AWS Secrets for Best Practices

•Descargar como PPTX, PDF•

0 recomendaciones•442 vistas

CFP - AWS Community Day 2019 CFP - AWS Community Day 2019 100% 10 One of the best practices in Cloud solutions is reliability and consistency is using credentials and this session explains on how to Implement this practice using AWS Secrets Manager Screen reader support enabled. One of the best practices in Cloud solutions is reliability and consistency is using credentials and this session explains on how to Implement this practice using AWS Secrets Manager This talk was presented at AWS Community Day Bengaluru 2019 by Vijayanirmala, Devops Solution lead, Sonata software limited

Tecnología

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Best Practices & Use cases -
AWS Secrets Manager
Vijaya Nirmala Gopal

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Vijaya Nirmala Gopal (Nirmala)
DevOps Solutions Lead - Cloud,
Sonata Software Limited
https://cloudgoddess.blogspot.com/
Ansible Galaxy Contributor

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
❏ AWS Secrets Manager Overview
❏ Top security threats with Credentials
❏ Overlooked Risks
❏ Compliances for AWS & Cloud
❏ Use case for the day
❏ Logging/Monitoring - Cloudwatch
❏ Auditing - CloudTrail
❏ Notifications - SNS
❏ Recover & Restore
❏ With Infrastructure as Code
❏ For Configuration Management Solution
❏ Quick compare
❏ Need of the moment
Agenda

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Secrets Manager - Overview
❏ Key Features - hold & automate secret rotation
Automatic password generator [aws cli]
❏ Pay as you go; No upfront or setup cost
❏ Fine grained IAM access control
❏ Compliance
❏ Audit/Monitor

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Top security threats
Risk Assessments shows below reasons
● Open network ports
● Broad permissions for Application(s)
● Wider privileges for IAM user
● Unprotected keys and credentials

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Overlooked Risks ???
Shared by Teri Radichel, CEO, 2nd Sight Lab, AWS Community Hero

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
PCI DSS & CIS with AWS Secrets
Manager
❏ Enforcement on securing credentials
❏ Defined rules for IAM or any other credentials
❏ Recommends/demands keys rotation
❏ Enable sufficient logging
❏ Have audit controls in place

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Use case - AWS Secrets Manager

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SSM - AWS CLI
Creation & Retrieval of secrets

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Infrastructure provisioning - Use cases
How efficient is secrets with Cloudformation
● Use resolve tag to fetch or refer the secrets from Secrets Manager
{{resolve:secretsmanager:secret-id:secret-string:json-key:version-stage:version-id}}
“MasterPassword”: ‘{{ resolve:secretsmanager:RDS-master-password:SecretString:password}}’

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Infrastructure provisioning - Use cases
How efficient is secrets with Terraform
● Use terraform module ‘aws_secretsmanager_secret’ and
‘aws_secretsmanager_secret_version’ create secrets
● Use output to view the secrets
● AWS CLI for fetching the secrets in user_data

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Configuration Management - Use cases
How secrets fit with Ansible
❏ Ansible aws_secret - Lookup plugin for
secrets manager
❏ Use & register with CLI
❏ Know how to fetch and store

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Configuration Management - Use cases
Fetch using AWS CLI

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Configuration Management - Use cases
Fetch using API(ex. Python)

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Auditing Secrets Usage - CloudTrail
❏ Risk Assessments shows below reasons against
credentials misuse
❏ Open network ports
❏ Broad permissions for Application(s)
❏ Wider privileges for IAM user
❏ Unprotected keys and credentials

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CloudTrail - Delete
❏ what happens on Delete
❏ Be known to mischievous actions
❏ Take back the decision in 7 days
❏ Think through the decision
❏ Check integrity by running regressions

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Monitoring/Logging Secrets - CloudWatch
❏ Calls made
❏ Access error messages
❏ Sources reaching onto access secrets with timelines
❏ Analyse and action of unused or unrotated secrets

