Showing why you need to take care of your AWS credentials (CodeSpaces,...) and how to do that in practice
i am what IAMPhilipp Krenn, @xeraa
View Slide
Why?
[...] our data, backups,machine configurations andoffsite backups were eitherpartially or completelydeleted.1http://www.codespaces.com
The person(s) used ouraccount to order hundredsof expensive servers, likelyto mine Bitcoin or othercryptocurrencies.1http://blog.drawquest.com
This outage was the resultof an attack on oursystems using acompromised API key.1http://status.bonsai.io/incidents/qt70mqtjbf0s
Remember:Starting with AWS is easy,but terminating everythingis just as simple.
How?
Lock away your rootaccount and never use it
Always use Identity andAccess Management(IAM)
Create an IAM user forevery service or action
Use groups to managepermissions for users
Lock users and groupsdown as much as possible
{ "Statement": [{"Effect": "Allow","Action": ["s3:ListAllMyBuckets","s3:ListBucket"],"Resource": "arn:aws:s3:::*"},{"Action": ["s3:PutObject","s3:GetObject","s3:DeleteObject"],"Effect": "Allow","Resource": "arn:aws:s3:::com.example.backup/*"}] }
Strong password
http://xkcd.com/936/
2 Factor Authentication(2FA)
Never commit yourcredentials
Enable IP restrictions
{ "Statement": [{"Effect": "Allow","Action": "*","Resource": "*"},{"Effect": "Deny","Action": "*","Resource": "*","Condition": {"NotIpAddress": {"aws:SourceIp": ["10.0.0.0/24", "10.10.0.0/24"]}}}] }
Enable billing alerts
Enable CloudTrail
{ "Records": [{"eventVersion": "1.0","userIdentity": {"type": "IAMUser","principalId": "EX_PRINCIPAL_ID","arn": "arn:aws:iam::123456789012:user/Alice","accountId": "123456789012","accessKeyId": "EXAMPLE_KEY_ID","userName": "Alice"},"eventTime": "2014-09-09T19:01:59Z","eventSource": "ec2.amazonaws.com","eventName": "StopInstances","awsRegion": "eu-west-1","sourceIPAddress": "205.251.233.176","userAgent": "ec2-api-tools 1.6.12.2","requestParameters": {"instancesSet": {"items": [{ "instanceId": "i-ebeaf9e2" }]},"force": false},...},...] }
Check Your Security Status
Premium Support Goodie:Trusted Advisor Security
Questions?
PS: ViennaDB RedismeetupSeptember 22nd 19:00 @sektorfuenf