AWS re:Invent 2023
Build Secure Applications on Aws the Well Architected Way Sec219

Title

AWS re:Invent 2023 - Build secure applications on AWS the well-architected way (SEC219)

Summary

  • Reeve D'Souza and Jeff Lombardo from AWS, along with Josh McKitty from Zillow, presented on building secure applications using AWS's well-architected framework.
  • The session covered the journey of application development on AWS, including the use of a landing zone, CI/CD pipelines, microservices, and the shift towards containerized and serverless workloads.
  • The well-architected framework's six pillars were discussed, with a focus on the security pillar and the inclusion of application security best practices.
  • The importance of threat modeling, static and dynamic code analysis, and continuous monitoring was emphasized.
  • AWS services such as AWS Control Tower, AWS Threat Composer, Amazon CodeWhisperer, AWS Signer, AWS Code Artifact, and AWS AppFabric were highlighted for their roles in securing applications.
  • The shared responsibility model for security on AWS was explained, emphasizing customer responsibility for security in the cloud.
  • Josh McKitty shared insights from Zillow's Security Champions Program, which aims to integrate security into the development process and foster a security-minded culture.
  • The session concluded with a call to action to work with AWS account teams, utilize AWS professional services, and attend AWS Reinforce for further learning.

Insights

  • The well-architected framework is a critical tool for AWS customers and partners to evaluate and implement scalable and secure architectures.
  • Application security is increasingly important as organizations adopt distributed ownership models and aim to maintain a high security bar while delivering features quickly.
  • AWS provides a suite of services designed to help developers build secure applications from the ground up and ensure compliance with security best practices.
  • The concept of "shifting left" in security is about integrating security early in the software development lifecycle to reduce risks and costs associated with late-stage security fixes.
  • Zillow's Security Champions Program is an example of how organizations can successfully integrate security into their development processes by engaging with teams and providing hands-on security expertise.
  • The session highlighted the importance of empathy, collaboration, and a blameless culture in successfully implementing security measures within development teams.
  • AWS Reinforce is an annual security conference that provides an opportunity for AWS users to deepen their knowledge and skills in cloud security.
Build Responsible Ai Applications with Guardrails for Amazon Bedrock Aim361Build Verifiable and Effective Application Authorization in 40 Minutes Boa209