Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS re:Inforce recap - July 2019

AWS re:Inforce recap - July 2019

- Features and service announcements at AWS re:Inforce
- Core security services
- Security best practices
- Security quiz

Speaker: Gaurav Kamboj - Cloud Architect at Hotstar

Meetup URL: https://www.meetup.com/awsugmum/events/262937122/


AWS User Group Mumbai

July 13, 2019


  1. re:Inforce recap AWS User Group - Mumbai July 13, 2019

    “Dance like nobody is watching. Encrypt like everyone is.” - Werner Vogles, CTO - AWS
  2. Intro - Gaurav Kamboj, Cloud Architect at Hotstar - AWS

    Community Hero & Cloud Warrior - Co-organiser - AWS User Group Mumbai - Twitter - @oyehooye - LinkedIn - /gauravkamboj “Not a security expert but passionate about security”
  3. - learning conference focused on cloud security, identity, and compliance

    - around 8000 security professionals attended the event - next re:Inforce will be in Houston, Texas in 2020 What’s AWS re:Inforce? “95% of internet web traffic is HTTPS or encrypted but about 90% of Internet of Things (IoT) traffic is HTTP or unencrypted.” - Steve Schmidt, CISO - AWS
  4. • VPC Traffic Mirroring for Amazon EC2 instances • AWS

    Security Hub is GA • AWS Control Tower is GA • Encryption by default available for opt-in on EBS volumes • AWS Marketplace now integrated with procurement system Major Announcements Security is “Job Zero” for everyone - Abby Fuller, AWS
  5. • VPC Traffic Mirroring is only available for EC2 instances

    using Nitro-based Instances. • AWS Security Hub was beta was primarily free so far, now you would need to pay for using it. • Control Tower is only available in 3 (US East, US West and Europe) instead of all regions (or even 15 regions like Security Hub) so not really sure how this is GA. • Encryption by default is only available on new EBS volumes but not enabled automatically on existing EBS Volumes. The old EBS volumes will still need to have encryption enabled. (i)This feature is only available for nitro system based instance types (ii)Once enabled you will not be able to launch any more C1,M1, M2 or T1 instance types or attach newly encrypted EBS volumes to existing instance of these types. What they didn’t say..
  6. Amazon CloudTrail

  7. Amazon GuardDuty

  8. AWS Config

  9. AWS Security Hub

  10. All re:Inforce session recording are now on YouTube https://www.youtube.com/playlist?list=PLhr1KZpdzuke2ncPH0DVp9PswBFY5dIl6 All

    slides from the event is now available on Slideshare https://www.slideshare.net/AmazonWebServices Want to know more?
  11. AWS Security Quiz

  12. What algorithm does AWS S3 Server Side Encryption uses? AWS

    Security Quiz #1
  13. Which service provides on-demand access to AWS’ compliance reports? AWS

    Security Quiz #2
  14. Which AWS service provides managed Distributed Denial of Service (DDoS)

    protection? AWS Security Quiz #3
  15. Which service enables you to request temporary, limited-privilege credentials for

    AWS? AWS Security Quiz #4
  16. IAM policy can be attached to.. 1. 2. 3. AWS

    Security Quiz #5
  17. Thank you... Get in touch - Twitter - @oyehooye -

    LinkedIn - /gauravkamboj