Essential Guardrails for AWS Organizations

Presented at Diana Initiative 2022, Aug. 10, 2022, noon (60 minutes)

While service-level controls in AWS such as configuring security groups and scoping permission policies are important parts of securing your services and applications within an AWS account, it's easy to forget security beyond the account level. This talk will cover "the essentials" of securing your AWS Organization, including securing root account(s), logically organizing AWS accounts, and designing and applying Service Control Policies (SCPs) to restrict actions within multiple accounts. We'll walk through the implementation and testing of selected SCPs, discuss logging within Organizations, and wrap up with actionable takeaways.

Presenters:

• Cassandra Young / muteki - Security Risk Advisors   as Cassandra Young (muteki)
  Cassandra (aka muteki) works full time in information security consulting, specializing in Cloud Security Architecture and Engineering. She holds a master’s degree in Computer Science, focusing on cloud-based app development and academic research on serverless security and privacy/anonymity technology. As one of the directors of Blue Team Village, she also works to bring free Blue Team talks, workshops and more to the broader security community.

Links:

• https://thedianainitiative2022.sched.com/event/15cis/essential-guardrails-for-aws-organizations

Similar Presentations:

• CackalackyCon 2 (2023) / AWS Security Reference Architecture: A Well-Structured Foundation
• Blue Team Con 2022 / Holistic AWS Cloud Security Design for Organizations
• Black Hat USA 2016 / Hardening AWS Environments and Automating Incident Response for AWS Compromises