AWS re:Inforce 2024
Build Deploy and Manage Your Applications Securely with Aws Nis225

Title: AWS re:Inforce 2024 - Build, deploy, and manage your applications securely with AWS (NIS225)

Insights:

  • Objective and Structure: The session aims to address how to build, deploy, and manage applications securely on AWS, focusing on two key services: Amazon CloudFront and AWS WAF. The presentation includes use cases, service overviews, and two demos.
  • Customer Needs: Customers require internet-facing websites that are secure, low latency, responsive, globally accessible, and cost-efficient.
  • Amazon CloudFront:
    • A content delivery network (CDN) that brings content closer to users, enhancing performance and security.
    • Features over 600 global points of presence (POPs) to reduce latency and mitigate DDoS attacks.
  • AWS WAF (Web Application Firewall):
    • Integrates seamlessly with Amazon CloudFront to secure web applications.
    • Offers AWS managed rules, including Amazon IP reputation list, core rule set (OWASP Top 10), and known bad inputs.
  • Demo 1 - AWS WAF:
    • Demonstrates building a WebACL (Web Access Control List) in AWS WAF.
    • Steps include naming the policy, adding managed rules, and configuring custom responses.
    • Emphasizes the flexibility for security teams to add custom rules and configurations.
  • Demo 2 - Amazon CloudFront:
    • Shows how to build the same security policy directly within CloudFront.
    • Highlights the simplicity of enabling security with one-click deployment.
    • Provides visibility into traffic, including bot traffic, and options for additional protections like SQL injection rules and rate limiting.
  • Summary: Two methods to secure applications: building policies in AWS WAF for a security-focused approach or using CloudFront for a simpler, integrated method. Both methods ensure robust security and performance for global web applications.

Quotes:

  • "The question is how can we do that in a way that it can be secure because it has to be internet facing. Also, it has to be low latency. It has to be responsive."
  • "Amazon CloudFront... brings the collateral and brings videos and documents closer to the user."
  • "AWS WAF... seamlessly integrates with a few different services. The one we're gonna talk about is Amazon CloudFront."
  • "We have AWS managed rules that you can simply apply to put in front of your website that you're putting into the content delivery network."
  • "One of the most important call-outs here is all we're really doing... is as we build the distribution, we are putting a filter in front of it with three AWS managed rules."
  • "We recommend start in monitor mode, and really what that says is we'll turn it on and see what happens from the logs."
  • "At a minimum, you want to at least have a pretty big rate limit. And so you set up a rate limit. So if push comes to shove and you have a DDoS event, it can fall back and say, after so many requests, we'll just start denying it from that IP."
  • "We give you a lot of great visibility out of the box... instantly you have bot traffic coming, whether it's SEOs or whatever it might be."

This document provides a comprehensive overview of the session, highlighting the key points and valuable insights for building, deploying, and managing secure applications on AWS using Amazon CloudFront and AWS WAF.

Bridging Runtime and Build Time Intelligence to Reduce Friction Nis303 SBuild Responsible Ai Applications with Guardrails for Amazon Bedrock Grc325