10 Steps to Simplify and Improve Service-Oriented Architecture Governance
Improve Governance over Configuration Changes
12
Improve Governance Over Configuration Changes Liron Dor, Technical Account Manager
-
Upload
amazon-web-services -
Category
Technology
-
view
346 -
download
0
Transcript of Improve Governance over Configuration Changes
Improve Governance Over Configuration Changes
Liron Dor, Technical Account Manager
Governance Requirements
• Allow our organization to move fast
• Visibility over used resources
• Define Best Practices and enforce them
• Meet Compliance and Regulations
• Validate compliance continuously
• Alerting and Auto-healing
• Automatic control over Manual control
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Governance Challenges
• Dynamic environments
• High complexity
• Different requirements for different environments
• Multiple Accounts
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Tools We Offer• Tracking
• AWS Config
• AWS CloudTrail
• VPC Flow Logs
• Amazon Inspector
• Track / Log
• Amazon CloudWatch Logs
• Amazon DynamoDB
• Amazon ElasticSearch
• Alert
• AWS Config Rules
• Amazon Simple Notification Service (SNS)
• AWS Trusted Advisor
• Amazon CloudWatch Events
• And More…
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
AWS Config
• Records configuration changes continuously
• Capturing the state of your AWS resources
• “Configuration Item” contains all attributes for a resource
• Capturing the relationship between resources
• Discover resources that exists or deleted
• Receive notifications on configuration changes
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
AWS Config Rules
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
AWS Config Rules
• Validate configuration record
• Enforce Best Practices and procedures
• Result is either “compliant” or “non-compliant”
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
AWS Config Rules Demo
• “Center of Internet Security” (CIS) is a Non Profit organization dedicated to enhancing the cybersecurity readiness and response among public and private sector entities.
• Published “CIS AWS Foundations” Security Best Practices document
• AWS Config Rules Repository
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Demo
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Summary
• Allow our organization to move fast
• Know your account, wanted and unwanted changes
• Automate your best practices / compliance metrics
• Use Logs for forensic, Alerts for immediate actions
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved
