20151030 オープンデータとセキュリティon aws
-
Upload
takaoka-susumu -
Category
Business
-
view
828 -
download
0
Transcript of 20151030 オープンデータとセキュリティon aws
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.1
on AWS
[5 ]201503009:15-10:15
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.2
AWS
AWS
AWS
AWS
AWS
AWS Security Reference Architecture
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.3
AWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.4
1. Linked Open Data(LOD)AWSVirtuoso AMI2014http://opendata.shiga.jp/hanabi2014_app/VirtuosoSPARQL(Closed)http://lod.opendata.shiga.jp/hanabi2014/sparql/WordPressSlidesharehttp://www.slideshare.net/HideOkamoto/ss-38514374
2015http://opendata.shiga.jp/hanabi2015_app/VirtuosoSPARQLhttp://lod.opendata.shiga.jp/hanabi2015/sparql/
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.5
1. Linked Open Data(LOD)AWSVirtuoso AMI
http://www.slideshare.net/HideOkamoto/ss-38514374
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.6
http://www.slideshare.net/HideOkamoto/ss-38514374
1. Linked Open Data(LOD)AWSVirtuoso AMI
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.7
http://www.slideshare.net/HideOkamoto/ss-38514374
1. Linked Open Data(LOD)AWSVirtuoso AMI
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.8
2. x AWSVirtuoso AMI
http://uedayou.net/osakacrimemap/
LODJapan2014
CivicTech Web
ATR
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.9
2. http://www.city.osaka.lg.jp/toshikeikaku/page/0000250227.html
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.10
2. x AWSVirtuoso AMI
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.11
2. x AWSVirtuoso AMI
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.12
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.13
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.14
3.LCMSLCMS Ver0.2()
WordPressRDSD2R ServerRDF
Lambda + API GatewaySPARQL
WordPressWordPressSPARQLWordPerssWordPressD2R ServerRDF
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.15
3.LCMSLCMS Ver0.2()
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.16
Buoy simulation
http://marinexplore.org/
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.17
AWS
AWS
AWS
AWS
AWS
AWS Security Reference Architecture
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.18
EAmazon.co.jp
Amazon Services
Amazon Web Services
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.19
2011
82
159
2012
280
2013
516
2014
AWSAWS2006:16965050
2015
+522(as of Oct. 15, 2015)
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.20
AWS
2009
Amazon RDS
Amazon VPC
Auto Scaling
Elastic Load Balancing
2010
Amazon SNS
AWS Identity & Access Management
Amazon Route 53
2011
Amazon ElastiCache
Amazon SES
AWS CloudFormation
AWS Direct Connect
AWS Elastic Beanstalk
GovCloud
2012
Amazon SWF
Amazon Redshift
Amazon Glacier
Amazon Dynamo DB
Amazon CloudSearch
AWS Storage Gateway
AWS Data Pipeline
2013
Amazon CloudTrail
Amazon CloudHSM
Amazon WorkSpaces
Amazon Kinesis
Amazon Elastic Transcoder
Amazon AppStream
AWS OpsWorks
2014
AWS KMS
Amazon Config
Amazon Cognito
Amazon Mobile Analytics
Amazon EC2 Container Service
Amazon RDS for Aurora
Amazon Lambda
Amazon WorkDocs
AWS Directory Service
AWS CodeCommit
AWS CodePipeline
2015
Amazon EFS
Amazon API Gateway
Amazon WorkMail
Amazon Machine Learning
AWS Device Farm
AWS WAF
Amazon Elasticsearch Service
Amazon QuickSight
AWS Import/Export Snowball
Amazon Kinesis Firehose
Amazon RDS for MariaDB Amazon Inspector
AWS Database Migration Service
AWS IoT
Amazon EC2 Container Registry
Amazon Kinesis Analytics
AWS Mobile Hub
* As of 8 Oct 15
AWS50
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.21
Networking AnalyticsCompute
Storage & Content Delivery
Developer Tools Management Tools Security & Identity
Application Services
Mobile Services Database Enterprise Applications
S3 CloudFront EFS Glacier Storage GatewayAPI
Gateway AppStream CloudSearchElastic
Transcoder SES SQS SWF
Device Farm Mobile AnalyticsCognito SNS RDS DynamoDB ElastiCache RedShift WorkSpaces WorkDocs WorkMail
Lambda EC2 Container ServiceElastic BeanstalkEC2 VPC
Direct Connect Route 53 EMR
Data Pipeline Kinesis
Machine Learning
Elastic Load Balancing QuickSight
ElasticsearchService
