Date post: | 06-Jul-2015 |
Category: |
Technology |
Upload: | amazon-web-services |
View: | 523 times |
Download: | 2 times |
Best Practices for AWS Security, Utilization, and Cost Optimization Using CloudCheckr
Kyle Lichtenberg Solution Architect
Amazon Web Services
Aaron Newman Founder
CloudCheckr Inc.
Introducing
Webinar Overview
Submit Your Questions using the Q&A tool.
A copy of today’s presentation will be made available on:
AWS SlideShare Channel@ http://www.slideshare.net/AmazonWebServices/
AWS Webinar Channel on YouTube@ http://www.youtube.com/channel/UCT-
nPlVzJI-ccQXlxjSvJmw
Intro to Amazon Web Services security and pricing models
Common security and resource configuration issues that can have a
financial impact
How to use CloudCheckr to create an automated process to keep
your environment safe and cost efficient
Q&A
What We’ll Cover
Security on AWS
Facilities
Physical security
Compute infrastructure
Storage infrastructure
Network infrastructure
Virtualization layer (EC2)
Hardened service endpoints
Rich IAM capabilities
+
Customers
A Shared Responsibility Model
Security experts are a scarce resource
Refocus security pros on a subset of the problem
Network configuration
Security groups
OS firewalls
Operating systems
Application security
Service configuration
AuthN & acct management
Authorization policies
Pricing on AWS
On-Demand
Pay for compute capacity by the
hour with no long-term
commitments
For spiky workloads,
or to define needs
Reserved
Make a low, one-time payment
and receive a significant
discount on the hourly charge
For committed utilization
Common Issues
$ S3 Policies
IAM Management
Incorrect Health Checks
Under-utilized Resources
Snapshot Management
Unexpected Transfer
Unwanted Resources
Empty Instance Cost
Wasted Capital
Potential Data Loss
Security, Utilization, and Cost Optimization
Best Practices for AWS
Aaron C. Newman
Founder, CloudCheckr
Examples of Best Practices for IAM
• Enabled IAM Password Policies
• Rotate your IAM access keys every 90 days
• Use Multi-factor Authentication
• Use IAM groups
• Don’t grant permissions to users
• Setup an Administrators group
See “Top Ten IAM Best Practices” at http://aws.amazon.com/iam/
Examples of Best Practices for S3
• NEVER allow Upload/Delete permissions open to Everyone
• Enable logging on your S3 buckets
• Review Open List permissions for sensitive files
See “Best Practices for Using Amazon S3”
at http://aws.amazon.com/articles/1904/
Best Practices for Resource Utilization
• Locate and eliminate idle resources
• Right-size resources
• Don’t under or over-utilize
• Use Auto Scaling Groups
Check on ALL your resources:
EC2, EBS, ELBs, RDS, DynamoDB, ElastiCache, etc…
Best Practices: Monitoring Activity/Errors
• Use CloudTrail • Make sure it’s setup and running
• Monitoring for Unauthorized Access Attempts
• Check for access from new/unauthorized users or locations
• Proactively Look for Errors in Logs
• Check sources like EC2 console output, CloudWatch, event
logs, status errors from the API
Why use CloudCheckr for Best Practices?
• Best practice engine provides deep knowledge
• 250+ checks across ALL the AWS Services
• To find all the issues, not just some of them
• Configurable to your environment
• For instance, how much is “idle”, what is “too many ELB HTTP
errors”
• Runs on a regular basis
• Nightly so you know in a timely fashion when something needs
your attention
• Pushes Notifications To You
• Alerted by email, so you don’t have to go looking for problems
Why use CloudCheckr for Best Practices?
• Capability to ignore/suppress
• Some things are ok in your environment
• Manage in a single view across all your accounts
• The larger the environment, the more complexity, the hard to track down
problems
• Monitor by tags
• Setup tags to include or exclude tags you choose
• Drilldown on problems
• Telling me I have a problem is not enough. Give me lots of details.
Thank You for Attending
Sign up today for free evaluation at http://cloudcheckr.com
Aaron Newman is the Founder of CloudCheckr (www.cloudcheckr.com)
Please contact me with additional questions at: [email protected]
Questions
Contacts: CloudCheckr Info: www.cloudcheckr.com
CloudCheckr Contact: [email protected] AWS Contact: aws.amazon.com/contact-us
We’d like your feedback.
Please complete a short survey.
https://aws.asia.qualtrics.com/SE/?SID=SV_73zanj7xx4dY4wR
Click the link in your Chat Box