Soumettre la recherche
Mettre en ligne
Netflix Cloud Security Overview
•
2 j'aime
•
1,160 vues
Amazon Web Services
Suivre
by Will Bengtson, Netflix
Lire moins
Lire la suite
Signaler
Partager
Signaler
Partager
1 sur 41
Recommandé
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
Amazon Web Services
ぼくらのアカウント戦略〜マルチアカウントでのガバナンスと権限管理の全て〜
ぼくらのアカウント戦略〜マルチアカウントでのガバナンスと権限管理の全て〜
Mamoru Ohashi
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
Amazon Web Services
AWS Builders - Industry Edition: DevSecOps on AWS - 시작은 IAM 부터
AWS Builders - Industry Edition: DevSecOps on AWS - 시작은 IAM 부터
Amazon Web Services Korea
VMware on AWS를 통한 하이브리드 클라우드 구축 적용 - 홍정진, AWS Partner SA/ VMC on AWS
VMware on AWS를 통한 하이브리드 클라우드 구축 적용 - 홍정진, AWS Partner SA/ VMC on AWS
Amazon Web Services Korea
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
Amazon Web Services
Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)
Amazon Web Services
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham
Recommandé
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
Amazon Web Services
ぼくらのアカウント戦略〜マルチアカウントでのガバナンスと権限管理の全て〜
ぼくらのアカウント戦略〜マルチアカウントでのガバナンスと権限管理の全て〜
Mamoru Ohashi
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
Amazon Web Services
AWS Builders - Industry Edition: DevSecOps on AWS - 시작은 IAM 부터
AWS Builders - Industry Edition: DevSecOps on AWS - 시작은 IAM 부터
Amazon Web Services Korea
VMware on AWS를 통한 하이브리드 클라우드 구축 적용 - 홍정진, AWS Partner SA/ VMC on AWS
VMware on AWS를 통한 하이브리드 클라우드 구축 적용 - 홍정진, AWS Partner SA/ VMC on AWS
Amazon Web Services Korea
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
Amazon Web Services
Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)
Amazon Web Services
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham
20210126 AWS Black Belt Online Seminar AWS CodeDeploy
20210126 AWS Black Belt Online Seminar AWS CodeDeploy
Amazon Web Services Japan
AWS Shieldのご紹介 Managed DDoS Protection
AWS Shieldのご紹介 Managed DDoS Protection
Amazon Web Services Japan
OAuth 2.0による認可の流れ
OAuth 2.0による認可の流れ
Takeshi Mikami
AWS Black Belt Techシリーズ AWS SDK
AWS Black Belt Techシリーズ AWS SDK
Amazon Web Services Japan
AWS Security & Compliance
AWS Security & Compliance
Amazon Web Services
20200128 AWS Black Belt Online Seminar Amazon Forecast
20200128 AWS Black Belt Online Seminar Amazon Forecast
Amazon Web Services Japan
AWS Black Belt Online Seminar AWS CloudFormation アップデート
AWS Black Belt Online Seminar AWS CloudFormation アップデート
Amazon Web Services Japan
20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기
Doyoon Kim
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
Amazon Web Services
(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...
(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...
Amazon Web Services
インターネットにおける動画配信の仕組み
インターネットにおける動画配信の仕組み
Ryosuke Kubo
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Amazon Web Services
20191112 AWS Black Belt Online Seminar AWS Media Services で始めるライブ動画配信
20191112 AWS Black Belt Online Seminar AWS Media Services で始めるライブ動画配信
Amazon Web Services Japan
Amazon VPC VPN接続設定 参考資料
Amazon VPC VPN接続設定 参考資料
Amazon Web Services Japan
20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化
20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化
Amazon Web Services Japan
AWS Elemental MediaConvert で動画変換
AWS Elemental MediaConvert で動画変換
虎の穴 開発室
AWS Lambda ハンズオン 2-Tier アーキテクチャで未来へ
AWS Lambda ハンズオン 2-Tier アーキテクチャで未来へ
Amazon Web Services Japan
아마존웹서비스와 함께하는 클라우드 비용 최적화 전략 - 윤석찬 (AWS 코리아 테크에반젤리스트)
아마존웹서비스와 함께하는 클라우드 비용 최적화 전략 - 윤석찬 (AWS 코리아 테크에반젤리스트)
Amazon Web Services Korea
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Amazon Web Services
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)
Amazon Web Services Korea
Netflix Cloud Security Overview
Netflix Cloud Security Overview
Amazon Web Services
Developing Applications with the IoT Button - AWS Online Tech Talks
Developing Applications with the IoT Button - AWS Online Tech Talks
Amazon Web Services
Contenu connexe
Tendances
20210126 AWS Black Belt Online Seminar AWS CodeDeploy
20210126 AWS Black Belt Online Seminar AWS CodeDeploy
Amazon Web Services Japan
AWS Shieldのご紹介 Managed DDoS Protection
AWS Shieldのご紹介 Managed DDoS Protection
Amazon Web Services Japan
OAuth 2.0による認可の流れ
OAuth 2.0による認可の流れ
Takeshi Mikami
AWS Black Belt Techシリーズ AWS SDK
AWS Black Belt Techシリーズ AWS SDK
Amazon Web Services Japan
AWS Security & Compliance
AWS Security & Compliance
Amazon Web Services
20200128 AWS Black Belt Online Seminar Amazon Forecast
20200128 AWS Black Belt Online Seminar Amazon Forecast
Amazon Web Services Japan
AWS Black Belt Online Seminar AWS CloudFormation アップデート
AWS Black Belt Online Seminar AWS CloudFormation アップデート
Amazon Web Services Japan
20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기
Doyoon Kim
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
Amazon Web Services
(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...
