SlideShare a Scribd company logo

Devina Dhawan's talk - Women and non binary focused intro to AWS

AWS Chicago
AWS Chicago

"Transitioning to AWS in a Hurry Without Getting Owned" - Devina Dhawan, Security Engineer at Etsy // @TheUlzo

1 of 39
Download to read offline
Transitioning to AWS in a hurry without getting owned (Hopefully...) Devina Dhawan 02/06/2017 - Women & Non-Binary Focused intro to AWS Email: 3@etsy.com Twitter: @theulzo 1
Introduction 2 ● Etsy (Jan 2015 - Present) ● Orbitz (May 2014 - Dec 2015) ● University of Illinois in Chicago
Etsy operates a global marketplace where people around the world connect, both online and offline, to make, sell and buy unique goods. 3
Security at Etsy 4 ● Evangelizing Security at Etsy ○ Candy is a great way to make friends ○ Allow the conversation about security to be comfortable and inviting.
What is this talk about? • I will help you improve your existing AWS infrastructure • You will walk away with action items • http://bit.ly/2EnZU1q 5
“Securing Amazon Web Services” 6
7 - Traditional bare metal - Minimal footprint in the clouds Infrastructure
Where to begin?
9 ● Evident.io ○ Scans of configurations to see if anything is misconfigured ● Password policies? ● Multi-factor Authentication ● Jira Tickets Evident.io
10 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Scout2 ● Github Page: https://github.com/nccgro up/Scout2 ● Reports for all accounts ● Tie that into alerts manually
12 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Changes I made… like a goon • Password policy to the highest scrutiny • Removed all admin roles from accounts that didn’t need them (aka hadn’t used aws in 2 yrs and didn’t have any api keys tied to their user) 13
Password Policies
My first Etsy communication Hello X, Looks like you still do not have MFA set up on your AWS account. Go ahead and go to Identity & Access Management in your Amazon Web Services console -> find your username -> Manage MFA Device. Note: If you no longer need your AWS account, please let me know! Devina
Version 2.0 Hello X, Looks like you still do not have MFA set up on your AWS account. It looks like you used your AWS account recently as well, so please sign up for MFA by 03/31/16 or your account will be suspended. Go ahead and go to Identity & Access Management in your Amazon Web Services console -> find your username -> Manage MFA Device. Note: If you no longer need your AWS account, please let me know! Your neighborhood candy provider, Devina
Oops...
Multiple statements which allow you to: ● Resync MFA devices ● Deactivate MFA devices ● List MFA devices ● Primary, management Other policies: ● Forcing MFA
Oof…
Aws-cli for account creation Becoming really used to the aws client is really useful too!
Using Terraform for IAM ● What is terraform? ● What can it do? ○ Static creds ○ Environment variables ○ Shared creds ○ EC2 Roles
Static Creds
23 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Logging in AWS - Cloudtrail
Devina Dhawan's talk - Women and non binary focused intro to AWS
Devina Dhawan's talk - Women and non binary focused intro to AWS
Devina Dhawan's talk - Women and non binary focused intro to AWS
ELK
Alert Types Email: ● Daily Roundup Emails ○ No production impacting ● High Risk Alerts ○ Enough resources to handle IRC/Slack/Jabber: ● Slack & Dropbox Collect the alerts: ● Splunk ● 411 / Elastalert
30 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Scout2 # Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Inbound/Outbound
EC2 Roles
33 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Scout2 # Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Bucket Policies
Devina Dhawan's talk - Women and non binary focused intro to AWS
Devina Dhawan's talk - Women and non binary focused intro to AWS
● Bug Bounties at Etsy: https://www.etsy.com/bounty ● S3 Scanner Github: https://github.com/bear/s3scan ○ Report of all s3 buckets and perms ○ Likely how bountiers are finding out about your misconfigured policies.
38 So… it happened, what do I do now? ❏ Write down all the systems you need to take care of ❏ Find out what you need to fix on all systems, write that down ❏ Start with the low-hanging fruit ❏ Over communicate what you are doing. ❏ Work with networking on the AWS network ❏ Create default rulesets & roles ❏ Work with IT/helpdesk to handle account provisioning ❏ Work with systems engineering to handle provisioning of services ❏ … profit?
THANKS! 3@etsy.com @theulzo
Ad

