AWSKRUG 콘퍼런스 - re:Invent 신규 서비스 (박상욱) - 보안, 인프라 관련 서비스 소개
•
5 recomendaciones•1,965 vistas
AWSKRUG 콘퍼런스 - re:Invent 신규 서비스 (박상욱) - 보안, 인프라 관련 서비스 소개
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (18)
Similar a AWSKRUG 콘퍼런스 - re:Invent 신규 서비스 (박상욱) - 보안, 인프라 관련 서비스 소개
Similar a AWSKRUG 콘퍼런스 - re:Invent 신규 서비스 (박상욱) - 보안, 인프라 관련 서비스 소개 (20)
Más de AWSKRUG - AWS한국사용자모임
Más de AWSKRUG - AWS한국사용자모임 (20)
Último
Último (20)
AWSKRUG 콘퍼런스 - re:Invent 신규 서비스 (박상욱) - 보안, 인프라 관련 서비스 소개
- 1. 2015.11.07 AWSKRUG 박 상 욱 AWS re:Invent 2015 AWS 신규 서비스 소개 2015 보안, 인프라 서비스 소개
- 2. ▸ 박 상 욱 ▸ polo149278@gmail.com ▸ CloudNoa CTO & Founder - AWS Consulting Partner ▸ AWSKRUG ▸ AWS Cloud Design Pattern 역자 AWS re:Invent 2015
- 4. AWS re:Invent 2015 ▸ 2015/10/6 ~10/9 ▸ 2015년으로 4회차 ▸ The Venetian - Las Vegas NV ▸ 전세계 19,000명 이상의 참가자 ▸ 한국 - 약 140명 / 일본 - 약 500명 AWS re:Invent 2015
- 5. AWS re:Invent 2015 ▸ Keynote - 신규 서비스 발표 ▸ Repeat 세션 포함 401개 세션 ▸ Bootcamp, Hands-on Lab ▸ Hackathon ▸ AWS Certification Exam ▸ Welcome Reception, Pub Crawl, re:Play Party 등 AWS re:Invent 2015
- 6. AWS re:Invent 2015 AWS re:Invent 2015 ▸ 파트너 부스 약 300개
- 7. AWS re:Invent 2015 AWS re:Invent 2015
- 8. AWS re:Invent 2015 AWS re:Invent 2015 ▸ The Westin Las Vegas Hotel, Casino & Spa
- 9. AWS re:Invent 2015 2016 Ohio 2016 Korea 2016 India 2016~2017 Region 11 + 5 2016~2017 London 2016 China
- 10. 신규 서비스 및 업데이트 1. AWS WAF 2. Amazon QuickSight 3. AWS IoT 4. Amazon Inspector 5. AWS Database Migration Service 6. AWS Import / Export Snowball 7. AWS Config Rules 8. Amazon RDS for MariaDB 9. AWS Mobile Hub 10. AWS Lambda Update AWS re:Invent 2015 11. EC2 X1 instance / T2.nano instance 12. EC2 Spot Block 13. EC2 Dedicated Host 14. Amazon Kinesis Firehose 15. Amazon Kinesis Analytics 16. Amazon API Gateway - Tokyo Region 17. Amazon RDS Aurora - Tokyo Region 18. Amazon EC2 Container Registory 19. Amazon CloudWatch Dashboard 20. AWS CloudFormation Designer
- 11. 신규 서비스 및 업데이트 AWS re:Invent 2015 1. AWS WAF 2. Amazon QuickSight 3. AWS IoT 4. Amazon Inspector 5. AWS Database Migration Service 6. AWS Import / Export Snowball 7. AWS Config Rules 8. Amazon RDS for MariaDB 9. AWS Mobile Hub 10. AWS Lambda Update 11. EC2 X1 instance / T2.nano instance 12. EC2 Spot Block 13. EC2 Dedicated Host 14. Amazon Kinesis Firehose 15. Amazon Kinesis Analytics 16. Amazon API Gateway - Tokyo Region 17. Amazon RDS Aurora - Tokyo Region 18. Amazon EC2 Container Registory 19. Amazon CloudWatch Dashboard 20. AWS CloudFormation Designer
