Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS re:Inforce 2019 recap

AWS re:Inforce 2019 recap

AWS User group meetup 2 was dedicated to Security. This AWS re:Inforce 2019 recap focuses on top presentations, great presenters and announcements made during the conference


AWS User Group Belgrade

July 09, 2019


  1. User Group Belgrade AWS re:Inforce Boston 2019 Goran Opacic -

    Announcements - Security HUB, VPC mirroring, … - Best talks & topics - Nitro, ABAC, Serverless, … User Group Belgrade
  2. User Group Belgrade Boston

  3. User Group Belgrade Twitter Premier League: Corey Quinn Jeremy Daly

    Teri Radichel Ben Kehoe Richard Boyd re:Inforce 2019 Boston ~10,000 people Next year: Houston Europe 2019: Global Security Roadshow Stockholm October 10 London October 15 Munich November 20
  4. User Group Belgrade UK Ministry Of Justice Security Guidance •

    https://t.co/R9LdVjuRF2 • Amazon Guard Duty, Cloud Trail, Config, …
  5. User Group Belgrade Security HUB • Continuous Compliance

  6. User Group Belgrade Security HUB • Amazon GUARD DUTY –

    NETWORKING • Amazon INSPECTOR – SERVER /Ec2, OS, Network – install agent • Amazon MACIE – FILES - A machine learning-powered security service to discover, classify, and protect sensitive data • PARTNERS
  7. User Group Belgrade Amazon Macie

  8. User Group Belgrade Security HUB

  9. User Group Belgrade Control Tower • Multi-account environment • Guardrails

    for governance • Best practice blueprints • Comprehensive insights • “Well-architected”
  10. User Group Belgrade Control Tower

  11. User Group Belgrade Control Tower • provide identity management using

    AWS SSO Directory • provide federated access using AWS Single Sign-On (AWS SSO) • create a central log archive using AWS CloudTrail and AWS Config • enable security audits across accounts using AWS SSO • implement network configurations using Amazon VPC • define workflows for provisioning accounts using AWS Service Catalog
  12. User Group Belgrade Control Tower - FAQ • You can’t

    deploy AWS Control tower on account with an existing AWS Organizations master account • AWS Control Tower requires a standalone account that is not a member of AWS Organizations for setup. In the near future, you will be able to deploy Control Tower to an existing AWS Organizations account structure. • There is no API available for AWS Control Tower • There is no migration path from AWS Landing Zone to AWS Control Tower at the moment • Pricing – 0
  13. User Group Belgrade Nitro Platform Mark Ryland Director Ofrfice of

    the CISO AWS https://www.youtube.com/watch?v=kN9XcFp5vUM
  14. User Group Belgrade Nitro Platform

  15. User Group Belgrade Nitro Platform

  16. User Group Belgrade Nitro Platform • Encrypt everything & Encryption

    keys managed by Nitro • Networking, EBS File storage • Annapurna labs chip • No Human access • Remotely managed firmware • PCIe bus • HotPlug • vmware • New machines only • VPC Traffic Mirroring – Capture & Inspect Network Traffic
  17. User Group Belgrade Workshops

  18. User Group Belgrade Penetration testing Teri Radichel @TeriRadichel

  19. User Group Belgrade Serverless Security Jeremy Daly @jeremydaly

  20. User Group Belgrade Serverless Security

  21. User Group Belgrade Attribute- Based Access Control (ABAC) Brigid Johnson

  22. User Group Belgrade Wrap Up • https://aws.amazon.com/blogs/security/reinforce-2019-wrap-up- and-session-links/