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SNS - AWS Secrets Manager
Get alerted on actions or customize triggers for alert
❏ On Delete
❏ On permission denied to track suspicious access
❏ API Calls
❏ Other examples

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Comparison with other options
AWS SSM Parameter store
❏ Rotate with custom Lambda
❏ Lambda creation and maintenance
❏ No Cross account access
❏ S3 - In Rest & Transit Encrypted texts
❏ Ansible Vault
❏ VM or Instance
❏ Custom made mechanism to rotate
AWS Secrets Manager
❏ All secrets are encrypted
❏ Built in Lambda to rotate
secrets
❏ Billed per secret stored and
API calls
❏ Integration password rotation
❏ Random password generation

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Step Ahead - git-secrets
Access Keys/Credentials in Git Repos
❏ scrutinize the most valuable targets
❏ prevents keys/credentials anywhere in/into repos
❏ Add as Jenkins job to checkout repos dynamically and
scan and report

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you!

Más contenido relacionado

La actualidad más candente

Getting Started with AWS Security

Amazon Web Services

Best Practices for Encrypting Data on AWS

Amazon Web Services

An Active Case Study on Insider Threat Detection in your Applications

Amazon Web Services

by Cameron Worrell, Sr. Solutions Architect, AWS In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.

Introduction to Threat Detection and Remediation on AWS

Amazon Web Services

There are many ways to improve your security controls in AWS accounts. In this session, we'll cover how to leverage guidelines from the Center of Internet Security (CIS), how to augment security checks, and how to build and secure AWS resources with additional tools. Armed with the information in this session, you will be able to harden new AWS accounts and implement security best practices from Day One.

Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...

Amazon Web Services

The session will focus on the newly-launched security tool Hammer, which Dow Jones developed after identifying a security vulnerability internally. Users will learn more about Hammer and how it solves certain security configuration issues in the AWS cloud. The team behind the development of Hammer will showcase real-world examples of the tool identifying, analyzing and remediating issues, all as part of Dow Jones' commitment to helping everyone in the community as they make the jump to the cloud.

How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...

Amazon Web Services

Join us, and learn how we made AWS our backbone, modularized our software for the cloud, and gained an immediate surge in velocity. In this session, we walk you through some of the unexpected security challenges we faced and hopefully save you a few headaches. Discover what security issues you need to address, how to avoid costly unused instances in your deployments, and why your current security tools won’t help. We show you how a major transformation landed us on AWS, and we share how we overcame challenges and advanced our business while innovating in a new direction. This session is brought to you by AWS partner, Barracuda Networks Inc.

Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...

Amazon Web Services

As organisations’ cloud environments continue to scale and grow, how do you ensure that access to resources are being managed securely? How do you scope permissions to achieve least-privilege access control across your AWS environment? This webinar answers these questions, delving into the AWS Identity and Access Management (IAM) web service and looking at how it can help you securely control access to AWS resources.

How to Become an IAM Policy Ninja

Amazon Web Services

Traditional data center environments have regarded the network boundary as a stable perimeter of defense, using gateway firewalls for effective protection. The public cloud, however, is exposing a plethora of hosted services directly to its users, bypassing traditional network filtering technologies, and effectively creating new perimeters around the various services and data element. Examples of these new perimeters include Amazon S3 buckets, Amazon EBS snapshots, and AWS Lambda functions. This session is brought to you by AWS partner, Dome9 Security Inc.

The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018

Amazon Web Services

AWS Security By Design

Amazon Web Services

by Greg McConnel, Sr. Security Solutions Architect, AWS This workshop is designed to expose you to a number of AWS services that can be part of a threat detection and remediation strategy. We will cover the following services: Amazon GuardDuty, Amazon Macie, Amazon Inspector, Amazon CloudWatch (Events & Logs), AWS Lambda, Amazon SNS, Amazon S3, VPC Flow Logs, DNS Logs and AWS CloudTrail. You will learn how to use these services to set up a notification and remediation pipeline, to investigate threats during and after an attack, and how to evaluate what additional alerts and automated remediations should be deployed. We will go through a simulated attack scenario that will generate real GuardDuty findings and Macie alerts. We will investigate the attack, examine the threats, remediate the attack and investigate additional automated remediations that can be used in the future.

