View
217
Download
1
Embed Size (px)
AWS
2016 8
(
http://aws.amazon.com/security
)
http://aws.amazon.com/security
2016, Amazon Web Services, Inc. or its affiliates.All rights reserved.
AWS
AWS
AWS
AWS
The responsibilities and liabilities of AWS to its customers are controlled by
AWS agreements, and this document is not part of, nor does it modify, any
agreement between AWS and its customers.
1
1
AWS 3
AWS 5
IAM 5
6
AWS 7
9
14
15
Trusted Advisor 16
AWS 17
AWS ISMS 19
AWS IAM 22
AWS 23
IAM 24
IAM 25
AWS 26
IAM 27
Amazon EC2 IAM 29
30
ID 31
Amazon EC2 OS 33
35
36
37
39
Amazon S3 40
Amazon EBS 42
Amazon RDS 44
Amazon Glacier 47
Amazon DynamoDB 47
Amazon EMR 48
50
51
AWS
52
AWS 55
Amazon S3 56
Amazon RDS 56
Amazon DynamoDB 57
Amazon EMR 58
59
AMI 61
63
64
AMI 65
65
68
73
75
Amazon Virtual Private Cloud (VPC) 75
78
83
: DNSNTP 85
88
92
93
DoS & DDoS 95
99
104
105
105
107
107
108
109
1/110
(AWS)
AWS Information
Security Management System (ISMS)
AWS
AWS
IT
(AWS)
AWS
2016 8
2/110
AWS
AWS
AWS
AWS
Information Security Management System (ISMS)
AWS
ISMS http://www.27000.org/iso-27001.htm
ISO 27001 ISMS AWS
AWS
http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdfhttp://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdfhttp://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdfhttp://www.27000.org/iso-27001.htm
AWS
2016 8
3/110
http://aws.amazon.com/documentation
AWS )
AWS
AWS
AWS ISMS
AWS ISMS AWS
AWS
AWS
AWS
1 Identity and
Access Management (IAM) AWS
AWS
http://aws.amazon.com/documentation
AWS
2016 8
4/110
Amazon Elastic Compute Cloud (Amazon EC2)
AWS
ISMS AWS
AWS ISMS
Amazon EC2
Amazon AMI
AWS
http://aws.amazon.com/compliance/#third-
party
http://aws.amazon.com/compliance/#third-partyhttp://aws.amazon.com/compliance/#third-party
AWS
2016 8
5/110
AWS
AWS AWS
AWS
AWS
()
IAM
IAM AWS
1 IAM
AWS
AWS AWS (E
)
AWS
AWS (
ID )
(CLI)AWS SDK API
AWS
http://media.amazonwebservices.com/AWS_Risk_and_Compliance_Whitepaper.pdfhttp://media.amazonwebservices.com/AWS_Risk_and_Compliance_Whitepaper.pdf
AWS
2016 8
6/110
IAM AWS
URL
AWS
IAM
AWS
IAM
AWS AWS
IAM
AWS
AWS
AWS ()
http://docs.aws.amazon.com/IAM/latest/UserGuide/WhatUsersNeedToKnow.htmlhttp://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.htmlhttp://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html
AWS
2016 8
7/110
2 (
)
(ISP)
(LAN)
AWS AWS
(API)
(CLI)
AWS
()
AWS
AWS
AWS
3
https://aws.amazon.com/console
AWS
2016 8
8/110
: Amazon EC2
Amazon Elastic Block Store (Amazon
EBS)Auto ScalingAmazon Virtual Private Cloud (Amazon VPC)
: Amazon
EC2
AWS
IAM
ID
Amazon Relational Database Services (Amazon RDS)Amazon
Elastic Map Reduce (Amazon EMR)AWS Elastic Beanstalk
AWS
2016 8
9/110
:
Amazon Simple Storage
Service (Amazon S3)Amazon GlacierAmazon DynamoDBAmazon
Simple Queuing Service (Amazon SQS)Amazon Simple Email Service
(Amazon SES)
AWS API
AWS
IAM
Amazon EC2Amazon EBSAmazon VPC