CodeCommit CodeDeploy CodePipeline CloudWatch CloudFormation CloudTrail Config OpsWorksService Catalog
Identity & Access
ManagementDirectory Service
Trusted Advisor Cloud HSM
Key Management Service
Web App Firewall
Snowball
Simple DBDatabase Migration Service
IOTIoT
HubsMobile Hub
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.22
11() : 28
()
8,000Amazon.com
190100
AWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.23
Gartner Magic Quadrant for Cloud Infrastructure as a Service, Worldwide
Gartner Magic Quadrant for Cloud Infrastructure as a Service, Worldwide, Lydia Leong, Douglas Toombs, Bob Gill, May 18, 2015. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available at http://aws.amazon.com/resources/analyst-reports/. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 23
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.24
1,700+
4,500+
17,000+
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.25
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.26
AWS AWS
AWS2
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.27
AWS
AWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.28
AWS
AWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.29
AWS IAM
Customers
AWS
AWS
AWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.30
AWS
AWS
AWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.31
AWS
AWShttp://aws.amazon.com/jp/compliance/AWS http://www.slideshare.net/AmazonWebServicesJapan/aws-23722701
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.32
AWS RegionUS-WEST (N. California) EU-WEST (Ireland) ASIA PAC
(Tokyo)
ASIA PAC (Singapore)
US-WEST (Oregon)
SOUTH AMERICA (Sao Paulo)
US-EAST (Virginia)
GOV CLOUD
ASIA PAC (Sydney)
On-Shore
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.33
AWSOn-Shore AWS makes no secondary use of customer contentAWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.34
AWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.35
AWSAWSActive-Avtive
AWSDRAWS
AWSTier 1 ISP
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.36
AWS
AWS
AWS
AWS
AWS
AWS Security Reference Architecture
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.37
AWS
SSAE 16/ISAE 3402SOC1SAS70) SOC2SOC3 ISO 27001 Certification ISO 27018 Certification ISO 9001 Certification PCI DSS Level 1 Service Provider FedRAMP
AWS HIPAA FISMA Moderate Sarbanes-Oxley (SOX) P ASPSaaS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.38
SSAE16/ISAE3402 SOC1 AWS
AWS
NDASOC1
2011615SAS70SSAE16/ISAE3402
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.39
SOC2
Trust /
AWS
NDASOC2
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.40
SOC3 SOC 1 (SSAE 16/ISAE 3402)SOC 2 SecuritySOC3
NDASOC2
AWS
http://aws.amazon.com/compliance/#soc3
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.41
PCI DSS Level1 Service Provider PCI DSS 2.0
EC2, EBS, S3, VPC, RDS, ELB, IAM (QSA) AWS Qualified Incident Response Assessors (QIRA)
http://aws.amazon.com/security/pci-dss-level-1-compliance-faqs/
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.42
ISO 27001 ISO 27002
AWSInformation Security Management System (ISMS)
http://aws.amazon.com/security/iso-27001-certification-faqs/
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.43
FedRAMP
18205 ID
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.44
FedRAMP
:
: FedRAMP
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.45
AWS1-2
AWS
DISAEnterprise Cloud Service Broker
AWS - AWS CIO - AWS
AWSAWS
FedRAMP/DoD Compliance Support RequestAWS1-2ATO
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.46
The U.S. Navy is shifting large amounts of data to the Amazon Web Services cloud, and expects the move to produce huge savings.
We are in the process of putting most of our public-facing data in an Amazon cloud service, said Terry Halvorsen, the Chief Information Officer of the Department of the Navy.
Halvorsen said the move could save the Navy as much as 60 percent versus the cost of managing that data in its own data centers.
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.47
Cloud Security Alliance (CSA) CSA Consensus Assessments Initiative Questionnaire CSA
AWS
*CSAhttp://aws.amazon.com/jp/security/ AWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.48
Amazon Web Services
FISC8AWS
