Introduction to AWS services

Networking & security

Hằng Trần
Territory Account Manager
Amazon Web Services, Singapore

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Networking

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Virtual Private Cloud (Amazon VPC)

AWS Cloud

VPC
Dev Test

Your private Provides logical Allows custom access

network space in isolation for controls and security
Amazon the AWS Cloud your workloads settings for your resources
VPC

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Using subnets to divide your VPC
VPC
10.0.0.0/21 (10.0.0.0-10.0.7.255)
A subnet is a segment or partition of
a VPC’s IP address range where you
can isolate a group of resources.
Subnets define internet accessibility
Private subnets Public subnet Public subnet

• No routing table entry to an

internet gateway
• Not directly accessible from the
public internet
Private subnet Private subnet

Availability Zone A Availability Zone B

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Structure your infrastructure
VPC

EC2
Internet Route table Network ACL Subnet SG instance 1
gateway 10.1.1.6

• Network access control lists (ACLs) Security groups

• Allow/deny traffic in and out of subnets • Used to allow traffic to/from at the
network interface (instance) level
• Hardens security as a secondary level of • Usually administered by
defense at the subnet level application developers

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Elastic Load Balancing (ELB)
A managed load balancing service that distributes
incoming application traffic across multiple Amazon EC2
instances, containers, and IP addresses.

High App
availability

Health App
Elastic Load checks
Balancing
Security ELB App
features User
traffic

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Route 53

Route 53 is a highly available and scalable cloud

Domain Name System (DNS) service
• DNS translates domain names
into IP addresses
www.example.com
• Able to purchase and manage
domain names and automatically
configure DNS settings VPC VPC
Amazon • Provides tools for flexible, high-
Route 53 performance, highly available
architectures on AWS
• Multiple routing options
N. Virginia Singapore

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Putting it all together

Amazon
Route 53 AWS Cloud
Amazon EC2
Auto Scaling group

Clients Internet ELB

gateway
EC2 instances

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security is our top priority

Designed for Constantly Highly Highly Highly

security monitored automated available accredited

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Shared responsibility model
Customer data

Platform, applications, identity and access management

Customer
Operating system, network, and firewall configuration
responsibility
Client-side data Network traffic
Server-side encryption
encryption and data protection (encryption,
(file system and/or data)
integrity authentication integrity, identity)

AWS foundation services

Compute Storage Databases Networking
AWS
responsibility AWS global infrastructure

Regions Availability Zones Edge locations

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Identity and Access Management (IAM)

• Securely control access to your AWS resources

• Assign granular permissions to users, groups,
or roles
• Share temporary access to your AWS account
• Federate users in your corporate network or
with an internet identity provider
IAM

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IAM components
Create
Users
A person or application
Defines permissions
that interacts with AWS
to control which AWS
Groups resources users can access
Collection of users with
identical permissions
Roles
Temporary privileges that Helps you to meet identity
an entity can assume and access control standards
IAM
• Authentication
• Authorization

Permissions Policies

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon S3 access control: General
Some services support resource-based policies, such as S3 bucket policies

Default Public Access policy

Owner Owner Owner

User A
Controlled
Private Public
access
Anyone Anyone User B
else else

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS CloudTrail
• Track user activity and API usage in your AWS
account
• Continuously monitor user activities and record
API calls
• Useful for compliance auditing, security analysis,
and troubleshooting
• Log files are delivered to Amazon S3 buckets
AWS
CloudTrail Who? What? When? Where?

API security-relevant information

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is AWS Trusted Advisor?

A service providing guidance to help you reduce cost,

increase performance, and improve security.

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you for attending AWSome Day Online Conference
We hope you found it interesting! A kind reminder to complete the survey.
Let us know what you thought of today’s event and how we can improve the event
experience for you in the future.

[email protected]
twitter.com/AWSCloud

facebook.com/AmazonWebServices
youtube.com/user/AmazonWebServices

linkedin.com/company/amazon-web-services
twitch.tv/aws
Test your knowledge

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.