- 12. 신규 서비스 및 업데이트 AWS re:Invent 2015 1. AWS WAF 2. Amazon QuickSight 3. AWS IoT 4. Amazon Inspector 5. AWS Database Migration Service 6. AWS Import / Export Snowball 7. AWS Config Rules 8. Amazon RDS for MariaDB 9. AWS Mobile Hub 10. AWS Lambda Update 11. EC2 X1 instance / T2.nano instance 12. EC2 Spot Block 13. EC2 Dedicated Host 14. Amazon Kinesis Firehose 15. Amazon Kinesis Analytics 16. Amazon API Gateway - Tokyo Region 17. Amazon RDS Aurora - Tokyo Region 18. Amazon EC2 Container Registory 19. Amazon CloudWatch Dashboard 20. AWS CloudFormation Designer
- 13. 1. AWS WAF ▸ WAF - Web Application Firewall ▸ CloudFront + WAF ▸ Conditions (IP address, SQL injection, String matching), Web ACL , Rule, Action ▸ $5 per web ACL ▸ $1 per rule per month ▸ $0.60 per million requests AWS re:Invent 2015 AWS WAF
- 14. 1. AWS WAF AWS re:Invent 2015 Application DDoS Good users Bad guys Web server Database AWS WAF AWS WAF rules: 1: BLOCK requests from bad guys. 2: ALLOW requests from good guys.
- 15. 1. AWS WAF AWS re:Invent 2015 Use transforms to stop evasion Host: www.example.com User-Agent: badbot Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referrer: http://www.example.com/ Connection: keep-alive AWS WAF RAW request headers CloudFront Check: Header “User-Agent” Match Type: Contains Match: “badbot” Action: BLOCK Rule String match condition Scraper bot Match any part of the web request Host: www.example.com User-Agent: Mozilla/5.0 (Macintosh; … Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referrer: http://www.example.com/ Connection: keep-alive AWS WAF RAW request headers CloudFront Check: Header “Referrer” Match Type: Contains Match: “example.com” Action: ALLOW Rule String match condition Good users
- 16. 1. AWS WAF AWS re:Invent 2015 APIs, SDKs, and CLIs! Java Python (boto) PHP .NET Ruby Node.js iOS Android AWS Toolkit for Visual Studio AWS Toolkit for Eclipse AWS Tools for Windows PowerShell AWS CLI JavaScript
- 17. 1. AWS WAF AWS re:Invent 2015 Good users Bad guys Server AWS WAF Update blacklist
- 18. 1. AWS WAF AWS re:Invent 2015 ▸ WAF 테스트 기본 환경 설정 - Web ACL, S3+CloudFront
- 19. 1. AWS WAF AWS re:Invent 2015
- 20. 1. AWS WAF AWS re:Invent 2015
- 21. 1. AWS WAF AWS re:Invent 2015 Amazon S3 CloudFront
- 22. 1. AWS WAF AWS re:Invent 2015
- 23. 1. AWS WAF AWS re:Invent 2015
- 24. 1. AWS WAF AWS re:Invent 2015 ▸ WAF를 이용한 SQL injection 공격 테스트
- 25. 1. AWS WAF AWS re:Invent 2015
- 26. 1. AWS WAF AWS re:Invent 2015
- 27. 1. AWS WAF AWS re:Invent 2015
- 28. 1. AWS WAF AWS re:Invent 2015
- 29. 1. AWS WAF AWS re:Invent 2015
- 30. 1. AWS WAF AWS re:Invent 2015