Recommended

MJ Berends talk - Women & Non-Binary Focused Intro to AWS
MJ Berends talk - Women & Non-Binary Focused Intro to AWS MJ Berends talk - Women & Non-Binary Focused Intro to AWS
MJ Berends talk - Women & Non-Binary Focused Intro to AWS
AWS Chicago
 
Introduction 2 to aws and storage options
Introduction 2 to aws and storage optionsIntroduction 2 to aws and storage options
Introduction 2 to aws and storage options
Szilveszter Molnár
 
Introduction to scaling your WordPress site past a single node using AWS
Introduction to scaling your WordPress site past a single node using AWSIntroduction to scaling your WordPress site past a single node using AWS
Introduction to scaling your WordPress site past a single node using AWS
WP Engine
 
Intro To Serverless ClojureScript
Intro To Serverless ClojureScriptIntro To Serverless ClojureScript
Intro To Serverless ClojureScript
Jim Lynch
 
WordCamp IL 2016 - WordPress Scale on AWS
WordCamp IL 2016 - WordPress Scale on AWSWordCamp IL 2016 - WordPress Scale on AWS
WordCamp IL 2016 - WordPress Scale on AWS
Boaz Ziniman
 
Containerize all the things!
Containerize all the things!Containerize all the things!
Containerize all the things!
Mike Melusky
 
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)
Seven Peaks Speaks
 
AWS KSS
AWS KSSAWS KSS
AWS KSS
NeeleEilers
 
Signal r azurepresentation
Signal r azurepresentationSignal r azurepresentation
Signal r azurepresentation
Justin Wendlandt
 
Serverless Systems: The Future is Here
Serverless Systems: The Future is HereServerless Systems: The Future is Here
Serverless Systems: The Future is Here
gedoplan
 
Serverless Computing with AWS
Serverless Computing with AWSServerless Computing with AWS
Serverless Computing with AWS
TransferWiseSG
 
Dockercon plugins session
Dockercon plugins sessionDockercon plugins session
Dockercon plugins session
Weaveworks
 
NDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsNDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design Patterns
Ryan Green
 
DNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your termsDNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your terms
Jess Coburn
 
A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015
Weaveworks
 
TDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBTDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDB
Valeri Karpov
 
Cloud Amazon Service
Cloud Amazon Service Cloud Amazon Service
Cloud Amazon Service
Remo Sam
 
Dev-Friendly Ops
Dev-Friendly OpsDev-Friendly Ops
Dev-Friendly Ops
Josh Schramm
 
AWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsAWS Cloudfront Fundamentals
AWS Cloudfront Fundamentals
Piyush Agrawal
 
WordPress Development Environments
WordPress Development EnvironmentsWordPress Development Environments
WordPress Development Environments
Josh Cummings
 
Inrastructure as Code
Inrastructure as CodeInrastructure as Code
Inrastructure as Code
Charles Anderson
 
WordPress Deployment
WordPress DeploymentWordPress Deployment
WordPress Deployment
Swain Strickland
 
Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)
Aswin Juari
 
Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)
Julien SIMON
 
AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton
AWSCOMSUM
 
Cassandra Development Nirvana
Cassandra Development Nirvana Cassandra Development Nirvana
Cassandra Development Nirvana
DataStax
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
DevOps.com
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
Deborah Schalm
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?
Ken Johnson
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
HashiCorp
 
Ad

More Related Content

What's hot (18)

Signal r azurepresentation
Signal r azurepresentationSignal r azurepresentation
Signal r azurepresentation
Justin Wendlandt
 
Serverless Systems: The Future is Here
Serverless Systems: The Future is HereServerless Systems: The Future is Here
Serverless Systems: The Future is Here
gedoplan
 
