$30 off During Our Annual Pro Sale. View Details »

AWS re:Inforce 2019 recap

AWS re:Inforce 2019 recap

AWS User group meetup 2 was dedicated to Security. This AWS re:Inforce 2019 recap focuses on top presentations, great presenters and announcements made during the conference

AWS User Group Belgrade

July 09, 2019
Tweet

More Decks by AWS User Group Belgrade

Other Decks in Technology

Transcript

  1. User Group Belgrade
    AWS re:Inforce
    Boston 2019
    Goran Opacic
    - Announcements
    - Security HUB, VPC mirroring, …
    - Best talks & topics
    - Nitro, ABAC, Serverless, …
    User Group Belgrade

    View Slide

  2. User Group Belgrade
    Boston

    View Slide

  3. User Group Belgrade
    Twitter Premier League:
    Corey Quinn
    Jeremy Daly
    Teri Radichel
    Ben Kehoe
    Richard Boyd
    re:Inforce 2019 Boston
    ~10,000 people
    Next year: Houston
    Europe 2019: Global Security Roadshow
    Stockholm October 10
    London October 15
    Munich November 20

    View Slide

  4. User Group Belgrade
    UK Ministry Of Justice Security Guidance
    • https://t.co/R9LdVjuRF2
    • Amazon Guard Duty, Cloud Trail,
    Config, …

    View Slide

  5. User Group Belgrade
    Security HUB
    • Continuous Compliance

    View Slide

  6. User Group Belgrade
    Security HUB
    • Amazon GUARD DUTY – NETWORKING
    • Amazon INSPECTOR – SERVER /Ec2, OS, Network – install agent
    • Amazon MACIE – FILES - A machine learning-powered security service
    to discover, classify, and protect sensitive data
    • PARTNERS

    View Slide

  7. User Group Belgrade
    Amazon Macie

    View Slide

  8. User Group Belgrade
    Security HUB

    View Slide

  9. User Group Belgrade
    Control Tower
    • Multi-account environment
    • Guardrails for governance
    • Best practice blueprints
    • Comprehensive insights
    • “Well-architected”

    View Slide

  10. User Group Belgrade
    Control Tower

    View Slide

  11. User Group Belgrade
    Control Tower
    • provide identity management using AWS SSO Directory
    • provide federated access using AWS Single Sign-On (AWS SSO)
    • create a central log archive using AWS CloudTrail and AWS Config
    • enable security audits across accounts using AWS SSO
    • implement network configurations using Amazon VPC
    • define workflows for provisioning accounts using AWS Service Catalog

    View Slide

  12. User Group Belgrade
    Control Tower - FAQ
    • You can’t deploy AWS Control tower on account with an existing AWS
    Organizations master account
    • AWS Control Tower requires a standalone account that is not a
    member of AWS Organizations for setup. In the near future, you will
    be able to deploy Control Tower to an existing AWS Organizations
    account structure.
    • There is no API available for AWS Control Tower
    • There is no migration path from AWS Landing Zone to AWS Control
    Tower at the moment
    • Pricing – 0

    View Slide

  13. User Group Belgrade
    Nitro Platform
    Mark Ryland
    Director
    Ofrfice of the CISO AWS
    https://www.youtube.com/watch?v=kN9XcFp5vUM

    View Slide

  14. User Group Belgrade
    Nitro Platform

    View Slide

  15. User Group Belgrade
    Nitro Platform

    View Slide

  16. User Group Belgrade
    Nitro Platform
    • Encrypt everything & Encryption keys managed by Nitro
    • Networking, EBS File storage
    • Annapurna labs chip
    • No Human access
    • Remotely managed firmware
    • PCIe bus
    • HotPlug
    • vmware
    • New machines only
    • VPC Traffic Mirroring – Capture & Inspect Network Traffic

    View Slide

  17. User Group Belgrade
    Workshops

    View Slide

  18. User Group Belgrade
    Penetration
    testing
    Teri
    Radichel
    @TeriRadichel

    View Slide

  19. User Group Belgrade
    Serverless
    Security
    Jeremy Daly
    @jeremydaly

    View Slide

  20. User Group Belgrade
    Serverless Security

    View Slide

  21. User Group Belgrade
    Attribute-
    Based Access
    Control (ABAC)
    Brigid
    Johnson
    @bjohnso5y

    View Slide

  22. User Group Belgrade
    Wrap Up
    • https://aws.amazon.com/blogs/security/reinforce-2019-wrap-up-
    and-session-links/

    View Slide