AWS Security Day Welcome

9:00 Welcome & Keynote

9:30 The AWS Shared Security Responsibility Model in Practice

10:10 FIRE ALARM TEST

10:20 Break

10:45 IAM Best Practices

11:30 Encryption Options on AWS

12:30 Lunch

13:30 AWS Logging, Analysis and Alerting

14:30 Account Separation and Mandatory Access Control

15:30 What’s New: Web Application Firewall, Config Rules, Inspector

16:30 Q &A + Close

Today’s Session Plan

Feedback.

It’s really important

to us

#AWS

#SecurityDay

AWS Security Day Intro

Ian Massingham AWS Technology Evangelist

@IanMmmm

ianm@amazon.com

Over 1 Million Active Customers

“Active customer” is defined as a non-Amazon customer with AWS account usage activity in the past month, including the free tier

2 0 0 8 2 0 0 9 2 0 1 0 2 0 1 1 2 0 1 2 2 0 1 3 2 0 1 52 0 14

Startup Customers

http://aws.amazon.com/solutions/case-studies/

Meerkat

Enterprise Customers

http://aws.amazon.com/solutions/case-studies/

ISV Partners

http://aws.amazon.com/solutions/case-studies/

Gartner“MagicQuadrantforCloudInfrastructureasaService,”LydiaLeong,DouglasToombs,BobGill,GregorPetri,TinyHaynes,May28,2014.ThisMagicQuadrantgraphicwaspublishedbyGartner,Inc.aspartofalargerresearchnoteandshouldbeevaluatedinthecontextoftheenMrereport.TheGartnerreportisavailableathNp://aws.amazon.com/resources/analyst-reports/.Gartnerdoesnotendorseanyvendor,productorservicedepictedinitsresearchpublicaMons,anddoesnotadvisetechnologyuserstoselectonlythosevendorswiththehighestraMngs.GartnerresearchpublicaMonsconsistoftheopinionsofGartner'sresearchorganizaMonandshouldnotbeconstruedasstatementsoffact.GartnerdisclaimsallwarranMes,expressedorimplied,withrespecttothisresearch,includinganywarranMesofmerchantabilityorfitnessforaparMcularpurpose.

Gartner Magic Quadrant Cloud Infrastructure as a Service

Cloud Has Become The New Normal

What Are The Patterns Of This New Normal?

Start-ups Build Businesses From Scratch In The Cloud

1

No legacy Lower cost structureNo dependencies

SMove quickly

Building All Applications In The Cloud

Disrupt Long Standing Industries, Quickly

Hotels Storage Gaming

Collaboration Matchmaking

Speed Is Not Just For Start-ups: Companies of All Sizes Move Faster Than Ever Before

2

It’s Impossible To Stay Competitive Today Without The Cloud

In The Old Days…

Spend millions for expensive, inflexible, slow-moving infrastructure that is

#FrozenInTime

Old World

Large upfront capital investment

Basic compute and storage only

Responsible for feature upgrades

Slow to get new capabilities

Low, variable cost

Broad and deep platform

New features arrive daily

Ready to use

Enterprises Are Using The Cloud For New Apps & Digital Transformation

StatCast App platform Healthcare E-commerce

Digital Personal Finance Web Digital content

Customers Want Access To The Sunday Roast with all the Trimmings

3

Key Components Of Agility

+ =

Quick to provision

Don’t have to reinvent the wheel

Vast infrastructure technology platform

Vast Infrastructure Technology Platform

RegionsAvailability Zones

Points of Presence

INFRASTRUCTURE

CORE SERVICES

Compute VMs, Auto-scaling, & Load Balancing

Storage Object, Blocks, Archivals, Import/Export

Databases Relational, NoSQL, Caching, Migration

Networking VPC, DX, DNSCDN

Vast Infrastructure Technology Platform

ENTERPRISE APPS

DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS

Data Warehousing

Hadoop/Spark

Streaming Data Collection

Machine Learning

Elastic Search

Virtual Desktops

Sharing & Collaboration

Corporate Email

Backup

Queuing & Notifications

Workflow

Search

Email

Transcoding

One-click App Deployment

Identity

Sync

Single Integrated Console

Push Notifications

DevOps Resource Management

Application Lifecycle Management

Containers

Triggers

Resource Templates

TECHNICAL & BUSINESS SUPPORT

Account Management

Support

Professional Services

Training & Certification

Security & Pricing Reports

Partner Ecosystem

Solutions Architects

MARKETPLACE

Business AppsBusiness Intelligence DatabasesDevOps Tools NetworkingSecurity Storage

