SlideShare una empresa de Scribd logo

Automated Compliance and Governance with AWS Config and AWS CloudTrail - June 2017 AWS Online Tech Talks

Descargar como PPTX, PDF
Amazon Web Services
Amazon Web Services

Learning Objectives: - Reduce the complexity of governance - Embed compliance in the development process - Learn about AWS Management Tools As your cloud operations evolve, complexity of governance, compliance, and risk auditing of your AWS account increases. With AWS Config and AWS CloudTrail you can automate your controls and compliance efforts so that they scale with your cloud footprint. You can discover resources that exist in your account, capture changes in configurations, and create alerts for out-of-compliance events.In this session, we will help you use AWS Config, AWS CloudTrail, and other AWS Management Tools to automate configuration governance so that compliance is embedded in the development process.

Tecnología
1 de 37
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sid Gupta (CISSP) Sr. Product Manager, AWS Config June 6, 2017 Automated Compliance and Governance with AWS Config and AWS CloudTrail Chayan Biswas Sr. Product Manager, AWS Config
What to expect from the session? • Governance and Compliance – should I care? (yes) • Why automate? • Overview of CloudTrail and Config • Use cases and examples
What is Governance and Compliance? Governance is the oversight role and the process by which companies manage and mitigate business risks. Compliance ensures that an organization has the process and internal controls to meet the requirements imposed by the governance body.
Do I need Cloud Governance? • Cloud introduces few fundamental changes to traditional IT - Provision IT resources via self-service, APIs - Pay-as-you-go pricing - Dynamic scaling - Resources maybe short lived • Lack of policy and process consistency could negate the benefits of being in the cloud
AWS Shared Responsibility model
Steps to ensure Governance and Compliance • Understand your IT environment • Document all compliance requirements • Design and implement controls to meet the organization’s compliance requirements • Identify and document controls owned by outside parties • Verify that all control objectives are met
Why automate? • Hard to keep track of resource inventory • Numerous compliance requirements (CIS benchmarks, PCI, HIPAA) • Continuous assessment • Growth is good, but it comes with its challenges * CIS Benchmarks
AWS Management Tools ― AWS CloudFormation ― AWS Service Catalog ― AWS OpsWorks ― EC2 Systems Manager ― Amazon CloudWatch AWS CloudTrail ― AWS Config ― AWS Trusted Advisor ―
Range of capabilities Provision Speed Infra. as code Templatize Agility Self- service Delineated access privilege Guardrails Control Alarm Auto Correct Visibility Audit Trouble- shoot AWS CloudFormation AWS Service Catalog AWS CloudTrail AWS Config Amazon CloudWatch
We’ll focus on.. ― AWS CloudFormation ― AWS Service Catalog ― AWS OpsWorks ― EC2 Systems Manager ― Amazon CloudWatch AWS CloudTrail ― AWS Config ― AWS Trusted Advisor ―
What is CloudTrail? AWS CloudTrail Amazon CloudWatch S3 Bucket Management Console CLI SDK AWS resources Troubleshoot Monitor, alarm and React Archive and audit
What is CloudTrail? • Records API calls made on your AWS account • Delivers logs for audits and compliance • Provides visibility into account activity (API, console logins etc.) • Troubleshoot with look up capability • Alarm and take actions with Amazon CloudWatch • New! S3 Data Events: Get object-level API activity
Common Use Cases • Compliance Aid • Security Analysis • Data Exfiltration • Operational Troubleshooting
AWS Config Record changing resources AWS Config Config Rules History, Snapshot Notifications API Access Normalized
AWS Config • Continuous recording of configuration • Inventory of AWS resources, includes deleted • View resource relationships • New! OS level patches, installed applications, network configuration with EC2 Systems Manager • Check compliance with desired configuration using rules • Pre-built rules by AWS, Custom rules using AWS Lambda • Configuration and Compliance change notifications • Compliance dashboard • GitHub repo: Community sourced rules
Common Use Cases • Continuous monitoring • Continuous assessment • Audit and Compliance • Change management • Operational troubleshooting
Visibility & Audit Guardrails Control Alarm Auto Correct Visibility Audit Trouble- shoot
Demo Scenario (Gain visibility into the cloud ) Use CloudTrail to lookup API activity for a specific user, view activity details and configuration changes via AWS Config integration
Control and Alarm Guardrails Control Alarm Auto Correct Visibility Audit Trouble- shoot
Demo scenario (Automating governance & compliance) Notify the Cloud Admin if there exist any EC2 Security Groups that allow unrestricted access to port 22 (SSH)
Compliance change notification via SNS
Demo Scenario (Instance level software configurations) Use EC2 SM to setup inventory collection and use Config to get a complete trackable history of: • OS updates/patches • Installed applications • Network configuration etc. Continuously assess compliance with Config rules.
Control and Auto-Correct Guardrails Control Alarm Auto Correct Visibility Audit Trouble- shoot
Auto-remediate the issue when an EC2 Security Group that allows unrestricted access to port 22 (SSH) is detected by revoking the ingress rule. Lambda function Amazon SNS Amazon EC2 Security Group: 0.0.0.0/0 Port 22 AWS Configusers Internet Demo scenario (Automating governance & compliance)
Code snippet: Fix an EC2 security group
Code snippet: Fix an EC2 security group
But who watches the watcher? Guardrails Control Alarm Auto Correct Visibility Audit Trouble- shoot
Automatically turn on CloudTrail logging if it has been disabled Demo scenario (Automating governance & compliance)
Code snippet: Turn on CloudTrail
Customers who use CloudTrail and Config
Summary CloudTrail and Config provide: • Broad and deep visibility for security and compliance • Governance and Compliance as code • Enable: standardization, self-service, and automation Find out more here: https://aws.amazon.com/cloudtrail/ https://aws.amazon.com/config/ Management tools: https://aws.amazon.com/products/management
Thank you! sidgup@amazon.com cbbiswas@amazon.com