(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...
Amazon Web Services
インターネットにおける動画配信の仕組み
インターネットにおける動画配信の仕組み
Ryosuke Kubo
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Amazon Web Services
20191112 AWS Black Belt Online Seminar AWS Media Services で始めるライブ動画配信
20191112 AWS Black Belt Online Seminar AWS Media Services で始めるライブ動画配信
Amazon Web Services Japan
Amazon VPC VPN接続設定 参考資料
Amazon VPC VPN接続設定 参考資料
Amazon Web Services Japan
20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化
20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化
Amazon Web Services Japan
AWS Elemental MediaConvert で動画変換
AWS Elemental MediaConvert で動画変換
虎の穴 開発室
AWS Lambda ハンズオン 2-Tier アーキテクチャで未来へ
AWS Lambda ハンズオン 2-Tier アーキテクチャで未来へ
Amazon Web Services Japan
아마존웹서비스와 함께하는 클라우드 비용 최적화 전략 - 윤석찬 (AWS 코리아 테크에반젤리스트)
아마존웹서비스와 함께하는 클라우드 비용 최적화 전략 - 윤석찬 (AWS 코리아 테크에반젤리스트)
Amazon Web Services Korea
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Amazon Web Services
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)
Amazon Web Services Korea
Tendances
(20)
20210126 AWS Black Belt Online Seminar AWS CodeDeploy
20210126 AWS Black Belt Online Seminar AWS CodeDeploy
AWS Shieldのご紹介 Managed DDoS Protection
AWS Shieldのご紹介 Managed DDoS Protection
OAuth 2.0による認可の流れ
OAuth 2.0による認可の流れ
AWS Black Belt Techシリーズ AWS SDK
AWS Black Belt Techシリーズ AWS SDK
AWS Security & Compliance
AWS Security & Compliance
20200128 AWS Black Belt Online Seminar Amazon Forecast
20200128 AWS Black Belt Online Seminar Amazon Forecast
AWS Black Belt Online Seminar AWS CloudFormation アップデート
AWS Black Belt Online Seminar AWS CloudFormation アップデート
20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
Augmenting Security Posture and Improving Operational Health with AWS CloudTr...
(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...
(DVO308) Docker & ECS in Production: How We Migrated Our Infrastructure from ...
