOCHI19 - Rapid development, CI/CD for Chatbots on AWS
ACDKOCHI19 - Rapid development, CI/CD for Chatbots on AWSAWS User Group Kochi
 
ACDKOCHI19 - Complete Media Content Management System and Website on Serverless
ACDKOCHI19 - Complete Media Content Management System and Website on ServerlessACDKOCHI19 - Complete Media Content Management System and Website on Serverless
ACDKOCHI19 - Complete Media Content Management System and Website on ServerlessAWS User Group Kochi
 
ACDKOCHI19 - A minimalistic guide to keeping things simple and straightforwar...
ACDKOCHI19 - A minimalistic guide to keeping things simple and straightforwar...ACDKOCHI19 - A minimalistic guide to keeping things simple and straightforwar...
ACDKOCHI19 - A minimalistic guide to keeping things simple and straightforwar...AWS User Group Kochi
 
ACDKOCHI19 - CI / CD using AWS Developer Tools
ACDKOCHI19 - CI / CD using AWS Developer ToolsACDKOCHI19 - CI / CD using AWS Developer Tools
ACDKOCHI19 - CI / CD using AWS Developer ToolsAWS User Group Kochi
 
ACDKOCHI19 - Technical Presentation - Connecting 10000 cars to the AWS Cloud
ACDKOCHI19 - Technical Presentation - Connecting 10000 cars to the AWS CloudACDKOCHI19 - Technical Presentation - Connecting 10000 cars to the AWS Cloud
ACDKOCHI19 - Technical Presentation - Connecting 10000 cars to the AWS CloudAWS User Group Kochi
 
ACDKOCHI19 - Journey from a traditional on-prem Datacenter to AWS: Challenges...
ACDKOCHI19 - Journey from a traditional on-prem Datacenter to AWS: Challenges...ACDKOCHI19 - Journey from a traditional on-prem Datacenter to AWS: Challenges...
ACDKOCHI19 - Journey from a traditional on-prem Datacenter to AWS: Challenges...AWS User Group Kochi
 

Recommended

ACDKOCHI19 - Medlife's journey on AWS from ZERO Orders to 6 digits mark
ACDKOCHI19 - Medlife's journey on AWS from ZERO Orders to 6 digits markACDKOCHI19 - Medlife's journey on AWS from ZERO Orders to 6 digits mark
ACDKOCHI19 - Medlife's journey on AWS from ZERO Orders to 6 digits markAWS User Group Kochi
 
ACDKOCHI19 - Become Thanos of the Lambda Land: Wield all the Infinity Stones
ACDKOCHI19 - Become Thanos of the Lambda Land: Wield all the Infinity StonesACDKOCHI19 - Become Thanos of the Lambda Land: Wield all the Infinity Stones
ACDKOCHI19 - Become Thanos of the Lambda Land: Wield all the Infinity StonesAWS User Group Kochi
 
ACDKOCHI19 - Rapid development, CI/CD for Chatbots on AWS
ACDKOCHI19 - Rapid development, CI/CD for Chatbots on AWSACDKOCHI19 - Rapid development, CI/CD for Chatbots on AWS
ACDKOCHI19 - Rapid development, CI/CD for Chatbots on AWSAWS User Group Kochi
 
ACDKOCHI19 - Complete Media Content Management System and Website on Serverless
ACDKOCHI19 - Complete Media Content Management System and Website on ServerlessACDKOCHI19 - Complete Media Content Management System and Website on Serverless
ACDKOCHI19 - Complete Media Content Management System and Website on ServerlessAWS User Group Kochi
 
ACDKOCHI19 - A minimalistic guide to keeping things simple and straightforwar...
ACDKOCHI19 - A minimalistic guide to keeping things simple and straightforwar...ACDKOCHI19 - A minimalistic guide to keeping things simple and straightforwar...
ACDKOCHI19 - A minimalistic guide to keeping things simple and straightforwar...AWS User Group Kochi
 