Serverless Computing with AWS
Serverless Computing with AWSServerless Computing with AWS
Serverless Computing with AWS
TransferWiseSG
 
Dockercon plugins session
Dockercon plugins sessionDockercon plugins session
Dockercon plugins session
Weaveworks
 
NDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsNDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design Patterns
Ryan Green
 
DNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your termsDNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your terms
Jess Coburn
 
A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015
Weaveworks
 
TDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBTDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDB
Valeri Karpov
 
Cloud Amazon Service
Cloud Amazon Service Cloud Amazon Service
Cloud Amazon Service
Remo Sam
 
Dev-Friendly Ops
Dev-Friendly OpsDev-Friendly Ops
Dev-Friendly Ops
Josh Schramm
 
AWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsAWS Cloudfront Fundamentals
AWS Cloudfront Fundamentals
Piyush Agrawal
 
WordPress Development Environments
WordPress Development EnvironmentsWordPress Development Environments
WordPress Development Environments
Josh Cummings
 
Inrastructure as Code
Inrastructure as CodeInrastructure as Code
Inrastructure as Code
Charles Anderson
 
WordPress Deployment
WordPress DeploymentWordPress Deployment
WordPress Deployment
Swain Strickland
 
Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)
Aswin Juari
 
Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)
Julien SIMON
 
AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton
AWSCOMSUM
 
Cassandra Development Nirvana
Cassandra Development Nirvana Cassandra Development Nirvana
Cassandra Development Nirvana
DataStax
 
Signal r azurepresentation
Signal r azurepresentationSignal r azurepresentation
Signal r azurepresentation
Justin Wendlandt
 
Serverless Systems: The Future is Here
Serverless Systems: The Future is HereServerless Systems: The Future is Here
Serverless Systems: The Future is Here
gedoplan
 
Serverless Computing with AWS
Serverless Computing with AWSServerless Computing with AWS
Serverless Computing with AWS
TransferWiseSG
 
Dockercon plugins session
Dockercon plugins sessionDockercon plugins session
Dockercon plugins session
Weaveworks
 
NDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsNDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design Patterns
Ryan Green
 
DNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your termsDNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your terms
Jess Coburn
 
A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015
Weaveworks
 
TDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBTDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDB
Valeri Karpov
 
Cloud Amazon Service
Cloud Amazon Service Cloud Amazon Service
Cloud Amazon Service
Remo Sam
 
Dev-Friendly Ops
Dev-Friendly OpsDev-Friendly Ops
Dev-Friendly Ops
Josh Schramm
 
AWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsAWS Cloudfront Fundamentals
AWS Cloudfront Fundamentals
Piyush Agrawal
 
WordPress Development Environments
WordPress Development EnvironmentsWordPress Development Environments
WordPress Development Environments
Josh Cummings
 
Inrastructure as Code
Inrastructure as CodeInrastructure as Code
Inrastructure as Code
Charles Anderson
 
WordPress Deployment
WordPress DeploymentWordPress Deployment
WordPress Deployment
Swain Strickland
 
Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)
Aswin Juari
 
Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)
Julien SIMON
 
AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton
AWSCOMSUM
 
Cassandra Development Nirvana
Cassandra Development Nirvana Cassandra Development Nirvana
Cassandra Development Nirvana
DataStax
 

Similar to Devina Dhawan's talk - Women and non binary focused intro to AWS (20)

Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
DevOps.com
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
Deborah Schalm
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?
Ken Johnson
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
HashiCorp
 
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOpsIn the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
Garth Boyd
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit Atlanta
Chris Farris
 
Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3
aspyker
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit Giri
OWASP Delhi
 
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
Ken Johnson
 
AWS & Infrastructure Hardening - Cloud Infrastructure Security
AWS & Infrastructure Hardening - Cloud Infrastructure SecurityAWS & Infrastructure Hardening - Cloud Infrastructure Security
AWS & Infrastructure Hardening - Cloud Infrastructure Security
Nutanix Beam
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
apponix123
 