Recomendados

Aws config
Aws configAws config
Aws configShagun Rathore
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials DayAmazon Web Services
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Edureka!
 
Aws VPC
Aws VPCAws VPC
Aws VPCAbhishek Amralkar
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM IntroductionAmazon Web Services
 
AWS Lambda와 API Gateway를 통한 Serverless Architecture 특집 (윤석찬)
AWS Lambda와 API Gateway를 통한 Serverless Architecture 특집 (윤석찬)AWS Lambda와 API Gateway를 통한 Serverless Architecture 특집 (윤석찬)
AWS Lambda와 API Gateway를 통한 Serverless Architecture 특집 (윤석찬)Amazon Web Services Korea
 
AWS ELB
AWS ELBAWS ELB
AWS ELBMahesh Raj
 
Elastic Load Balancing Deep Dive - AWS Online Tech Talk
Elastic Load Balancing Deep Dive - AWS Online Tech TalkElastic Load Balancing Deep Dive - AWS Online Tech Talk
Elastic Load Balancing Deep Dive - AWS Online Tech TalkAmazon Web Services
 

Recomendados

Aws config
Aws configAws config
Aws configShagun Rathore
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials DayAmazon Web Services
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Edureka!
 
Aws VPC
Aws VPCAws VPC
Aws VPCAbhishek Amralkar
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM IntroductionAmazon Web Services
 
AWS Lambda와 API Gateway를 통한 Serverless Architecture 특집 (윤석찬)
AWS Lambda와 API Gateway를 통한 Serverless Architecture 특집 (윤석찬)AWS Lambda와 API Gateway를 통한 Serverless Architecture 특집 (윤석찬)
AWS Lambda와 API Gateway를 통한 Serverless Architecture 특집 (윤석찬)Amazon Web Services Korea
 
AWS ELB
AWS ELBAWS ELB
AWS ELBMahesh Raj
 
Elastic Load Balancing Deep Dive - AWS Online Tech Talk
Elastic Load Balancing Deep Dive - AWS Online Tech TalkElastic Load Balancing Deep Dive - AWS Online Tech Talk
Elastic Load Balancing Deep Dive - AWS Online Tech TalkAmazon Web Services
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeAmazon Web Services
 
AWS Cloud organizations presentation
AWS Cloud organizations presentationAWS Cloud organizations presentation
AWS Cloud organizations presentationTATA LILIAN SHULIKA
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubAmazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
(CMP201) All You Need To Know About Auto Scaling
(CMP201) All You Need To Know About Auto Scaling(CMP201) All You Need To Know About Auto Scaling
(CMP201) All You Need To Know About Auto ScalingAmazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionErnest Chiang
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM IntroductionAmazon Web Services
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
Aws Autoscaling
Aws AutoscalingAws Autoscaling
Aws AutoscalingKimberly Macias
 
