SlideShare una empresa de Scribd logo

Networking: New Capabilities for Amazon Virtual Private Cloud

Descargar como PPTX, PDF
Amazon Web Services
Amazon Web Services

Notes on the "Networking: New Capabilities for Amazon Virtual Private Cloud " presentation.

1 de 16
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Networking: New Capabilities for Amazon Virtual Private Cloud Mark Ryland Chief Architect, WWPS markry@amazon.com ©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 New capabilities for Amazon VPC • VPC endpoints – Generic capability – First VPCE available is for S3 • VPC Flow Logs – Netflow-like data from elastic network interfaces
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Problem statement • AWS “abstracted services”[1] generally have service endpoints on the public address side of an AWS region • How best to reach those endpoints from inside your VPC? [1] “AWS Security Best Practices” whitepaper, Nov 2013, p. 7
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Reaching public endpoints Public IPs and IGW Pros • Highly available • Horizontally scalable • Can restrict dest. ports/ CIDRs Cons • Public IPs; security controls are limited • Can reach entire S3 service NAT/PAT server(s) Pros • Central control • All protocols Cons • Availability risks • Scaling hard, limited • Lots of work to manage • Security limitations similar to use of IGW Proxy server(s) Pros • Central control • Can scale fairly well • Many security options Cons • Availability risks • Lots of work to manage and scale • Works only with HTTP/S
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 VPC endpoints to the rescue • No need for public IP addresses, NAT/PAT, or proxies • Highly available; no SPOF • Practically infinite horizontal scalability • Rich security controls
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Rich security controls • New route entry – As many endpoints per VPC as you like, but maximum one assigned route per subnet • New logical destination address for security group outbound traffic rules – Thus, instance-level control through security groups
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Rich security controls (cont.) • Policies on VPC endpoints – Logically, resource policies (not IAM policies) – Constrain principals, actions, destination buckets, paths within buckets • S3 bucket policies – Constrain source VPCs, VPC endpoints, both • All policies ANDed together (IAM, VPC endpoints, S3)
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 VPC endpoint policy example { "Statement": [ { "Sid": "Access-to-specific-bucket-only", "Principal": "*", "Action": [ "s3:GetObject", "s3:PutObject" ], "Effect": "Allow", "Resource": ["arn:aws:s3:::my_secure_bucket", "arn:aws:s3:::my_secure_bucket/*"] } ] }
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 S3 bucket policy example #1 { "Version": "2012-10-17", "Statement": [ { "Sid": "Access-to-specific-VPCE-only", "Principal": "*", "Action": "s3:*", "Effect": "Deny", "Resource": ["arn:aws:s3:::my_secure_bucket", "arn:aws:s3:::my_secure_bucket/*"], "Condition": { "StringNotEquals": { "aws:sourceVpce": "vpce-1a2b3c4d" } } } ] }
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 S3 bucket policy example #2 { "Version": "2012-10-17", "Statement": [ { "Sid": "Access-to-specific-VPC-only", "Principal": "*", "Action": "s3:*", "Effect": "Deny", "Resource": ["arn:aws:s3:::my_secure_bucket", "arn:aws:s3:::my_secure_bucket/*"], "Condition": { "StringNotEquals": { "aws:sourceVpc": "vpc-111bbb22" } } } ] }
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 VPC Flow Logs • Longstanding ask: greater visibility into VPC network behavior – Specifically, what about those security group and network ACL DENY cases? • VPC Flow Logs provide the answer
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 VPC Flow Logs (cont.) • Enabled at the ENI, subnet, or VPC level • Traffic data surfaced as “flow log records” per ENI • Exposed as CloudWatch Log groups and streams • Data accumulated and published to CW Logs at ~10 minute intervals • Normal CloudWatch Logs groups/streams with all related features – For example, new CloudWatch Logs -> Amazon Kinesis stream integration
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Flow Log record (text, space-delimited) Field Description version The VPC Flow Logs version. account-id The AWS account ID for the Flow Log. interface-id The ID of the network interface for which the log stream applies. srcaddr The source IP address. The IP address of the network interface is always its private IP address. dstaddr The destination IP address. The IP address of the network interface is always its private IP address. srcport The source port of the traffic. dstport The destination port of the traffic. protocol The IANA protocol number of the traffic. For more information, go to Assigned Internet Protocol Numbers. packets The number of packets transferred during the capture window. bytes The number of bytes transferred during the capture window. start The time, in Unix seconds, of the start of the capture window. end The time, in Unix seconds, of the end of the capture window. action The action associated with the traffic: ACCEPT: The recorded traffic was permitted by the security group or network ACLs. REJECT: The recorded traffic was not permitted by the security groups or network ACLs. log-status The logging status of the flow log: OK: Data is logging normally to CloudWatch Logs. NODATA: There was no network traffic to or from the network interface during the capture window. SKIPDATA: Some flow log records were skipped during the capture window.
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Example records SSH traffic allowed RDP traffic denied 2 123456789010 eni-abc123de 172.168.1.12 172.168.1.11 49761 3389 6 1 231 1439530000 1439530060 REJECT OK 2 123456789010 eni-abc123de 172.168.1.12 172.168.1.11 20641 22 6 20 4249 1438530010 1438530070 ACCEPT OK
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 VPC networking • Continually advancing the state of the art • Focused on improving control and visibility • Integration with third-party monitoring and management tools • Key element of the AWS increasingly powerful security suite
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Thank You. This presentation will be loaded to SlideShare the week following the Symposium. http://www.slideshare.net/AmazonWebServices AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015

