Amazon Web Services (AWS) is billed as an amazingly secure and resilient cloud services provider, but what is the reality once you look past that pristine environment and the manicured forests give way to dark jungle as you start to migrate existing applications to the AWS Cloud or design new ones for AWS exclusively?
In this talk, we will explore Amazon Web Services and the advent of "full stack" vulnerabilities and how they create new security pitfalls when migrating to and operating in an AWS world. From the unexpected to the unintended, many examples will be shared along side new techniques showing how you have likely already exposed your applications and infrastructure to attack through misunderstanding, ignorance, or bad actors.
To address these challenges, this presentation will also reveal and demonstrate a free tool we have designed to assess AWS applications, map out the interactions between infrastructure and code, and help individuals and organizations get clarity and bring a machete to the Amazon Cloud.