4. AWS re:Invent 2015
▸ 2015/10/6 ~10/9
▸ 2015년으로 4회차
▸ The Venetian - Las Vegas NV
▸ 전세계 19,000명 이상의 참가자
▸ 한국 - 약 140명 / 일본 - 약 500명
AWS re:Invent 2015
5. AWS re:Invent 2015
▸ Keynote - 신규 서비스 발표
▸ Repeat 세션 포함 401개 세션
▸ Bootcamp, Hands-on Lab
▸ Hackathon
▸ AWS Certification Exam
▸ Welcome Reception, Pub Crawl, re:Play Party 등
AWS re:Invent 2015
9. AWS re:Invent 2015
2016 Ohio
2016 Korea
2016 India
2016~2017 Region 11 + 5
2016~2017 London
2016 China
10. 신규 서비스 및 업데이트
1. AWS WAF
2. Amazon QuickSight
3. AWS IoT
4. Amazon Inspector
5. AWS Database Migration Service
6. AWS Import / Export Snowball
7. AWS Config Rules
8. Amazon RDS for MariaDB
9. AWS Mobile Hub
10. AWS Lambda Update
AWS re:Invent 2015
11. EC2 X1 instance / T2.nano instance
12. EC2 Spot Block
13. EC2 Dedicated Host
14. Amazon Kinesis Firehose
15. Amazon Kinesis Analytics
16. Amazon API Gateway - Tokyo Region
17. Amazon RDS Aurora - Tokyo Region
18. Amazon EC2 Container Registory
19. Amazon CloudWatch Dashboard
20. AWS CloudFormation Designer
11. 신규 서비스 및 업데이트
AWS re:Invent 2015
1. AWS WAF
2. Amazon QuickSight
3. AWS IoT
4. Amazon Inspector
5. AWS Database Migration Service
6. AWS Import / Export Snowball
7. AWS Config Rules
8. Amazon RDS for MariaDB
9. AWS Mobile Hub
10. AWS Lambda Update
11. EC2 X1 instance / T2.nano instance
12. EC2 Spot Block
13. EC2 Dedicated Host
14. Amazon Kinesis Firehose
15. Amazon Kinesis Analytics
16. Amazon API Gateway - Tokyo Region
17. Amazon RDS Aurora - Tokyo Region
18. Amazon EC2 Container Registory
19. Amazon CloudWatch Dashboard
20. AWS CloudFormation Designer
12. 신규 서비스 및 업데이트
AWS re:Invent 2015
1. AWS WAF
2. Amazon QuickSight
3. AWS IoT
4. Amazon Inspector
5. AWS Database Migration Service
6. AWS Import / Export Snowball
7. AWS Config Rules
8. Amazon RDS for MariaDB
9. AWS Mobile Hub
10. AWS Lambda Update
11. EC2 X1 instance / T2.nano instance
12. EC2 Spot Block
13. EC2 Dedicated Host
14. Amazon Kinesis Firehose
15. Amazon Kinesis Analytics
16. Amazon API Gateway - Tokyo Region
17. Amazon RDS Aurora - Tokyo Region
18. Amazon EC2 Container Registory
19. Amazon CloudWatch Dashboard
20. AWS CloudFormation Designer
13. 1. AWS WAF
▸ WAF - Web Application Firewall
▸ CloudFront + WAF
▸ Conditions (IP address, SQL injection, String matching),
Web ACL , Rule, Action
▸ $5 per web ACL
▸ $1 per rule per month
▸ $0.60 per million requests
AWS re:Invent 2015
AWS WAF
14. 1. AWS WAF
AWS re:Invent 2015
Application DDoS
Good users
Bad guys
Web server Database
AWS
WAF
AWS WAF rules:
1: BLOCK requests from bad guys.
2: ALLOW requests from good guys.