Recomendados

Using AWS Services to Go “All In” on AWS
Using AWS Services to Go “All In” on AWSUsing AWS Services to Go “All In” on AWS
Using AWS Services to Go “All In” on AWSAmazon Web Services
 
Hybrid IT Approach and Technologies on AWS
Hybrid IT Approach and Technologies on AWSHybrid IT Approach and Technologies on AWS
Hybrid IT Approach and Technologies on AWSAmazon Web Services
 
DevOps in the Public Sector: How the Democratic Party Implemented DevOps to M...
DevOps in the Public Sector: How the Democratic Party Implemented DevOps to M...DevOps in the Public Sector: How the Democratic Party Implemented DevOps to M...
DevOps in the Public Sector: How the Democratic Party Implemented DevOps to M...Amazon Web Services
 
Soaring through the Clouds –Live Demo of Setting a World Record in Integratin...
Soaring through the Clouds –Live Demo of Setting a World Record in Integratin...Soaring through the Clouds –Live Demo of Setting a World Record in Integratin...
Soaring through the Clouds –Live Demo of Setting a World Record in Integratin...Lucas Jellema
 
Moving Workloads into AWS GovCloud (US) - AWS Symposium 2014 - Washington D.C.
Moving Workloads into AWS GovCloud (US) - AWS Symposium 2014 - Washington D.C. Moving Workloads into AWS GovCloud (US) - AWS Symposium 2014 - Washington D.C.
Moving Workloads into AWS GovCloud (US) - AWS Symposium 2014 - Washington D.C. Amazon Web Services
 
Introduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud ComputingIntroduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud ComputingAmazon Web Services
 
Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...
Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...
Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...Amazon Web Services
 
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPASecurity & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPAAmazon Web Services
 

Recomendados

Using AWS Services to Go “All In” on AWS
Using AWS Services to Go “All In” on AWSUsing AWS Services to Go “All In” on AWS
Using AWS Services to Go “All In” on AWSAmazon Web Services
 
Hybrid IT Approach and Technologies on AWS
Hybrid IT Approach and Technologies on AWSHybrid IT Approach and Technologies on AWS
Hybrid IT Approach and Technologies on AWSAmazon Web Services
 
DevOps in the Public Sector: How the Democratic Party Implemented DevOps to M...
DevOps in the Public Sector: How the Democratic Party Implemented DevOps to M...DevOps in the Public Sector: How the Democratic Party Implemented DevOps to M...
DevOps in the Public Sector: How the Democratic Party Implemented DevOps to M...Amazon Web Services
 