/7 AWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.49
AWS Security Center(http://aws.amazon.com/jp/security/)
1
AWS Identity & Access Management (AWS IAM) AWS Multi-Factor Authentication (AWS MFA)
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.50
AWS(http://aws.amazon.com/jp/compliance/) AWS
HIPAA SOC 1/SSAE 16/ISAE 3402 SAS70 SOC 2 SOC 3 PCI DSS 1 ISO 27001 ISO 27018 ISO 9001 FedRAMP DIACAP FISMA ITAR FIPS 140-2 CSA MPAA
AWS AWS AWS
SOC PCI DSS 1 ISO 27001 FedRAMP DoD CSM
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.51
AWS
AWS
AWS
AWS
AWS
AWS Security Reference Architecture
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.52
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.53
Federal Information Security Management Act: FISMA
G-Cloud Information Assurance Requirements and Guidance
Cross Agency Services Architecture PrincipleProtective Security Policy Framework (PSPF)
ISOIEC27001
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.54
FedRAMPFederal Risk Authorization Management Program
CESG Pan Government Accreditation Services Australian Government Information Management Office
MTCS SS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.55
AWS
FedRAMP
Moderate Impact LevelAgent Authority to Operate
DoD CSM The Department of Defense (DoD) Cloud Security Model (CSM) DoD
Level 3-5
CJIS Criminal Justice Information Services (CJIS) Security Policy
CJIS
FERPA The Family Educational Rights and Privacy Act
AWSFERPA
HIPAA the U.S. Health Insurance Portability and Accountability Act
Protected Health InformationPHIHIPAA6Business Associate Agreement (BAA) addendum
G-Cloud G-Cloud Marketplace
11
IRAP The Information Security Registered Assessors Program (IRAP)ICT
AWS SydneyUnclassified
MTCS The Multi-Tier Cloud Security (MTCS)ISO27001/02
Tier 3 Certification
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.56
AWS
AWS
AWS
AWS
AWS
AWS Security Reference Architecture
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.57
DC2DC
EU (Ireland)AvailabilityZone A
AvailabilityZone C
AvailabilityZone B
Asia Pacific (Tokyo)
AvailabilityZone A
AvailabilityZone B
US West (Oregon)
AvailabilityZone A
AvailabilityZone B
US West(Northern California)
AvailabilityZone A
AvailabilityZone B
Asia Pacific (Singapore)
AvailabilityZone A
AvailabilityZone B
Asia Pacific (Sidney)
AvailabilityZone A
AvailabilityZone B
South America (Sao Paulo)
AvailabilityZone A
AvailabilityZone B
US East (Northern Virginia)
AvailabilityZone D
AvailabilityZone C
AvailabilityZone B
AvailabilityZone A
AWS GovCloud (US)
AvailabilityZone A
AvailabilityZone B
DCAWS (UPS) Tier-1
Note: http://aws.amazon.com/jp/about-aws/globalinfrastructure/
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.58
Amazon :
22
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.59
DoD 5220.22-M 3
NIST 800-88 )
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.60
Amazon EC2
VPC
A
EC2
B C
A
B C
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.61
AWS
Distributed Denial of Service (DDoS):
: SSL EC2
IP: OS
: AWS
:
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.62
Amazon S3
DNSRoute53
CDNAmazon CloudFront
VPC
WAFWAF WAFWAF
ELB ELB
ELB ELB
App App App App
Auto Scaling
Auto Scaling
Auto Scaling
Auto Scaling
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.63
ACL
OS
VPC
Encrypted File System
Encrypted Swap File
OS Firewall
Amazon Security Groups
Inbound Traffic
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.64
Amazon EC2
Physical Interfaces
Customer 1Guest OS
Hypervisor
Customer 2Guest OS
Customer nGuest OS
Virtual Interfaces
Firewall
Customer 1Security Groups
Customer 2Security Groups
Customer nSecurity Groups
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.65
VM OS
AWSSSH
Firewall / Security Group AWS
OSEC2 (/) AWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.66
AWS
AWS
AWS
AWS
AWS
AWS Security Reference Architecture
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.67
Amazon VPC AWS
IP
/
ACL
ENI(Elastic Network Interface) EC2
VPN/
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.68
Amazon VPCDC/1AWS
31AWS
VPC
NW()
VPN
ACL
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.69
AWS
A
Amazon EC2
AmazonEC2
Amazon RDS
Amazon RDS
B
Amazon EC2
AmazonEC2
VPN
AWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.70
VPC
A B
C D
A
C
D
B
Amazon S3
Amazon Glacier
Storage/Backup
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.71
/ ()
AWS API
API : X.509 certificate
S3:
AWS
OS
SAML2.0SSO
AWS Identity and Access Management (IAM)AWS account
owner (master)
Network management
Security management
Server management
Storage management
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.72
ID AWS
SAML 2.0
Active DirectorySAML 2.0
Active Directory
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.73
Web ID AWS
S3
Google, Facebook, Amazon(Login with Amazon)
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.74
HTTPSAWS API SOAP over HTTPS REST over HTTPS
HTTPS
X.509SSH RC4SSLRDP
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.75
MFA
S3
AES-256
S3 AWS Java SDK
MD5S3
99.9%
99.999999999%
Amazon S3
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.76
Windows BitLocker Linux LUKS TrueCrypt SafeNet Protect-V Trend Secure Cloud
AWS KMS
Amazon EBS
EBS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.77
RDS RDS IAMRDS
Oracle Native Network Encryption SSL for SQL Server, MySQL and PostgreSQL
RDS MySQL cryptographic function Oracle Transparent Data Encryption Microsoft SQL - Microsoft Transact-SQL data protection
Amazon RDS
DBA
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.78
AWS Key Management Service (KMS)
(http://aws.amazon.com/jp/kms/) AWS
(http://aws.amazon.com/jp/kms/pricing/) 1$1 API10,000$0.03
20,000
Customer Master Key(s)
Data Key 1
Amazon S3 Object
Amazon EBS
Volume
Amazon Redshift Cluster
Data Key 2 Data Key 3 Data Key 4
Custom Application
AWS KMS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.79
AWS CloudHSM
AWSHSM
HSM
Common Criteria EAL4+ NIST FIPS 140-2
Amazon
HAHSM
US East (Virginia) US West (Oregon) EU (Ireland) Asia Pacific (Sydney)
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.80
HSM
HSMNATCloudHSM NATCloudHSM
Volume, object, database encryption
Signing / DRM / apps
EC2
SYNC
EBS
S3
Amazon S3
Amazon Glacier
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.81
AWS Cloud Trail
AWSAmazonS3
MFA Delete
AWSID
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.82
AWS Inspector
API
Inspector
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.83
AWS Inspector
OS
PCI DSS 3.0
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.84
AWS Config
(http://aws.amazon.com/jp/config/) AWS AWS
(http://aws.amazon.com/jp/config/pricing/) 1 0.003 USD Amazon S3 Amazon SNS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.85
AWS Config Rules
AWS Config- AWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.86
AWS Config Rules
AWS Config- AWS
EBS EC2 Elastic IP address(EIP)
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.87
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.88
AWS Config Rules
AWS Config Govcloud
AWS Config Rules
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.89
VPC Flow LogsCloudWatch LogsPublish
/
ACLaccepted/reject
(10)
RDS, RedshiftElasticCacheWorkSpaces
(Cloudwatch Logs
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.90
VPC Flow Logs
IP
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.91
ACL
Log Group
CloudWatch Logs
(ENI)
Log Stream
VPC Flow LogsVPC
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.92
AWS
AWS
AWS
AWS
AWS
AWS Security Reference Architecture
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.93
Amazon VPC(Virtual Private Cloud)
MFA(Multi Factor Authentication)
IAM(Identity and Access Management)
AWS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.94
AWS
()
OS
+Customer
OS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.95
OS
DMZIDS/IPS
Web (SQL Injection, XSS, CSRF)
Web Application Firewall (WAF)Web
IDS/IPSWAFOSON(AWSCloudTrail)
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.96
OS
IPS IPS
IDS/IPS()IDS/IPS
IDS/IPSIDS/IPS
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.97
Web
WAF
IDS/IPSWebWAF
AWS http://aws.clouddesignpattern.org/
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.98
AWS WAF
CloudFrontWeb
URIHTTPHTTPIP(Conditions)
1WebACL5 11 1000.6
http://aws.typepad.com/aws_japan/2015/10/waf.html
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.99
Web
SQL (XSS) (CSRF)
