천만 사용자를 위한 aws 아키텍처 보안 모범 사례 (윤석찬,...
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•••
•
•
ü
ü
ü
ü
ü
ü
ü
ü
ü
ü
ü
AWS CLOUDTRAIL
AMAZONINSPECTORAMAZON
VPC AWS WAF AWS IAM AWS KEY MANAGEMENT
SERVICE
SERVER-SIDEENCRYPTION
ENCRYPTIONSDK
WhatsCat™WhatsCat™
LOL cats »
WhatsCat™
§
§§
§
Amazon Route 53
Amazon Route 53
AWS Identity & Access Management
MFA token
Developers
Network Team
User
Amazon Virtual Private Cloud
Amazon Route 53
üüüü
Amazon Route 53
VPC Security Groups
üü
WhatsCat™
WhatsCat™LOL cats »
Amazon Route 53
RDS DB instance
§
§§
§
Amazon CloudWatchü
ü
Amazon Route 53
RDS DB instance
AWS CloudTrailüüü
Amazon Route 53
RDS DB instance
WhatsCat™
Amazon Route 53
Web instance
RDS DB instance active (Multi-AZ)
Availability Zone
RDS DB instance standby (Multi-AZ)
Elastic Load Balancing
Availability Zone
Web instance
§
§§
§
Web instance
RDS DB instance active (Multi-AZ)
Availability Zone
RDS DB instance standby (Multi-AZ)
Elastic Load Balancing
Availability Zone
Web instance
SSL Amazon Certificate Manager Service
üüüü
Amazon Route 53
Web instance
RDS DB instance active (Multi-AZ)
Availability Zone
RDS DB instance standby (Multi-AZ)
Elastic Load Balancing
Availability Zone
Web instance
Amazon Route 53
1. EC2
2. RDS
Web instance
RDS DB instance active (Multi-AZ)
Availability Zone
RDS DB instance standby (Multi-AZ)
Elastic Load Balancing
Availability Zone
Web instance
Amazon Route 53
AWS Key Management Service (KMS)
üü
AWS KMSCustomer master keys
Data key 1
S3 object EBS volume
Redshift cluster
Data key 2 Data key 3 Data key 4
Customapplication
WhatsCat™
WhatsCat™LOL cats »
Cat photos »
Amazon Route 53
Web instance
RDS DB instance active (Multi-AZ)
Availability Zone
Elastic Load Balancing
Amazon S3
Amazon Cloudfront
§
§
§
§
DynamoDBElastiCache
MySQL
•••
••••
Good Cats
Bad DogsAWSWAF
Amazon CloudFront
Elastic Load Balancing
Amazon Route 53
DynamoDB
Application
RDS
ElastiCache
•
•
•
•
•
•
•
•
•
•
•
Cats > 100,000
WhatsCat™
Availability Zone
Amazon Route 53
Amazon S3
Amazon Cloudfront
Availability Zone
Elastic LoadBalancer
DynamoDBRDS DB Instance
Read Replica
Web Instance
Web Instance
Web Instance
ElastiCache RDS DB Instance Read Replica
Web Instance
Web Instance
Web Instance
ElastiCacheRDS DB Instance Standby (Multi-AZ)
RDS DB InstanceActive (Multi-AZ)
Product Release
App Code
Infrastructure Code
Security Code
••
••
•••
OPS
SEC
DEV
확장성 - 자동화 - 피드백
•••
AWS IAM
AWSCloudTrail
Amazon CloudWatch
Security CI/CD PipelineAWS
CodeCommitAWS
CodeDeployAWS
CodePipelineAWS
CodeBuild
•••
Amazon Inspector
Security CI/CD Pipeline
••••
••••••
•ü
ü
InstancePublic AMI
Golden AMI
Launch instance EC2 Configure
instance
Hardened instance
Bake AMI
Hardening andconfiguration
User administration
Operating system
Running instances
Launch
AWS Config
AWS Lambda
Automate AMI baking
Amazon Inspector
Amazon Inspector
Amazon Inspector
Decommission
IAM stack
Infrastructure stack
Loggingstack
AWS CodeCommit
AWS Trusted Advisor - Security
AWS Trusted Advisor - Security
WhatsCat™
Cats > 1 million
•••••
Amazon CloudFront
Amazon CloudFront
Elastic Load Balancer
DynamoDB
Application
Amazon RDS
Elastic Load Balancer
DynamoDB
Application
Amazon RDSElastic Load
Balancer
DynamoDB
Application
Amazon RDS
•••