Soaring through the Clouds –Live Demo of Setting a World Record in Integratin...
Soaring through the Clouds –Live Demo of Setting a World Record in Integratin...Soaring through the Clouds –Live Demo of Setting a World Record in Integratin...
Soaring through the Clouds –Live Demo of Setting a World Record in Integratin...Lucas Jellema
 
Moving Workloads into AWS GovCloud (US) - AWS Symposium 2014 - Washington D.C.
Moving Workloads into AWS GovCloud (US) - AWS Symposium 2014 - Washington D.C. Moving Workloads into AWS GovCloud (US) - AWS Symposium 2014 - Washington D.C.
Moving Workloads into AWS GovCloud (US) - AWS Symposium 2014 - Washington D.C. Amazon Web Services
 
Introduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud ComputingIntroduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud ComputingAmazon Web Services
 
Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...
Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...
Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...Amazon Web Services
 
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPASecurity & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPAAmazon Web Services
 
Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Inve...
Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Inve...Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Inve...
Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Inve...Amazon Web Services
 
Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...
Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...
Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...Amazon Web Services
 
AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 201...
AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 201...AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 201...
AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 201...Amazon Web Services
 
C2S: What’s Next
C2S: What’s NextC2S: What’s Next
C2S: What’s NextAmazon Web Services
 
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017Amazon Web Services
 
Nurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
Nurturing a large GST ecosystem on AWS - Anil Sharma, ChicagoNurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
Nurturing a large GST ecosystem on AWS - Anil Sharma, ChicagoAWS Chicago
 
AWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSAWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSCloudHesive
 
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017Amazon Web Services
 
Compute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS LambdaCompute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS LambdaAmazon Web Services
 
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Amazon Web Services
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail
Automated Compliance and Governance with AWS Config and AWS CloudTrailAutomated Compliance and Governance with AWS Config and AWS CloudTrail
Automated Compliance and Governance with AWS Config and AWS CloudTrailAmazon Web Services
 
Using AWS Lambda for Infrastructure Automation and Beyond
Using AWS Lambda for Infrastructure Automation and BeyondUsing AWS Lambda for Infrastructure Automation and Beyond
Using AWS Lambda for Infrastructure Automation and BeyondNick Tursky
 
Serverless Microservices
Serverless MicroservicesServerless Microservices
Serverless MicroservicesAmazon Web Services
 
Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...
Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...
Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...AWS Chicago
 
"Cars.com Journey to AWS Cloud" by Naresh Chintalcheru at Cars.com July 11 20...
"Cars.com Journey to AWS Cloud" by Naresh Chintalcheru at Cars.com July 11 20..."Cars.com Journey to AWS Cloud" by Naresh Chintalcheru at Cars.com July 11 20...
"Cars.com Journey to AWS Cloud" by Naresh Chintalcheru at Cars.com July 11 20...AWS Chicago
 
Data-Driven Civic Innovation
Data-Driven Civic InnovationData-Driven Civic Innovation
Data-Driven Civic InnovationAmazon Web Services
 
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C.
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C. AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C.
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C. Amazon Web Services
 
AWS for Aufzugswächter
AWS for AufzugswächterAWS for Aufzugswächter
AWS for Aufzugswächterorless
 
Introduction to aws data pipeline services
Introduction to aws data pipeline servicesIntroduction to aws data pipeline services
Introduction to aws data pipeline servicesArcBlock
 
Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...
Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...
Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...Amazon Web Services
 
10 stories
10 stories10 stories
10 storiesAlan Doherty
 
Hbd, Llc. Master Profile
Hbd, Llc. Master ProfileHbd, Llc. Master Profile
Hbd, Llc. Master Profiletmcs1959
 

Más contenido relacionado

La actualidad más candente

Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Inve...
Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Inve...Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Inve...
Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Inve...Amazon Web Services
 
Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...
Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...
Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...Amazon Web Services
 
AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 201...
AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 201...AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 201...
AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 201...Amazon Web Services
 
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017Amazon Web Services
 
Nurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
Nurturing a large GST ecosystem on AWS - Anil Sharma, ChicagoNurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
Nurturing a large GST ecosystem on AWS - Anil Sharma, ChicagoAWS Chicago
 
AWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSAWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSCloudHesive
 
