Post on 11-Jul-2020
Aurelijus Banelis
How AWS handles security
ŠiauliaiPHP v172019-11-28
Aurelijus Banelis
PGP 0x320205E7539B6203130D C446 1F1A 2E50 D6E33DA8 3202 05E7 539B 6203
Backend/DevOpsaurelijus.banelis.ltaurelijus@banelis.lt
Security patternsin AWS
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
AWS
AWSInfrastructure as a service
Pay on demand
Cloud vs Hosting
Cloud vs Hosting
Innovate with provider
Thinking model
Security toolsNetwork, storage, auditing, reaction,
application level
Complex system
Security toolsNetwork, storage, auditing, reaction,
application level
Complex system
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
Monolithicvs
Distributed
Monolithic
Onion-like architecture
Distributed
Sidecar-like architecture
Monolithicvs
Distributed
Traditionalvs
Cloud-native
Traditional
Enforced and validated by humans
Cloud-native
Enforced and validated by computers
Traditionalvs
Cloud-native
Hierarchical vs
graph-based
Hierarchical
Graph-based
Hierarchical vs
graph-based
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
Upload from frontend
https://gist.github.com/aurelijusb/527c07e0f47b6dcbd1bdca27d265ac72
Automation without root
https://gist.github.com/aurelijusbanelis/c29dc37e50fc95f5ecec47ea7ac6b69a
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
What is AWSCloud vs HostingCore security tools
Introduction
By comparison
By example
Monolithic vs distributedTraditional vs cloud-nativeHierarchical vs graph-based
Upload from frontendAutomation without root
Problemsharder
Perspectivewider
● AWS Best practices: https://aws.amazon.com/architecture/well-architected/
● Summaries as illustrations:https://www.awsgeek.com/
● Community managed resources:https://github.com/open-guides/og-aws#security-and-iam
● Thinking about the Cloud: from application perspective:http://shop.oreilly.com/product/0636920072768.do
● Thinking about the Cloud: from infrastructure tools perspective:http://shop.oreilly.com/product/0636920075837.do
References and further reading
Aurelijus Banelis
How AWS handles security
ŠiauliaiPHP v172019-11-28
Thank youDiscussion?