- 31. 신규 서비스 및 업데이트 AWS re:Invent 2015 1. AWS WAF 2. Amazon QuickSight 3. AWS IoT 4. Amazon Inspector 5. AWS Database Migration Service 6. AWS Import / Export Snowball 7. AWS Config Rules 8. Amazon RDS for MariaDB 9. AWS Mobile Hub 10. AWS Lambda Update 11. EC2 X1 instance / T2.nano instance 12. EC2 Spot Block 13. EC2 Dedicated Host 14. Amazon Kinesis Firehose 15. Amazon Kinesis Analytics 16. Amazon API Gateway - Tokyo Region 17. Amazon RDS Aurora - Tokyo Region 18. Amazon EC2 Container Registory 19. Amazon CloudWatch Dashboard 20. AWS CloudFormation Designer
- 32. 4. Amazon Inspector AWS re:Invent 2015
- 33. 4. Amazon Inspector AWS re:Invent 2015 ▸ 자동 애플리케이션 보안 진단 서비스 ▸ Rule packages/rule을 통한 진단 - AWS 제공 ▸ 실행 간격 - 15분, 1시간, 8시간, 12시간, 1일 ▸ 진단 대상은 태그로 인식 ▸ Automatable via APIs ▸ Inspector Agent
- 34. AWS re:Invent 2015 ▸ CVE (common vulnerabilities and exposures) ▸ Network security best practices ▸ Authentication best practices ▸ Operating system security best practices ▸ Application security best practices ▸ PCI DSS 3.0 readiness (Payment Card Industry Data Security Standard)
- 35. ▸ EC2에 Agent 설치 - Tag 지정 필수 ▸ Configure Inspector - Rule packages ▸ Start 4. Amazon Inspector AWS re:Invent 2015
- 36. ▸ Amazon Linux AMI 2015.03.1 / Ubuntu Server 14.04 LTS ▸ Applications - 50 ▸ Assessments - 500 ▸ Agents - 500 ▸ us-west-2 region (Oregon) 4. Amazon Inspector AWS re:Invent 2015
- 37. 4. Amazon Inspector AWS re:Invent 2015
- 38. 4. Amazon Inspector AWS re:Invent 2015
- 39. 4. Amazon Inspector AWS re:Invent 2015
- 40. 4. Amazon Inspector AWS re:Invent 2015
- 41. 4. Amazon Inspector AWS re:Invent 2015
- 42. 4. Amazon Inspector AWS re:Invent 2015
- 43. 4. Amazon Inspector AWS re:Invent 2015
- 44. 4. Amazon Inspector AWS re:Invent 2015
- 45. 4. Amazon Inspector AWS re:Invent 2015
- 46. 4. Amazon Inspector AWS re:Invent 2015
- 47. 4. Amazon Inspector AWS re:Invent 2015
- 48. 4. Amazon Inspector AWS re:Invent 2015
- 49. 4. Amazon Inspector AWS re:Invent 2015
- 50. 신규 서비스 및 업데이트 AWS re:Invent 2015 1. AWS WAF 2. Amazon QuickSight 3. AWS IoT 4. Amazon Inspector 5. AWS Database Migration Service 6. AWS Import / Export Snowball 7. AWS Config Rules 8. Amazon RDS for MariaDB 9. AWS Mobile Hub 10. AWS Lambda Update 11. EC2 X1 instance / T2.nano instance 12. EC2 Spot Block 13. EC2 Dedicated Host 14. Amazon Kinesis Firehose 15. Amazon Kinesis Analytics 16. Amazon API Gateway - Tokyo Region 17. Amazon RDS Aurora - Tokyo Region 18. Amazon EC2 Container Registory 19. Amazon CloudWatch Dashboard 20. AWS CloudFormation Designer
- 51. 7. AWS Config Rules AWS re:Invent 2015 ▸ AWS Config 란? - AWS 각 리소스의 설정을 가시화 해주는 서비스 - 구성 정보 저장, 검색 / 생성-변경-삭제에 대한 통지 - 각 리소스 간의 관련성 (VPC내에 생성된 인스턴스 등..)
