20151030 オープンデータとセキュリティon aws

2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.1

on AWS

[5 ]201503009:15-10:15


AWS

AWS

AWS

AWS

AWS

AWS Security Reference Architecture


AWS


1. Linked Open Data(LOD)AWSVirtuoso AMI2014http://opendata.shiga.jp/hanabi2014_app/VirtuosoSPARQL(Closed)http://lod.opendata.shiga.jp/hanabi2014/sparql/WordPressSlidesharehttp://www.slideshare.net/HideOkamoto/ss-38514374

2015http://opendata.shiga.jp/hanabi2015_app/VirtuosoSPARQLhttp://lod.opendata.shiga.jp/hanabi2015/sparql/


1. Linked Open Data(LOD)AWSVirtuoso AMI

http://www.slideshare.net/HideOkamoto/ss-38514374


2. x AWSVirtuoso AMI

http://uedayou.net/osakacrimemap/

LODJapan2014

CivicTech Web

ATR


2. http://www.city.osaka.lg.jp/toshikeikaku/page/0000250227.html


3.LCMSLCMS Ver0.2()

WordPressRDSD2R ServerRDF

Lambda + API GatewaySPARQL

WordPressWordPressSPARQLWordPerssWordPressD2R ServerRDF


3.LCMSLCMS Ver0.2()


Buoy simulation

http://marinexplore.org/


AWS

AWS

AWS

AWS

AWS



EAmazon.co.jp

Amazon Services

Amazon Web Services


2011

82

159

2012

280

2013

516

2014

AWSAWS2006:16965050

2015

+522(as of Oct. 15, 2015)


AWS

2009

Amazon RDS

Amazon VPC

Auto Scaling

Elastic Load Balancing

2010

Amazon SNS

AWS Identity & Access Management

Amazon Route 53

2011

Amazon ElastiCache

Amazon SES

AWS CloudFormation

AWS Direct Connect

AWS Elastic Beanstalk

GovCloud

2012

Amazon SWF

Amazon Redshift

Amazon Glacier

Amazon Dynamo DB

Amazon CloudSearch

AWS Storage Gateway

AWS Data Pipeline

2013

Amazon CloudTrail

Amazon CloudHSM

Amazon WorkSpaces

Amazon Kinesis

Amazon Elastic Transcoder

Amazon AppStream

AWS OpsWorks

2014

AWS KMS

Amazon Config

Amazon Cognito

Amazon Mobile Analytics

Amazon EC2 Container Service

Amazon RDS for Aurora

Amazon Lambda

Amazon WorkDocs

AWS Directory Service

AWS CodeCommit

AWS CodePipeline

2015

Amazon EFS

Amazon API Gateway

Amazon WorkMail

Amazon Machine Learning

AWS Device Farm

AWS WAF

Amazon Elasticsearch Service

Amazon QuickSight

AWS Import/Export Snowball

Amazon Kinesis Firehose

Amazon RDS for MariaDB Amazon Inspector

AWS Database Migration Service

AWS IoT

Amazon EC2 Container Registry

Amazon Kinesis Analytics

AWS Mobile Hub

* As of 8 Oct 15

AWS50


Networking AnalyticsCompute

Storage & Content Delivery

Developer Tools Management Tools Security & Identity

Application Services

Mobile Services Database Enterprise Applications

S3 CloudFront EFS Glacier Storage GatewayAPI

Gateway AppStream CloudSearchElastic

Transcoder SES SQS SWF

Device Farm Mobile AnalyticsCognito SNS RDS DynamoDB ElastiCache RedShift WorkSpaces WorkDocs WorkMail

Lambda EC2 Container ServiceElastic BeanstalkEC2 VPC

Direct Connect Route 53 EMR

Data Pipeline Kinesis

Machine Learning

Elastic Load Balancing QuickSight

ElasticsearchService

CodeCommit CodeDeploy CodePipeline CloudWatch CloudFormation CloudTrail Config OpsWorksService Catalog

Identity & Access

ManagementDirectory Service

Trusted Advisor Cloud HSM

Key Management Service

Web App Firewall

Snowball

Simple DBDatabase Migration Service

IOTIoT

HubsMobile Hub


11() : 28

()