Auto Scaling on AWS
Auto Scaling on AWSAuto Scaling on AWS
Auto Scaling on AWSAustinWebArch
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS Storage Options
AWS Storage OptionsAWS Storage Options
AWS Storage OptionsAmazon Web Services
 
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...Amazon Web Services
 
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeAmazon Web Services
 
AWS Cloud organizations presentation
AWS Cloud organizations presentationAWS Cloud organizations presentation
AWS Cloud organizations presentationTATA LILIAN SHULIKA
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
(CMP201) All You Need To Know About Auto Scaling
(CMP201) All You Need To Know About Auto Scaling(CMP201) All You Need To Know About Auto Scaling
(CMP201) All You Need To Know About Auto ScalingAmazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionErnest Chiang
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019Amazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 

La actualidad más candente (20)

The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in Practice
 
AWS Cloud organizations presentation
AWS Cloud organizations presentationAWS Cloud organizations presentation
AWS Cloud organizations presentation
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
(CMP201) All You Need To Know About Auto Scaling
(CMP201) All You Need To Know About Auto Scaling(CMP201) All You Need To Know About Auto Scaling
(CMP201) All You Need To Know About Auto Scaling
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKS
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & Logging
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
 
Aws Autoscaling
Aws AutoscalingAws Autoscaling
Aws Autoscaling
 
Auto Scaling on AWS
Auto Scaling on AWSAuto Scaling on AWS
Auto Scaling on AWS
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
AWS Storage Options
AWS Storage OptionsAWS Storage Options
AWS Storage Options
 

Similar a Automated Compliance and Governance with AWS Config and AWS CloudTrail - June 2017 AWS Online Tech Talks

Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...Amazon Web Services
 
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Amazon Web Services
 
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...Amazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Raleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management ToolsRaleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management ToolsAmazon Web Services
 
Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Raleigh DevDay 2017: Are you well architected learn best practices to build r...Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Raleigh DevDay 2017: Are you well architected learn best practices to build r...Amazon Web Services
 
Automated Governance of Your AWS Resources
Automated Governance of Your AWS ResourcesAutomated Governance of Your AWS Resources
Automated Governance of Your AWS ResourcesAmazon Web Services
 
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)Amazon Web Services
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...Faiza Mehar
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...Amazon Web Services
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at ScaleAmazon Web Services
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
 
Security Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtSecurity Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtHelen Rogers
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationAmazon Web Services
 
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...AWS Germany
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management ToolsENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management ToolsAmazon Web Services
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools Amazon Web Services
 

Similar a Automated Compliance and Governance with AWS Config and AWS CloudTrail - June 2017 AWS Online Tech Talks (20)

Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...
 
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
 
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Raleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management ToolsRaleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management Tools
 
Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Raleigh DevDay 2017: Are you well architected learn best practices to build r...Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Raleigh DevDay 2017: Are you well architected learn best practices to build r...
 
Automated Governance of Your AWS Resources
Automated Governance of Your AWS ResourcesAutomated Governance of Your AWS Resources
Automated Governance of Your AWS Resources
 
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at Scale
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
 
Security Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtSecurity Best Practices_John Hildebrandt
Security Best Practices_John Hildebrandt
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
 
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management ToolsENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSAmazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWS
 

Último

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Último (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

Automated Compliance and Governance with AWS Config and AWS CloudTrail - June 2017 AWS Online Tech Talks

