cloud web day: security start 10:00 cet - aws-de-media.s3...

Cloud Web Day: Security

Start 10:00 CET

©Amazon.com, Inc. and its affiliates. All rights reserved.

From VPC over EC2 to S3 and back

Bertram Dorn – Specialized Solutions Architect

Security/Compliance

Network/Databases

Amazon Web Services Germany GmbH

©Amazon.com, Inc. and its affiliates. All rights reserved.

What is AWS?

AWS Global Infrastructure

Application Services

Networking

Deployment & Administration

DatabaseStorageCompute

A larger picture

Region EC2

Availability Zone Availability ZoneVirtual Private Cloud

VPC Subnet Front B

Internet Gateway

VPC Subnet Front A

Security Group

Instance

VPC Subnet Backend

Security Group

Instance

NACL

InternetInternet

Elastic IP

FrontA<-> FrontBFrontA<->DB in BackendFrontA!=BackendFrontB!=BackendFrontA<->0.0.0.0/0

Amazon S3

Endpoint

Bucket with

Objects

Region S3

Bucket with

Objects

NATFW

• Closed Networking• Customers Address Space• Detailed Control of

Communication• AWS Services: EC2, EBS,

AutoScaling, RDB, uvm..• VPN Gateway for connecting

in (by IPsec)

• WebInterface• CLI• SDK• API

InstanceRouterInternet Gateway

VPC

Subnet

AdminFor instumentation

AWS

AWS IAM

How to configure this?

A view on S3

Bucket with

Objects

Region S3

Bucket with

Objects

• WebInterface• CLI• SDK• API

AdminFor instumentation

AWS

AWS IAM

Command PATHS3 Endpoints

DatapathHTTP(s)

Bucket PolicyObject Policy

S3 Logging

Availability Zone

On a global footprint 5 AZs in Europe Low Latency in Europe Data Resides in Europe Multi Timezone Security Concepts Backup/Restore/DR only in Europe

AWS Region

US-WEST (Oregon)

ASIA PAC

(Tokyo)

ASIA PAC

(Singapore)

US-WEST (North

California)

SOUTH AMERICA (Sao

Paulo)

US-EAST (Virginia)

GOV CLOUD

ASIA PAC

(Sydney)

decide where you put your data and applications

China (Beijing)

EU-

CENTRAL(Frankfurt)EU-WEST (Dublin)

Go Global in Minutes and Maintain a Single Security Standard

Rapid pace of security innovation & customer driven improvements

2007 2008 2009 2010 2011 2012 2013 2014(ytd)

13/48 16/6123/82

51/159

71/280

120/300

General Feature-Releases

Dedicated Security Feature -Releases

Bertram DornAmazon Web Services Germany [email protected]

Additional Ressources:

http://aws.amazon.com/documentationhttp://aws.amazon.com/compliancehttp://aws.amazon.com/security

http://aws.amazon.com/documentation

http://aws.amazon.com/compliance

http://aws.amazon.com/security

cloud web day: security start 10:00 cet - aws-de-media.s3...

Documents