8,000Amazon.com

190100

AWS


Gartner Magic Quadrant for Cloud Infrastructure as a Service, Worldwide

Gartner Magic Quadrant for Cloud Infrastructure as a Service, Worldwide, Lydia Leong, Douglas Toombs, Bob Gill, May 18, 2015. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available at http://aws.amazon.com/resources/analyst-reports/. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 23


1,700+

4,500+

17,000+


AWS AWS

AWS2


AWS

AWS


AWS IAM

Customers

AWS

AWS

AWS


AWS

AWS

AWS


AWS

AWShttp://aws.amazon.com/jp/compliance/AWS http://www.slideshare.net/AmazonWebServicesJapan/aws-23722701


AWS RegionUS-WEST (N. California) EU-WEST (Ireland) ASIA PAC

(Tokyo)

ASIA PAC (Singapore)

US-WEST (Oregon)

SOUTH AMERICA (Sao Paulo)

US-EAST (Virginia)

GOV CLOUD

ASIA PAC (Sydney)

On-Shore


AWSOn-Shore AWS makes no secondary use of customer contentAWS


AWS


AWSAWSActive-Avtive

AWSDRAWS

AWSTier 1 ISP


AWS

AWS

AWS

AWS

AWS



AWS

SSAE 16/ISAE 3402SOC1SAS70) SOC2SOC3 ISO 27001 Certification ISO 27018 Certification ISO 9001 Certification PCI DSS Level 1 Service Provider FedRAMP

AWS HIPAA FISMA Moderate Sarbanes-Oxley (SOX) P ASPSaaS


SSAE16/ISAE3402 SOC1 AWS

AWS

NDASOC1

2011615SAS70SSAE16/ISAE3402


SOC2

Trust /

AWS

NDASOC2


SOC3 SOC 1 (SSAE 16/ISAE 3402)SOC 2 SecuritySOC3

NDASOC2

AWS

http://aws.amazon.com/compliance/#soc3


PCI DSS Level1 Service Provider PCI DSS 2.0

EC2, EBS, S3, VPC, RDS, ELB, IAM (QSA) AWS Qualified Incident Response Assessors (QIRA)

http://aws.amazon.com/security/pci-dss-level-1-compliance-faqs/


ISO 27001 ISO 27002

AWSInformation Security Management System (ISMS)

http://aws.amazon.com/security/iso-27001-certification-faqs/


FedRAMP

18205 ID


FedRAMP

:

: FedRAMP


AWS1-2

AWS

DISAEnterprise Cloud Service Broker

AWS - AWS CIO - AWS

AWSAWS

FedRAMP/DoD Compliance Support RequestAWS1-2ATO


The U.S. Navy is shifting large amounts of data to the Amazon Web Services cloud, and expects the move to produce huge savings.

We are in the process of putting most of our public-facing data in an Amazon cloud service, said Terry Halvorsen, the Chief Information Officer of the Department of the Navy.

Halvorsen said the move could save the Navy as much as 60 percent versus the cost of managing that data in its own data centers.


Cloud Security Alliance (CSA) CSA Consensus Assessments Initiative Questionnaire CSA

AWS

*CSAhttp://aws.amazon.com/jp/security/ AWS


Amazon Web Services

FISC8AWS

/7 AWS


AWS Security Center(http://aws.amazon.com/jp/security/)

1

AWS Identity & Access Management (AWS IAM) AWS Multi-Factor Authentication (AWS MFA)


AWS(http://aws.amazon.com/jp/compliance/) AWS

HIPAA SOC 1/SSAE 16/ISAE 3402 SAS70 SOC 2 SOC 3 PCI DSS 1 ISO 27001 ISO 27018 ISO 9001 FedRAMP DIACAP FISMA ITAR FIPS 140-2 CSA MPAA

AWS AWS AWS

SOC PCI DSS 1 ISO 27001 FedRAMP DoD CSM


AWS

AWS

AWS

AWS

AWS



Federal Information Security Management Act: FISMA

G-Cloud Information Assurance Requirements and Guidance

Cross Agency Services Architecture PrincipleProtective Security Policy Framework (PSPF)

ISOIEC27001


FedRAMPFederal Risk Authorization Management Program

CESG Pan Government Accreditation Services Australian Government Information Management Office

