DevCon Summit 2016
-
Upload
neil-alwin-hermosilla -
Category
Software
-
view
218 -
download
0
Transcript of DevCon Summit 2016
DevCon #2016Securing AWS Infrastructure
About the speaker
- Neil Alwin Hermosilla
- Devops Engineer
- Blogger [https://cebuserver.com]
- Cebuano Native
- Ansible Lover
- Die-hard Debian User
Meet the threat
Focusing on ...
- AWS Key Management
- AWS IAM Management
- AWS AMI Management
- AWS Security Groups
- Server Monitoring
- Alert Notification
- Art of Monitoring
Key Management
Key Management
Key Management
AWS IAM
3rd Party Providers
- Make sure you don’t give full permission to execute unauthorized API Calls.
- Make sure to evaluate permission every quarter
- Use it dedicatedly
User
- Control resource access permission (ACL)
- Utilize ReadOnly/Full policy
AWS IAM
Group
- Group users properly
- Best practice is to group it via Department/Team
- Developer Support - QA Engineer
- Developer Release - Business Groups
- System Admin I - Project Managers
- System Admin II
Roles
- Utilize creating IAM Roles (enabling resource triggers from one or more
AWS AMI
- Evaluate preferred Distro
- Evaluate AMI format/type
- Evaluate AMI builds (components)
- Evaluate defaults (libraries to be added)
- Evaluate base softwares (pre-installed)
- Initiate a snapshot of the server
- Use the snapshot to spawn additional machines
AWS Security Groups
Things to be aware:
- If instance is created via classic mode (default), once it’s fired up, there is no
way for you to add more security groups to it.
*BETTER UTILIZE VPC -- SEGREGATE THE NETWORK*
- Always create a “spare-tire” Security-Group. Remote IP Whitelisting
Server Monitoring
Alert Notification
DEVOPSHQ.ORG@NeilUpbeta01
CebuServer.Com
AWSUGPH