Till Kahlbrock, Soenke Ruempler | 09.09.2019 Community Day 2019 - - PowerPoint PPT Presentation

till kahlbrock soenke ruempler 09 09 2019 community day
SMART_READER_LITE
LIVE PREVIEW

Till Kahlbrock, Soenke Ruempler | 09.09.2019 Community Day 2019 - - PowerPoint PPT Presentation

Oct 28, 2023 172 likes •439 views

Till Kahlbrock, Soenke Ruempler | 09.09.2019 Community Day 2019 Sponsors https://securityboulevard.com/2019/07/hacker-group-magecart-attacking-misconfigured-s3-buckets/ Soenke Till Ruempler Kahlbrock Low Maintenance Best Practices Secure

slide-1
SLIDE 1

Till Kahlbrock, Soenke Ruempler | 09.09.2019

Community Day 2019 Sponsors

slide-2
SLIDE 2

https://securityboulevard.com/2019/07/hacker-group-magecart-attacking-misconfigured-s3-buckets/

slide-3
SLIDE 3

Till Kahlbrock Soenke Ruempler

slide-4
SLIDE 4

Minimized Time-To-Market Low Maintenance Future Proof Setup Best Practices Secure & Compliant

slide-5
SLIDE 5

Teams Billing Workload Isolation (Blast Radius Reduction, Hard/Soft limits) Compliance / Security Controls

slide-6
SLIDE 6

AWS Landing Zone (LZ) AWS Control Tower (CT) Custom Built Solution

slide-7
SLIDE 7

Actively maintained and supported by AWS

slide-8
SLIDE 8

Dedicated Core Accounts

  • Master Account
  • Audit / Security Account
  • Log Archive Account
slide-9
SLIDE 9

Guardrails

  • Preventive & Detective
  • Under the hood
  • Preventive = Service Control Policies
  • Detective = Config Rules
slide-10
SLIDE 10

Account Factory

  • Service Catalog for account management
  • Organize accounts by OU
  • Parameterise account creation (Name, E-Mail, VPC

settings)

  • ACL for account creation
slide-11
SLIDE 11

Landing Zone Control Tower

Provided as AWS managed service

No Yes

Setup

CloudFormation template One-click

Updates

Yes, with manual work Yes, one-click

slide-12
SLIDE 12

Landing Zone Control Tower

Use existing AWS Org

Yes No

Import existing AWS Accounts

Yes No

slide-13
SLIDE 13

Landing Zone Control Tower Custom baseline Yes No

slide-14
SLIDE 14

Landing Zone Control Tower Custom Guardrails Yes No

slide-15
SLIDE 15

Landing Zone Control Tower Customize Account Factory Yes Very limited

slide-16
SLIDE 16

Landing Zone Control Tower Unified Dashboard No Yes

slide-17
SLIDE 17

Landing Zone Control Tower GuardDuty pre-configured Yes No

slide-18
SLIDE 18

Landing Zone Control Tower AWS Config Rules Aggregation Only Custom Built Yes

slide-19
SLIDE 19

Landing Zone Control Tower Supported regions All Currently us-🔦-1, us-east-2, us-west-1, eu-west-1 Configure Regions To Use Yes No

slide-20
SLIDE 20

Landing Zone Control Tower SSO Concept No AWS SSO built-in

slide-21
SLIDE 21

So actually we want AWS Landing Zone, but as Control Tower.

slide-22
SLIDE 22
slide-23
SLIDE 23

Control Tower if greenfield, restrictions are understood, and no customizations necessary

  • therwise AWS Landing Zone
slide-24
SLIDE 24

AWS and superluminar are doing free virtual AMA sessions for startups When: 17th + 18th September Register: hi@superluminar.io

slide-25
SLIDE 25
  • Advantages of AWS Multi-Account Architecture
  • Tested for you: multi-account setups with AWS

Landing Zone

  • AWS re:Inforce 2019: Implementing Your Landing

Zone (FND210)

slide-26
SLIDE 26
  • How much does it cost?
  • How does AWS SSO work? Can you show a demo?
  • Can you show a demo of Control Tower or Landing

Zone?

  • Can you show a demo of the Account Factory?