User Credential handling in Web Applications done right
User Credential handling in Web Applications done rightUser Credential handling in Web Applications done right
User Credential handling in Web Applications done right
tladesignz
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
John Varghese
 
Wrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS AccountsWrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS Accounts
Andrew Bienert
 
004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx
nitinscribd
 
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
John Martinez
 
Top 23 Things Not to Do in AWS
Top 23 Things Not to Do in AWSTop 23 Things Not to Do in AWS
Top 23 Things Not to Do in AWS
Ervan Setiawan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
 
Denver AWS Users' Group Meeting - July 2018 Slides
Denver AWS Users' Group Meeting - July 2018 SlidesDenver AWS Users' Group Meeting - July 2018 Slides
Denver AWS Users' Group Meeting - July 2018 Slides
David McDaniel
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Rob Fuller
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
DevOps.com
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
Deborah Schalm
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?
Ken Johnson
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
HashiCorp
 
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOpsIn the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
Garth Boyd
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit Atlanta
Chris Farris
 
Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3
aspyker
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit Giri
OWASP Delhi
 
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
Ken Johnson
 
AWS & Infrastructure Hardening - Cloud Infrastructure Security
AWS & Infrastructure Hardening - Cloud Infrastructure SecurityAWS & Infrastructure Hardening - Cloud Infrastructure Security
AWS & Infrastructure Hardening - Cloud Infrastructure Security
Nutanix Beam
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
apponix123
 
User Credential handling in Web Applications done right
User Credential handling in Web Applications done rightUser Credential handling in Web Applications done right
User Credential handling in Web Applications done right
tladesignz
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
John Varghese
 
Wrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS AccountsWrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS Accounts
Andrew Bienert
 
004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx
nitinscribd
 
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
John Martinez
 
Top 23 Things Not to Do in AWS
Top 23 Things Not to Do in AWSTop 23 Things Not to Do in AWS
Top 23 Things Not to Do in AWS
Ervan Setiawan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
 
Denver AWS Users' Group Meeting - July 2018 Slides
Denver AWS Users' Group Meeting - July 2018 SlidesDenver AWS Users' Group Meeting - July 2018 Slides
Denver AWS Users' Group Meeting - July 2018 Slides
David McDaniel
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Rob Fuller
 
Ad

More from AWS Chicago (20)

Chicago AWS Architectural Resilience Day 2024
Chicago AWS Architectural Resilience Day 2024Chicago AWS Architectural Resilience Day 2024
Chicago AWS Architectural Resilience Day 2024
AWS Chicago
 
David Michels: DevOps My AI at AWS Community Day Midwest 2024
David Michels: DevOps My AI at AWS Community Day Midwest 2024David Michels: DevOps My AI at AWS Community Day Midwest 2024
David Michels: DevOps My AI at AWS Community Day Midwest 2024
AWS Chicago
 
Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...
Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...
Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...
AWS Chicago
 
Julia Furst Morgado Managing EKS Clusters at Scale using Blueprints and Infra...
Julia Furst Morgado Managing EKS Clusters at Scale using Blueprints and Infra...Julia Furst Morgado Managing EKS Clusters at Scale using Blueprints and Infra...
Julia Furst Morgado Managing EKS Clusters at Scale using Blueprints and Infra...
AWS Chicago
 
Max De Jong: Avoiding Common Pitfalls with Hosting Machine Learning Models
Max De Jong: Avoiding Common Pitfalls with Hosting Machine Learning ModelsMax De Jong: Avoiding Common Pitfalls with Hosting Machine Learning Models
Max De Jong: Avoiding Common Pitfalls with Hosting Machine Learning Models
AWS Chicago
 
Jason Butz Building Testable Serverless Applications with the Hexagonal Archi...
Jason Butz Building Testable Serverless Applications with the Hexagonal Archi...Jason Butz Building Testable Serverless Applications with the Hexagonal Archi...
Jason Butz Building Testable Serverless Applications with the Hexagonal Archi...
AWS Chicago
 