MTCS SS


AWS

FedRAMP

Moderate Impact LevelAgent Authority to Operate

DoD CSM The Department of Defense (DoD) Cloud Security Model (CSM) DoD

Level 3-5

CJIS Criminal Justice Information Services (CJIS) Security Policy

CJIS

FERPA The Family Educational Rights and Privacy Act

AWSFERPA

HIPAA the U.S. Health Insurance Portability and Accountability Act

Protected Health InformationPHIHIPAA6Business Associate Agreement (BAA) addendum

G-Cloud G-Cloud Marketplace

11

IRAP The Information Security Registered Assessors Program (IRAP)ICT

AWS SydneyUnclassified

MTCS The Multi-Tier Cloud Security (MTCS)ISO27001/02

Tier 3 Certification


AWS

AWS

AWS

AWS

AWS



DC2DC

EU (Ireland)AvailabilityZone A

AvailabilityZone C

AvailabilityZone B

Asia Pacific (Tokyo)

AvailabilityZone A

AvailabilityZone B

US West (Oregon)

AvailabilityZone A

AvailabilityZone B

US West(Northern California)

AvailabilityZone A

AvailabilityZone B

Asia Pacific (Singapore)

AvailabilityZone A

AvailabilityZone B

Asia Pacific (Sidney)

AvailabilityZone A

AvailabilityZone B

South America (Sao Paulo)

AvailabilityZone A

AvailabilityZone B

US East (Northern Virginia)

AvailabilityZone D

AvailabilityZone C

AvailabilityZone B

AvailabilityZone A

AWS GovCloud (US)

AvailabilityZone A

AvailabilityZone B

DCAWS (UPS) Tier-1

Note: http://aws.amazon.com/jp/about-aws/globalinfrastructure/


Amazon :

22


DoD 5220.22-M 3

NIST 800-88 )


Amazon EC2

VPC

A

EC2

B C

A

B C


AWS

Distributed Denial of Service (DDoS):

: SSL EC2

IP: OS

: AWS

:


Amazon S3

DNSRoute53

CDNAmazon CloudFront

VPC

WAFWAF WAFWAF

ELB ELB

ELB ELB

App App App App

Auto Scaling

Auto Scaling

Auto Scaling

Auto Scaling


ACL

OS

VPC

Encrypted File System

Encrypted Swap File

OS Firewall

Amazon Security Groups

Inbound Traffic


Amazon EC2

Physical Interfaces

Customer 1Guest OS

Hypervisor

Customer 2Guest OS

Customer nGuest OS

Virtual Interfaces

Firewall

Customer 1Security Groups

Customer 2Security Groups

Customer nSecurity Groups


VM OS

AWSSSH

Firewall / Security Group AWS

OSEC2 (/) AWS


AWS

AWS

AWS

AWS

AWS



Amazon VPC AWS

IP

/

ACL

ENI(Elastic Network Interface) EC2

VPN/


Amazon VPCDC/1AWS

31AWS

VPC

NW()

VPN

ACL


AWS

A

Amazon EC2

AmazonEC2

Amazon RDS

Amazon RDS

B

Amazon EC2

AmazonEC2

VPN

AWS


VPC

A B

C D

A

C

D

B

Amazon S3

Amazon Glacier

Storage/Backup


/ ()

AWS API

API : X.509 certificate

S3:

AWS

OS

SAML2.0SSO

AWS Identity and Access Management (IAM)AWS account

owner (master)

Network management

Security management

Server management

Storage management


ID AWS

SAML 2.0

Active DirectorySAML 2.0

Active Directory


Web ID AWS

S3

Google, Facebook, Amazon(Login with Amazon)


HTTPSAWS API SOAP over HTTPS REST over HTTPS

HTTPS

X.509SSH RC4SSLRDP


MFA

S3

AES-256

S3 AWS Java SDK

MD5S3

99.9%

99.999999999%

Amazon S3


Windows BitLocker Linux LUKS TrueCrypt SafeNet Protect-V Trend Secure Cloud

AWS KMS

Amazon EBS

EBS


RDS RDS IAMRDS

Oracle Native Network Encryption SSL for SQL Server, MySQL and PostgreSQL

RDS MySQL cryptographic function Oracle Transparent Data Encryption Microsoft SQL - Microsoft Transact-SQL data protection

Amazon RDS

DBA


AWS Key Management Service (KMS)

(http://aws.amazon.com/jp/kms/) AWS

(http://aws.amazon.com/jp/kms/pricing/) 1$1 API10,000$0.03

20,000

Customer Master Key(s)