- 52. 7. AWS Config Rules AWS re:Invent 2015 ▸ AWS Config 서비스의 확장 기능 ▸ 지정한 Rule과 리소스 구성 일치 여부 확인 ▸ Managed Rule (현재 7개) / Custom Rule ▸ Rule은 Lambda function으로 구성 ▸ 리소스 생성, 변경 시 - 리소스 ID, Tag로 구분 ▸ 정기 (시간, 기간 등) - 전체 리소스 Config
- 53. 7. AWS Config Rules AWS re:Invent 2015 ▸ VPC내에 존재하지 않는 EC2 - INSTANCES_IN_VPC ▸ 암호화 되지 않은 EBS 볼륨 - ENCRYPTED_VOLUMES ▸ CloudTrail 활성화 - CLOUD_TRAIL_ENABLED ▸ 인바운드 22번 포트 정책이 포함된 SG - INCOMING_SSH_DISABLED ▸ EC2에 어테치 되어 있지 않은 EIP - EIP_ATTACHED ▸ Tag가 없는 리소스 - REQUIRED_TAGS ▸ 특정 포트 정책이 포함된 SG - RESTRICTED_INCOMING_TRAFFIC
- 54. 7. AWS Config Rules AWS re:Invent 2015
- 55. 7. AWS Config Rules AWS re:Invent 2015
- 56. 7. AWS Config Rules AWS re:Invent 2015
- 57. 7. AWS Config Rules AWS re:Invent 2015
- 58. Security DevOps (SecDevOps) AWS re:Invent 2015
- 59. 신규 서비스 및 업데이트 AWS re:Invent 2015 1. AWS WAF 2. Amazon QuickSight 3. AWS IoT 4. Amazon Inspector 5. AWS Database Migration Service 6. AWS Import / Export Snowball 7. AWS Config Rules 8. Amazon RDS for MariaDB 9. AWS Mobile Hub 10. AWS Lambda Update 11. EC2 X1 instance / T2.nano instance 12. EC2 Spot Block 13. EC2 Dedicated Host 14. Amazon Kinesis Firehose 15. Amazon Kinesis Analytics 16. Amazon API Gateway - Tokyo Region 17. Amazon RDS Aurora - Tokyo Region 18. Amazon EC2 Container Registory 19. Amazon CloudWatch Dashboard 20. AWS CloudFormation Designer
- 60. 6. AWS Import / Export Snowball AWS re:Invent 2015 ▸ AWS Import / Export가 이용 가능한 AWS 렌탈 스토리지 ▸ 용량 50 TB / 10Gbps or 1Gbps ▸ 약 22.7kg ▸ 256-bit encryption ▸ 강한 내구성과 방수 ▸ Kindle (GPS) Snowball X 10 500TB / 100G
- 61. 6. AWS Import / Export Snowball AWS re:Invent 2015 E-ink shipping label Ruggedized case “8.5G Impact” All data encrypted end-to-end 50 TB 10G network Rain & dust resistant Tamper-resistant case & electronics
- 62. 6. AWS Import / Export Snowball AWS re:Invent 2015
- 63. 6. AWS Import / Export Snowball AWS re:Invent 2015 ▸ $200 / Job + 배송료 ▸ 10일 이후 부터 $15/day ▸ $0.00/GB to transfer data in ▸ $0.03/GB to transfer data out ▸ Standard Amazon S3 charges apply
- 64. 신규 서비스 및 업데이트 AWS re:Invent 2015 1. AWS WAF 2. Amazon QuickSight 3. AWS IoT 4. Amazon Inspector 5. AWS Database Migration Service 6. AWS Import / Export Snowball 7. AWS Config Rules 8. Amazon RDS for MariaDB 9. AWS Mobile Hub 10. AWS Lambda Update 11. EC2 X1 instance / T2.nano instance 12. EC2 Spot Block 13. EC2 Dedicated Host 14. Amazon Kinesis Firehose 15. Amazon Kinesis Analytics 16. Amazon API Gateway - Tokyo Region 17. Amazon RDS Aurora - Tokyo Region 18. Amazon EC2 Container Registory 19. Amazon CloudWatch Dashboard 20. AWS CloudFormation Designer