Access Control

Identity Management

Key Management & Storage

Monitoring & Logs

Assessment & Reporting

Resource & Usage Auditing

SECURITY & COMPLIANCE

Configuration Compliance

Web Application Firewall

HYBRID ARCHITECTURE

Data Backups

Integrated App Deployments

Direct Connect

Identity Federation

Integrated Resource Management

Integrated Networking

API Gateway

IoT

Rules Engine

Device Shadows

Device SDKs

Registry

Device Gateway

Streaming Data Analysis

Business Intelligence

Mobile Analytics

RegionsAvailability Zones

Points of Presence

INFRASTRUCTURE

CORE SERVICES

Compute VMs, Auto-scaling, & Load Balancing

Storage Object, Blocks, Archivals, Import/Export

Databases Relational, NoSQL, Caching, Migration

Networking VPC, DX, DNSCDN

Expansive Services With Depth of Functionality

Compute Databases Encryption Access Control

General Purpose (M4)

Compute Optimized (C4)

Memory Optimized (R3)

High Memory (X1)

GPU Optimized (G2)

Storage Optimized (D2)

IO Optimized (I2)

Low Cost, Burst-able Performance (T2)

Dedicated Instances

RDS For MySQL

RDS For SQL Server

RDS For Oracle

RDS For PostgreSQL

RDS For MariaDB

RDS For Amazon Aurora

Multi-AZ Synchronous Replication

Read Replica Support

Server-side Object Encryption

Customer Controlled Keys

Dedicated HSMs

Integrated Key Management

Key Usage Auditing

Identity Policies

Location Policies

Time-based Policies

Individual API Calls

Key Rotation

Temporary Credentials

Policy Simulator

AWS Rapid Pace Of Innovation 722 major new features and services launched in 2014

2009

48

159

722

82

2011 2013 2015

Invention Is Continuous

4

For Example, Consider Compute…

m1.small General Purpose (M3)

Compute Optimized (C4)

Memory Optimized (R3)

GPU Optimized (G2)

Storage Optimized (D2)

IO Optimized (I2)

Low cost, burst-able performance (T2)

New

Building With Smaller Blocks

Quicker to build Lower costEasier to adapt and update

</> </></>

Shrinking Compute To Atomic Scale With AWS Lambda

AWS Lambda: An Event Driven Computing Service

Events from AWS services Cloud Functions in Node.js

Automatic execution with no servers to provision

How Are Customers Using AWS Lambda?

Data triggers Stream processing Indexing & synchronization

1100

111 1

1

00

00

0 1100

111 1

1

00

00

01100

111 1

1

00

00

0 1100

111 1

1

00

00

0

IoT Server-free back-end

us-west-2

ELB

ELB

Bidders

Ad Servers

us-east-1

ELB

ELB

Bidders

Ad Servers

eu-west-1

ELB

ELB

Bidders

Ad Servers

ap-southeast-1

ELB

ELB

Bidders

Ad Servers

ap-northeast-1

ELB

ELB

Bidders

Ad Servers

Kinesis

S3

60B Events/Day

600k Files/Day

SQS

SQS

SQS

SQS

Machine Learning

Analytics

Dynamic Creatives

Profiles

DynamoDB

us-west-2

DynamoDB

us-east-1

DynamoDB

eu-west-1

DynamoDB

ap-southeast-1

DynamoDB

ap-northeast-1

Learning more about AWS

aws.amazon.com/blogs/aws

aws.amazon.com/new

@AWScloud @AWS_UKI

Let’s Get Started

@IanMmmm

ianm@amazon.com

Ian Massingham

AWS Technology Evangelist