54. Guidance
High-level
• CSA and ENISA guidance
AWS specific
• Security Whitepaper
• Risk and Compliance Whitepaper
• Security Center and Compliance Center
55. Shared responsibility tips
Understand the model, and what AWS can't do
Engage AWS for support - SSAE 16, PCI, etc.
56. Shared responsibility traps
AWS can help, but you're ultimately responsible
Contract, Ts & Cs are not a firewall
72. Two Permission Types
1. User-Based - Attached to a user, controls what the user can
do (also applies to groups and roles)
2. Resource-Based - Attached to a resource, controls what can
be done to the resource
73. Bonus, Confusing Third Type
• Resource-Level - Attached to a user, controls what the user
can do, to which resource
81. Creating policies
• AWS has dozens of services
• Hundreds of API calls across those services
• Resource-level control and conditions provides tremendous
granularity