Data Key 1

Amazon S3 Object

Amazon EBS

Volume

Amazon Redshift Cluster

Data Key 2 Data Key 3 Data Key 4

Custom Application

AWS KMS


AWS CloudHSM

AWSHSM

HSM

Common Criteria EAL4+ NIST FIPS 140-2

Amazon

HAHSM

US East (Virginia) US West (Oregon) EU (Ireland) Asia Pacific (Sydney)


HSM

HSMNATCloudHSM NATCloudHSM

Volume, object, database encryption

Signing / DRM / apps

EC2

SYNC

EBS

S3

Amazon S3

Amazon Glacier


AWS Cloud Trail

AWSAmazonS3

MFA Delete

AWSID


AWS Inspector

API

Inspector


AWS Inspector

OS

PCI DSS 3.0


AWS Config

(http://aws.amazon.com/jp/config/) AWS AWS

(http://aws.amazon.com/jp/config/pricing/) 1 0.003 USD Amazon S3 Amazon SNS


AWS Config Rules

AWS Config- AWS


AWS Config Rules

AWS Config- AWS

EBS EC2 Elastic IP address(EIP)


AWS Config Rules

AWS Config Govcloud

AWS Config Rules


VPC Flow LogsCloudWatch LogsPublish

/

ACLaccepted/reject

(10)

RDS, RedshiftElasticCacheWorkSpaces

(Cloudwatch Logs


VPC Flow Logs

IP


ACL

Log Group

CloudWatch Logs

(ENI)

Log Stream

VPC Flow LogsVPC


AWS

AWS

AWS

AWS

AWS



Amazon VPC(Virtual Private Cloud)

MFA(Multi Factor Authentication)

IAM(Identity and Access Management)

AWS


AWS

()

OS

+Customer

OS


OS

DMZIDS/IPS

Web (SQL Injection, XSS, CSRF)

Web Application Firewall (WAF)Web

IDS/IPSWAFOSON(AWSCloudTrail)


OS

IPS IPS

IDS/IPS()IDS/IPS

IDS/IPSIDS/IPS


Web

WAF

IDS/IPSWebWAF

AWS http://aws.clouddesignpattern.org/


AWS WAF

CloudFrontWeb

URIHTTPHTTPIP(Conditions)

1WebACL5 11 1000.6

http://aws.typepad.com/aws_japan/2015/10/waf.html


Web

SQL (XSS) (CSRF)

OWASP Top10 https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf


AWS

Web Web

WAF APN

OS

IDS/IPS

APN

IP

VPCNACL

Amazon VPC ()

AWS

AWS IAMAWS CloudTrail

DDoSMITM()

DDoS

DC


You can enforce consistent security on your hosts

Launch instanc

e EC2

AMI catalogue Running instance Your instance

Hardening

Audit and logging

Vulnerability management

Malware and HIPS

Whitelisting and integrity

User administration

Operating system

Configure

instance

You control the configura0on of your EC2 compute instances and can configure and harden opera0ng environments to your own specs Use host-based protection software Apply best-practice top 5 mitigation strategies! Think about how you will manage administrative users Restrict access as much as possible Build out the rest of your standard security environment Connect to your existing services, e.g. SIEM


AWS

AWS

AWS

AWS

AWS



Design

Reference Architecture

People

Instance

Database

Storage & Content

Network

Platform

Manage Monitor


People

Mon

itor

Man

age

Network

Storage & Content

Instance

Database

Platform

Des

ign


Including Capabilities & Controls for Each ComponentPeople

Mon

itor

Man

age

Network

Storage & Content

Instance

Database

Log, Aud

it, & Analyze

Mon

itor &

Alert

Pla9orm

Amazon CloudWatch

Amazon SNS No0fica0ons

AWS Abuse No0fica0ons

Trusted Advisor

Amazon EMR

Amazon Kinesis

S3, ELB, CloudFront Access Logs

Applica0on Logs

Database Logs

Opera0ng System Logs

AWS Internet Security VPC Peering

Security Groups

VPC VPN Gateway VPC Subnets

VPC NACLs VPC Rou0ng Tables

Direct Connect

Geographic Diversity

S3 ACLs, Bucket Policies

S3, Glacier Server-Side Encryp0on

S3 MFA Delete Lifecycle Rules CloudFront Custom SSL S3, Glacier SSL

S3 Object Metadata

Storage Gateway SSL

CloudFront Signed URLs

Auto Scaling SSH Keys

Bas0on Host

Bootstrapping

Amazon Machine Images (AMIs)