15. 1. AWS WAF
AWS re:Invent 2015
Use transforms to stop evasion
Host: www.example.com
User-Agent: badbot
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referrer: http://www.example.com/
Connection: keep-alive
AWS
WAF
RAW request headers
CloudFront
Check: Header “User-Agent”
Match Type: Contains
Match: “badbot”
Action: BLOCK
Rule
String match condition
Scraper bot
Match any part of the web request
Host: www.example.com
User-Agent: Mozilla/5.0 (Macintosh; …
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referrer: http://www.example.com/
Connection: keep-alive
AWS
WAF
RAW request headers
CloudFront
Check: Header “Referrer”
Match Type: Contains
Match: “example.com”
Action: ALLOW
Rule
String match condition
Good users
16. 1. AWS WAF
AWS re:Invent 2015
APIs, SDKs, and CLIs!
Java
Python (boto)
PHP
.NET
Ruby
Node.js
iOS
Android
AWS Toolkit for
Visual Studio
AWS Toolkit
for Eclipse
AWS Tools for
Windows
PowerShell
AWS CLI
JavaScript
17. 1. AWS WAF
AWS re:Invent 2015
Good users
Bad guys
Server
AWS WAF
Update
blacklist
18. 1. AWS WAF
AWS re:Invent 2015
▸ WAF 테스트 기본 환경 설정 - Web ACL, S3+CloudFront
33. 4. Amazon Inspector
AWS re:Invent 2015
▸ 자동 애플리케이션 보안 진단 서비스
▸ Rule packages/rule을 통한 진단 - AWS 제공
▸ 실행 간격 - 15분, 1시간, 8시간, 12시간, 1일
▸ 진단 대상은 태그로 인식
▸ Automatable via APIs
▸ Inspector Agent
34. AWS re:Invent 2015
▸ CVE (common vulnerabilities and exposures)
▸ Network security best practices
▸ Authentication best practices
▸ Operating system security best practices
▸ Application security best practices
▸ PCI DSS 3.0 readiness (Payment Card Industry Data
Security Standard)
35. ▸ EC2에 Agent 설치 - Tag 지정 필수
▸ Configure Inspector - Rule packages
▸ Start
4. Amazon Inspector
AWS re:Invent 2015
36. ▸ Amazon Linux AMI 2015.03.1 / Ubuntu Server 14.04 LTS
▸ Applications - 50
▸ Assessments - 500
▸ Agents - 500
▸ us-west-2 region (Oregon)
4. Amazon Inspector
AWS re:Invent 2015
50. 신규 서비스 및 업데이트
AWS re:Invent 2015
1. AWS WAF
2. Amazon QuickSight
3. AWS IoT
4. Amazon Inspector
5. AWS Database Migration Service
6. AWS Import / Export Snowball
7. AWS Config Rules
8. Amazon RDS for MariaDB
9. AWS Mobile Hub
10. AWS Lambda Update
11. EC2 X1 instance / T2.nano instance
12. EC2 Spot Block
13. EC2 Dedicated Host
14. Amazon Kinesis Firehose
15. Amazon Kinesis Analytics
16. Amazon API Gateway - Tokyo Region
17. Amazon RDS Aurora - Tokyo Region
18. Amazon EC2 Container Registory
19. Amazon CloudWatch Dashboard
20. AWS CloudFormation Designer
51. 7. AWS Config Rules
AWS re:Invent 2015
▸ AWS Config 란?
- AWS 각 리소스의 설정을 가시화 해주는 서비스
- 구성 정보 저장, 검색 / 생성-변경-삭제에 대한 통지
- 각 리소스 간의 관련성 (VPC내에 생성된 인스턴스 등..)
