SlideShare una empresa de Scribd logo

Devina Dhawan's talk - Women and non binary focused intro to AWS

AWS Chicago
AWS Chicago

"Transitioning to AWS in a Hurry Without Getting Owned" - Devina Dhawan, Security Engineer at Etsy // @TheUlzo

Tecnología
1 de 39
Descargar para leer sin conexión
Transitioning to AWS in a hurry without getting owned (Hopefully...) Devina Dhawan 02/06/2017 - Women & Non-Binary Focused intro to AWS Email: 3@etsy.com Twitter: @theulzo 1
Introduction 2 ● Etsy (Jan 2015 - Present) ● Orbitz (May 2014 - Dec 2015) ● University of Illinois in Chicago
Etsy operates a global marketplace where people around the world connect, both online and offline, to make, sell and buy unique goods. 3
Security at Etsy 4 ● Evangelizing Security at Etsy ○ Candy is a great way to make friends ○ Allow the conversation about security to be comfortable and inviting.
What is this talk about? • I will help you improve your existing AWS infrastructure • You will walk away with action items • http://bit.ly/2EnZU1q 5
“Securing Amazon Web Services” 6
7 - Traditional bare metal - Minimal footprint in the clouds Infrastructure
Where to begin?
9 ● Evident.io ○ Scans of configurations to see if anything is misconfigured ● Password policies? ● Multi-factor Authentication ● Jira Tickets Evident.io
10 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Scout2 ● Github Page: https://github.com/nccgro up/Scout2 ● Reports for all accounts ● Tie that into alerts manually
12 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Changes I made… like a goon • Password policy to the highest scrutiny • Removed all admin roles from accounts that didn’t need them (aka hadn’t used aws in 2 yrs and didn’t have any api keys tied to their user) 13
Password Policies
My first Etsy communication Hello X, Looks like you still do not have MFA set up on your AWS account. Go ahead and go to Identity & Access Management in your Amazon Web Services console -> find your username -> Manage MFA Device. Note: If you no longer need your AWS account, please let me know! Devina
Version 2.0 Hello X, Looks like you still do not have MFA set up on your AWS account. It looks like you used your AWS account recently as well, so please sign up for MFA by 03/31/16 or your account will be suspended. Go ahead and go to Identity & Access Management in your Amazon Web Services console -> find your username -> Manage MFA Device. Note: If you no longer need your AWS account, please let me know! Your neighborhood candy provider, Devina
Oops...
Multiple statements which allow you to: ● Resync MFA devices ● Deactivate MFA devices ● List MFA devices ● Primary, management Other policies: ● Forcing MFA
Oof…
Aws-cli for account creation Becoming really used to the aws client is really useful too!
Using Terraform for IAM ● What is terraform? ● What can it do? ○ Static creds ○ Environment variables ○ Shared creds ○ EC2 Roles
Static Creds
23 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Logging in AWS - Cloudtrail
ELK
Alert Types Email: ● Daily Roundup Emails ○ No production impacting ● High Risk Alerts ○ Enough resources to handle IRC/Slack/Jabber: ● Slack & Dropbox Collect the alerts: ● Splunk ● 411 / Elastalert
30 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Scout2 # Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Inbound/Outbound
EC2 Roles
33 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Scout2 # Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
Bucket Policies
● Bug Bounties at Etsy: https://www.etsy.com/bounty ● S3 Scanner Github: https://github.com/bear/s3scan ○ Report of all s3 buckets and perms ○ Likely how bountiers are finding out about your misconfigured policies.
38 So… it happened, what do I do now? ❏ Write down all the systems you need to take care of ❏ Find out what you need to fix on all systems, write that down ❏ Start with the low-hanging fruit ❏ Over communicate what you are doing. ❏ Work with networking on the AWS network ❏ Create default rulesets & roles ❏ Work with IT/helpdesk to handle account provisioning ❏ Work with systems engineering to handle provisioning of services ❏ … profit?
THANKS! 3@etsy.com @theulzo

Recomendados

MJ Berends talk - Women & Non-Binary Focused Intro to AWS
MJ Berends talk - Women & Non-Binary Focused Intro to AWS MJ Berends talk - Women & Non-Binary Focused Intro to AWS
MJ Berends talk - Women & Non-Binary Focused Intro to AWSAWS Chicago
 
Introduction 2 to aws and storage options
Introduction 2 to aws and storage optionsIntroduction 2 to aws and storage options
Introduction 2 to aws and storage optionsSzilveszter Molnár
 
Introduction to scaling your WordPress site past a single node using AWS
Introduction to scaling your WordPress site past a single node using AWSIntroduction to scaling your WordPress site past a single node using AWS
Introduction to scaling your WordPress site past a single node using AWSWP Engine
 
Intro To Serverless ClojureScript
Intro To Serverless ClojureScriptIntro To Serverless ClojureScript
Intro To Serverless ClojureScriptJim Lynch
 
WordCamp IL 2016 - WordPress Scale on AWS
WordCamp IL 2016 - WordPress Scale on AWSWordCamp IL 2016 - WordPress Scale on AWS
WordCamp IL 2016 - WordPress Scale on AWSBoaz Ziniman
 
Containerize all the things!
Containerize all the things!Containerize all the things!
Containerize all the things!Mike Melusky
 
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)Seven Peaks Speaks
 
AWS KSS
AWS KSSAWS KSS
AWS KSSNeeleEilers
 

Recomendados

MJ Berends talk - Women & Non-Binary Focused Intro to AWS
MJ Berends talk - Women & Non-Binary Focused Intro to AWS MJ Berends talk - Women & Non-Binary Focused Intro to AWS
MJ Berends talk - Women & Non-Binary Focused Intro to AWSAWS Chicago
 
Introduction 2 to aws and storage options
Introduction 2 to aws and storage optionsIntroduction 2 to aws and storage options
Introduction 2 to aws and storage optionsSzilveszter Molnár
 
Introduction to scaling your WordPress site past a single node using AWS
Introduction to scaling your WordPress site past a single node using AWSIntroduction to scaling your WordPress site past a single node using AWS
Introduction to scaling your WordPress site past a single node using AWSWP Engine
 
Intro To Serverless ClojureScript
Intro To Serverless ClojureScriptIntro To Serverless ClojureScript
Intro To Serverless ClojureScriptJim Lynch
 
WordCamp IL 2016 - WordPress Scale on AWS
WordCamp IL 2016 - WordPress Scale on AWSWordCamp IL 2016 - WordPress Scale on AWS
WordCamp IL 2016 - WordPress Scale on AWSBoaz Ziniman
 
Containerize all the things!
Containerize all the things!Containerize all the things!
Containerize all the things!Mike Melusky
 
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)
Structuring node.js projects - Seven Peaks Software (Node.JS Meetup 18 nov 2021)Seven Peaks Speaks
 
AWS KSS
AWS KSSAWS KSS
AWS KSSNeeleEilers
 
Signal r azurepresentation
Signal r azurepresentationSignal r azurepresentation
Signal r azurepresentationJustin Wendlandt
 
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech TalksUsing Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech TalksAmazon Web Services
 
Serverless Systems: The Future is Here
Serverless Systems: The Future is HereServerless Systems: The Future is Here
Serverless Systems: The Future is Heregedoplan
 
Serverless Computing with AWS
Serverless Computing with AWSServerless Computing with AWS
Serverless Computing with AWSTransferWiseSG
 
Dockercon plugins session
Dockercon plugins sessionDockercon plugins session
Dockercon plugins sessionWeaveworks
 
NDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsNDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsRyan Green
 
DNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your termsDNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your termsJess Coburn
 
A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015Weaveworks
 
TDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBTDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBValeri Karpov
 
Cloud Amazon Service
Cloud Amazon Service Cloud Amazon Service
Cloud Amazon Service Remo Sam
 
Dev-Friendly Ops
Dev-Friendly OpsDev-Friendly Ops
Dev-Friendly OpsJosh Schramm
 
AWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsAWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsPiyush Agrawal
 
WordPress Development Environments
WordPress Development EnvironmentsWordPress Development Environments
WordPress Development EnvironmentsJosh Cummings
 