CloudFront Load Distribu0on

Penetra0on Tes0ng Process

Oracle Transparent Data

Encryp0on

MS-SQL SSL Oracle NNE

Redshfit Cluster Encryp0on

RDS Auto Minor Patching

MS-SQL Transparent Data

Encryp0on

DynamoDB SSL

EMR Job Flow Roles

Access Policy Language

AWS SAs & ProServe

AWS Sales, Support, TAM

Security Opera0ons Center

Elas0c Beanstalk Rolling Patching

MySQL SSL PostgreSQL SSL

SimpleDB SSL

Redshi] Encrypted S3 Backups

DynamoDB Fine Grained Access

Route 53 Health Checks

Access Policy Simulator Au

then

0cate & Autho

rize

IAM Users, Groups & Roles

IAM MFA

AWS Marketplace Offerings

IAM STS Federa0on

IAM Password Policy

IAM SAML 2.0

IAM Web Iden00es

S3 Object Versioning S3 Object ETags

AWS Forums & Documenta0on

AWS Service Level Agreements

AWS Training & Cer0fica0on

AWS CloudTrail

Server Cer0ficates

AWS System Integra0on Partners

Resource-Level Permissions

Client-Side Encryp0on

CloudFront Geoloca0on AWS CloudHSM

Amazon Redshi]

HIPAA SOC 1 / 2 / 3 PCI DSS Level 1 ISO 27001 FedRAMP DIACAP and

FISMA ITAR FIPS 140-2 CSA MPAA

AWS Assurance Programs

Organize

, Dep

loy, & Ope

rate

AWS OpsWorks

AWS CloudForma0on

Resource Tagging

Snapshots & Replica0on

AWS Elas0c Beanstalk

Design

Overview of Security Processes

Logging in AWS

Whitepape

rs

Governance for AWS

AWS Webinars & Videos

AWS Security Best Prac0ces

AWS Security Test Drive Labs

Opera0onal Checklists for

AWS

Security for Microso] Apps

on AWS

Plan

AWS Compliance Forum

AWS Simple Monthly Calculator

AWS Reference Architectures

AWS Risk and Compliance

AWS Audi0ng Security Checklist

Customer & Partner

Whitepapers

Dedicated Instances

Cross-Region Backups/Replica0on

Route 53 Failover Thresholds

ELB Perfect Forward Secrecy

ELB SSL

ELB SSL Security Policies


Align with Familiar Enterprise Security Models

Policies and Standards Threat Intelligence Anticipate

Access Control Network Architecture Active Response

Deter

IDS Log analysis Alerting Security Operations Center

Detect

Incident Response to Compromise Respond

Disaster Recovery/BCP Known Good State Forensics

Recover

Confidentiality

Integrity

Availability

Identity

Authentication

Authorization

Audit

Security Fundamentals Security Capabilities Framework


"Anticipate" ObjectivePeople

Mon

itor

Man

age

Network

Storage & Content

Instance

Database

Log, Aud

it, & Analyze

Mon

itor &

Alert

Pla9orm

Amazon CloudWatch



Trusted Advisor

Amazon EMR

Amazon Kinesis


Applica0on Logs

Database Logs



Security Groups



Direct Connect





S3 Object Metadata

Storage Gateway SSL



Bas0on Host

Bootstrapping





Encryp0on





Encryp0on

DynamoDB SSL

EMR Job Flow Roles


AWS SAs & ProServe





SimpleDB SSL





then

0cate & Autho

rize


IAM MFA


IAM STS Federa0on

IAM Password Policy

IAM SAML 2.0

IAM Web Iden00es





AWS CloudTrail

Server Cer0ficates





Amazon Redshi]




