devcon summit 2016

Download DevCon Summit 2016

Post on 22-Jan-2018

198 views

Category:

Software

0 download

Embed Size (px)

TRANSCRIPT

  1. 1. DevCon #2016 Securing AWS Infrastructure
  2. 2. About the speaker - Neil Alwin Hermosilla - Devops Engineer - Blogger [https://cebuserver.com] - Cebuano Native - Ansible Lover - Die-hard Debian User
  3. 3. Meet the threat
  4. 4. Focusing on ... - AWS Key Management - AWS IAM Management - AWS AMI Management - AWS Security Groups - Server Monitoring - Alert Notification - Art of Monitoring
  5. 5. Key Management
  6. 6. Key Management
  7. 7. Key Management
  8. 8. AWS IAM 3rd Party Providers - Make sure you dont give full permission to execute unauthorized API Calls. - Make sure to evaluate permission every quarter - Use it dedicatedly User - Control resource access permission (ACL) - Utilize ReadOnly/Full policy
  9. 9. AWS IAM Group - Group users properly - Best practice is to group it via Department/Team - Developer Support - QA Engineer - Developer Release - Business Groups - System Admin I - Project Managers - System Admin II Roles
  10. 10. AWS AMI - Evaluate preferred Distro - Evaluate AMI format/type - Evaluate AMI builds (components) - Evaluate defaults (libraries to be added) - Evaluate base softwares (pre-installed) - Initiate a snapshot of the server - Use the snapshot to spawn additional machines
  11. 11. AWS Security Groups Things to be aware: - If instance is created via classic mode (default), once its fired up, there is no way for you to add more security groups to it. *BETTER UTILIZE VPC -- SEGREGATE THE NETWORK* - Always create a spare-tire Security-Group. Remote IP Whitelisting
  12. 12. Server Monitoring
  13. 13. Alert Notification
  14. 14. DEVOPSHQ.ORG @NeilUpbeta01 CebuServer.Com AWSUGPH