devcon summit 2016

DevCon #2016Securing AWS Infrastructure

About the speaker

- Neil Alwin Hermosilla

- Devops Engineer

- Blogger [https://cebuserver.com]

- Cebuano Native

- Ansible Lover

- Die-hard Debian User

Meet the threat

Focusing on ...

- AWS Key Management

- AWS IAM Management

- AWS AMI Management

- AWS Security Groups

- Server Monitoring

- Alert Notification

- Art of Monitoring

Key Management

Key Management

Key Management

AWS IAM

3rd Party Providers

- Make sure you don’t give full permission to execute unauthorized API Calls.

- Make sure to evaluate permission every quarter

- Use it dedicatedly

User

- Control resource access permission (ACL)

- Utilize ReadOnly/Full policy

AWS IAM

Group

- Group users properly

- Best practice is to group it via Department/Team

- Developer Support - QA Engineer

- Developer Release - Business Groups

- System Admin I - Project Managers

- System Admin II

Roles

- Utilize creating IAM Roles (enabling resource triggers from one or more

AWS AMI

- Evaluate preferred Distro

- Evaluate AMI format/type

- Evaluate AMI builds (components)

- Evaluate defaults (libraries to be added)

- Evaluate base softwares (pre-installed)

- Initiate a snapshot of the server

- Use the snapshot to spawn additional machines

AWS Security Groups

Things to be aware:

- If instance is created via classic mode (default), once it’s fired up, there is no

way for you to add more security groups to it.

*BETTER UTILIZE VPC -- SEGREGATE THE NETWORK*

- Always create a “spare-tire” Security-Group. Remote IP Whitelisting

Server Monitoring

Alert Notification

DEVOPSHQ.ORG@NeilUpbeta01

CebuServer.Com

AWSUGPH