インターネットにおける動画配信の仕組み
インターネットにおける動画配信の仕組み
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
20191112 AWS Black Belt Online Seminar AWS Media Services で始めるライブ動画配信
20191112 AWS Black Belt Online Seminar AWS Media Services で始めるライブ動画配信
Amazon VPC VPN接続設定 参考資料
Amazon VPC VPN接続設定 参考資料
20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化
20190312 AWS Black Belt Online Seminar AWS Well-Architected Frameworkによるコスト最適化
AWS Elemental MediaConvert で動画変換
AWS Elemental MediaConvert で動画変換
AWS Lambda ハンズオン 2-Tier アーキテクチャで未来へ
AWS Lambda ハンズオン 2-Tier アーキテクチャで未来へ
아마존웹서비스와 함께하는 클라우드 비용 최적화 전략 - 윤석찬 (AWS 코리아 테크에반젤리스트)
아마존웹서비스와 함께하는 클라우드 비용 최적화 전략 - 윤석찬 (AWS 코리아 테크에반젤리스트)
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)
천만 사용자를 위한 AWS 아키텍처 보안 모범 사례 (윤석찬, 테크에반젤리스트)
En vedette
Netflix Cloud Security Overview
Netflix Cloud Security Overview
Amazon Web Services
Developing Applications with the IoT Button - AWS Online Tech Talks
Developing Applications with the IoT Button - AWS Online Tech Talks
Amazon Web Services
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
Amazon Web Services
Serverless for Developers
Serverless for Developers
Amazon Web Services
Digital Transformation with smart products - EVRYTHNG
Digital Transformation with smart products - EVRYTHNG
Amazon Web Services
Hands-on Lab: Amazon ElastiCache
Hands-on Lab: Amazon ElastiCache
Amazon Web Services
En vedette
(6)
Netflix Cloud Security Overview
Netflix Cloud Security Overview
Developing Applications with the IoT Button - AWS Online Tech Talks
Developing Applications with the IoT Button - AWS Online Tech Talks
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
Serverless for Developers
Serverless for Developers
Digital Transformation with smart products - EVRYTHNG
Digital Transformation with smart products - EVRYTHNG
Hands-on Lab: Amazon ElastiCache
Hands-on Lab: Amazon ElastiCache
Similaire à Netflix Cloud Security Overview
Instrument Rack to visualize Rails requests processing
Instrument Rack to visualize Rails requests processing
Sqreen
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
smalltown
Pipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as Code
Kris Buytaert
Hardening Kubernetes Cluster
Hardening Kubernetes Cluster
Knoldus Inc.
Introducing CQ 5.1
Introducing CQ 5.1
David Nuescheler
Containing Chaos with Kubernetes - Terrence Ryan, Google - DevOpsDays Tel Avi...
Containing Chaos with Kubernetes - Terrence Ryan, Google - DevOpsDays Tel Avi...
DevOpsDays Tel Aviv
Creating pools of Virtual Machines - ApacheCon NA 2013
Creating pools of Virtual Machines - ApacheCon NA 2013
Andrei Savu
Live traffic capture and replay in cassandra 4.0
Live traffic capture and replay in cassandra 4.0
Vinay Kumar Chella
Infrastructure Is Code with the AWS Cloud Development Kit (DEV372) - AWS re:I...
Infrastructure Is Code with the AWS Cloud Development Kit (DEV372) - AWS re:I...
Amazon Web Services
Devops with Python by Yaniv Cohen DevopShift
Devops with Python by Yaniv Cohen DevopShift
Yaniv cohen
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Omar Al-Safi
Introducing TiDB - Percona Live Frankfurt
Introducing TiDB - Percona Live Frankfurt
Morgan Tocker
Win Spinnaker with Winnaker - Open Source North Conf 2017
Win Spinnaker with Winnaker - Open Source North Conf 2017
Medya Ghazizadeh
DevOps Workflow: A Tutorial on Linux Containers
DevOps Workflow: A Tutorial on Linux Containers
inside-BigData.com
Neighborly nagios
Neighborly nagios
David Josephsen
SouJava May 2020: Apache Camel 3 - the next generation of enterprise integration
SouJava May 2020: Apache Camel 3 - the next generation of enterprise integration
Claus Ibsen
Wido den Hollander - building highly available cloud with Ceph and CloudStack
Wido den Hollander - building highly available cloud with Ceph and CloudStack
ShapeBlue
Optimising Productivity with AWS Developer Tools
Optimising Productivity with AWS Developer Tools
Amazon Web Services
Barak Merimovich (GIgaSpaces) & Gal Moav (Ravello) - Devstack on Demand, Open...
Barak Merimovich (GIgaSpaces) & Gal Moav (Ravello) - Devstack on Demand, Open...
Cloud Native Day Tel Aviv
Build a Deep Learning App with Tensorflow & Redis by Jayesh Ahire and Sherin ...
Build a Deep Learning App with Tensorflow & Redis by Jayesh Ahire and Sherin ...
Redis Labs
Similaire à Netflix Cloud Security Overview
(20)
Instrument Rack to visualize Rails requests processing
Instrument Rack to visualize Rails requests processing
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
Pipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as Code
Hardening Kubernetes Cluster
Hardening Kubernetes Cluster
Introducing CQ 5.1
Introducing CQ 5.1
Containing Chaos with Kubernetes - Terrence Ryan, Google - DevOpsDays Tel Avi...