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sid Gupta (CISSP) Sr. Product Manager, AWS Config June 6, 2017 Automated Compliance and Governance with AWS Config and AWS CloudTrail Chayan Biswas Sr. Product Manager, AWS Config
  • 2. What to expect from the session? • Governance and Compliance – should I care? (yes) • Why automate? • Overview of CloudTrail and Config • Use cases and examples
  • 3. What is Governance and Compliance? Governance is the oversight role and the process by which companies manage and mitigate business risks. Compliance ensures that an organization has the process and internal controls to meet the requirements imposed by the governance body.
  • 4. Do I need Cloud Governance? • Cloud introduces few fundamental changes to traditional IT - Provision IT resources via self-service, APIs - Pay-as-you-go pricing - Dynamic scaling - Resources maybe short lived • Lack of policy and process consistency could negate the benefits of being in the cloud
  • 6. Steps to ensure Governance and Compliance • Understand your IT environment • Document all compliance requirements • Design and implement controls to meet the organization’s compliance requirements • Identify and document controls owned by outside parties • Verify that all control objectives are met
  • 7. Why automate? • Hard to keep track of resource inventory • Numerous compliance requirements (CIS benchmarks, PCI, HIPAA) • Continuous assessment • Growth is good, but it comes with its challenges * CIS Benchmarks
  • 8. AWS Management Tools ― AWS CloudFormation ― AWS Service Catalog ― AWS OpsWorks ― EC2 Systems Manager ― Amazon CloudWatch AWS CloudTrail ― AWS Config ― AWS Trusted Advisor ―
  • 9. Range of capabilities Provision Speed Infra. as code Templatize Agility Self- service Delineated access privilege Guardrails Control Alarm Auto Correct Visibility Audit Trouble- shoot AWS CloudFormation AWS Service Catalog AWS CloudTrail AWS Config Amazon CloudWatch
  • 10. We’ll focus on.. ― AWS CloudFormation ― AWS Service Catalog ― AWS OpsWorks ― EC2 Systems Manager ― Amazon CloudWatch AWS CloudTrail ― AWS Config ― AWS Trusted Advisor ―
  • 11. What is CloudTrail? AWS CloudTrail Amazon CloudWatch S3 Bucket Management Console CLI SDK AWS resources Troubleshoot Monitor, alarm and React Archive and audit
  • 12. What is CloudTrail? • Records API calls made on your AWS account • Delivers logs for audits and compliance • Provides visibility into account activity (API, console logins etc.) • Troubleshoot with look up capability • Alarm and take actions with Amazon CloudWatch • New! S3 Data Events: Get object-level API activity
  • 13. Common Use Cases • Compliance Aid • Security Analysis • Data Exfiltration • Operational Troubleshooting
  • 14. AWS Config Record changing resources AWS Config Config Rules History, Snapshot Notifications API Access Normalized
  • 15. AWS Config • Continuous recording of configuration • Inventory of AWS resources, includes deleted • View resource relationships • New! OS level patches, installed applications, network configuration with EC2 Systems Manager • Check compliance with desired configuration using rules • Pre-built rules by AWS, Custom rules using AWS Lambda • Configuration and Compliance change notifications • Compliance dashboard • GitHub repo: Community sourced rules
  • 16. Common Use Cases • Continuous monitoring • Continuous assessment • Audit and Compliance • Change management • Operational troubleshooting
  • 18. Demo Scenario (Gain visibility into the cloud ) Use CloudTrail to lookup API activity for a specific user, view activity details and configuration changes via AWS Config integration
  • 19.
  • 21. Demo scenario (Automating governance & compliance) Notify the Cloud Admin if there exist any EC2 Security Groups that allow unrestricted access to port 22 (SSH)
  • 22.
  • 24. Demo Scenario (Instance level software configurations) Use EC2 SM to setup inventory collection and use Config to get a complete trackable history of: • OS updates/patches • Installed applications • Network configuration etc. Continuously assess compliance with Config rules.
  • 25.
  • 27. Auto-remediate the issue when an EC2 Security Group that allows unrestricted access to port 22 (SSH) is detected by revoking the ingress rule. Lambda function Amazon SNS Amazon EC2 Security Group: 0.0.0.0/0 Port 22 AWS Configusers Internet Demo scenario (Automating governance & compliance)
  • 28.
  • 29. Code snippet: Fix an EC2 security group
  • 30. Code snippet: Fix an EC2 security group
  • 31. But who watches the watcher? Guardrails Control Alarm Auto Correct Visibility Audit Trouble- shoot
  • 32. Automatically turn on CloudTrail logging if it has been disabled Demo scenario (Automating governance & compliance)
  • 33.
  • 34. Code snippet: Turn on CloudTrail
  • 35. Customers who use CloudTrail and Config
  • 36. Summary CloudTrail and Config provide: • Broad and deep visibility for security and compliance • Governance and Compliance as code • Enable: standardization, self-service, and automation Find out more here: https://aws.amazon.com/cloudtrail/ https://aws.amazon.com/config/ Management tools: https://aws.amazon.com/products/management