One of the most important leading features that Amazon Web Services released on 2011 was the VPC. Together with the IAM (Identity Access Management) It helps the enterprise to deploy a more secure and robust environment inside the amazing AWS public cloud. Before the VPC, all the AWS computing nodes were exposed to the internet without the option to protect specific instances that include critical service and data. The security groups were a good tool to support security separation of instances though it was never enough and include a great amount of custom work. With VPC the public cloud consumer can create a private secured portion that easily communicate with the public resources. These slides present best practice on how to manage IAM and an example of VPC deployment with a secure integration with the the on-premise resources.
AWS Security Groups
What happens behind the scenes in your cloud over Labor Day Weekend? Before you start thinking about lighting up the BBQ, make sure that your AWS cloud is under control and not creating unexpected surprises for Tuesday morning.
AWS offers an amazing pay-as-you-go cloud infrastructure solution. Yet finding the right balance between configuring and maintaining a cloud that is ready to meet your exact business needs can be a challenge in itself. Since we launched our private beta of Newvem Analytics, we’ve analyzed nearly 900 unique AWS clouds and have seen significant parallels between waste and holiday events.
On Memorial Day weekend, we discovered on average, a 12% increase in the amount of idle instances across our users’ clouds, as well as a 10% increase in instances with idle CPU. For heavy AWS users, just one of these small changes can easily result in $10Ks in wasted spend. More importantly, you probably won’t find out about, let alone be ready to handle, a potential problem until Tuesday morning. For this Labor Day Weekend, how can you ensure you won’t underspend if demand ramps up? And, conversely, how can you ensure you won’t overspend if business slows down over the holiday?
Here are 5 best practices you should consider to help make your Labor Day Weekend ‘Cloud-Care-Free”.
In this guide we will show you how to create and update IAM users and groups including how to configure and attach a new policy to an existing IAM group. We invite you to learn how create a new IAM user.
In this guide we will create the group ‘testIAMGrp’ without any policy at first.
This presentation brougt to you by Jeff Barr, Senior Evangelist at Amazon Web Services. If you are new on AWS elastic compute cloud, this presentation includes some important basics on AWS EC2 includes a nice classification of the different instances types (by EC2 compute units and memory).It also includes what’s EC2 security group, Elastic IP, Elastic load balancer(ELB), CloudWatch, EBS and Auto-scalinng.
What’s Newvem? Click here to learn more
This presentation will help you to get started with AWS EC2. Supported by the first part supports, the second part of the presentation elaborates on AWS Beanstalk - put all the EC2 components together under the same roof. The third and last part of the presentation details how to to use AWS Elastic Beanstalk with Git-based deployment of a PHP application.
Keywords: Amazon web services, Amazon AWS console, Amazon AWS instances, EC2 Service, Amazon cloud computing, EC2 EBS, AWS elastic IP, CloudWatch, AWS Management Console, Elastic Load Balancer, AWS Elastic Beanstalk, AWS Platform, Availability zones
What’s your first priority cloud security concern ?
From an attacker’s perspective, cloud providers aggregate access to many victims’ data into a single point of entry. As the cloud environments become more and more popular, they will increasingly become the focus of attacks. Some organizations think that liability can be outsourced, but no, it cannot! This presentation will answer questions such as what are the key security challenges for new cloud comers. What are the options and how you can start with a safe cloud deployment?
- The different Cloud security aspects
- The cloud vendor versus the cloud customer - the responsibility perception
- How Newvem helps its customers to avoid AWS cloud security vulnerabilities leveraging eco-system of cloud vendors.
Keywords: Amazon AWS Cloud services, Security group, Shared AMI, Amazon Machine Image, Cloud IP ports, Database Ports, AWS Security vulnerabilities, AWS Firewall, Compliance, AWS Complexity, Dome9 cloud security, EC2, Security Policy, Cloud Security Management
AWS cloud products facilitate the way you can easily and in a reasonable time, deploy a scalable online service on Amazon cloud infrastructure. The slides include schemes that deal with the different cloud aspects such as elasticity, performance and security. The architectures demonstrated uses some advanced AWS products such as Auto-scaling, RDS, Route53 and much more. The presentation is a bit long, take your time and you will find these AWS features that can help you understand how to get more of your AWS cloud account.
AWS Shared Security Model - Slideshare presentation brought to you by the AWS cloud guys. The presentation gives a nice basic overview on AWS Security including the “Shared responsibility model”, features and products. If you are new on AWS this is a must in order to quickly understand what are the public cloud vendor’s expectation and will support your plans to move and utilizing the public cloud while outsourcing part of your IT security.
The Amazon EC2 service allows users to add and remove instances dynamically for the purpose of scalability. However, the above mentioned scalability need and auto addition of instances can cause issues for firewall configuration and maintenance, which traditionally rely on IP addresses, subnet ranges or DNS host names as the basis for the firewall rules.
The Amazon EC2 provides a firewall to assign to the EC2 instances. The AWS EC2 firewall is configured through the user-defined groups. A security group defines the firewall rules for the user’s instances. The above mentioned rules specify which ingress (i.e., incoming) network traffic should be delivered to the user’s instance. Subsequently, all other ingress traffic will be discarded. The ingress rule can be specified for an IP range. This provides for higher security as the user can allow traffic on certain ports (e.g. SSH, RDP, DB Port) from selected IPs only.
The present guide demonstrates how to add or remove an ingress rule for a security group.