Threat Detection & Remediation Workshop - Module 4

Amazon Web Services

A Case Study on Insider Threat Detection

Amazon Web Services

In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments. Level 200

Intro to Threat Detection and Remediation on AWS

Amazon Web Services

Deep dive - AWS security by design

Richard Harvey

Automating AWS security and compliance

John Varghese

Security by design examines a wide range of issues, such as: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. This standardized, automated, prescriptive and repeatable design can be deployed for common use cases, security standards and audit requirements across multiple industries and workloads.

Deep Dive - AWS Security by Design

Amazon Web Services

by Michael St. Onge, Global Cloud Security Architect, AWS Events are precursor to incidents, but how do you decide if an event is harmful? Tuning the signal to noise means that every event needs to be inspected and its impact calculated in as short amount of time as possible to stop bad things from happening. In this session, we will dive deep into a few event types to do advanced analysis in pursuit of deciding if it is a security incident, and how to resolve it by the time the alert hits your inbox.

Incident Response on AWS - A Practical Look.pdf

Amazon Web Services

Real-Time Insights Lab and Lab Prep

Amazon Web Services

Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018

Amazon Web Services

Customers using AWS benefit from a multitude of security and compliance controls built into AWS solutions. In this session, you will learn how to take advantage of the advanced security features of AWS to gain the visibility, agility, and control that the cloud affords users over legacy environments. We will take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the Shared Responsibility Model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS. Matt Johnson, Solutions Architect, AWS

Managing Security on AWS

Amazon Web Services

La actualidad más candente (20)

Getting Started with AWS Security

Best Practices for Encrypting Data on AWS

An Active Case Study on Insider Threat Detection in your Applications

Introduction to Threat Detection and Remediation on AWS

Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...

How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...

Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...

How to Become an IAM Policy Ninja

The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018

AWS Security By Design

Threat Detection & Remediation Workshop - Module 4

A Case Study on Insider Threat Detection

Intro to Threat Detection and Remediation on AWS

Deep dive - AWS security by design

Automating AWS security and compliance

Deep Dive - AWS Security by Design

Incident Response on AWS - A Practical Look.pdf

Real-Time Insights Lab and Lab Prep

Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018

Managing Security on AWS

Similar a AWS Secrets for Best Practices

Para ayudar a prevenir el acceso inesperado a sus recursos de AWS, es crítico mantener políticas de acceso e identidad robustas, así como dar seguimiento, detectar eficazmente y reaccionar a los cambios. En esta sesión, aprenda cómo usar la AWS Identity and Access Management (IAM, por sus siglas en inglés) para controlar el acceso a los recursos de la nube de AWS e integrar su sistema de autenticación existente con IAM. Cubrimos cómo implementar y controlar la infraestructura de AWS usando plantillas de código, incluyendo políticas de administración de cambio con AWS CloudFormation. Además, detectar y reaccionar de manera efectiva a los cambios o las acciones adversas requiere la capacidad de monitorear y procesar eventos. Existen diferentes servicios dentro de AWS que permiten esta clase de monitoreo, tales como: AWS CloudTrail, Amazon CloudWatch Events, y el servicio de APIs de AWS. En esta sesión, le mostramos cómo Netflix utiliza una combinación de estos servicios para operar el monitoreo de sus implementaciones a gran escala, y discutimos los cambios hechos a medida que la implementación de Netflix crece con el pasar de los años

Mejores prácticas para administrar las operaciones de seguridad en AWS - MXO2...

Amazon Web Services

How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...

Amazon Web Services

Vijayanirmala a_community_builders_guidebook_for_securing_your_secrets

VijayaNirmalaGopal

Securing Your Customers Data From Day One

Amazon Web Services LATAM

All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. You'll learn key principles of how to build a secure organization and protect your customers data. Don't wait until your first security incident before putting these best practices in place.

