2025-05-02 –, Transformation
In 2024 I billed over $60,000 securing AWS accounts for small
and medium sized companies. Here's the secret though ... It's a 3 of 10 on
the complexity scale. Anyone can do it. Let me show you how so you don't
have to add to my retirement fund.
This talk will introduce the security pillar of the AWS Well Architected
Framework then zoom in on account security. Simple things like:
- Securing the root account with MFA, but also ensuring that operational
and security messages are getting to the right people (note the plural!) in
the organization. Alerting on any use of the root account, etc. - Setting up IAM for day to day access including password rules and
enforcing ... you guessed it ... MFA. - Groups v. Roles in IAM and why you care.
We continue to touch on
* Enabling Cloudtrail and how to search for events.
* Limiting regions
* Setting up basic billing alerts to detect suspicious activity
* When is a private subnet actually private?
* AWS Security Hub and the basics of ensuring action on findings
Finally we will talk very basic network topology and use of private subnets
in a VPC.
Attendees will come away with a checklist of tasks that are the tablestakes
for securing their shiny new AWS account and with many references to the
Well Architected Framework and the message, "Now that you know it's
there, make sure you are familiar with it."
Boyd Hemphill is the CTO of Victory CTO. He is a DevOps raconteur formerly of the Silicon Hills of Austin Texas.
Boyd is a big believer in community and founded the Austin DevOps meetup over 10 years ago, contributes to DevOps Days Austin as an organizer emeritus, and is getting a new community started in his new town of Grand Junction, Colorado in the US. You can find him skiing, mountain biking, paddling, hiking and jeeping.