OWASP Top10 https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.100
AWS
Web Web
WAF APN
OS
IDS/IPS
APN
IP
VPCNACL
Amazon VPC ()
AWS
AWS IAMAWS CloudTrail
DDoSMITM()
DDoS
DC
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.101
You can enforce consistent security on your hosts
Launch instanc
e EC2
AMI catalogue Running instance Your instance
Hardening
Audit and logging
Vulnerability management
Malware and HIPS
Whitelisting and integrity
User administration
Operating system
Configure
instance
You control the configura0on of your EC2 compute instances and can configure and harden opera0ng environments to your own specs Use host-based protection software Apply best-practice top 5 mitigation strategies! Think about how you will manage administrative users Restrict access as much as possible Build out the rest of your standard security environment Connect to your existing services, e.g. SIEM
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.102
AWS
AWS
AWS
AWS
AWS
AWS Security Reference Architecture
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.103
Design
Reference Architecture
People
Instance
Database
Storage & Content
Network
Platform
Manage Monitor
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.104
People
Mon
itor
Man
age
Network
Storage & Content
Instance
Database
Platform
Des
ign
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.105
Including Capabilities & Controls for Each ComponentPeople
Mon
itor
Man
age
Network
Storage & Content
Instance
Database
Log, Aud
it, & Analyze
Mon
itor &
Alert
Pla9orm
Amazon CloudWatch
Amazon SNS No0fica0ons
AWS Abuse No0fica0ons
Trusted Advisor
Amazon EMR
Amazon Kinesis
S3, ELB, CloudFront Access Logs
Applica0on Logs
Database Logs
Opera0ng System Logs
AWS Internet Security VPC Peering
Security Groups
VPC VPN Gateway VPC Subnets
VPC NACLs VPC Rou0ng Tables
Direct Connect
Geographic Diversity
S3 ACLs, Bucket Policies
S3, Glacier Server-Side Encryp0on
S3 MFA Delete Lifecycle Rules CloudFront Custom SSL S3, Glacier SSL
S3 Object Metadata
Storage Gateway SSL
CloudFront Signed URLs
Auto Scaling SSH Keys
Bas0on Host
Bootstrapping
Amazon Machine Images (AMIs)
CloudFront Load Distribu0on
Penetra0on Tes0ng Process
Oracle Transparent Data
Encryp0on
MS-SQL SSL Oracle NNE
Redshfit Cluster Encryp0on
RDS Auto Minor Patching
MS-SQL Transparent Data
Encryp0on
DynamoDB SSL
EMR Job Flow Roles
Access Policy Language
AWS SAs & ProServe
AWS Sales, Support, TAM
Security Opera0ons Center
Elas0c Beanstalk Rolling Patching
MySQL SSL PostgreSQL SSL
SimpleDB SSL
Redshi] Encrypted S3 Backups
DynamoDB Fine Grained Access
Route 53 Health Checks
Access Policy Simulator Au
then
0cate & Autho
rize
IAM Users, Groups & Roles
IAM MFA
AWS Marketplace Offerings
IAM STS Federa0on
IAM Password Policy
IAM SAML 2.0
IAM Web Iden00es
S3 Object Versioning S3 Object ETags
AWS Forums & Documenta0on
AWS Service Level Agreements
AWS Training & Cer0fica0on
AWS CloudTrail
Server Cer0ficates
AWS System Integra0on Partners
Resource-Level Permissions
Client-Side Encryp0on
CloudFront Geoloca0on AWS CloudHSM
Amazon Redshi]
HIPAA SOC 1 / 2 / 3 PCI DSS Level 1 ISO 27001 FedRAMP DIACAP and
FISMA ITAR FIPS 140-2 CSA MPAA
AWS Assurance Programs
Organize
, Dep
loy, & Ope
rate
AWS OpsWorks
AWS CloudForma0on
Resource Tagging
Snapshots & Replica0on
AWS Elas0c Beanstalk
Design
Overview of Security Processes
Logging in AWS
Whitepape
rs
Governance for AWS
AWS Webinars & Videos
AWS Security Best Prac0ces
AWS Security Test Drive Labs
Opera0onal Checklists for
AWS
Security for Microso] Apps
on AWS
Plan
AWS Compliance Forum
AWS Simple Monthly Calculator
AWS Reference Architectures
AWS Risk and Compliance
AWS Audi0ng Security Checklist
Customer & Partner
Whitepapers
Dedicated Instances
Cross-Region Backups/Replica0on
Route 53 Failover Thresholds
ELB Perfect Forward Secrecy
ELB SSL
ELB SSL Security Policies
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.106
Align with Familiar Enterprise Security Models
Policies and Standards Threat Intelligence Anticipate
Access Control Network Architecture Active Response
Deter
IDS Log analysis Alerting Security Operations Center
Detect
Incident Response to Compromise Respond
Disaster Recovery/BCP Known Good State Forensics
Recover
Confidentiality
Integrity
