The course I am currently working on is AWS Security Essentials, so my focus with most of my sessions involved security and seeing what changes are coming to services and best practices.
Ken Beer, the General Manager of AWS Key Management Service gave a session about encryption in the AWS system. In addition to the traditional topic of using a key to encrypt data then encrypting that key for encrypting data at rest, he also mentioned services that assist with client-side encryption, like the new AWS Encryption SDK and the S3 Encryption Client, which allow for easier solutions for encrypting data in transit.
I also attended a session, given by Quint Van Deman, on credentials which attempted to break down the differences between long-term and short-term credentials, as well as federation. Also involved with this session was the topic of “planes of access” that need to be considered depending on how “managed” an AWS service is. For instance, EC2 instances in a VPC have much different requirements than DynamoDB or S3.
A session I found really intriguing was Becoming an IAM Ninja with Scott Ward and Patrick McDowell that really covered a more advanced level of best practices in AWS. A couple of the more advanced concepts covered grabbed my attention: Using AWS config to snapshot policies and track changes in policies and relationships – something I have never thought about doing. Also, using AWS Macie to use behavioral analytics to find historical data patterns and react using CloudWatch and Lambda. For example, if a user performs a task that Macie rates as high-risk, it can trigger a CloudWatch alarm that in turn triggers a Lambda function to effect that users access. I imagine this as being able to automatically place an explicit deny to remove all access if certain activities are attempted.
Overall, the week was informative. I also enjoyed meeting students and potential students in the booth. Thanks to all who stopped by!