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017Amazon Web Services
 
Compute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS LambdaCompute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS LambdaAmazon Web Services
 
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Amazon Web Services
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail
Automated Compliance and Governance with AWS Config and AWS CloudTrailAutomated Compliance and Governance with AWS Config and AWS CloudTrail
Automated Compliance and Governance with AWS Config and AWS CloudTrailAmazon Web Services
 
Using AWS Lambda for Infrastructure Automation and Beyond
Using AWS Lambda for Infrastructure Automation and BeyondUsing AWS Lambda for Infrastructure Automation and Beyond
Using AWS Lambda for Infrastructure Automation and BeyondNick Tursky
 
Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...
Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...
Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...AWS Chicago
 
"Cars.com Journey to AWS Cloud" by Naresh Chintalcheru at Cars.com July 11 20...
"Cars.com Journey to AWS Cloud" by Naresh Chintalcheru at Cars.com July 11 20..."Cars.com Journey to AWS Cloud" by Naresh Chintalcheru at Cars.com July 11 20...
"Cars.com Journey to AWS Cloud" by Naresh Chintalcheru at Cars.com July 11 20...AWS Chicago
 
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C.
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C. AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C.
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C. Amazon Web Services
 
AWS for Aufzugswächter
AWS for AufzugswächterAWS for Aufzugswächter
AWS for Aufzugswächterorless
 
Introduction to aws data pipeline services
Introduction to aws data pipeline servicesIntroduction to aws data pipeline services
Introduction to aws data pipeline servicesArcBlock
 
Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...
Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...
Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...Amazon Web Services
 

La actualidad más candente (20)

Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Inve...
Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Inve...Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Inve...
Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Inve...
 
Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...
Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...
Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...
 
AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 201...
AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 201...AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 201...
AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 201...
 
C2S: What’s Next
C2S: What’s NextC2S: What’s Next
C2S: What’s Next
 
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
 
Nurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
Nurturing a large GST ecosystem on AWS - Anil Sharma, ChicagoNurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
Nurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
 
AWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSAWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWS
 
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017
 
Compute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS LambdaCompute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS Lambda
 
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail
Automated Compliance and Governance with AWS Config and AWS CloudTrailAutomated Compliance and Governance with AWS Config and AWS CloudTrail
Automated Compliance and Governance with AWS Config and AWS CloudTrail
 
Using AWS Lambda for Infrastructure Automation and Beyond
Using AWS Lambda for Infrastructure Automation and BeyondUsing AWS Lambda for Infrastructure Automation and Beyond
Using AWS Lambda for Infrastructure Automation and Beyond
 
Serverless Microservices
Serverless MicroservicesServerless Microservices
Serverless Microservices
 
Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...
Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...
Kubernetes for Sales Engineers & Solutions Engineers–You Too Can Leverage Kub...
 
"Cars.com Journey to AWS Cloud" by Naresh Chintalcheru at Cars.com July 11 20...
"Cars.com Journey to AWS Cloud" by Naresh Chintalcheru at Cars.com July 11 20..."Cars.com Journey to AWS Cloud" by Naresh Chintalcheru at Cars.com July 11 20...
"Cars.com Journey to AWS Cloud" by Naresh Chintalcheru at Cars.com July 11 20...
 
Data-Driven Civic Innovation
Data-Driven Civic InnovationData-Driven Civic Innovation
Data-Driven Civic Innovation
 
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C.
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C. AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C.
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C.
 
AWS for Aufzugswächter
AWS for AufzugswächterAWS for Aufzugswächter
AWS for Aufzugswächter
 
Introduction to aws data pipeline services
Introduction to aws data pipeline servicesIntroduction to aws data pipeline services
Introduction to aws data pipeline services
 
Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...
Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...
Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory ...
 

Destacado

Hbd, Llc. Master Profile
Hbd, Llc. Master ProfileHbd, Llc. Master Profile
Hbd, Llc. Master Profiletmcs1959
 
AWS November Webinar Series - Get Started with Automated Mobile Application T...
AWS November Webinar Series - Get Started with Automated Mobile Application T...AWS November Webinar Series - Get Started with Automated Mobile Application T...
AWS November Webinar Series - Get Started with Automated Mobile Application T...Amazon Web Services
 
The Amazon Basin - a Contested Landscape
The Amazon Basin - a Contested LandscapeThe Amazon Basin - a Contested Landscape
The Amazon Basin - a Contested LandscapeAlan Doherty
 
The Promise of Authority in Social Scholarship
The Promise of Authority in Social ScholarshipThe Promise of Authority in Social Scholarship
The Promise of Authority in Social Scholarshiplcohen
 
Living Labs for Territorial Innovation
Living Labs for Territorial InnovationLiving Labs for Territorial Innovation
Living Labs for Territorial Innovationjexxon
 
Droog Showroom Design - final version
Droog Showroom Design - final versionDroog Showroom Design - final version
Droog Showroom Design - final versionjin.fan
 
Sales Management For Extreme Sales Results
Sales Management For Extreme Sales ResultsSales Management For Extreme Sales Results
Sales Management For Extreme Sales ResultsCallidus Software
 
Project overview
Project overviewProject overview
Project overviewjexxon
 
GeoNews - La Niña
GeoNews - La NiñaGeoNews - La Niña
GeoNews - La NiñaAlan Doherty
 
Stefano Ricci, Privacy & Cloud Computing
Stefano Ricci, Privacy & Cloud ComputingStefano Ricci, Privacy & Cloud Computing
Stefano Ricci, Privacy & Cloud ComputingAndrea Rossetti
 
Podcasting Inside the Evil Empire
Podcasting Inside the Evil EmpirePodcasting Inside the Evil Empire
Podcasting Inside the Evil EmpireMartha Rotter
 
Materials 4t
Materials 4tMaterials 4t
Materials 4tmarblocs
 
Budgeting and Funding - Lecture for Preservation & Presentation of the Moving...
Budgeting and Funding - Lecture for Preservation & Presentation of the Moving...Budgeting and Funding - Lecture for Preservation & Presentation of the Moving...
Budgeting and Funding - Lecture for Preservation & Presentation of the Moving...Geert Wissink
 
European project Sun.Com Social Networks for Educators
European project Sun.Com Social Networks for EducatorsEuropean project Sun.Com Social Networks for Educators
European project Sun.Com Social Networks for EducatorsJoel Josephson
 

Destacado (20)

10 stories
10 stories10 stories
10 stories
 
Hbd, Llc. Master Profile
Hbd, Llc. Master ProfileHbd, Llc. Master Profile
Hbd, Llc. Master Profile
 
AWS November Webinar Series - Get Started with Automated Mobile Application T...
AWS November Webinar Series - Get Started with Automated Mobile Application T...AWS November Webinar Series - Get Started with Automated Mobile Application T...
AWS November Webinar Series - Get Started with Automated Mobile Application T...
 
The Amazon Basin - a Contested Landscape
The Amazon Basin - a Contested LandscapeThe Amazon Basin - a Contested Landscape
The Amazon Basin - a Contested Landscape
 
The Promise of Authority in Social Scholarship
The Promise of Authority in Social ScholarshipThe Promise of Authority in Social Scholarship
The Promise of Authority in Social Scholarship
 
Living Labs for Territorial Innovation
Living Labs for Territorial InnovationLiving Labs for Territorial Innovation
Living Labs for Territorial Innovation
 
Droog Showroom Design - final version
Droog Showroom Design - final versionDroog Showroom Design - final version
Droog Showroom Design - final version
 
Sales Management For Extreme Sales Results
Sales Management For Extreme Sales ResultsSales Management For Extreme Sales Results
Sales Management For Extreme Sales Results
 
Amanda
AmandaAmanda
Amanda
 
Project overview
Project overviewProject overview
Project overview
 
My Test
My TestMy Test
My Test
 
Beware the Shiny!
Beware the Shiny!Beware the Shiny!
Beware the Shiny!
 
Land and Light
Land and LightLand and Light
Land and Light
 
GeoNews - La Niña
GeoNews - La NiñaGeoNews - La Niña
GeoNews - La Niña
 
Stefano Ricci, Privacy & Cloud Computing
Stefano Ricci, Privacy & Cloud ComputingStefano Ricci, Privacy & Cloud Computing
Stefano Ricci, Privacy & Cloud Computing
 
Podcasting Inside the Evil Empire
Podcasting Inside the Evil EmpirePodcasting Inside the Evil Empire
Podcasting Inside the Evil Empire
 
Materials 4t
Materials 4tMaterials 4t
Materials 4t
 
CBS Outdoor 5 of 5
CBS Outdoor 5 of 5CBS Outdoor 5 of 5
CBS Outdoor 5 of 5
 
Budgeting and Funding - Lecture for Preservation & Presentation of the Moving...
Budgeting and Funding - Lecture for Preservation & Presentation of the Moving...Budgeting and Funding - Lecture for Preservation & Presentation of the Moving...
Budgeting and Funding - Lecture for Preservation & Presentation of the Moving...
 
European project Sun.Com Social Networks for Educators
European project Sun.Com Social Networks for EducatorsEuropean project Sun.Com Social Networks for Educators
European project Sun.Com Social Networks for Educators
 

Similar a Networking: New Capabilities for Amazon Virtual Private Cloud

Practical Steps to Hack Proofing AWS
Practical Steps to Hack Proofing AWSPractical Steps to Hack Proofing AWS
Practical Steps to Hack Proofing AWSAmazon Web Services
 
Running Microsoft Workloads on AWS
Running Microsoft Workloads on AWSRunning Microsoft Workloads on AWS
Running Microsoft Workloads on AWSAmazon Web Services
 
Enhanced Security and Compliance with AWS
Enhanced Security and Compliance with AWSEnhanced Security and Compliance with AWS
Enhanced Security and Compliance with AWSAmazon Web Services
 
C2S Tech Tips: Rapid Prototyping
C2S Tech Tips: Rapid PrototypingC2S Tech Tips: Rapid Prototyping
C2S Tech Tips: Rapid PrototypingAmazon Web Services
 
Transparency and Control with AWS CloudTrail and AWS Config
Transparency and Control with AWS CloudTrail and AWS ConfigTransparency and Control with AWS CloudTrail and AWS Config
Transparency and Control with AWS CloudTrail and AWS ConfigAmazon Web Services
 
AWS Power Tools: Advanced AWS CloudFormation and CLI
AWS Power Tools: Advanced AWS CloudFormation and CLIAWS Power Tools: Advanced AWS CloudFormation and CLI
AWS Power Tools: Advanced AWS CloudFormation and CLIAmazon Web Services
 
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...Amazon Web Services
 
Scaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services PatternsScaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services PatternsAmazon Web Services
 
Scaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services PatternsScaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services PatternsAmazon Web Services
 
AWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - HoustonAWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - HoustonNicole Maus
 
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessThe Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessAmazon Web Services
 
AWS Summit Auckland - Fundamentals of Networking in AWS
AWS Summit Auckland - Fundamentals of Networking in AWSAWS Summit Auckland - Fundamentals of Networking in AWS
AWS Summit Auckland - Fundamentals of Networking in AWSAmazon Web Services
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionYour First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionAmazon Web Services
 
Disaster Recovery of On-Premises IT Infrastructure with AWS
Disaster Recovery of On-Premises IT Infrastructure with AWSDisaster Recovery of On-Premises IT Infrastructure with AWS
Disaster Recovery of On-Premises IT Infrastructure with AWSAmazon Web Services
 
ModernizationAWS.pdf
ModernizationAWS.pdfModernizationAWS.pdf
ModernizationAWS.pdfIsmailCassiem
 
Introduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud ComputingIntroduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud ComputingAmazon Web Services
 
Securing your vpc in aws
Securing your vpc in awsSecuring your vpc in aws
Securing your vpc in awsvinoth kumar
 

Similar a Networking: New Capabilities for Amazon Virtual Private Cloud (20)

Practical Steps to Hack Proofing AWS
Practical Steps to Hack Proofing AWSPractical Steps to Hack Proofing AWS
Practical Steps to Hack Proofing AWS
 