AWS
AWS
1
AWS
2016 8
10/110
1:
AWS
AWS
AWS
AWS
AWS
AWS
2016 8
11/110
AWS
Amazon EC2
OS
AWS
AWS
EC2
AWS
AMI Amazon EC2
Secure Shell (SSH) Windows (RDP)
Amazon EC2
Amazon EC2
X.509 Microsoft Active Directory
AWS
2016 8
12/110
EC2 AWS Amazon EC2
RSA
Amazon EC2
EC2
AWS IAM
AWS
EC2
OpenSSL Amazon EC2
AWS
AWS Amazon EC2
RSA
Amazon
EC2
AWS
cloud-init Amazon EC2 Linux
AWS AMI Amazon EC2
~/.ssh/authorized_keys
AWS
2016 8
13/110
~/.ssh/authorized_keys Amazon
EC2 ID
(ec2-user )
SSH Amazon EC2 Linux
ec2config Amazon EC2 Windows
AWS AMI ec2config
Amazon EC2
AWS
Amazon EC2
Windows
Amazon EC2
Windows
AWS Amazon EC2 Amazon EC2
LDAP
Active Directory Amazon EC2
AWS
2016 8
14/110
AWS Amazon RDS Amazon EMR
AWS Amazon RDS for Oracle
Oracle
AWS AWS
Amazon RDS
(BC/DR)
AWS
Amazon RDS RDS
Amazon EMR Amazon EMR Amazon EC2
2
2:
AWS
2016 8
15/110
Amazon S3 Amazon DynamoDB
AWS
Amazon S3 DynamoDB IAM
() IAM
ACL
IAM / ID
Amazon S3
HTTPS
3 AWS
3:
AWS
2016 8
16/110
Trusted Advisor
AWS Trusted Advisor
Amazon
EC2 Trusted Advisor
Trusted Advisor
22 (SSH)23 (Telnet) 3389 (RDP)
5500 (VNC)
1433 (MSSQL Server)1434 (MSSQL Monitor)
3306 (MySQL)Oracle (1521)5432 (PostgreSQL)
AWS IAM
AWS 2 Multi-Factor
Authentication (MFA)
AWS
2016 8
17/110
AWS
ISMS
(////
)
2
()
(
)
AWS
2016 8
18/110
1
e EC2Elastic Load
BalancingRDS
/
e PCI
AWS PCI
(COO) Amazon RDS
IT
(COO) S3Glacier IT
HR HR EC2S3RDS
IT
AWS Direct Connect
(CIO)
AWS Direct Connect
BI EMRRedshiftDynamo
DBS3
(COO) BI
BI
LDAP IT EC2IAM
Windows AMI EC2
1:
AWS
2016 8
19/110
AWS ISMS
AWS
(ISMS)
2 AWS ISMS
ISMS ISO 27001
1
AWS
( AWS
)
AWS
2016 8
20/110
2 ISMS
3
IT
(
)
AWS
OCTAVE (Operationally Critical Threat, Asset,
and Vulnerability Evaluation)ISO 31000:2009 Risk Management
ENISA (European Network and Information Security Agency)IRAM
(Information Risk Analysis Methodology)NIST (National Institute of
Standards & Technology) Special Publication (SP) 800-30 rev.1 Risk
Management Guide
4
AWS
AWS
2016 8
21/110
5
6
7
ISO 27002NIST SP 800-
53COBIT (Control Objectives for Information and related Technology)
CSA-CCM (Cloud Security Alliance-Cloud Control Matrix)
8
ISMS
9
2: ISMS
AWS
2016 8
22/110
AWS IAM
ISMS
IAM AWS IAM
AWS
IAM
AWS AWS
AWS AWS AWS
AWS
AWS AWS
AWS
1 AWS
AWS IAM
AWS
2016 8
23/110
IAM IAM
AWS IAM AWS
CLI API
AWS
IAM
AWS
AWS
AWS
3
AWS
3
AWS
AWS
1
AWS
AWS
AWS
2016 8
24/110
AWS
(DNS
Active Directory ) AWS 1
AWS
3: AWS
IAM
IAM
IAM
IAM AWS AWS
IAM
ID
AWS
2016 8
25/110
IAM
IAM 1 AWS IAM
IAM
AWS
IAM
IAM 1 IAM AWS
IAM
IAM
John IAM
Archives Amazon S3
John
Archives John
Sally Betty Archives
JohnSallyBetty 3
JohnSallyBetty 3
IAM AWS
1
AWS
AWS
2016 8
26/110
AWS
AWS IAM ID
ID 2
1 AWS AWS
1 AWS API
4 2
/ AWS E
IAM AWS
IAM
(
)
MFA AWS Multi-Factor Authentication (MFA)
MFA
AWS
( 1 )
MFA ( 2
) MFA S3
AWS
AWS IAM
MFA
AWS Gemalto MFA
MFA
4:
AWS
2016 8
27/110
5 API
AWS API
ID
AWS
AWS IAM
2
API
Recommended
View more >