Containing Chaos with Kubernetes - Terrence Ryan, Google - DevOpsDays Tel Avi...
Creating pools of Virtual Machines - ApacheCon NA 2013
Creating pools of Virtual Machines - ApacheCon NA 2013
Live traffic capture and replay in cassandra 4.0
Live traffic capture and replay in cassandra 4.0
Infrastructure Is Code with the AWS Cloud Development Kit (DEV372) - AWS re:I...
Infrastructure Is Code with the AWS Cloud Development Kit (DEV372) - AWS re:I...
Devops with Python by Yaniv Cohen DevopShift
Devops with Python by Yaniv Cohen DevopShift
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Introducing TiDB - Percona Live Frankfurt
Introducing TiDB - Percona Live Frankfurt
Win Spinnaker with Winnaker - Open Source North Conf 2017
Win Spinnaker with Winnaker - Open Source North Conf 2017
DevOps Workflow: A Tutorial on Linux Containers
DevOps Workflow: A Tutorial on Linux Containers
Neighborly nagios
Neighborly nagios
SouJava May 2020: Apache Camel 3 - the next generation of enterprise integration
SouJava May 2020: Apache Camel 3 - the next generation of enterprise integration
Wido den Hollander - building highly available cloud with Ceph and CloudStack
Wido den Hollander - building highly available cloud with Ceph and CloudStack
Optimising Productivity with AWS Developer Tools
Optimising Productivity with AWS Developer Tools
Barak Merimovich (GIgaSpaces) & Gal Moav (Ravello) - Devstack on Demand, Open...
Barak Merimovich (GIgaSpaces) & Gal Moav (Ravello) - Devstack on Demand, Open...
Build a Deep Learning App with Tensorflow & Redis by Jayesh Ahire and Sherin ...
Build a Deep Learning App with Tensorflow & Redis by Jayesh Ahire and Sherin ...
Plus de Amazon Web Services
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
Open banking as a service
Open banking as a service
Amazon Web Services
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
Computer Vision con AWS
Computer Vision con AWS
Amazon Web Services
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
Tools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
How to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
Building a web application without servers
Building a web application without servers
Amazon Web Services
Fundraising Essentials
Fundraising Essentials
Amazon Web Services
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
Plus de Amazon Web Services
(20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Open banking as a service
Open banking as a service
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Computer Vision con AWS
Computer Vision con AWS
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Tools for building your MVP on AWS
Tools for building your MVP on AWS
How to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Building a web application without servers
Building a web application without servers
Fundraising Essentials
Fundraising Essentials
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Netflix Cloud Security Overview
1.
RepoingIAMPermissions OurstrategyforAWSLeastPrivilege PatrickKelley TravisMcPeak
2.
Agenda ●Introandcontextsetting ●Approaches ●Aardvark&Repokid ●Futurework
3.
Intro
4.
●GeneralDynamics->eBay->Netflix ●Decenttrampolinejumper ●SecurityMonkey,CloudAux,Aardvark,Repokid PatrickKelley
5.
●Symantec->HP->IBM->Netflix ●OpenStackSecurity,CloudFoundrySecurity,OWASPBayArea ●Bandit,Recon,Aardvark,Repokid TravisMcPeak
6.
Netflix LargeAWSdeployment ●100K+instances ●Thousandsofapplications ●Over50AWSaccounts Mediumengineering ●~2000inproduct ●~50securityengineers
7.
Netflix Culturedrivesourdecisions,includingthiswork ●FreedomandResponsibility ●Context,notControl
8.
IAMRecap
9.
LeastPrivilege Onlygranttherequiredaccess necessarytoperformlegitimate functions. SeemscontrarytoNetflixFreedomand Responsibilityvalue. Thetrickistobalance.
10.
FirstCut
11.
Developersrequestspecific permissionstheyneedtodeployand runtheirapp. Soundsreasonable...
12.
●86services* ●2318permissions* ●Hardtoknowbasedonname ●Whataboutdependencies? ●Hardtogetrightonfirst,second,thirdpass... Developersdon’tknowwhattheyneed *AccordingtoPolicyUniverse,updated5/31
13.
PossibleApproaches
14.
Profileintest,thendeploytoprod
15.
Startwithnopermissions,add incrementally
16.
Havedevelopersaddtheirown permissionswithself-service model
17.
OurApproach
18.
