Campus Party: Secure Practices for AWS☁️ Environment
Few months ago I have spoke at Campus Party Brazil🗓️ conference to demonstrate how to implement robust security measures on AWS environment.
Published Dec 19, 2024
The 16th edition of Campus Party Brasil have happened at Expo Center Norte in São Paulo between July 9 and 14, 2024. Campus Party is the world's largest technological event in the areas of innovation, science, culture and digital entertainment, bringing together thousands of people - the campuseiros - to discuss the main themes of each of these universes. Participants move with their computers, suitcases and tents to an arena, where they connect to a super-fast network and socialize around workshops, lectures, conferences, competitions and leisure activities.
I make part part of LHC (Laboratory Hacker of Campinas) and in the Campus Party for this year had a space dedicated to Brazilian Hackerspaces and Makerspaces, fostering hacker and maker culture during Campus Party 2024. With the participation of people from different Brazilian Hackerspaces and Makerspaces. Promote activities on our Communities stage that provide quality content to #CPBR16 participants.
Image not found
I spoke Campus Party at 21h20BRT about the Secure Practices for AWS Cloud.
Discover the best strategies and tools to protect your data and resources in the AWS cloud. From threat mitigation to regulatory compliance, we’ll explore essential practices to ensure the security of your cloud infrastructure. Don’t miss this opportunity to enhance your understanding of cloud security, along with essential practices and tools for DevSecOps.
Image not found
When we talk about IAM (Identity Access Management), we are referring to the main security service within a cloud provider. It is extremely important to understand that within the cloud we use an API to connect to cloud services. It is through policies that we have permission for controlled access within the services. IAM determines all authentication and authorization in the cloud. A lot of study is required to understand all the concepts and methods within IAM to keep the environment safe, resilient and compliant.
Image not found
DevSecOps is development, security, and operations. It is a culture that employs DevOps principles and also provides a layer of security throughout the product development cycle, i.e., end-to-end security from the outset. The DevSecOps culture brings with it the need to educate developers to code with security in mind and to bring the security team closer together to ensure collaboration and secure architecture.
Image not found
By implementing DevSecOps best practices, organizations can create a culture of security and prioritize security throughout the development process. With the right tools and processes in place, DevSecOps teams can build and deploy secure applications that meet business needs.
- Terraform (IAC Tool)
- Checkov (Policy as Code)
- Tflint (Code Check Tool)
- Tfenv (Version Control System)
- InfraCost (Cloud Cost Estimates)
Image not found
Checkov checks cloud infrastructure configurations (Policy as Code) to find incorrect configurations before they are deployed.
Image not found
And my last one picture, just sharing a technical visual for Cloud Security questions. 👇👇👇
Image not found
If you enjoyed all the contents and would like to read more, just reach out me so I can provide the full access to my security deck. I appreciate your read.
That's all folks! :)
#aws #iam #security #cloud #devsecops #serverless #ia #conference #campus
Comments
Log in to comment