Inrastructure as Code
Inrastructure as CodeInrastructure as Code
Inrastructure as CodeCharles Anderson
 
Level 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – VersentLevel 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – VersentAmazon Web Services
 
WordPress Deployment
WordPress DeploymentWordPress Deployment
WordPress DeploymentSwain Strickland
 
Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)Aswin Juari
 
Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)Julien SIMON
 
AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton AWSCOMSUM
 
Cassandra Development Nirvana
Cassandra Development Nirvana Cassandra Development Nirvana
Cassandra Development Nirvana DataStax
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedDeborah Schalm
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedDevOps.com
 

Más contenido relacionado

La actualidad más candente

Signal r azurepresentation
Signal r azurepresentationSignal r azurepresentation
Signal r azurepresentationJustin Wendlandt
 
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech TalksUsing Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech TalksAmazon Web Services
 
Serverless Systems: The Future is Here
Serverless Systems: The Future is HereServerless Systems: The Future is Here
Serverless Systems: The Future is Heregedoplan
 
Serverless Computing with AWS
Serverless Computing with AWSServerless Computing with AWS
Serverless Computing with AWSTransferWiseSG
 
Dockercon plugins session
Dockercon plugins sessionDockercon plugins session
Dockercon plugins sessionWeaveworks
 
NDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsNDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsRyan Green
 
DNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your termsDNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your termsJess Coburn
 
A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015Weaveworks
 
TDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBTDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBValeri Karpov
 
Cloud Amazon Service
Cloud Amazon Service Cloud Amazon Service
Cloud Amazon Service Remo Sam
 
AWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsAWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsPiyush Agrawal
 
WordPress Development Environments
WordPress Development EnvironmentsWordPress Development Environments
WordPress Development EnvironmentsJosh Cummings
 
Level 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – VersentLevel 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – VersentAmazon Web Services
 
Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)Aswin Juari
 
Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)Julien SIMON
 
AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton AWSCOMSUM
 
Cassandra Development Nirvana
Cassandra Development Nirvana Cassandra Development Nirvana
Cassandra Development Nirvana DataStax
 

La actualidad más candente (20)

Signal r azurepresentation
Signal r azurepresentationSignal r azurepresentation
Signal r azurepresentation
 
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech TalksUsing Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
Using Jupyter Notebooks to Run Deep Learning Algorithms - AWS Online Tech Talks
 
Serverless Systems: The Future is Here
Serverless Systems: The Future is HereServerless Systems: The Future is Here
Serverless Systems: The Future is Here
 
Serverless Computing with AWS
Serverless Computing with AWSServerless Computing with AWS
Serverless Computing with AWS
 
Dockercon plugins session
Dockercon plugins sessionDockercon plugins session
Dockercon plugins session
 
NDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design PatternsNDev Talk - Serverless Design Patterns
NDev Talk - Serverless Design Patterns
 
DNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your termsDNN & The CloudOS: Windows Azure on your terms
DNN & The CloudOS: Windows Azure on your terms
 
A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015
 
TDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBTDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDB
 
Cloud Amazon Service
Cloud Amazon Service Cloud Amazon Service
Cloud Amazon Service
 
Dev-Friendly Ops
Dev-Friendly OpsDev-Friendly Ops
Dev-Friendly Ops
 
AWS Cloudfront Fundamentals
AWS Cloudfront FundamentalsAWS Cloudfront Fundamentals
AWS Cloudfront Fundamentals
 
WordPress Development Environments
WordPress Development EnvironmentsWordPress Development Environments
WordPress Development Environments
 
Inrastructure as Code
Inrastructure as CodeInrastructure as Code
Inrastructure as Code
 
Level 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – VersentLevel 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – Versent
 
WordPress Deployment
WordPress DeploymentWordPress Deployment
WordPress Deployment
 
Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)Using Aws As A Game Server (AWS UG Bandung)
Using Aws As A Game Server (AWS UG Bandung)
 
Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)Moving Viadeo to AWS (2015)
Moving Viadeo to AWS (2015)
 
AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton AWS systems manager | Francisco edilton
AWS systems manager | Francisco edilton
 
