In this episode, we cover the following topics:Pillars in depthSecurity"Ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies"Design principlesImplement strong identity foundationEnable traceabilitySecurity at all layersAutomate security best practicesProtect data in transit and at restKeep people away from dataPrepare for security eventsKey service: AWS IAMFocus areasIdentity and access managementServices: IAM, AWS Organizations, MFADetective controlsServices: CloudTrail, CloudWatch, AWS Config, GuardDutyInfrastructure protectionServices: VPC, Shield, WAFData protectionServices: KMS, ELB (encryption), Macie (detect sensitive data)Incident responseServices: IAM, CloudFormationBest practicesIdentity and access managementAWS CognitoAct as broker between login providersSecurely access any AWS service from mobile deviceData protectionEncryptEncryption at restEncryption in transitEncrypted backupsVersioningStorage resiliencyDetailed loggingIncident responseEmploy strategy of templated "clean rooms"Create new trusted environment to conduct investigationUse CloudFormation to easily create the "clean room" environmentReliability"Ability to recover from failures, dynamically acquire resources to meet demand and mitigate disruptions such as network issues"Design principlesTest recovery proceduresAuto recover from failuresScale horizontally to increase availabilityStop guessing capacityManage change with automationKey service: CloudWatchFocus areasFoundationsServices: IAM, VPC, Trusted Advisor (visibility into service limits), Shield (protect from DDoS)Change managementServices: CloudTrail, AWS Config, CloudWatch, Auto ScalingFailure managementServices: CloudFormation, S3, Glacier, KMSBest practicesFoundationsTake into account physical and service limitsHigh availabilityNo single points of failure (SPOF)Multi-AZ designLoad balancingAuto scalingRedundant connectivitySoftware resilienceFailure managementBackup and disaster recoveryRPO, RTOInject failures to test resiliencyKey pointsPlan network topologyManage your AWS service and rate limitsMonitor your systemAutomate responses to demandBackupIn the next episode, we'll cover the remaining 2 pillars and discuss how to perform a Well-Architected Review.LinksAWS Well-ArchitectedAWS Well-Architected Framework - Online/HTML versionincludes drill down pages for each review question, with recommended action items to address that issueAWS re:Invent 2018: How AWS Minimizes the Blast Radius of Failures - ARC338Shuffle Sharding: Massive and Magical Fault IsolationWhitepapersAWS Well-Architected FrameworkOperational Excellence PillarSecurity PillarReliability PillarPerformance-Efficiency PillarCost Optimization PillarEnd song:The Runner (David Last Remix) - FaxFor a full transcription of this episode, please visit the episode webpage.We'd love to hear from you! You can reach us at:Web: https://mobycast.fmVoicemail: 844-818-0993Email: [email protected]: https://twitter.com/hashtag/mobycast

Ver todos los episodios