Muthukumaran Ardhanary AWS Datasync to migrate objects from on-prem to s3
Muthukumaran Ardhanary AWS Datasync to migrate objects from on-prem to s3Muthukumaran Ardhanary AWS Datasync to migrate objects from on-prem to s3
Muthukumaran Ardhanary AWS Datasync to migrate objects from on-prem to s3
AWS Chicago
 
Jeff Maruschek: How does RAG REALLY work?
Jeff Maruschek: How does RAG REALLY work?Jeff Maruschek: How does RAG REALLY work?
Jeff Maruschek: How does RAG REALLY work?
AWS Chicago
 
Jay Kahlon: Tagging Compliance The Tags are Coming!
Jay Kahlon: Tagging Compliance The Tags are Coming!Jay Kahlon: Tagging Compliance The Tags are Coming!
Jay Kahlon: Tagging Compliance The Tags are Coming!
AWS Chicago
 
Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...
Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...
Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...
AWS Chicago
 
Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...
Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...
Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...
AWS Chicago
 
Chris Ebert: Getting Started With Serverless Website Analytics.pdf
Chris Ebert: Getting Started With Serverless Website Analytics.pdfChris Ebert: Getting Started With Serverless Website Analytics.pdf
Chris Ebert: Getting Started With Serverless Website Analytics.pdf
AWS Chicago
 
Cameron Williams: Intelligent Document Processing for Artificial Intelligence
Cameron Williams: Intelligent Document Processing for Artificial IntelligenceCameron Williams: Intelligent Document Processing for Artificial Intelligence
Cameron Williams: Intelligent Document Processing for Artificial Intelligence
AWS Chicago
 
Brian Tarbox: S3 - Sophisticated Storage System
Brian Tarbox: S3 - Sophisticated Storage SystemBrian Tarbox: S3 - Sophisticated Storage System
Brian Tarbox: S3 - Sophisticated Storage System
AWS Chicago
 
Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...
Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...
Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...
AWS Chicago
 
Mayur Runwal and Steven David: User desktops in AWS for low latency and grap...
Mayur Runwal and Steven David: User desktops in AWS for low latency and grap...Mayur Runwal and Steven David: User desktops in AWS for low latency and grap...
Mayur Runwal and Steven David: User desktops in AWS for low latency and grap...
AWS Chicago
 
Justin Wheeler How to Explain AWS to Non-Technical People
Justin Wheeler How to Explain AWS to Non-Technical PeopleJustin Wheeler How to Explain AWS to Non-Technical People
Justin Wheeler How to Explain AWS to Non-Technical People
AWS Chicago
 
Angelo Mandato: Learn about the benefits with examples how to create and main...
Angelo Mandato: Learn about the benefits with examples how to create and main...Angelo Mandato: Learn about the benefits with examples how to create and main...
Angelo Mandato: Learn about the benefits with examples how to create and main...
AWS Chicago
 
Christopher Judd: Monitor All Your Stuff with OpenTelemetry and AWS
Christopher Judd: Monitor All Your Stuff with OpenTelemetry and AWSChristopher Judd: Monitor All Your Stuff with OpenTelemetry and AWS
Christopher Judd: Monitor All Your Stuff with OpenTelemetry and AWS
AWS Chicago
 
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
AWS Chicago
 
Chicago AWS Architectural Resilience Day 2024
Chicago AWS Architectural Resilience Day 2024Chicago AWS Architectural Resilience Day 2024
Chicago AWS Architectural Resilience Day 2024
AWS Chicago
 
David Michels: DevOps My AI at AWS Community Day Midwest 2024
David Michels: DevOps My AI at AWS Community Day Midwest 2024David Michels: DevOps My AI at AWS Community Day Midwest 2024
David Michels: DevOps My AI at AWS Community Day Midwest 2024
AWS Chicago
 
Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...
Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...
Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...
AWS Chicago
 