Cassandra Development Nirvana
Cassandra Development Nirvana Cassandra Development Nirvana
Cassandra Development Nirvana
 

Similar a Devina Dhawan's talk - Women and non binary focused intro to AWS

Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedDeborah Schalm
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedDevOps.com
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?Ken Johnson
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
 
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...Amazon Web Services
 
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOpsIn the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOpsGarth Boyd
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaChris Farris
 
Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3aspyker
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriOWASP Delhi
 
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?Ken Johnson
 
AWS & Infrastructure Hardening - Cloud Infrastructure Security
AWS & Infrastructure Hardening - Cloud Infrastructure SecurityAWS & Infrastructure Hardening - Cloud Infrastructure Security
AWS & Infrastructure Hardening - Cloud Infrastructure SecurityNutanix Beam
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore apponix123
 
User Credential handling in Web Applications done right
User Credential handling in Web Applications done rightUser Credential handling in Web Applications done right
User Credential handling in Web Applications done righttladesignz
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance John Varghese
 
Jump Start your First Hour with AWS
Jump Start your First Hour with AWSJump Start your First Hour with AWS
Jump Start your First Hour with AWSAmazon Web Services
 
Wrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS AccountsWrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS AccountsAndrew Bienert
 
004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptxnitinscribd
 
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17John Martinez
 
Top 23 Things Not to Do in AWS
Top 23 Things Not to Do in AWSTop 23 Things Not to Do in AWS
Top 23 Things Not to Do in AWSErvan Setiawan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Similar a Devina Dhawan's talk - Women and non binary focused intro to AWS (20)

Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
 
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
 
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOpsIn the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
In the Cloud, nobody can hear you scream: AWS Cloud Security for DevOps
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit Atlanta
 
Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit Giri
 
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
 
AWS & Infrastructure Hardening - Cloud Infrastructure Security
AWS & Infrastructure Hardening - Cloud Infrastructure SecurityAWS & Infrastructure Hardening - Cloud Infrastructure Security
AWS & Infrastructure Hardening - Cloud Infrastructure Security
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 
User Credential handling in Web Applications done right
User Credential handling in Web Applications done rightUser Credential handling in Web Applications done right
User Credential handling in Web Applications done right
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
 
Jump Start your First Hour with AWS
Jump Start your First Hour with AWSJump Start your First Hour with AWS
Jump Start your First Hour with AWS
 
Wrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS AccountsWrangling Security & Identity across 99+ AWS Accounts
Wrangling Security & Identity across 99+ AWS Accounts
 
004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx
 
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
Shared Security Responsibilities in AWS - LA AWS User Meetup - 2014-07-17
 
Top 23 Things Not to Do in AWS
Top 23 Things Not to Do in AWSTop 23 Things Not to Do in AWS
Top 23 Things Not to Do in AWS
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Más de AWS Chicago

AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS Chicago
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...AWS Chicago
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxAWS Chicago
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfAWS Chicago
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaAWS Chicago
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxAWS Chicago
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxAWS Chicago
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfAWS Chicago
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxAWS Chicago
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfAWS Chicago
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfAWS Chicago
 
Mohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxMohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxAWS Chicago
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxAWS Chicago
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfAWS Chicago
 
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...AWS Chicago
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxAWS Chicago
 
Michal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdfMichal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdfAWS Chicago
 
Kamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxKamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxAWS Chicago
 
John Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxJohn Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxAWS Chicago
 
JuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxJuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxAWS Chicago
 

Más de AWS Chicago (20)

AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptx
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptx
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Mohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxMohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptx
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdf
 
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptx
 
Michal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdfMichal Brygidyn_CloudHackingScenarios.pdf
Michal Brygidyn_CloudHackingScenarios.pdf
 
Kamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptxKamil Kolodziejski_Structura-AWS.pptx
Kamil Kolodziejski_Structura-AWS.pptx
 
John Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptxJohn Merline AWS Certification FAQ.pptx
John Merline AWS Certification FAQ.pptx
 
JuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptxJuliaFMorgado_Breaking_bad_habits.pptx
JuliaFMorgado_Breaking_bad_habits.pptx
 