- 65. 8. Amazon RDS for MariaDB AWS re:Invent 2015 ▸ MariaDB 10.0.17 ▸ Storage Engine - Aria, XtraDB (default : InnoDB) ▸ parallel replication, thread pooling ▸ All Region, Multi-AZ ▸ 6TB / 30,000 IOPS ▸ 기존 RDS 관리 기능 모두 포함 ▸ RDS for MySQL 가격과 동일
- 66. 신규 서비스 및 업데이트 AWS re:Invent 2015 1. AWS WAF 2. Amazon QuickSight 3. AWS IoT 4. Amazon Inspector 5. AWS Database Migration Service 6. AWS Import / Export Snowball 7. AWS Config Rules 8. Amazon RDS for MariaDB 9. AWS Mobile Hub 10. AWS Lambda Update 11. EC2 X1 instance / T2.nano instance 12. EC2 Spot Block 13. EC2 Dedicated Host 14. Amazon Kinesis Firehose 15. Amazon Kinesis Analytics 16. Amazon API Gateway - Tokyo Region 17. Amazon RDS Aurora - Tokyo Region 18. Amazon EC2 Container Registory 19. Amazon CloudWatch Dashboard 20. AWS CloudFormation Designer
- 67. 17. Amazon RDS Aurora - Tokyo Region AWS re:Invent 2015 ▸ AWS re:Invent 2014에서 발표된 AWS의 RDB ▸ MySQL 5.6 호환성 ▸ Multi-AZ - Read 가능 ▸ SSD 10GB -> 64TB 자동 확장 ▸ db.r3 instance 만 지원 ▸ 데이터는 3AZ에 2개씩, 총 6개의 데이터 복제본이 존재 ▸ MySQL의 5배 성능 / 99.99% 가용성 보장
- 68. 17. Amazon RDS Aurora - Tokyo Region AWS re:Invent 2015
- 69. 17. Amazon RDS Aurora - Tokyo Region AWS re:Invent 2015
- 70. 17. Amazon RDS Aurora - Tokyo Region AWS re:Invent 2015
- 71. 17. Amazon RDS Aurora - Tokyo Region AWS re:Invent 2015
- 72. 신규 서비스 및 업데이트 AWS re:Invent 2015 1. AWS WAF 2. Amazon QuickSight 3. AWS IoT 4. Amazon Inspector 5. AWS Database Migration Service 6. AWS Import / Export Snowball 7. AWS Config Rules 8. Amazon RDS for MariaDB 9. AWS Mobile Hub 10. AWS Lambda Update 11. EC2 X1 instance / T2.nano instance 12. EC2 Spot Block 13. EC2 Dedicated Host 14. Amazon Kinesis Firehose 15. Amazon Kinesis Analytics 16. Amazon API Gateway - Tokyo Region 17. Amazon RDS Aurora - Tokyo Region 18. Amazon EC2 Container Registory 19. Amazon CloudWatch Dashboard 20. AWS CloudFormation Designer
- 73. 5. AWS Database Migration Service AWS re:Invent 2015 ▸ 최소 다운타임으로 데이터베이스 이전 ▸ DB 간 리플리케이션 ▸ Oracle, SQL Server, MySQL, PostgreSQL, Amazon Aurora, MariaDB, Redshift ▸ Oracle→Oracle / Oracle→Aurora / SQL Server→MySQL ▸ 관리 콘솔 / 모니터링 ▸ AWS Schema Conversion Tool : 스키마, 뷰, 프로시져 ▸ T2, C4 instance 비용
- 74. 5. AWS Database Migration Service AWS re:Invent 2015
- 75. 5. AWS Database Migration Service AWS re:Invent 2015
- 76. 5. AWS Database Migration Service AWS re:Invent 2015
- 77. 5. AWS Database Migration Service AWS re:Invent 2015
- 78. 5. AWS Database Migration Service AWS re:Invent 2015
- 79. 5. AWS Database Migration Service AWS re:Invent 2015
