Tech Segment: Managing AWS Cloud Resources, Apollo Clark – Enterprise Security Weekly #51

Apollo Clark discusses the tools and techniques your team can use to manage, monitor and tune your enterprise AWS deployment.

How to Manage AWS Cloud Resources

The Triangle of Security Success states: “Every good sales pitch involves triangles facing up or down.” – Andy Sutcliffe

  • Inventory Management
  • Resources State Management
  • Default, weak, reused passwords, shared accounts
  • Upgrade Old Components
  • Log and Metric Monitoring
  • Automatic Remediation

1. Managing Resources Correctly

  • inventory management
  • track all states
    • cloud resources
    • security groups
    • OS version
    • system users
    • installed packages
    • running services
    • service config
    • code
    • files
    • network connections
    • osquery, https://osquery.io/
  • ensure consistent state
  • prevent out-of-band changes

2. Current Options

3. Terraform

4. Building AMI’s

  • Terraform cannot directly build EC2 images
  • Packer can build for multiple Post-Processors

https://www.packer.io/docs/post-processors/index.html

  • Can build AMI’s
  • Can reusing existing AWS HVM optimized AMI’s

5. Scaling Up

Full Show NotesVisit http://secweekly2.wpengine.com/esw for all the latest episodes!