Último

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Último (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Devina Dhawan's talk - Women and non binary focused intro to AWS

  • 1. Transitioning to AWS in a hurry without getting owned (Hopefully...) Devina Dhawan 02/06/2017 - Women & Non-Binary Focused intro to AWS Email: 3@etsy.com Twitter: @theulzo 1
  • 2. Introduction 2 ● Etsy (Jan 2015 - Present) ● Orbitz (May 2014 - Dec 2015) ● University of Illinois in Chicago
  • 3. Etsy operates a global marketplace where people around the world connect, both online and offline, to make, sell and buy unique goods. 3
  • 4. Security at Etsy 4 ● Evangelizing Security at Etsy ○ Candy is a great way to make friends ○ Allow the conversation about security to be comfortable and inviting.
  • 5. What is this talk about? • I will help you improve your existing AWS infrastructure • You will walk away with action items • http://bit.ly/2EnZU1q 5
  • 7. 7 - Traditional bare metal - Minimal footprint in the clouds Infrastructure
  • 9. 9 ● Evident.io ○ Scans of configurations to see if anything is misconfigured ● Password policies? ● Multi-factor Authentication ● Jira Tickets Evident.io
  • 10. 10 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 11. Scout2 ● Github Page: https://github.com/nccgro up/Scout2 ● Reports for all accounts ● Tie that into alerts manually
  • 12. 12 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 13. Changes I made… like a goon • Password policy to the highest scrutiny • Removed all admin roles from accounts that didn’t need them (aka hadn’t used aws in 2 yrs and didn’t have any api keys tied to their user) 13
  • 15. My first Etsy communication Hello X, Looks like you still do not have MFA set up on your AWS account. Go ahead and go to Identity & Access Management in your Amazon Web Services console -> find your username -> Manage MFA Device. Note: If you no longer need your AWS account, please let me know! Devina
  • 16. Version 2.0 Hello X, Looks like you still do not have MFA set up on your AWS account. It looks like you used your AWS account recently as well, so please sign up for MFA by 03/31/16 or your account will be suspended. Go ahead and go to Identity & Access Management in your Amazon Web Services console -> find your username -> Manage MFA Device. Note: If you no longer need your AWS account, please let me know! Your neighborhood candy provider, Devina
  • 18. Multiple statements which allow you to: ● Resync MFA devices ● Deactivate MFA devices ● List MFA devices ● Primary, management Other policies: ● Forcing MFA
  • 20. Aws-cli for account creation Becoming really used to the aws client is really useful too!
  • 21. Using Terraform for IAM ● What is terraform? ● What can it do? ○ Static creds ○ Environment variables ○ Shared creds ○ EC2 Roles
  • 23. 23 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Cloudtrail Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 24. Logging in AWS - Cloudtrail
  • 25.
  • 26.
  • 27.
  • 28. ELK
  • 29. Alert Types Email: ● Daily Roundup Emails ○ No production impacting ● High Risk Alerts ○ Enough resources to handle IRC/Slack/Jabber: ● Slack & Dropbox Collect the alerts: ● Splunk ● 411 / Elastalert
  • 30. 30 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Scout2 # Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 33. 33 Low-hanging IAM Fruit # Password Policy # Multi-factor auth Monitoring # Scout2 # Logging EC2 # Netwerkin’ # EC2 Roles S3 # S3 Bucket Policies
  • 35.
  • 36.
  • 37. ● Bug Bounties at Etsy: https://www.etsy.com/bounty ● S3 Scanner Github: https://github.com/bear/s3scan ○ Report of all s3 buckets and perms ○ Likely how bountiers are finding out about your misconfigured policies.
  • 38. 38 So… it happened, what do I do now? ❏ Write down all the systems you need to take care of ❏ Find out what you need to fix on all systems, write that down ❏ Start with the low-hanging fruit ❏ Over communicate what you are doing. ❏ Work with networking on the AWS network ❏ Create default rulesets & roles ❏ Work with IT/helpdesk to handle account provisioning ❏ Work with systems engineering to handle provisioning of services ❏ … profit?