SecuringYourCustomersDataFromDayOne_SFStartupDay

Amazon Web Services

Security is job zero at AWS. Come and learn how to build a modern security practice on AWS and supercharge it with AWS partners and serverless automation. Learn about the Security Perspectives found the AWS Well-Architected Framework, which equip your security program to not only keep your environment secure but also move fast. Learn advanced techniques to empower your teams with Amazon GuardDuty so you can elevate your team's ability to identify, protect, detect, respond, and recover from security events.

Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...

Amazon Web Services

Securing Your Customers Data From Day One

Amazon Web Services

AWS Security and Encryption

Richard Harvey

Performing forensics on AWS resources is a new experience for many customers who might have older runbooks based on on-premises workflows using manual steps, or perhaps no processes in place at all. In this session, get a deeper insight into the various runbooks to perform practical forensic tasks on AWS resources like Amazon EC2 instances, using a combination of industry tooling, AWS serverless services like AWS Lambda and AWS Step Functions, and managed services like Amazon Athena.

How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...

Amazon Web Services

All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: operating systems, services and applications control responsibilities, the automation of security baselines, the configuration of security, and the auditing of controls for AWS customer infrastructure. You'll learn key principles of how to build a secure organization and protect your customers' data. Don't wait until your first security incident before putting these best practices in place.

AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne

Amazon Web Services

In this session, learn how to accelerate your journey to the cloud while implementing a cloud-first strategy and without sacrificing the controls and standards required in a large, publicly-traded enterprise. Benefit from the insights developed from working with some of the most recognized brands in the world. Discover how these household names leverage automation, CI/CD, and a modular approach to workload design to ensure the consistent application of their security and governance requirements. Learn which approaches to use when transforming workloads to cloud-native technologies, including serverless and containers. With this approach, business users can finally receive properly governed resources without delaying or disrupting their need for agility, flexibility, and cloud scale. This session is brought to you by AWS partner, 2nd Watch.

Proven Methodologies for Accelerating Your Cloud Journey (ENT308-S) - AWS re:...

Amazon Web Services

New AWS Security Solutions to Protect Your Workload 亞馬遜 AWS 於 2018 年 11 月底在美國拉斯維加斯所舉辦的第七屆 AWS re:Invent 2018 大會，在 AWS 客戶、合作夥伴、媒體人士、產業分析師及 AWS 員工共襄盛舉下，與會人數再創新高，超過 5 萬人。會中 AWS 發布超過 20 款雲端方案，且一半以上專攻雲端 AI、機器學習、物聯網，包括對 SageMaker 強化更多進階功能，推出第一款專用的機器學習推論晶片、加入深度的機器學習運算法支援，及其他包括儲存、資料庫、混合雲、邊緣運算 IoT 等解決方案。而具備微型機器學習能力的迷你自駕遙控車 DeepRacer 的現身，驚人之舉不僅抓人眼球，深入客戶體驗的用心，更成功抓住全球使用者的心。為讓您與全球先進技術同步，共享最新趨勢資訊，解決您開發機器學習和發展 AIoT 所遇到的難題，AWS 台灣團隊將於 2019 年 1 月 31 日 (四) 舉辦《AWS re:Invent 2018 Recap 台北》，特別嚴選最適切國內諸位先進和企業需求的內容，從「技術創新」、「AIoT」兩大分組議程，發表 AWS 的新服務和新方案。大會除了邀請亞馬遜 AWS 大中華區首席雲計算企業顧問 (Principal Evangelist) 張俠博士分享 AWS 的解決方案藍圖外，眾多 AWS 資深專家也將分享包含機器學習、深度學習推理加速等新方案，完全託管的文件系統、資料庫，無伺服器、容器技術與安全性，以及大數據與分析、物聯網服務應用、儲存方案等最新技術。歡迎您親臨會場，全方位體驗 AWS 新服務將能為您創造的驚人創新之效益。

New AWS Security Solutions to Protect Your Workload

Amazon Web Services

How AI is disrupting the world

Amazon Web Services

All companies should build with security and protection of customer data as the number one priority. This talk will cover a wide range of best practices from MFA, root accounts, encrypting laptops, inventory management, MDM, and incident response. You'll learn key principles of how to build a secure organization to protect your data. Don't wait until your first security incident before putting these best practices in place.

AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One

AWS Germany

This session will review how to secure your enterprise adoption of AWS at scale. At AWS security is job zero and at the heart of everything we build. This session will review the patterns of usage for AWS Identity and Access Management, AWS Key Management Service, AWS CloudTrail, AWS Config, Amazon GuardDuty AWS Systems Manager Parameter Store, Amazon EC2 Run Command, AWS Single Sign-On, AWS WAF, AWS Shield, and AWS Service Catalog to an create end-to-end security approach for your AWS cloud adoption. You will gain insight how these AWS services come together to increase your security posture in ways that are unique to AWS workloads.

Security@Scale

Amazon Web Services

GE has very deep security requirements for their cloud applications. In this session, hear their story on replacing on premises complex solutions with AWS native services like Amazon GuardDuty, VPC Flow logs, AWS CloudTrail, and AWS Config rules. Learn how large enterprises can accelerate their cloud adoption by meeting established security standards with AWS native services. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.

Meeting Enterprise Security Requirements with AWS Native Security Services (S...

Amazon Web Services

Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018

Amazon Web Services

In this workshop, create guardrails to ensure governance is applied and identify when people stray. This session will deep dive into AWS Landing Zone, AWS Organizations, AWS Config, and Identity and Access Management. We will focus on the Operational Excellence and Security pillar best practices, of the AWS Well-Architected Framework, using a multi-account strategy. We address the architectural and operational decisions you need to make. In the cloud, you can start at the core and create defense in depth at the individual resource level. This session is designed for security and compliance practitioners interested in estate management, auditing of infrastructure, advanced IAM techniques, and overall governance management.

Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...

Amazon Web Services

Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf

Amazon Web Services

The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional data-center. However, customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session, we will review how to use automation, tools, and techniques to harden and audit your AWS account and also how to leverage AWS Organizations to ensure compliance in your enterprise.

Lock it Down: How to Secure your AWS Account and your Organization's Accounts

Amazon Web Services

Similar a AWS Secrets for Best Practices (20)

Mejores prácticas para administrar las operaciones de seguridad en AWS - MXO2...

How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...

Vijayanirmala a_community_builders_guidebook_for_securing_your_secrets

Securing Your Customers Data From Day One

SecuringYourCustomersDataFromDayOne_SFStartupDay

Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...

Securing Your Customers Data From Day One

AWS Security and Encryption

How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...

AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne

Proven Methodologies for Accelerating Your Cloud Journey (ENT308-S) - AWS re:...

New AWS Security Solutions to Protect Your Workload

How AI is disrupting the world

AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One

Security@Scale

Meeting Enterprise Security Requirements with AWS Native Security Services (S...

Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018

Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...

Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf

Lock it Down: How to Secure your AWS Account and your Organization's Accounts

Más de AWS User Group Bengaluru

Demystifying identity on AWS

AWS User Group Bengaluru

AWS Secrets for Best Practices

AWS User Group Bengaluru

Cloud Security

AWS User Group Bengaluru

Lessons learnt building a Distributed Linked List on S3

AWS User Group Bengaluru

Medlife journey with AWS

AWS User Group Bengaluru

Building Efficient, Scalable and Resilient Front-end logging service with AWS

AWS User Group Bengaluru

Exploring opportunities with communities for a successful career

AWS User Group Bengaluru

Slack's transition away from a single AWS account

AWS User Group Bengaluru

Log analytics with ELK stack

AWS User Group Bengaluru

Serverless Culture

AWS User Group Bengaluru

Refactoring to serverless

AWS User Group Bengaluru

Amazon EC2 Spot Instances Workshop

AWS User Group Bengaluru

The number of internet users is increasing rapidly and so is the number of mobile/web applications. Processing and analyzing user activity is one of the techniques to observe/monitor mobile/web apps. Much of this user activity is captured by the mobile app as a structured log. The problem we are trying to solve here is building and operating a processing backend that ingests activity data from millions of devices with availability and SLA guarantees. This talk was presented at AWS Community Day Bengaluru 2019 by Kokilavani Kathiresan, Ravikumar Kota and Shailja Agarwala - Intuit