Running Microsoft Workloads on AWS
Running Microsoft Workloads on AWSRunning Microsoft Workloads on AWS
Running Microsoft Workloads on AWS
 
Enhanced Security and Compliance with AWS
Enhanced Security and Compliance with AWSEnhanced Security and Compliance with AWS
Enhanced Security and Compliance with AWS
 
C2S Tech Tips: Rapid Prototyping
C2S Tech Tips: Rapid PrototypingC2S Tech Tips: Rapid Prototyping
C2S Tech Tips: Rapid Prototyping
 
Transparency and Control with AWS CloudTrail and AWS Config
Transparency and Control with AWS CloudTrail and AWS ConfigTransparency and Control with AWS CloudTrail and AWS Config
Transparency and Control with AWS CloudTrail and AWS Config
 
AWS Power Tools: Advanced AWS CloudFormation and CLI
AWS Power Tools: Advanced AWS CloudFormation and CLIAWS Power Tools: Advanced AWS CloudFormation and CLI
AWS Power Tools: Advanced AWS CloudFormation and CLI
 
AWS Direct Connect
AWS Direct ConnectAWS Direct Connect
AWS Direct Connect
 
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
 
Scaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services PatternsScaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services Patterns
 
Scaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services PatternsScaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services Patterns
 
Big Data and Analytics on AWS
Big Data and Analytics on AWS Big Data and Analytics on AWS
Big Data and Analytics on AWS
 
AWS as a Data Platform
AWS as a Data PlatformAWS as a Data Platform
AWS as a Data Platform
 
AWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - HoustonAWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - Houston
 
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessThe Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
 
AWS Summit Auckland - Fundamentals of Networking in AWS
AWS Summit Auckland - Fundamentals of Networking in AWSAWS Summit Auckland - Fundamentals of Networking in AWS
AWS Summit Auckland - Fundamentals of Networking in AWS
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionYour First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
 
Disaster Recovery of On-Premises IT Infrastructure with AWS
Disaster Recovery of On-Premises IT Infrastructure with AWSDisaster Recovery of On-Premises IT Infrastructure with AWS
Disaster Recovery of On-Premises IT Infrastructure with AWS
 
ModernizationAWS.pdf
ModernizationAWS.pdfModernizationAWS.pdf
ModernizationAWS.pdf
 
Introduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud ComputingIntroduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud Computing
 
Securing your vpc in aws
Securing your vpc in awsSecuring your vpc in aws
Securing your vpc in aws
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Networking: New Capabilities for Amazon Virtual Private Cloud

