cloud web day: security start 10:00 cet - aws-de-media.s3...
TRANSCRIPT
From VPC over EC2 to S3 and back
Bertram Dorn – Specialized Solutions Architect
Security/Compliance
Network/Databases
Amazon Web Services Germany GmbH
©Amazon.com, Inc. and its affiliates. All rights reserved.
What is AWS?
AWS Global Infrastructure
Application Services
Networking
Deployment & Administration
DatabaseStorageCompute
A larger picture
Region EC2
Availability Zone Availability ZoneVirtual Private Cloud
VPC Subnet Front B
Internet Gateway
VPC Subnet Front A
Security Group
Instance
VPC Subnet Backend
Security Group
Instance
NACL
InternetInternet
Elastic IP
FrontA<-> FrontBFrontA<->DB in BackendFrontA!=BackendFrontB!=BackendFrontA<->0.0.0.0/0
Amazon S3
Endpoint
Bucket with
Objects
Region S3
Bucket with
Objects
NATFW
• Closed Networking• Customers Address Space• Detailed Control of
Communication• AWS Services: EC2, EBS,
AutoScaling, RDB, uvm..• VPN Gateway for connecting
in (by IPsec)
• WebInterface• CLI• SDK• API
InstanceRouterInternet Gateway
VPC
Subnet
AdminFor instumentation
AWS
AWS IAM
How to configure this?
A view on S3
Bucket with
Objects
Region S3
Bucket with
Objects
• WebInterface• CLI• SDK• API
AdminFor instumentation
AWS
AWS IAM
Command PATHS3 Endpoints
DatapathHTTP(s)
Bucket PolicyObject Policy
S3 Logging
Availability Zone
On a global footprint 5 AZs in Europe Low Latency in Europe Data Resides in Europe Multi Timezone Security Concepts Backup/Restore/DR only in Europe
AWS Region
US-WEST (Oregon)
ASIA PAC
(Tokyo)
ASIA PAC
(Singapore)
US-WEST (North
California)
SOUTH AMERICA (Sao
Paulo)
US-EAST (Virginia)
GOV CLOUD
ASIA PAC
(Sydney)
decide where you put your data and applications
China (Beijing)
EU-
CENTRAL(Frankfurt)EU-WEST (Dublin)
Rapid pace of security innovation & customer driven improvements
2007 2008 2009 2010 2011 2012 2013 2014(ytd)
13/48 16/6123/82
51/159
71/280
120/300
General Feature-Releases
Dedicated Security Feature -Releases
Bertram DornAmazon Web Services Germany [email protected]
Additional Ressources:
http://aws.amazon.com/documentationhttp://aws.amazon.com/compliancehttp://aws.amazon.com/security