ACDKOCHI19 - CI / CD using AWS Developer Tools
ACDKOCHI19 - CI / CD using AWS Developer ToolsACDKOCHI19 - CI / CD using AWS Developer Tools
ACDKOCHI19 - CI / CD using AWS Developer ToolsAWS User Group Kochi
 
ACDKOCHI19 - Technical Presentation - Connecting 10000 cars to the AWS Cloud
ACDKOCHI19 - Technical Presentation - Connecting 10000 cars to the AWS CloudACDKOCHI19 - Technical Presentation - Connecting 10000 cars to the AWS Cloud
ACDKOCHI19 - Technical Presentation - Connecting 10000 cars to the AWS CloudAWS User Group Kochi
 
ACDKOCHI19 - Journey from a traditional on-prem Datacenter to AWS: Challenges...
ACDKOCHI19 - Journey from a traditional on-prem Datacenter to AWS: Challenges...ACDKOCHI19 - Journey from a traditional on-prem Datacenter to AWS: Challenges...
ACDKOCHI19 - Journey from a traditional on-prem Datacenter to AWS: Challenges...AWS User Group Kochi
 
ACDKOCHI19 - Opening Keynote - Building an Innovation mindset
ACDKOCHI19 - Opening Keynote - Building an Innovation mindsetACDKOCHI19 - Opening Keynote - Building an Innovation mindset
ACDKOCHI19 - Opening Keynote - Building an Innovation mindsetAWS User Group Kochi
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
 
ACDKOCHI19 - Next Generation Data Analytics Platform on AWS
ACDKOCHI19 - Next Generation Data Analytics Platform on AWSACDKOCHI19 - Next Generation Data Analytics Platform on AWS
ACDKOCHI19 - Next Generation Data Analytics Platform on AWSAWS User Group Kochi
 
ACDKOCHI19 - IAM Everywhere
ACDKOCHI19 - IAM EverywhereACDKOCHI19 - IAM Everywhere
ACDKOCHI19 - IAM EverywhereAWS User Group Kochi
 
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...AWS User Group Kochi
 
ACDKOCHI19 - Demystifying amazon sagemaker
ACDKOCHI19 - Demystifying amazon sagemakerACDKOCHI19 - Demystifying amazon sagemaker
ACDKOCHI19 - Demystifying amazon sagemakerAWS User Group Kochi
 
ACDKOCHI19 - Building a serverless full-stack AWS native website
ACDKOCHI19 - Building a serverless full-stack AWS native websiteACDKOCHI19 - Building a serverless full-stack AWS native website
ACDKOCHI19 - Building a serverless full-stack AWS native websiteAWS User Group Kochi
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 

More Related Content

More from AWS User Group Kochi

ACDKOCHI19 - Opening Keynote - Building an Innovation mindset
ACDKOCHI19 - Opening Keynote - Building an Innovation mindsetACDKOCHI19 - Opening Keynote - Building an Innovation mindset
ACDKOCHI19 - Opening Keynote - Building an Innovation mindsetAWS User Group Kochi
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
 
ACDKOCHI19 - Next Generation Data Analytics Platform on AWS
ACDKOCHI19 - Next Generation Data Analytics Platform on AWSACDKOCHI19 - Next Generation Data Analytics Platform on AWS
ACDKOCHI19 - Next Generation Data Analytics Platform on AWSAWS User Group Kochi
 
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...AWS User Group Kochi
 
ACDKOCHI19 - Demystifying amazon sagemaker
ACDKOCHI19 - Demystifying amazon sagemakerACDKOCHI19 - Demystifying amazon sagemaker
ACDKOCHI19 - Demystifying amazon sagemakerAWS User Group Kochi
 
ACDKOCHI19 - Building a serverless full-stack AWS native website
ACDKOCHI19 - Building a serverless full-stack AWS native websiteACDKOCHI19 - Building a serverless full-stack AWS native website
ACDKOCHI19 - Building a serverless full-stack AWS native websiteAWS User Group Kochi
 