52. 7. AWS Config Rules
AWS re:Invent 2015
▸ AWS Config 서비스의 확장 기능
▸ 지정한 Rule과 리소스 구성 일치 여부 확인
▸ Managed Rule (현재 7개) / Custom Rule
▸ Rule은 Lambda function으로 구성
▸ 리소스 생성, 변경 시 - 리소스 ID, Tag로 구분
▸ 정기 (시간, 기간 등) - 전체 리소스
Config
53. 7. AWS Config Rules
AWS re:Invent 2015
▸ VPC내에 존재하지 않는 EC2 - INSTANCES_IN_VPC
▸ 암호화 되지 않은 EBS 볼륨 - ENCRYPTED_VOLUMES
▸ CloudTrail 활성화 - CLOUD_TRAIL_ENABLED
▸ 인바운드 22번 포트 정책이 포함된 SG - INCOMING_SSH_DISABLED
▸ EC2에 어테치 되어 있지 않은 EIP - EIP_ATTACHED
▸ Tag가 없는 리소스 - REQUIRED_TAGS
▸ 특정 포트 정책이 포함된 SG - RESTRICTED_INCOMING_TRAFFIC
63. 6. AWS Import / Export Snowball
AWS re:Invent 2015
▸ $200 / Job + 배송료
▸ 10일 이후 부터 $15/day
▸ $0.00/GB to transfer data in
▸ $0.03/GB to transfer data out
▸ Standard Amazon S3 charges apply
64. 신규 서비스 및 업데이트
AWS re:Invent 2015
1. AWS WAF
2. Amazon QuickSight
3. AWS IoT
4. Amazon Inspector
5. AWS Database Migration Service
6. AWS Import / Export Snowball
7. AWS Config Rules
8. Amazon RDS for MariaDB
9. AWS Mobile Hub
10. AWS Lambda Update
11. EC2 X1 instance / T2.nano instance
12. EC2 Spot Block
13. EC2 Dedicated Host
14. Amazon Kinesis Firehose
15. Amazon Kinesis Analytics
16. Amazon API Gateway - Tokyo Region
17. Amazon RDS Aurora - Tokyo Region
18. Amazon EC2 Container Registory
19. Amazon CloudWatch Dashboard
20. AWS CloudFormation Designer
65. 8. Amazon RDS for MariaDB
AWS re:Invent 2015
▸ MariaDB 10.0.17
▸ Storage Engine - Aria, XtraDB (default : InnoDB)
▸ parallel replication, thread pooling
▸ All Region, Multi-AZ
▸ 6TB / 30,000 IOPS
▸ 기존 RDS 관리 기능 모두 포함
▸ RDS for MySQL 가격과 동일
66. 신규 서비스 및 업데이트
AWS re:Invent 2015
1. AWS WAF
2. Amazon QuickSight
3. AWS IoT
4. Amazon Inspector
5. AWS Database Migration Service
6. AWS Import / Export Snowball
7. AWS Config Rules
8. Amazon RDS for MariaDB
9. AWS Mobile Hub
10. AWS Lambda Update
11. EC2 X1 instance / T2.nano instance
12. EC2 Spot Block
13. EC2 Dedicated Host
14. Amazon Kinesis Firehose
15. Amazon Kinesis Analytics
16. Amazon API Gateway - Tokyo Region
17. Amazon RDS Aurora - Tokyo Region
18. Amazon EC2 Container Registory
19. Amazon CloudWatch Dashboard
20. AWS CloudFormation Designer
67. 17. Amazon RDS Aurora - Tokyo Region
AWS re:Invent 2015
▸ AWS re:Invent 2014에서 발표된 AWS의 RDB
▸ MySQL 5.6 호환성
▸ Multi-AZ - Read 가능
▸ SSD 10GB -> 64TB 자동 확장
▸ db.r3 instance 만 지원
▸ 데이터는 3AZ에 2개씩, 총 6개의 데이터 복제본이 존재
▸ MySQL의 5배 성능 / 99.99% 가용성 보장
98. AWS re:Invent 2016
▸ 2016/11/29 ~12/2
▸ The Venetian - Las Vegas NV
▸ 한국 - 약 400명 ???
▸ @AWS Korea - 저렴한 re:Invent 여행 상품 만들어 주세요!!
AWS re:Invent 2015