●Appsgivenpermissionscommonlyusedduringdeployment ○Ifmoreneeded,wehaveaquickconversation ●Profiletherolecontinuously ●Takeawayunusedpermissions ●Deletetherolewhenit’snolongerused (Mostly)automatedrolelifecycle
19.
●DevelopersuseSpinnaker ●Spinnaker->Lambdawithinformation abouttheapp ●Lambdacreatesaroleandgives “base”permissions ○Basepermissionsdependon typeofappandaccount. Developerdeploysnewapp
20.
●CurrentlyusingAccessAdvisor ○WilluseCloudTrailsoon ●Findoutwhichpermissionsanappisusing ●Watchdenied/AAforservicesthataren’tallowed ○Eithermisconfigurationorattack Profilerolecontinuously
21.
●Takeawaypermissionsthathaven’tbeenusedrecently ○Hasthesidebenefitthatunusedappslosepriv ●Storeoldversionofpolicysowecanrollbackifneeded ●Soon:automaticallyrollbackifCloudTrailshowsdenied Repounusedpermissions
22.
Attack! ●Alreadydemonstratedreal-worldbenefits ○Internaltesting ○Responsibledisclosureprogram ●Somestopped,somenot ○Wecan’trepopermissionstheappactuallyneeds!
23.
●Unusedappswillalreadyhavebeenrepoedto0 ●Finalstepistocleanuprolesthatarenolonger attachedtoapplications Deletetherolewhennolongerused
24.
Aardvark
25.
●RetrieveandcacheAccessAdvisordatafromthe console ●Mostlyfeaturecomplete,plantoswitchtoAccess AdvisorAPIwhenavailablefromAWS Aardvark(NetflixOSS)
26.
27.
Repokid
28.
●Scanroles,lookforunusedpermissions,takethem away,makeiteasytorollback ●Chat-opsintegration:what’sbeingrepoed,opt-out, rollback ●LongtermstrategicforNetflixSecurity ○CloudTrailintegration ○Notificationsandreportstoappowner Repokid(NetflixOSS)
29.
30.
Considerations/Edge-cases
31.
●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions Needtoconsider
32.
●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions ●Whatshouldwedotopreserveinfrequentlyusedpermissions? ○Suchasthoseusedindisasterrecovery Needtoconsider
33.
●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions ●Whatshouldwedotopreserveinfrequentlyusedpermissions? ○Suchasthoseusedindisasterrecovery ●Whatifsomethingbreaks? Needtoconsider
34.
●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions ●Whatshouldwedotopreserveinfrequentlyusedpermissions? ○Suchasthoseusedindisasterrecovery ●Whatifsomethingbreaks? ●Untrackedservices(Lightsail) Needtoconsider
35.
●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions ●Whatshouldwedotopreserveinfrequentlyusedpermissions? ○Suchasthoseusedindisasterrecovery ●Whatifsomethingbreaks? ●Untrackedservices(Lightsail) ●NewlyreleasedservicesmightnotbeinCT/AAyet Needtoconsider
36.
●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions ●Whatshouldwedotopreserveinfrequentlyusedpermissions? ○Suchasthoseusedindisasterrecovery ●Whatifsomethingbreaks? ●Untrackedservices(Lightsail) ●NewlyreleasedservicesmightnotbeinCT/AAyet ●Ifpoliciesuseawildcard,newpermissionsmightbeautomaticallyadded ○rds:create*mightgrowmorepowerfulovertime Needtoconsider
37.
●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions ●Whatshouldwedotopreserveinfrequentlyusedpermissions? ○Suchasthoseusedindisasterrecovery ●Whatifsomethingbreaks? ●Untrackedservices(Lightsail) ●NewlyreleasedservicesmightnotbeinCT/AAyet ●Ifpoliciesuseawildcard,newpermissionsmightbeautomaticallyadded ○rds:create*mightgrowmorepowerfulovertime ●CloudTraildoesn’tmap1:1withpermissions Needtoconsider
38.
FutureWork
39.
UserepodatatotightenbaseIAM FrequentlyrepoedservicesshouldnotbeincludedinbaseIAMinthefirstplace. -Wecantolerateasmallpercentageofdevelopersrequestingadditionalaccess
40.
Introspection Examineapplicationsastheyarebeingdeployedandgivethempermissionsbasedon whattheyneed. Example:canseethat: -AspecificDynamotableisused -Theapplicationreadsfromaspecificqueue
41.
Thankyou.