Building Efficient, Scalable and Resilient Front-end logging service with AWS

AWS User Group Bengaluru

Medlife's journey with AWS from 0(zero) orders to 6 digit mark

AWS User Group Bengaluru

Exploring opportunities with communities for a successful career

AWS User Group Bengaluru

In the talk I speak about our year long journey of implementing a distributed system that needed to run on scale, and what mistakes we made and how we learnt from them. Talk also touches on a very interesting problem of ordering writes in a distributed environment without any locking. The takeaway for the audience would be around how to approach a problem when they are solving for scale. This talk was presented at AWS Community Day Bengaluru 2019 by Manik Jindal, Computer Scientist, Adobe

Lessons learnt building a Distributed Linked List on S3

AWS User Group Bengaluru

Cloud Security

AWS User Group Bengaluru

Amazon EC2 Spot Instances

AWS User Group Bengaluru

Cost Optimization in AWS

AWS User Group Bengaluru

Keynote - Chaos Engineering: Why breaking things should be practiced

AWS User Group Bengaluru

Más de AWS User Group Bengaluru (20)

Demystifying identity on AWS

AWS Secrets for Best Practices

Cloud Security

Lessons learnt building a Distributed Linked List on S3

Medlife journey with AWS

Building Efficient, Scalable and Resilient Front-end logging service with AWS

Exploring opportunities with communities for a successful career

Slack's transition away from a single AWS account

Log analytics with ELK stack

Serverless Culture

Refactoring to serverless

Amazon EC2 Spot Instances Workshop

Building Efficient, Scalable and Resilient Front-end logging service with AWS

Medlife's journey with AWS from 0(zero) orders to 6 digit mark

Exploring opportunities with communities for a successful career

Lessons learnt building a Distributed Linked List on S3

Cloud Security

Amazon EC2 Spot Instances

Cost Optimization in AWS

Keynote - Chaos Engineering: Why breaking things should be practiced

Último

Real Time Object Detection Using Open CV

Khem

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

CNv6 Instructor Chapter 6 Quality of Service

giselly40

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Microsoft's Threat Matrix for Kubernetes helps organizations understand the attack surface a Kubernetes deployment introduces to their environments. This ensures that adequate detections and mitigations are in place. By covering over 40 different attacker techniques, defenders can learn about Kubernetes-specific mitigations and controls to deploy to their environments. In this session, we will explore the MS-TA9013 Host Path Mount technique, which is commonly used by attackers to perform privilege escalation in a Kubernetes cluster. Attendees will learn how attackers and defenders can: * Escape the container's host volume mount to gain persistence on an underlying node * Move laterally from the underlying node into the customer's cloud environment * Analyze Kubernetes audit logs to detect pods deployed with a hostPath mount * Deploy an admission controller that prevents new pods from using a hostPath mount

Breaking the Kubernetes Kill Chain: Host Path Mount

Puma Security, LLC

Slack Application Development 101 Slides

praypatel2

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Explore 'The Codex of Business: Writing Software for Real-World Solutions,' a compelling SlideShare presentation that delves into digital transformation in healthcare. Discover through a detailed case study how Agile methodologies empower healthcare providers to develop, iterate, and refine digital solutions that address real-world challenges. Learn how strategic planning, user feedback, and continuous improvement drive success in deploying technologies that enhance patient care and operational efficiency. Ideal for healthcare professionals, IT specialists, and digital transformation advocates seeking actionable insights and practical examples of technology making a real difference.

