easily govern and audit your aws resources
TRANSCRIPT
![Page 1: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/1.jpg)
Easily Govern and Audit your AWS Resources
Liron Dor
Technical Account Manager
![Page 2: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/2.jpg)
Topics
CloudTrail.
Config.
Config Rules.New
![Page 3: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/3.jpg)
Improving AWS Account Visibility
Re:Invent 2013 Re:Invent 2014 Re:Invent 2015
CloudTrail
Identify Individual Preforming
Actions Within the Account
Config
Identify Which configuration
changes have been made
Config Rules
Set Up Rules to Check
Configuration Changes
![Page 4: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/4.jpg)
What is CloudTrail
CloudTrail continuously recording API Calls.
Deliver and Store log files.
View 7 Days Log through Management Console / API and Use Filter.
Monitor and receive alarms through CloudWatch.
![Page 5: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/5.jpg)
Use cases enabled by CloudTrail
Perform security analysis.
Troubleshoot operational issues.
Compliance aid for auditors.
Automate correction actions on detected issues.
![Page 6: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/6.jpg)
What can you answer using a CloudTrail event?
Who made the API call?
When was the API call made?
What was the API call?
Which resources were acted up on in the API call?
Where was the API call made from and made to?
![Page 7: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/7.jpg)
What does an event look like?{
"eventVersion": "1.01",
"userIdentity": {
"type": "IAMUser", // Who?
"principalId": "AIDAJDPLRKLG7UEXAMPLE",
"arn": "arn:aws:iam::123456789012:user/Alice", //Who?
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "Alice",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2014-03-18T14:29:23Z"
}
}
},
"eventTime": "2014-03-18T14:30:07Z", //When?
"eventSource": "cloudtrail.amazonaws.com",
"eventName": "StartLogging", //What?
"awsRegion": "us-west-2",//Where to?
"sourceIPAddress": "72.21.198.64", // Where from?
"userAgent": "AWSConsole, aws-sdk-java/1.4.5 Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx",
"requestParameters": {
"name": "Default“ // Which resource?
},// more event details
}
![Page 8: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/8.jpg)
Using CloudWatch Logs and Alarms
Log specific event recorded by CloudTrail.
Receive notification from CloudWatch Alarms.
Popular examples based on customer feedback:
Changes to Security groups and VPCs.
Changes to IAM policies or S3 bucket policies.
Changes to EC2 instances.
Failed AWS Management Console sign-in events.
![Page 9: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/9.jpg)
Demo – CloudTrail and CloudWatch Logs
![Page 10: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/10.jpg)
What does an email notification look like?
![Page 11: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/11.jpg)
Additional CloudTrail Capabilities
Aggregate log files across multiple accounts in one bucket.
Encrypted CloudTrail log files using SSE-KMS
Validate the integrity of log files New
New
![Page 12: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/12.jpg)
CloudTrail Take Away
Turn on CloudTrail for all your accounts in all regions.
Use CloudTrail for Security and Operational issues.
Use CloudWatch Log Alarms for events detection.
Checkout Partner Solutions.
Consider Utilizing Additional Logs: ELB Logs, VPC Flow Logs, S3 Logs.
![Page 13: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/13.jpg)
AWS Config
Record configuration changes continuously.
Capturing the state of your AWS resources using “Configuration Items”.
“Configuration Item” contains all configuration attributes for a resource.
Capturing the relationship between resources.
Discover Resources that exists / deleted from your account.
![Page 14: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/14.jpg)
AWS Config Rules
Validate configuration record.
Enforce Customers Best Practices and Procedures.
The Config rule evaluation result is always compliant or non compliant.
![Page 15: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/15.jpg)
AWS Config Rules Types and Triggers
2 Rule Types:
AWS Managed Rules.
Custom Rules.
Supported Rule Triggers:
By Change (Resource ID, Resource type or Specific Tag).
Periodically.
![Page 16: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/16.jpg)
Config & Config Rules Use Cases
Security Analysis – Am I safe?
Audit Compliance – Where is the evidence?
Change Management – What will this change affect?
Troubleshoot – What has changed?
Resource Discovery – What resources exist?
![Page 17: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/17.jpg)
Demo – Config Rules
![Page 18: Easily Govern and Audit your AWS Resources](https://reader031.vdocuments.us/reader031/viewer/2022022414/587543331a28abb8208b56b9/html5/thumbnails/18.jpg)
Thank You