Availability
Identity
Authentication
Authorization
Audit
Security Fundamentals Security Capabilities Framework
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.107
"Anticipate" ObjectivePeople
Mon
itor
Man
age
Network
Storage & Content
Instance
Database
Log, Aud
it, & Analyze
Mon
itor &
Alert
Pla9orm
Amazon CloudWatch
Amazon SNS No0fica0ons
AWS Abuse No0fica0ons
Trusted Advisor
Amazon EMR
Amazon Kinesis
S3, ELB, CloudFront Access Logs
Applica0on Logs
Database Logs
Opera0ng System Logs
AWS Internet Security VPC Peering
Security Groups
VPC VPN Gateway VPC Subnets
VPC NACLs VPC Rou0ng Tables
Direct Connect
Geographic Diversity
S3 ACLs, Bucket Policies
S3, Glacier Server-Side Encryp0on
S3 MFA Delete Lifecycle Rules CloudFront Custom SSL S3, Glacier SSL
S3 Object Metadata
Storage Gateway SSL
CloudFront Signed URLs
Auto Scaling SSH Keys
Bas0on Host
Bootstrapping
Amazon Machine Images (AMIs)
CloudFront Load Distribu0on
Penetra0on Tes0ng Process
Oracle Transparent Data
Encryp0on
MS-SQL SSL Oracle NNE
Redshfit Cluster Encryp0on
RDS Auto Minor Patching
MS-SQL Transparent Data
Encryp0on
DynamoDB SSL
EMR Job Flow Roles
Access Policy Language
AWS SAs & ProServe
AWS Sales, Support, TAM
Security Opera0ons Center
Elas0c Beanstalk Rolling Patching
MySQL SSL PostgreSQL SSL
SimpleDB SSL
Redshi] Encrypted S3 Backups
DynamoDB Fine Grained Access
Route 53 Health Checks
Access Policy Simulator Au
then
0cate & Autho
rize
IAM Users, Groups & Roles
IAM MFA
AWS Marketplace Offerings
IAM STS Federa0on
IAM Password Policy
IAM SAML 2.0
IAM Web Iden00es
S3 Object Versioning S3 Object ETags
AWS Forums & Documenta0on
AWS Service Level Agreements
AWS Training & Cer0fica0on
AWS CloudTrail
Server Cer0ficates
AWS System Integra0on Partners
Resource-Level Permissions
Client-Side Encryp0on
CloudFront Geoloca0on AWS CloudHSM
Amazon Redshi]
HIPAA SOC 1 / 2 / 3 PCI DSS Level 1 ISO 27001 FedRAMP DIACAP and
FISMA ITAR FIPS 140-2 CSA MPAA
AWS Assurance Programs
Organize
, Dep
loy, & Ope
rate
AWS OpsWorks
AWS CloudForma0on
Resource Tagging
Snapshots & Replica0on
AWS Elas0c Beanstalk
Design
Overview of Security Processes
Logging in AWS
Whitepape
rs
Governance for AWS
AWS Webinars & Videos
AWS Security Best Prac0ces
AWS Security Test Drive Labs
Opera0onal Checklists for
AWS
Security for Microso] Apps
on AWS
Plan
AWS Compliance Forum
AWS Simple Monthly Calculator
AWS Reference Architectures
AWS Risk and Compliance
AWS Audi0ng Security Checklist
Customer & Partner
Whitepapers
Dedicated Instances
Cross-Region Backups/Replica0on
Route 53 Failover Thresholds
ELB Perfect Forward Secrecy
ELB SSL
ELB SSL Security Policies
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.108
"Deter" ObjectivePeople
Mon
itor
Man
age
Network
Storage & Content
Instance
Database
Log, Aud
it, & Analyze
Mon
itor &
Alert
Pla9orm
Amazon CloudWatch
Amazon SNS No0fica0ons
AWS Abuse No0fica0ons
Trusted Advisor
Amazon EMR
Amazon Kinesis
S3, ELB, CloudFront Access Logs
Applica0on Logs
Database Logs
Opera0ng System Logs
AWS Internet Security VPC Peering
Security Groups
VPC VPN Gateway VPC Subnets
VPC NACLs VPC Rou0ng Tables
Direct Connect
Geographic Diversity
S3 ACLs, Bucket Policies
S3, Glacier Server-Side Encryp0on
S3 MFA Delete Lifecycle Rules CloudFront Custom SSL S3, Glacier SSL
S3 Object Metadata
Storage Gateway SSL
CloudFront Signed URLs
Auto Scaling SSH Keys
Bas0on Host
Bootstrapping
Amazon Machine Images (AMIs)
CloudFront Load Distribu0on
Penetra0on Tes0ng Process
Oracle Transparent Data
Encryp0on
MS-SQL SSL Oracle NNE
Redshfit Cluster Encryp0on
RDS Auto Minor Patching
MS-SQL Transparent Data
Encryp0on
DynamoDB SSL
EMR Job Flow Roles
Access Policy Language
AWS SAs & ProServe
AWS Sales, Support, TAM
Security Opera0ons Center
Elas0c Beanstalk Rolling Patching
MySQL SSL PostgreSQL SSL
SimpleDB SSL
Redshi] Encrypted S3 Backups
DynamoDB Fine Grained Access
Route 53 Health Checks
Access Policy Simulator Au
then
0cate & Autho
rize
IAM Users, Groups & Roles
IAM MFA
AWS Marketplace Offerings
IAM STS Federa0on
IAM Password Policy
IAM SAML 2.0
IAM Web Iden00es
S3 Object Versioning S3 Object ETags
AWS Forums & Documenta0on
AWS Service Level Agreements
AWS Training & Cer0fica0on
AWS CloudTrail
Server Cer0ficates
AWS System Integra0on Partners
