securing your aws cloud infrastructure by neil hermosilla
TRANSCRIPT
![Page 1: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/1.jpg)
DevCon #2016Securing AWS Infrastructure
![Page 2: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/2.jpg)
About the speaker- Neil Alwin Hermosilla- Devops Engineer- Blogger [https://cebuserver.com]- Cebuano Native- Ansible Lover- Die-hard Debian User
![Page 3: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/3.jpg)
![Page 4: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/4.jpg)
![Page 5: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/5.jpg)
![Page 6: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/6.jpg)
Meet the threat
![Page 7: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/7.jpg)
Focusing on ...- AWS Key Management- AWS IAM Management- AWS AMI Management- AWS Security Groups- Server Monitoring- Alert Notification- Art of Monitoring
![Page 8: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/8.jpg)
Key Management
![Page 9: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/9.jpg)
Key Management
![Page 10: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/10.jpg)
Key Management
![Page 11: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/11.jpg)
AWS IAM3rd Party Providers
- Make sure you don’t give full permission to execute unauthorized API Calls.- Make sure to evaluate permission every quarter- Use it dedicatedly
User
- Control resource access permission (ACL)- Utilize ReadOnly/Full policy- Don’t enable “password” (stick with access-key/secret-key)
![Page 12: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/12.jpg)
AWS IAMGroup
- Group users properly - Best practice is to group it via Department/Team
- Developer Support - QA Engineer- Developer Release - Business Groups- System Admin I - Project Managers- System Admin II
Roles
- Utilize creating IAM Roles (enabling resource triggers from one or more services). Better than getting passwords all over the place.
![Page 13: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/13.jpg)
AWS AMI- Evaluate preferred Distro- Evaluate AMI format/type- Evaluate AMI builds (components)- Evaluate defaults (libraries to be added)- Evaluate base softwares (pre-installed)
- Initiate a snapshot of the server- Use the snapshot to spawn additional machines
![Page 14: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/14.jpg)
![Page 15: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/15.jpg)
AWS Security GroupsThings to be aware:
- If instance is created via classic mode (default), once it’s fired up, there is no way for you to add more security groups to it.
*BETTER UTILIZE VPC -- SEGREGATE THE NETWORK*
- Always create a “spare-tire” Security-Group. Remote IP Whitelisting
![Page 16: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/16.jpg)
Server Monitoring
![Page 17: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/17.jpg)
Alert Notification
![Page 18: Securing Your AWS Cloud Infrastructure by Neil Hermosilla](https://reader033.vdocument.in/reader033/viewer/2022052515/587278eb1a28abc7068b4d33/html5/thumbnails/18.jpg)
DEVOPSHQ.ORG@NeilUpbeta01
CebuServer.Com
AWSUGPH