  • 1. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Networking: New Capabilities for Amazon Virtual Private Cloud Mark Ryland Chief Architect, WWPS markry@amazon.com ©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 2. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 New capabilities for Amazon VPC • VPC endpoints – Generic capability – First VPCE available is for S3 • VPC Flow Logs – Netflow-like data from elastic network interfaces
  • 3. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Problem statement • AWS “abstracted services”[1] generally have service endpoints on the public address side of an AWS region • How best to reach those endpoints from inside your VPC? [1] “AWS Security Best Practices” whitepaper, Nov 2013, p. 7
  • 4. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Reaching public endpoints Public IPs and IGW Pros • Highly available • Horizontally scalable • Can restrict dest. ports/ CIDRs Cons • Public IPs; security controls are limited • Can reach entire S3 service NAT/PAT server(s) Pros • Central control • All protocols Cons • Availability risks • Scaling hard, limited • Lots of work to manage • Security limitations similar to use of IGW Proxy server(s) Pros • Central control • Can scale fairly well • Many security options Cons • Availability risks • Lots of work to manage and scale • Works only with HTTP/S
  • 5. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 VPC endpoints to the rescue • No need for public IP addresses, NAT/PAT, or proxies • Highly available; no SPOF • Practically infinite horizontal scalability • Rich security controls
  • 6. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Rich security controls • New route entry – As many endpoints per VPC as you like, but maximum one assigned route per subnet • New logical destination address for security group outbound traffic rules – Thus, instance-level control through security groups
  • 7. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Rich security controls (cont.) • Policies on VPC endpoints – Logically, resource policies (not IAM policies) – Constrain principals, actions, destination buckets, paths within buckets • S3 bucket policies – Constrain source VPCs, VPC endpoints, both • All policies ANDed together (IAM, VPC endpoints, S3)
  • 8. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 VPC endpoint policy example { "Statement": [ { "Sid": "Access-to-specific-bucket-only", "Principal": "*", "Action": [ "s3:GetObject", "s3:PutObject" ], "Effect": "Allow", "Resource": ["arn:aws:s3:::my_secure_bucket", "arn:aws:s3:::my_secure_bucket/*"] } ] }
  • 9. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 S3 bucket policy example #1 { "Version": "2012-10-17", "Statement": [ { "Sid": "Access-to-specific-VPCE-only", "Principal": "*", "Action": "s3:*", "Effect": "Deny", "Resource": ["arn:aws:s3:::my_secure_bucket", "arn:aws:s3:::my_secure_bucket/*"], "Condition": { "StringNotEquals": { "aws:sourceVpce": "vpce-1a2b3c4d" } } } ] }
  • 10. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 S3 bucket policy example #2 { "Version": "2012-10-17", "Statement": [ { "Sid": "Access-to-specific-VPC-only", "Principal": "*", "Action": "s3:*", "Effect": "Deny", "Resource": ["arn:aws:s3:::my_secure_bucket", "arn:aws:s3:::my_secure_bucket/*"], "Condition": { "StringNotEquals": { "aws:sourceVpc": "vpc-111bbb22" } } } ] }
  • 11. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 VPC Flow Logs • Longstanding ask: greater visibility into VPC network behavior – Specifically, what about those security group and network ACL DENY cases? • VPC Flow Logs provide the answer
  • 12. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 VPC Flow Logs (cont.) • Enabled at the ENI, subnet, or VPC level • Traffic data surfaced as “flow log records” per ENI • Exposed as CloudWatch Log groups and streams • Data accumulated and published to CW Logs at ~10 minute intervals • Normal CloudWatch Logs groups/streams with all related features – For example, new CloudWatch Logs -> Amazon Kinesis stream integration
  • 13. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Flow Log record (text, space-delimited) Field Description version The VPC Flow Logs version. account-id The AWS account ID for the Flow Log. interface-id The ID of the network interface for which the log stream applies. srcaddr The source IP address. The IP address of the network interface is always its private IP address. dstaddr The destination IP address. The IP address of the network interface is always its private IP address. srcport The source port of the traffic. dstport The destination port of the traffic. protocol The IANA protocol number of the traffic. For more information, go to Assigned Internet Protocol Numbers. packets The number of packets transferred during the capture window. bytes The number of bytes transferred during the capture window. start The time, in Unix seconds, of the start of the capture window. end The time, in Unix seconds, of the end of the capture window. action The action associated with the traffic: ACCEPT: The recorded traffic was permitted by the security group or network ACLs. REJECT: The recorded traffic was not permitted by the security groups or network ACLs. log-status The logging status of the flow log: OK: Data is logging normally to CloudWatch Logs. NODATA: There was no network traffic to or from the network interface during the capture window. SKIPDATA: Some flow log records were skipped during the capture window.
  • 14. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Example records SSH traffic allowed RDP traffic denied 2 123456789010 eni-abc123de 172.168.1.12 172.168.1.11 49761 3389 6 1 231 1439530000 1439530060 REJECT OK 2 123456789010 eni-abc123de 172.168.1.12 172.168.1.11 20641 22 6 20 4249 1438530010 1438530070 ACCEPT OK
  • 15. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 VPC networking • Continually advancing the state of the art • Focused on improving control and visibility • Integration with third-party monitoring and management tools • Key element of the AWS increasingly powerful security suite
  • 16. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Thank You. This presentation will be loaded to SlideShare the week following the Symposium. http://www.slideshare.net/AmazonWebServices AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015

Notas del editor

  1. Programmable infrastructure allows IT governance to advance from a fully manual people/process mode to an increasingly automated and software-driven mode. In this session, we will examine how the AWS cloud enables advances and best practices in governance and compliance based on APIs and automation.