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Malak Abu Hammad

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

AWS Secrets for Best Practices

2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Vijaya Nirmala Gopal (Nirmala) DevOps Solutions Lead - Cloud, Sonata Software Limited https://cloudgoddess.blogspot.com/ Ansible Galaxy Contributor

3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ❏ AWS Secrets Manager Overview ❏ Top security threats with Credentials ❏ Overlooked Risks ❏ Compliances for AWS & Cloud ❏ Use case for the day ❏ Logging/Monitoring - Cloudwatch ❏ Auditing - CloudTrail ❏ Notifications - SNS ❏ Recover & Restore ❏ With Infrastructure as Code ❏ For Configuration Management Solution ❏ Quick compare ❏ Need of the moment Agenda

4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Secrets Manager - Overview ❏ Key Features - hold & automate secret rotation Automatic password generator [aws cli] ❏ Pay as you go; No upfront or setup cost ❏ Fine grained IAM access control ❏ Compliance ❏ Audit/Monitor

5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top security threats Risk Assessments shows below reasons ● Open network ports ● Broad permissions for Application(s) ● Wider privileges for IAM user ● Unprotected keys and credentials

7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PCI DSS & CIS with AWS Secrets Manager ❏ Enforcement on securing credentials ❏ Defined rules for IAM or any other credentials ❏ Recommends/demands keys rotation ❏ Enable sufficient logging ❏ Have audit controls in place

10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure provisioning - Use cases How efficient is secrets with Cloudformation ● Use resolve tag to fetch or refer the secrets from Secrets Manager {{resolve:secretsmanager:secret-id:secret-string:json-key:version-stage:version-id}} “MasterPassword”: ‘{{ resolve:secretsmanager:RDS-master-password:SecretString:password}}’

11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure provisioning - Use cases How efficient is secrets with Terraform ● Use terraform module ‘aws_secretsmanager_secret’ and ‘aws_secretsmanager_secret_version’ create secrets ● Use output to view the secrets ● AWS CLI for fetching the secrets in user_data

12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Configuration Management - Use cases How secrets fit with Ansible ❏ Ansible aws_secret - Lookup plugin for secrets manager ❏ Use & register with CLI ❏ Know how to fetch and store

15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auditing Secrets Usage - CloudTrail ❏ Risk Assessments shows below reasons against credentials misuse ❏ Open network ports ❏ Broad permissions for Application(s) ❏ Wider privileges for IAM user ❏ Unprotected keys and credentials

16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudTrail - Delete ❏ what happens on Delete ❏ Be known to mischievous actions ❏ Take back the decision in 7 days ❏ Think through the decision ❏ Check integrity by running regressions

17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Monitoring/Logging Secrets - CloudWatch ❏ Calls made ❏ Access error messages ❏ Sources reaching onto access secrets with timelines ❏ Analyse and action of unused or unrotated secrets

18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SNS - AWS Secrets Manager Get alerted on actions or customize triggers for alert ❏ On Delete ❏ On permission denied to track suspicious access ❏ API Calls ❏ Other examples

19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Comparison with other options AWS SSM Parameter store ❏ Rotate with custom Lambda ❏ Lambda creation and maintenance ❏ No Cross account access ❏ S3 - In Rest & Transit Encrypted texts ❏ Ansible Vault ❏ VM or Instance ❏ Custom made mechanism to rotate AWS Secrets Manager ❏ All secrets are encrypted ❏ Built in Lambda to rotate secrets ❏ Billed per secret stored and API calls ❏ Integration password rotation ❏ Random password generation

20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step Ahead - git-secrets Access Keys/Credentials in Git Repos ❏ scrutinize the most valuable targets ❏ prevents keys/credentials anywhere in/into repos ❏ Add as Jenkins job to checkout repos dynamically and scan and report

AWS Secrets for Best Practices

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a AWS Secrets for Best Practices

Similar a AWS Secrets for Best Practices (20)

Más de AWS User Group Bengaluru

Más de AWS User Group Bengaluru (20)

Último

Último (20)

AWS Secrets for Best Practices