- 80. 5. AWS Database Migration Service AWS re:Invent 2015
- 81. ▸ AWS Schema Conversion Tool 5. AWS Database Migration Service AWS re:Invent 2015
- 82. ▸ AWS Schema Conversion Tool 5. AWS Database Migration Service AWS re:Invent 2015
- 83. 5. AWS Database Migration Service AWS re:Invent 2015 RDS AWS Database Migration Service corporate data center RedShift AWS cloud S3
- 84. 신규 서비스 및 업데이트 AWS re:Invent 2015 1. AWS WAF 2. Amazon QuickSight 3. AWS IoT 4. Amazon Inspector 5. AWS Database Migration Service 6. AWS Import / Export Snowball 7. AWS Config Rules 8. Amazon RDS for MariaDB 9. AWS Mobile Hub 10. AWS Lambda Update 11. EC2 X1 instance / T2.nano instance 12. EC2 Spot Block 13. EC2 Dedicated Host 14. Amazon Kinesis Firehose 15. Amazon Kinesis Analytics 16. Amazon API Gateway - Tokyo Region 17. Amazon RDS Aurora - Tokyo Region 18. Amazon EC2 Container Registory 19. Amazon CloudWatch Dashboard 20. AWS CloudFormation Designer
- 85. 19. Amazon CloudWatch Dashboard AWS re:Invent 2015 ▸ 수정이 가능한 metrics dashboard ▸ 1 Dashboard - 50개 메트릭 ▸ text widget - 문자, 이미지 등 ▸ Multi-Region의 metrics 사용 가능 ▸ dashboard $3/월 (3개 무료) CloudWatch
- 86. 19. Amazon CloudWatch Dashboard AWS re:Invent 2015
- 87. 19. Amazon CloudWatch Dashboard AWS re:Invent 2015
- 88. 19. Amazon CloudWatch Dashboard AWS re:Invent 2015
- 89. 19. Amazon CloudWatch Dashboard AWS re:Invent 2015
- 90. 신규 서비스 및 업데이트 AWS re:Invent 2015 1. AWS WAF 2. Amazon QuickSight 3. AWS IoT 4. Amazon Inspector 5. AWS Database Migration Service 6. AWS Import / Export Snowball 7. AWS Config Rules 8. Amazon RDS for MariaDB 9. AWS Mobile Hub 10. AWS Lambda Update 11. EC2 X1 instance / T2.nano instance 12. EC2 Spot Block 13. EC2 Dedicated Host 14. Amazon Kinesis Firehose 15. Amazon Kinesis Analytics 16. Amazon API Gateway - Tokyo Region 17. Amazon RDS Aurora - Tokyo Region 18. Amazon EC2 Container Registory 19. Amazon CloudWatch Dashboard 20. AWS CloudFormation Designer
- 91. 20. AWS CloudFormation Designer AWS re:Invent 2015 ▸ GUI로 CloudFormation 템플릿 생성 ▸ AWS 모든 서비스 지원 ▸ Create, Update, Validation ▸ Open - Local files / S3 / stack ▸ Save - Local files / launch stack ▸ JSON Editor AWS CloudFormation
- 92. 20. AWS CloudFormation Designer AWS re:Invent 2015
- 93. 20. AWS CloudFormation Designer AWS re:Invent 2015 CTRL + SPACE
- 94. # AWS Professional Services Architecting Workshop AWS re:Invent 2015
- 95. TEXT
- 96. TEXT
- 97. TEXT
- 98. AWS re:Invent 2016 ▸ 2016/11/29 ~12/2 ▸ The Venetian - Las Vegas NV ▸ 한국 - 약 400명 ??? ▸ @AWS Korea - 저렴한 re:Invent 여행 상품 만들어 주세요!! AWS re:Invent 2015