Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS re:Inforce 2019 recap

AWS re:Inforce 2019 recap

AWS User group meetup 2 was dedicated to Security. This AWS re:Inforce 2019 recap focuses on top presentations, great presenters and announcements made during the conference

AWS User Group Belgrade

July 09, 2019

More Decks by AWS User Group Belgrade

Other Decks in Technology


  1. User Group Belgrade AWS re:Inforce Boston 2019 Goran Opacic -

    Announcements - Security HUB, VPC mirroring, … - Best talks & topics - Nitro, ABAC, Serverless, … User Group Belgrade
  2. User Group Belgrade Boston

  3. User Group Belgrade Twitter Premier League: Corey Quinn Jeremy Daly

    Teri Radichel Ben Kehoe Richard Boyd re:Inforce 2019 Boston ~10,000 people Next year: Houston Europe 2019: Global Security Roadshow Stockholm October 10 London October 15 Munich November 20
  4. User Group Belgrade UK Ministry Of Justice Security Guidance •

    https://t.co/R9LdVjuRF2 • Amazon Guard Duty, Cloud Trail, Config, …
  5. User Group Belgrade Security HUB • Continuous Compliance

  6. User Group Belgrade Security HUB • Amazon GUARD DUTY –

    NETWORKING • Amazon INSPECTOR – SERVER /Ec2, OS, Network – install agent • Amazon MACIE – FILES - A machine learning-powered security service to discover, classify, and protect sensitive data • PARTNERS
  7. User Group Belgrade Amazon Macie

  8. User Group Belgrade Security HUB

  9. User Group Belgrade Control Tower • Multi-account environment • Guardrails

    for governance • Best practice blueprints • Comprehensive insights • “Well-architected”
  10. User Group Belgrade Control Tower

  11. User Group Belgrade Control Tower • provide identity management using

    AWS SSO Directory • provide federated access using AWS Single Sign-On (AWS SSO) • create a central log archive using AWS CloudTrail and AWS Config • enable security audits across accounts using AWS SSO • implement network configurations using Amazon VPC • define workflows for provisioning accounts using AWS Service Catalog
  12. User Group Belgrade Control Tower - FAQ • You can’t

    deploy AWS Control tower on account with an existing AWS Organizations master account • AWS Control Tower requires a standalone account that is not a member of AWS Organizations for setup. In the near future, you will be able to deploy Control Tower to an existing AWS Organizations account structure. • There is no API available for AWS Control Tower • There is no migration path from AWS Landing Zone to AWS Control Tower at the moment • Pricing – 0
  13. User Group Belgrade Nitro Platform Mark Ryland Director Ofrfice of

    the CISO AWS https://www.youtube.com/watch?v=kN9XcFp5vUM
  14. User Group Belgrade Nitro Platform

  15. User Group Belgrade Nitro Platform

  16. User Group Belgrade Nitro Platform • Encrypt everything & Encryption

    keys managed by Nitro • Networking, EBS File storage • Annapurna labs chip • No Human access • Remotely managed firmware • PCIe bus • HotPlug • vmware • New machines only • VPC Traffic Mirroring – Capture & Inspect Network Traffic
  17. User Group Belgrade Workshops

  18. User Group Belgrade Penetration testing Teri Radichel @TeriRadichel

  19. User Group Belgrade Serverless Security Jeremy Daly @jeremydaly

  20. User Group Belgrade Serverless Security

  21. User Group Belgrade Attribute- Based Access Control (ABAC) Brigid Johnson

  22. User Group Belgrade Wrap Up • https://aws.amazon.com/blogs/security/reinforce-2019-wrap-up- and-session-links/