Monday, December 8, 2014

Amazon AWS re:invent 2014 highlights

Videos from AWS re:invent worth watching:

Must to know:

Advance Usage of AWS CLI:


Deploy High Availability & DR with AWS:

Infrastructure as a code:

From One to Many: Evolving VPC Design:


Intrusion detection in the Cloud

Delegating Acccess to you AWS environment



Creating Your virtual Data Center(VPC)

Black-Belt Networking for the cloud Ninja:

Amazon VPC Deep Dive

Amazon EC2 Networking Deep Dive and Best Practices:

Elastic Load Balancing Deep Dive


Maximizing Amazon S3 performance:


Amazon CloudWatch Deep Dive:


Lessons Learned and the best Practices for running Hadoop on AWS:

Amazon EMR Deep Dive and Best Practices:

Need more? Sure!

Bunch of other videos to explore on AWS Youtube channel :

And on aws blog:

Amazon AWS re:invent 2014. Cloud security for Enterprise

Amazon AWS re:invent 2014 from infosec point of view in one sentence:
 Giant step towards  Enterprise market and by adding following services.

- AWS Directory Service:  
             "AWS Directory Service is a managed service that allows you to connect your AWS resources with an existing on-premises Microsoft Active Directory or to set up a new, stand-alone directory in the AWS Cloud." 

- AWS Key Management Service
      " AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys."
Nor forget about AWS CloudHSMservice:

- AWS Config
Finaly! - configuration management for AWS. "WS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance."

- AWS Service Catalog
 Narrow variety of AWS services to the list of services your company use and present this as a cusom portal for your employee. " AWS Service Catalog is a service that allows administrators to create and manage approved catalogs of resources that end users can then access via a personalized portal."

The following two services allows you to build centralized log collectors with kind very primitive  SIEM (Cloudwatch alarms) in AWS:
Amazon CloudWatch Logs : "You can now use Amazon CloudWatch to monitor and troubleshoot your systems and applications using your existing system, application, and custom log files. You can send your existing log files to CloudWatch Logs and monitor these logs in near real-time."
AWS CloudTrail integration with CloudWatch:  "This integration enables you to receive SNS notifications from CloudWatch, triggered by specific API activity captured by CloudTrail. With SNS notifications, you can take immediate action when a pattern of interest is detected."

Encryption on any storage:
S3 data encryption 
RDS (Relationship Database service) encryption:
1. Using EBS built-in encryption
2. Use DB specific encryption: 

Infosec certifications: SAS70, ISO27001, PCI DSS, DoD CSM