Julia Furst Morgado Managing EKS Clusters at Scale using Blueprints and Infra...
Julia Furst Morgado Managing EKS Clusters at Scale using Blueprints and Infra...Julia Furst Morgado Managing EKS Clusters at Scale using Blueprints and Infra...
Julia Furst Morgado Managing EKS Clusters at Scale using Blueprints and Infra...
AWS Chicago
 
Max De Jong: Avoiding Common Pitfalls with Hosting Machine Learning Models
Max De Jong: Avoiding Common Pitfalls with Hosting Machine Learning ModelsMax De Jong: Avoiding Common Pitfalls with Hosting Machine Learning Models
Max De Jong: Avoiding Common Pitfalls with Hosting Machine Learning Models
AWS Chicago
 
Jason Butz Building Testable Serverless Applications with the Hexagonal Archi...
Jason Butz Building Testable Serverless Applications with the Hexagonal Archi...Jason Butz Building Testable Serverless Applications with the Hexagonal Archi...
Jason Butz Building Testable Serverless Applications with the Hexagonal Archi...
AWS Chicago
 
Muthukumaran Ardhanary AWS Datasync to migrate objects from on-prem to s3
Muthukumaran Ardhanary AWS Datasync to migrate objects from on-prem to s3Muthukumaran Ardhanary AWS Datasync to migrate objects from on-prem to s3
Muthukumaran Ardhanary AWS Datasync to migrate objects from on-prem to s3
AWS Chicago
 
Jeff Maruschek: How does RAG REALLY work?
Jeff Maruschek: How does RAG REALLY work?Jeff Maruschek: How does RAG REALLY work?
Jeff Maruschek: How does RAG REALLY work?
AWS Chicago
 
Jay Kahlon: Tagging Compliance The Tags are Coming!
Jay Kahlon: Tagging Compliance The Tags are Coming!Jay Kahlon: Tagging Compliance The Tags are Coming!
Jay Kahlon: Tagging Compliance The Tags are Coming!
AWS Chicago
 
Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...
Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...
Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...
AWS Chicago
 
Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...
Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...
Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...
AWS Chicago
 
Chris Ebert: Getting Started With Serverless Website Analytics.pdf
Chris Ebert: Getting Started With Serverless Website Analytics.pdfChris Ebert: Getting Started With Serverless Website Analytics.pdf
Chris Ebert: Getting Started With Serverless Website Analytics.pdf
AWS Chicago
 
Cameron Williams: Intelligent Document Processing for Artificial Intelligence
Cameron Williams: Intelligent Document Processing for Artificial IntelligenceCameron Williams: Intelligent Document Processing for Artificial Intelligence
Cameron Williams: Intelligent Document Processing for Artificial Intelligence
AWS Chicago
 
Brian Tarbox: S3 - Sophisticated Storage System
Brian Tarbox: S3 - Sophisticated Storage SystemBrian Tarbox: S3 - Sophisticated Storage System
Brian Tarbox: S3 - Sophisticated Storage System
AWS Chicago
 
Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...
Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...
Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...
AWS Chicago
 
Mayur Runwal and Steven David: User desktops in AWS for low latency and grap...
Mayur Runwal and Steven David: User desktops in AWS for low latency and grap...Mayur Runwal and Steven David: User desktops in AWS for low latency and grap...
Mayur Runwal and Steven David: User desktops in AWS for low latency and grap...
AWS Chicago
 
Justin Wheeler How to Explain AWS to Non-Technical People
Justin Wheeler How to Explain AWS to Non-Technical PeopleJustin Wheeler How to Explain AWS to Non-Technical People
Justin Wheeler How to Explain AWS to Non-Technical People
AWS Chicago
 
Angelo Mandato: Learn about the benefits with examples how to create and main...
Angelo Mandato: Learn about the benefits with examples how to create and main...Angelo Mandato: Learn about the benefits with examples how to create and main...
Angelo Mandato: Learn about the benefits with examples how to create and main...
AWS Chicago
 
Christopher Judd: Monitor All Your Stuff with OpenTelemetry and AWS
Christopher Judd: Monitor All Your Stuff with OpenTelemetry and AWSChristopher Judd: Monitor All Your Stuff with OpenTelemetry and AWS
Christopher Judd: Monitor All Your Stuff with OpenTelemetry and AWS
AWS Chicago
 
