7 AWS Deadly Sins

A presentation at AWS Community Summit Online UK 2021 by Bruno Amaro Almeida

Hello! About me Head of Technology & Architecture at Fortum Advisor / Architect Consulting 💡 Areas of interest > Cloud, DevOps, Security, Data Engineering & AI 📚 Avid learner > 12xAWS, 2xAzure, 1xGCP ✍ Author > AWS Security Specialty course Bruno Amaro Almeida Head of Technology & Architecture brunoamaro.com Reach out on: @bruno_amaro @brunoamaroalmeida

1# new AWS accounts need love 💚 Three critical steps: 1. Enable MFA for Root account 2. Use AWS IAM 3. Enable AWS Cloud Trail 3 @bruno_amaro

#2 Make Cost management a priority • Enable AWS Budgets & Billing Alarms • Use AWS Cost Explorer (or similar) • Cloud costs as part of the technology governance • Give cost visibility to the development team https://iamondemand.com/blog/how-to-get-the-most-out-of-the-aws-cost-management-tools/ 4 @bruno_amaro

#3 Lack of Multi-Account Governance • Ownership • Limit incident blast radius • Healthy service limits • Set Guardrails and a Landing Zone • Define Service Control Policies • Consolidated billing 5 @bruno_amaro

#4 Missing Infrastructure as Code practices • Re-deployable infrastructure • Scalable • Documented • Maintainable https://speaking.brunoamaro.com/yUeFUQ/deployment-automation-for-an-awsserverless-project-sam-vs-cloudformation-vs-terraform 6 @bruno_amaro

#5 Not using IAM properly • Users == Humans or non-AWS resources • Least privilege policies • Avoid using Inline and AWS managed policies • Use AWS SSO > IAM Roles if possible • Leverage AWS IAM Access Analyzer 7 @bruno_amaro

#6 Encryption & Secrets • Huge security impact • Minimal cost impact (time and operational) • Compliance 8 @bruno_amaro Photo by Jordan Hopkins on Unsplash

#7 Missing out on interesting data Out-of-the-box data: • AWS Cloudtrail • AWS VPC Flow Logs • AWS ELB Access Logs Use cases: • Troubleshooting • Auditing & Compliance https://aws.amazon.com/guardduty/ • Analytics • SIEM 9 @bruno_amaro

Well-Architected Framework • Five core pillars • Additional Lens: Serverless, Machine Learning, Analytics, IoT, … https://aws.amazon.com/architecture/well-architected/ 10 @bruno_amaro

Thanks! Questions? Feedback? Bruno Amaro Almeida Head of Technology & Architecture brunoamaro.com Reach out on: @bruno_amaro @brunoamaroalmeida

Bruno Amaro Almeida
@brunoamaroalmeida

1 / 11

The seven most common pitfalls - #security, #governance, #architecture - I experienced after designing, reviewing and developing several Amazon Web Services (AWS) solutions.

Video

Buzz and feedback

Here’s what was said about this presentation on social media.

🗣️ 7 #AWS Deadly Sins at @AWScomsum

The seven most common pitfalls - #security, #governance, #architecture - I experienced after designing, reviewing and developing several @awscloud solutions

👉 https://t.co/4ofgnvj3w1
— Bruno Amaro Almeida (@bruno_amaro) March 4, 2021
I am going live soon on @AWScomsum for an @awscloud architecture roundtable discussion on the elements of a modern #AWS application.

Topics: Security, Management, Governance, Data Strategy, ..

Join the stream directly via the link below 👇 https://t.co/k9ON6AUzi4
— Bruno Amaro Almeida (@bruno_amaro) March 4, 2021

7 AWS Deadly Sins

Link for this presentation:

HTML code for embedding:

Share on social media:

Video

Buzz and feedback