Best Practices for AWS Security, Utilization, and Cost Optimization Using CloudCheckr

Kyle Lichtenberg Solution Architect

Amazon Web Services

Aaron Newman Founder

CloudCheckr Inc.

Introducing

Webinar Overview

Submit Your Questions using the Q&A tool.

A copy of today’s presentation will be made available on:

AWS SlideShare Channel@ http://www.slideshare.net/AmazonWebServices/

AWS Webinar Channel on YouTube@ http://www.youtube.com/channel/UCT-

nPlVzJI-ccQXlxjSvJmw

Intro to Amazon Web Services security and pricing models

Common security and resource configuration issues that can have a

financial impact

How to use CloudCheckr to create an automated process to keep

your environment safe and cost efficient

Q&A

What We’ll Cover

Security on AWS

Facilities

Physical security

Compute infrastructure

Storage infrastructure

Network infrastructure

Virtualization layer (EC2)

Hardened service endpoints

Rich IAM capabilities

+

Customers

A Shared Responsibility Model

Security experts are a scarce resource

Refocus security pros on a subset of the problem

Network configuration

Security groups

OS firewalls

Operating systems

Application security

Service configuration

AuthN & acct management

Authorization policies

Pricing on AWS

On-Demand

Pay for compute capacity by the

hour with no long-term

commitments

For spiky workloads,

or to define needs

Reserved

Make a low, one-time payment

and receive a significant

discount on the hourly charge

For committed utilization

Common Issues

$ S3 Policies

IAM Management

Incorrect Health Checks

Under-utilized Resources

Snapshot Management

Unexpected Transfer

Unwanted Resources

Empty Instance Cost

Wasted Capital

Potential Data Loss

Security, Utilization, and Cost Optimization

Best Practices for AWS

Aaron C. Newman

Founder, CloudCheckr

Aaron.Newman@CloudCheckr.com

Examples of Best Practices for IAM

• Enabled IAM Password Policies

• Rotate your IAM access keys every 90 days

• Use Multi-factor Authentication

• Use IAM groups

• Don’t grant permissions to users

• Setup an Administrators group

See “Top Ten IAM Best Practices” at http://aws.amazon.com/iam/

Examples of Best Practices for S3

• NEVER allow Upload/Delete permissions open to Everyone

• Enable logging on your S3 buckets

• Review Open List permissions for sensitive files

See “Best Practices for Using Amazon S3”

at http://aws.amazon.com/articles/1904/

Best Practices for Resource Utilization

• Locate and eliminate idle resources

• Right-size resources

• Don’t under or over-utilize

• Use Auto Scaling Groups

Check on ALL your resources:

EC2, EBS, ELBs, RDS, DynamoDB, ElastiCache, etc…

Best Practices: Monitoring Activity/Errors

• Use CloudTrail • Make sure it’s setup and running

• Monitoring for Unauthorized Access Attempts

• Check for access from new/unauthorized users or locations

• Proactively Look for Errors in Logs

• Check sources like EC2 console output, CloudWatch, event

logs, status errors from the API

Why use CloudCheckr for Best Practices?

• Best practice engine provides deep knowledge

• 250+ checks across ALL the AWS Services

• To find all the issues, not just some of them

• Configurable to your environment

• For instance, how much is “idle”, what is “too many ELB HTTP

errors”

• Runs on a regular basis

• Nightly so you know in a timely fashion when something needs

your attention

• Pushes Notifications To You

• Alerted by email, so you don’t have to go looking for problems

Why use CloudCheckr for Best Practices?

• Capability to ignore/suppress

• Some things are ok in your environment

• Manage in a single view across all your accounts

• The larger the environment, the more complexity, the hard to track down

problems

• Monitor by tags

• Setup tags to include or exclude tags you choose

• Drilldown on problems

• Telling me I have a problem is not enough. Give me lots of details.

Thank You for Attending

Sign up today for free evaluation at http://cloudcheckr.com

Aaron Newman is the Founder of CloudCheckr (www.cloudcheckr.com)

Please contact me with additional questions at: aaron.newman@cloudcheckr.com

Questions

Contacts: CloudCheckr Info: www.cloudcheckr.com

CloudCheckr Contact: support@cloudcheckr.com AWS Contact: aws.amazon.com/contact-us

We’d like your feedback.

Please complete a short survey.

https://aws.asia.qualtrics.com/SE/?SID=SV_73zanj7xx4dY4wR

Click the link in your Chat Box