AWS re:Invent 2016: Use AWS to Secure Your DevOps Pipeline Like a Bank (FIN303 )
DevOps with AWS in 2016
-
Upload
lorenzo-aiello -
Category
Internet
-
view
58 -
download
5
Transcript of DevOps with AWS in 2016
DevOps with AWS in 2016April 2, 2016
Agenda
• Introduction• Updates to Existing Services• Review of New Services• Sample Architectures• Demo Deployment• Q&A
Lorenzo Aiello
• Five Talent• Software Developer• Systems Engineer
• “Own” 50 AWS Accounts• System Architecture• Continuous Integration / Deployment• AWS Best Practices
• Three AWS Certifications
Updates to Existing Services
• EC2• Scheduled Auto Scaling
in Console
• T2.nano Instance Size• Run Command• Container Registry
Updates to Existing Services
• EBS• Encrypted Boot Volumes
Updates to Existing Services
• CloudFront • Edge Gzip Compression Support
No Compression (1.6M / 928ms) With Compression (0.9M / 882ms)
31%smaller
5%faster
Updates to Existing Services
• Route53• Traffic Flow
Updates to Existing Services
• CloudWatch• Events• Logs
Updates to Existing Services
• VPC • NAT Gateway• Flow Logs
Updates to Existing Services
• Lambda• Run in side a VPC
New Products and Services• Amazon Certificate Manager• Amazon Inspector• Amazon Kinesis Firehose• Amazon QuickSight• Amazon EC2 Dedicated Hosts• Amazon SES Inbound Email• AWS Mobile Hub• AWS Web Application Firewall• AWS IoT• AWS Device Farm• AWS CodePipeline
Amazon Certificate Manager (ACM)
• Free SSL Certificates• One-Click Deployment• Automated Renewals
Amazon Inspector
• Automated Security Assessment• Define Rule Packages to Apply• Evaluates Traffic, Data and Permissions• Available Rules:• Common Vulnerabilities and Exposures• Network Security Best Practices• Operating System Security Best Practices• Application Security Best Practices• PCI DSS 3.0 Assessment
Amazon SES Inbound Email
• Receive and Process Email• Perform Multiple Actions• S3 Storage• Forwarding• Lambda Functions
Amazon Web Application Firewall (WAF)
• Acts an intelligent firewall• Can block SQL Injection Attempts• Prevent Cross-Site Request Forgery (CSRF)• Standard IP Blocks• Restrict Access to Sensitive Areas by IP
Single Instance Website
Multi-Instance / High Availability Website
Questions?