Resource-Level Permissions
Client-Side Encryp0on
CloudFront Geoloca0on AWS CloudHSM
Amazon Redshi]
HIPAA SOC 1 / 2 / 3 PCI DSS Level 1 ISO 27001 FedRAMP DIACAP and
FISMA ITAR FIPS 140-2 CSA MPAA
AWS Assurance Programs
Organize
, Dep
loy, & Ope
rate
AWS OpsWorks
AWS CloudForma0on
Resource Tagging
Snapshots & Replica0on
AWS Elas0c Beanstalk
Design
Overview of Security Processes
Logging in AWS
Whitepape
rs
Governance for AWS
AWS Webinars & Videos
AWS Security Best Prac0ces
AWS Security Test Drive Labs
Opera0onal Checklists for
AWS
Security for Microso] Apps
on AWS
Plan
AWS Compliance Forum
AWS Simple Monthly Calculator
AWS Reference Architectures
AWS Risk and Compliance
AWS Audi0ng Security Checklist
Customer & Partner
Whitepapers
Dedicated Instances
Cross-Region Backups/Replica0on
Route 53 Failover Thresholds
ELB Perfect Forward Secrecy
ELB SSL
ELB SSL Security Policies
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.109
"Detect" ObjectivePeople
Mon
itor
Man
age
Network
Storage & Content
Instance
Database
Log, Aud
it, & Analyze
Mon
itor &
Alert
Pla9orm
Amazon CloudWatch
Amazon SNS No0fica0ons
AWS Abuse No0fica0ons
Trusted Advisor
Amazon EMR
Amazon Kinesis
S3, ELB, CloudFront Access Logs
Applica0on Logs
Database Logs
Opera0ng System Logs
AWS Internet Security VPC Peering
Security Groups
VPC VPN Gateway VPC Subnets
VPC NACLs VPC Rou0ng Tables
Direct Connect
Geographic Diversity
S3 ACLs, Bucket Policies
S3, Glacier Server-Side Encryp0on
S3 MFA Delete Lifecycle Rules CloudFront Custom SSL S3, Glacier SSL
S3 Object Metadata
Storage Gateway SSL
CloudFront Signed URLs
Auto Scaling SSH Keys
Bas0on Host
Bootstrapping
Amazon Machine Images (AMIs)
CloudFront Load Distribu0on
Penetra0on Tes0ng Process
Oracle Transparent Data
Encryp0on
MS-SQL SSL Oracle NNE
Redshfit Cluster Encryp0on
RDS Auto Minor Patching
MS-SQL Transparent Data
Encryp0on
DynamoDB SSL
EMR Job Flow Roles
Access Policy Language
AWS SAs & ProServe
AWS Sales, Support, TAM
Security Opera0ons Center
Elas0c Beanstalk Rolling Patching
MySQL SSL PostgreSQL SSL
SimpleDB SSL
Redshi] Encrypted S3 Backups
DynamoDB Fine Grained Access
Route 53 Health Checks
Access Policy Simulator Au
then
0cate & Autho
rize
IAM Users, Groups & Roles
IAM MFA
AWS Marketplace Offerings
IAM STS Federa0on
IAM Password Policy
IAM SAML 2.0
IAM Web Iden00es
S3 Object Versioning S3 Object ETags
AWS Forums & Documenta0on
AWS Service Level Agreements
AWS Training & Cer0fica0on
AWS CloudTrail
Server Cer0ficates
AWS System Integra0on Partners
Resource-Level Permissions
Client-Side Encryp0on
CloudFront Geoloca0on AWS CloudHSM
Amazon Redshi]
HIPAA SOC 1 / 2 / 3 PCI DSS Level 1 ISO 27001 FedRAMP DIACAP and
FISMA ITAR FIPS 140-2 CSA MPAA
AWS Assurance Programs
Organize
, Dep
loy, & Ope
rate
AWS OpsWorks
AWS CloudForma0on
Resource Tagging
Snapshots & Replica0on
AWS Elas0c Beanstalk
Design
Overview of Security Processes
Logging in AWS
Whitepape
rs
Governance for AWS
AWS Webinars & Videos
AWS Security Best Prac0ces
AWS Security Test Drive Labs
Opera0onal Checklists for
AWS
Security for Microso] Apps
on AWS
Plan
AWS Compliance Forum
AWS Simple Monthly Calculator
AWS Reference Architectures
AWS Risk and Compliance
AWS Audi0ng Security Checklist
Customer & Partner
Whitepapers
Dedicated Instances
Cross-Region Backups/Replica0on
Route 53 Failover Thresholds
ELB Perfect Forward Secrecy
ELB SSL
ELB SSL Security Policies
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.110
"Respond" ObjectivePeople
Mon
itor
Man
age
Network
Storage & Content
Instance
Database
Log, Aud
it, & Analyze
Mon
itor &
Alert
Pla9orm
Amazon CloudWatch
Amazon SNS No0fica0ons
AWS Abuse No0fica0ons
Trusted Advisor
Amazon EMR
Amazon Kinesis
S3, ELB, CloudFront Access Logs
Applica0on Logs
Database Logs
Opera0ng System Logs
AWS Internet Security VPC Peering
Security Groups
VPC VPN Gateway VPC Subnets
VPC NACLs VPC Rou0ng Tables
Direct Connect
Geographic Diversity
S3 ACLs, Bucket Policies
S3, Glacier Server-Side Encryp0on
S3 MFA Delete Lifecycle Rules CloudFront Custom SSL S3, Glacier SSL
S3 Object Metadata
Storage Gateway SSL
CloudFront Signed URLs
Auto Scaling SSH Keys
Bas0on Host
Bootstrapping
Amazon Machine Images (AMIs)
CloudFront Load Distribu0on
Penetra0on Tes0ng Process
Oracle Transparent Data