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
AWS Chicago
 
Ad

Recently uploaded (20)

HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 

Devina Dhawan's talk - Women and non binary focused intro to AWS

  • 1. Transitioning to AWS in a hurry without getting owned (Hopefully...) Devina Dhawan 02/06/2017 - Women & Non-Binary Focused intro to AWS Email: [email protected] Twitter: @theulzo 1
  • 2. Introduction 2 ● Etsy (Jan 2015 - Present) ● Orbitz (May 2014 - Dec 2015) ● University of Illinois in Chicago
  • 3. Etsy operates a global marketplace where people around the world connect, both online and offline, to make, sell and buy unique goods. 3
  • 4. Security at Etsy 4 ● Evangelizing Security at Etsy ○ Candy is a great way to make friends ○ Allow the conversation about security to be comfortable and inviting.
  • 5. What is this talk about? • I will help you improve your existing AWS infrastructure • You will walk away with action items • http://bit.ly/2EnZU1q 5
  • 7. 7 - Traditional bare metal - Minimal footprint in the clouds Infrastructure
  • 9. 9 ● Evident.io ○ Scans of configurations to see if anything is misconfigured ● Password policies? ● Multi-factor Authentication ● Jira Tickets Evident.io
  • 10. 10 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 11. Scout2 ● Github Page: https://github.com/nccgro up/Scout2 ● Reports for all accounts ● Tie that into alerts manually
  • 12. 12 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 13. Changes I made… like a goon • Password policy to the highest scrutiny • Removed all admin roles from accounts that didn’t need them (aka hadn’t used aws in 2 yrs and didn’t have any api keys tied to their user) 13
  • 15. My first Etsy communication Hello X, Looks like you still do not have MFA set up on your AWS account. Go ahead and go to Identity & Access Management in your Amazon Web Services console -> find your username -> Manage MFA Device. Note: If you no longer need your AWS account, please let me know! Devina
  • 16. Version 2.0 Hello X, Looks like you still do not have MFA set up on your AWS account. It looks like you used your AWS account recently as well, so please sign up for MFA by 03/31/16 or your account will be suspended. Go ahead and go to Identity & Access Management in your Amazon Web Services console -> find your username -> Manage MFA Device. Note: If you no longer need your AWS account, please let me know! Your neighborhood candy provider, Devina
  • 18. Multiple statements which allow you to: ● Resync MFA devices ● Deactivate MFA devices ● List MFA devices ● Primary, management Other policies: ● Forcing MFA
  • 20. Aws-cli for account creation Becoming really used to the aws client is really useful too!
  • 21. Using Terraform for IAM ● What is terraform? ● What can it do? ○ Static creds ○ Environment variables ○ Shared creds ○ EC2 Roles
  • 23. 23 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 24. Logging in AWS - Cloudtrail
  • 28. ELK
  • 29. Alert Types Email: ● Daily Roundup Emails ○ No production impacting ● High Risk Alerts ○ Enough resources to handle IRC/Slack/Jabber: ● Slack & Dropbox Collect the alerts: ● Splunk ● 411 / Elastalert
  • 30. 30 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Scout2 # Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 33. 33 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Scout2 # Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 37. ● Bug Bounties at Etsy: https://www.etsy.com/bounty ● S3 Scanner Github: https://github.com/bear/s3scan ○ Report of all s3 buckets and perms ○ Likely how bountiers are finding out about your misconfigured policies.
  • 38. 38 So… it happened, what do I do now? ❏ Write down all the systems you need to take care of ❏ Find out what you need to fix on all systems, write that down ❏ Start with the low-hanging fruit ❏ Over communicate what you are doing. ❏ Work with networking on the AWS network ❏ Create default rulesets & roles ❏ Work with IT/helpdesk to handle account provisioning ❏ Work with systems engineering to handle provisioning of services ❏ … profit?