More from AWS User Group Kochi (7)

ACDKOCHI19 - Opening Keynote - Building an Innovation mindset
ACDKOCHI19 - Opening Keynote - Building an Innovation mindsetACDKOCHI19 - Opening Keynote - Building an Innovation mindset
ACDKOCHI19 - Opening Keynote - Building an Innovation mindset
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
 
ACDKOCHI19 - Next Generation Data Analytics Platform on AWS
ACDKOCHI19 - Next Generation Data Analytics Platform on AWSACDKOCHI19 - Next Generation Data Analytics Platform on AWS
ACDKOCHI19 - Next Generation Data Analytics Platform on AWS
 
ACDKOCHI19 - IAM Everywhere
ACDKOCHI19 - IAM EverywhereACDKOCHI19 - IAM Everywhere
ACDKOCHI19 - IAM Everywhere
 
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...
 
ACDKOCHI19 - Demystifying amazon sagemaker
ACDKOCHI19 - Demystifying amazon sagemakerACDKOCHI19 - Demystifying amazon sagemaker
ACDKOCHI19 - Demystifying amazon sagemaker
 
ACDKOCHI19 - Building a serverless full-stack AWS native website
ACDKOCHI19 - Building a serverless full-stack AWS native websiteACDKOCHI19 - Building a serverless full-stack AWS native website
ACDKOCHI19 - Building a serverless full-stack AWS native website
 

Recently uploaded

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 

Recently uploaded (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

AWSUGKOCHI - SEP - 2019 - Meetup - An Introduction in to AWS Infrastructure Security Best Practices

  • 1. AWS Security Best Practices Shibu Basheer CTO Cabot Technology Solutions Pvt Ltd
  • 2. Topics 1. IAM 2. STS 3. Organisation 4. Cloudtrail 5. Cloudwatch 6. AWS Config 7. Secret Manager 8. Others
  • 3. Policies / Compliance Well Architected Framework
  • 4.
  • 5. IAM ● Create individual users ● MFA ● Use groups to assign to assign permissions to users. ● Grant Least Privilege ● Use AWS Managed Policies ● Do not share access keys ● Use Roles for Applications that run in EC2 ● Use STS to generate temporary security credentials (apps, web applications)
  • 6.
  • 7. STS ● Security Token Service ● Avoid hard coding access key IDs in code ● Use STS for temporary access to aws services ● STS service will generate temporary accessKeyID, secretAccessKey and sessionToken ● Cognito ● OpenId connect
  • 8.
  • 9.
  • 10.
  • 11. AWS Organizations ● Manage multiple aws accounts under one account ● Restrict resources ● Billing Entities ● Business Units ● Environments (dev, test, prod)
  • 12. Cloudtrail ● Log/Record every API call. ● Used for auditing any information ● Automate remediation on incidents
  • 13. Cloudwatch ● Logs from things - Applications, devices, services ● Alarms ● Rules ● Logs ● Dashboard
  • 14. AWS Config ● Infrastructure keeps changing ● AWS Config keeps track of everything that changed in AWS ● Compliance Rules ○ E.g. EIP Attached ○ Cloudtrail Enabled ● Prebuilt and Custom Rules
  • 15. Secret Manager ● Rotate RDS passwords ● Store security credentials ● Retrieve via API calls. ● No hard coding of DB passwords in code
  • 16. Other items ● VPC Flow logs ● Security Groups ● EC2 Key Pairs
  • 17. Other Services ● AWS Inspector ○ Security Assessment Service ○ Scan vulnerabilities ● Macie ○ Discover sensitive data stored in your infrastructure ● Guard Duty ○ Threat detection service ○ Uses data from vpc flow logs, cloudtrail logs, and dns ● KMS (Key management Service) ○ Store keys that encrypts your data
  • 18. Thank you! Shibu Basheer Linkedin / Twitter / Instagram @shibubasheer shibu@cabotsolutions.com