7 AWS Deadly Sins
A presentation at AWS Berlin UG April 2022 by Bruno Amaro Almeida
7 AWS Deadly Sins The seven most common pitfalls - security, governance, architecture - I experienced after designing, reviewing and developing several AWS solutions Bruno Amaro Almeida AWS UG Berlin Photo by Glen Carrie on Unsplash April 2022
Hello! About me Head of Technology & Architecture at Fortum Independent Consultant in Cloud, Security and Data Bruno Amaro Almeida Head of Technology & Architecture brunoamaro.com Reach out on: @bruno_amaro @brunoamaroalmeida
1# new AWS accounts need love 💚 Three critical steps: 1. Enable MFA for Root account 2. Use AWS IAM 3. Enable AWS Cloud Trail 3 @bruno_amaro
#2 Make Cost management a priority • Enable AWS Budgets & Billing Alarms • Use AWS Cost Explorer (or similar) • Cloud costs as part of the technology governance • Give cost visibility to the development team https://iamondemand.com/blog/how-to-get-the-most-out-of-the-aws-cost-management-tools/ 4 @bruno_amaro
#3 Lack of Multi-Account Governance • Ownership • Limit incident blast radius • Healthy service limits • Set Guardrails and a Landing Zone • Define Service Control Policies • Consolidated billing 5 @bruno_amaro
#4 Missing Infrastructure as Code practices • Re-deployable infrastructure • Scalable • Documented • Maintainable https://speaking.brunoamaro.com/yUeFUQ/deployment-automation-for-an-awsserverless-project-sam-vs-cloudformation-vs-terraform 6 @bruno_amaro
#5 Not using IAM properly • Users == Humans or non-AWS resources • Least privilege policies • Avoid using Inline and AWS managed policies • Use AWS SSO > IAM Roles if possible • Leverage AWS IAM Access Analyzer 7 @bruno_amaro
#6 Encryption & Secrets • Big impact on increasing security • Minimal cost impact (time and operational) • Compliance 8 @bruno_amaro Photo by Jordan Hopkins on Unsplash
#7 Missing out on interesting data Out-of-the-box data: • AWS Cloudtrail • AWS VPC Flow Logs • AWS ELB Access Logs Use cases: • Troubleshooting • Auditing & Compliance https://aws.amazon.com/guardduty/ • Analytics • SIEM 9 @bruno_amaro
Well-Architected Framework https://aws.amazon.com/architecture/well-architected/ 10 @bruno_amaro
Thanks! Questions? Feedback? Bruno Amaro Almeida Head of Technology & Architecture brunoamaro.com Reach out on: @bruno_amaro @brunoamaroalmeida
The seven most common pitfalls - #security, #governance, #architecture - I experienced after designing, reviewing and developing several Amazon Web Services (AWS) solutions.