Encryp0on
MS-SQL SSL Oracle NNE
Redshfit Cluster Encryp0on
RDS Auto Minor Patching
MS-SQL Transparent Data
Encryp0on
DynamoDB SSL
EMR Job Flow Roles
Access Policy Language
AWS SAs & ProServe
AWS Sales, Support, TAM
Security Opera0ons Center
Elas0c Beanstalk Rolling Patching
MySQL SSL PostgreSQL SSL
SimpleDB SSL
Redshi] Encrypted S3 Backups
DynamoDB Fine Grained Access
Route 53 Health Checks
Access Policy Simulator Au
then
0cate & Autho
rize
IAM Users, Groups & Roles
IAM MFA
AWS Marketplace Offerings
IAM STS Federa0on
IAM Password Policy
IAM SAML 2.0
IAM Web Iden00es
S3 Object Versioning S3 Object ETags
AWS Forums & Documenta0on
AWS Service Level Agreements
AWS Training & Cer0fica0on
AWS CloudTrail
Server Cer0ficates
AWS System Integra0on Partners
Resource-Level Permissions
Client-Side Encryp0on
CloudFront Geoloca0on AWS CloudHSM
Amazon Redshi]
HIPAA SOC 1 / 2 / 3 PCI DSS Level 1 ISO 27001 FedRAMP DIACAP and
FISMA ITAR FIPS 140-2 CSA MPAA
AWS Assurance Programs
Organize
, Dep
loy, & Ope
rate
AWS OpsWorks
AWS CloudForma0on
Resource Tagging
Snapshots & Replica0on
AWS Elas0c Beanstalk
Design
Overview of Security Processes
Logging in AWS
Whitepape
rs
Governance for AWS
AWS Webinars & Videos
AWS Security Best Prac0ces
AWS Security Test Drive Labs
Opera0onal Checklists for
AWS
Security for Microso] Apps
on AWS
Plan
AWS Compliance Forum
AWS Simple Monthly Calculator
AWS Reference Architectures
AWS Risk and Compliance
AWS Audi0ng Security Checklist
Customer & Partner
Whitepapers
Dedicated Instances
Cross-Region Backups/Replica0on
Route 53 Failover Thresholds
ELB Perfect Forward Secrecy
ELB SSL
ELB SSL Security Policies
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.111
"Recover" ObjectivePeople
Mon
itor
Man
age
Network
Storage & Content
Instance
Database
Log, Aud
it, & Analyze
Mon
itor &
Alert
Pla9orm
Amazon CloudWatch
Amazon SNS No0fica0ons
AWS Abuse No0fica0ons
Trusted Advisor
Amazon EMR
Amazon Kinesis
S3, ELB, CloudFront Access Logs
Applica0on Logs
Database Logs
Opera0ng System Logs
AWS Internet Security VPC Peering
Security Groups
VPC VPN Gateway VPC Subnets
VPC NACLs VPC Rou0ng Tables
Direct Connect
Geographic Diversity
S3 ACLs, Bucket Policies
S3, Glacier Server-Side Encryp0on
S3 MFA Delete Lifecycle Rules CloudFront Custom SSL S3, Glacier SSL
S3 Object Metadata
Storage Gateway SSL
CloudFront Signed URLs
Auto Scaling SSH Keys
Bas0on Host
Bootstrapping
Amazon Machine Images (AMIs)
CloudFront Load Distribu0on
Penetra0on Tes0ng Process
Oracle Transparent Data
Encryp0on
MS-SQL SSL Oracle NNE
Redshfit Cluster Encryp0on
RDS Auto Minor Patching
MS-SQL Transparent Data
Encryp0on
DynamoDB SSL
EMR Job Flow Roles
Access Policy Language
AWS SAs & ProServe
AWS Sales, Support, TAM
Security Opera0ons Center
Elas0c Beanstalk Rolling Patching
MySQL SSL PostgreSQL SSL
SimpleDB SSL
Redshi] Encrypted S3 Backups
DynamoDB Fine Grained Access
Route 53 Health Checks
Access Policy Simulator Au
then
0cate & Autho
rize
IAM Users, Groups & Roles
IAM MFA
AWS Marketplace Offerings
IAM STS Federa0on
IAM Password Policy
IAM SAML 2.0
IAM Web Iden00es
S3 Object Versioning S3 Object ETags
AWS Forums & Documenta0on
AWS Service Level Agreements
AWS Training & Cer0fica0on
AWS CloudTrail
Server Cer0ficates
AWS System Integra0on Partners
Resource-Level Permissions
Client-Side Encryp0on
CloudFront Geoloca0on AWS CloudHSM
Amazon Redshi]
HIPAA SOC 1 / 2 / 3 PCI DSS Level 1 ISO 27001 FedRAMP DIACAP and
FISMA ITAR FIPS 140-2 CSA MPAA
AWS Assurance Programs
Organize
, Dep
loy, & Ope
rate
AWS OpsWorks
AWS CloudForma0on
Resource Tagging
Snapshots & Replica0on
AWS Elas0c Beanstalk
Design
Overview of Security Processes
Logging in AWS
Whitepape
rs
Governance for AWS
AWS Webinars & Videos
AWS Security Best Prac0ces
AWS Security Test Drive Labs
Opera0onal Checklists for
AWS
Security for Microso] Apps
on AWS
Plan
AWS Compliance Forum
AWS Simple Monthly Calculator
AWS Reference Architectures
AWS Risk and Compliance
AWS Audi0ng Security Checklist
Customer & Partner
Whitepapers
Dedicated Instances
Cross-Region Backups/Replica0on
Route 53 Failover Thresholds
ELB Perfect Forward Secrecy
ELB SSL
ELB SSL Security Policies
-
2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.112
AWS
AWS
AWS
AWS
AWS
AWS