Organize

, Dep

loy, & Ope

rate

AWS OpsWorks

AWS CloudForma0on

Resource Tagging



Design


Logging in AWS

Whitepape

rs

Governance for AWS





AWS


on AWS

Plan






Customer & Partner

Whitepapers

Dedicated Instances




ELB SSL



"Deter" ObjectivePeople

Mon

itor

Man

age

Network

Storage & Content

Instance

Database

Log, Aud

it, & Analyze

Mon

itor &

Alert

Pla9orm

Amazon CloudWatch



Trusted Advisor

Amazon EMR

Amazon Kinesis


Applica0on Logs

Database Logs



Security Groups



Direct Connect





S3 Object Metadata

Storage Gateway SSL



Bas0on Host

Bootstrapping





Encryp0on





Encryp0on

DynamoDB SSL

EMR Job Flow Roles


AWS SAs & ProServe





SimpleDB SSL





then

0cate & Autho

rize


IAM MFA


IAM STS Federa0on

IAM Password Policy

IAM SAML 2.0

IAM Web Iden00es





AWS CloudTrail

Server Cer0ficates





Amazon Redshi]




Organize

, Dep

loy, & Ope

rate

AWS OpsWorks

AWS CloudForma0on

Resource Tagging



Design


Logging in AWS

Whitepape

rs

Governance for AWS





AWS


on AWS

Plan






Customer & Partner

Whitepapers

Dedicated Instances




ELB SSL



"Detect" ObjectivePeople

Mon

itor

Man

age

Network

Storage & Content

Instance

Database

Log, Aud

it, & Analyze

Mon

itor &

Alert

Pla9orm

Amazon CloudWatch



Trusted Advisor

Amazon EMR

Amazon Kinesis


Applica0on Logs

Database Logs



Security Groups



Direct Connect





S3 Object Metadata

Storage Gateway SSL



Bas0on Host

Bootstrapping





Encryp0on





Encryp0on

DynamoDB SSL

EMR Job Flow Roles


AWS SAs & ProServe





SimpleDB SSL





then

0cate & Autho

rize


IAM MFA


IAM STS Federa0on

IAM Password Policy

IAM SAML 2.0

IAM Web Iden00es





AWS CloudTrail

Server Cer0ficates





Amazon Redshi]




Organize

, Dep

loy, & Ope

rate

AWS OpsWorks

AWS CloudForma0on

Resource Tagging



Design


Logging in AWS

Whitepape

rs

Governance for AWS





AWS


on AWS

Plan






Customer & Partner

Whitepapers

Dedicated Instances




ELB SSL



"Respond" ObjectivePeople

Mon

itor

Man

age

Network

Storage & Content

Instance

Database

Log, Aud

it, & Analyze

Mon

itor &

Alert

Pla9orm

Amazon CloudWatch



Trusted Advisor

Amazon EMR

Amazon Kinesis


Applica0on Logs

Database Logs



Security Groups



Direct Connect





S3 Object Metadata

Storage Gateway SSL



Bas0on Host

Bootstrapping





Encryp0on





Encryp0on

DynamoDB SSL

EMR Job Flow Roles


AWS SAs & ProServe





SimpleDB SSL





then

0cate & Autho

rize


IAM MFA


IAM STS Federa0on

IAM Password Policy

IAM SAML 2.0

IAM Web Iden00es





AWS CloudTrail

Server Cer0ficates





Amazon Redshi]




Organize

, Dep

loy, & Ope

rate

AWS OpsWorks

AWS CloudForma0on

Resource Tagging



Design


Logging in AWS

Whitepape

rs

Governance for AWS





AWS


on AWS

Plan






Customer & Partner

Whitepapers

Dedicated Instances




ELB SSL



"Recover" ObjectivePeople

Mon

itor

Man

age

Network

Storage & Content

Instance

Database

Log, Aud

it, & Analyze

Mon

itor &

Alert

Pla9orm

Amazon CloudWatch



Trusted Advisor

Amazon EMR

Amazon Kinesis


Applica0on Logs

Database Logs



Security Groups



Direct Connect





S3 Object Metadata

Storage Gateway SSL



Bas0on Host

Bootstrapping





Encryp0on





Encryp0on

DynamoDB SSL

EMR Job Flow Roles


AWS SAs & ProServe





SimpleDB SSL





then

0cate & Autho

rize


IAM MFA


IAM STS Federa0on

IAM Password Policy

IAM SAML 2.0

IAM Web Iden00es





AWS CloudTrail

Server Cer0ficates





Amazon Redshi]




Organize

, Dep

loy, & Ope

rate

AWS OpsWorks

AWS CloudForma0on

Resource Tagging



Design


Logging in AWS

Whitepape

rs

Governance for AWS





AWS


on AWS

Plan






Customer & Partner

Whitepapers

Dedicated Instances




ELB SSL



AWS

AWS

AWS

AWS

AWS

AWS