AWS Security Resources Table of Contents Official AWS Security Resources Other Relevant Official AWS Resources Jason Chan’s Talks and Slides on AWS and Cloud Security Other Relevant AWS and Cloud Security Talks AWS Security Tools Other Resources Useful/Interesting Individual Posts and Articles This is a reformatted version of Jason Chan’s AWS Security Resources Gist Official AWS Security Resources AWS Security Blog Security Advisories Security Whitepaper (AWS Security Processes/Practices) Security Best Practices Whitepaper Risk and Compliance Whitepaper Security Center Compliance Center Policy Generator (auto build S3, IAM, etc. policies) IAM Policy Simulator IAM Best Practices EC2 Resource-Level Permissions Other Relevant Official AWS Resources YouTube Channel (RE:Invent talks, etc.) AWS Blog AWS Documentation Discussion Forums Jason Chan’s Talks and Slides on AWS and Cloud Security AppSecUSA 2012 Real World Cloud Security LASCON 2013 Alternate Approaches to Product Security SAINTCON 2014 AWS Security Training Jason Chan’s Slideshare page (lots of AWS and cloud security talks) Other Relevant AWS and Cloud Security Talks Kevin Glisson (Netflix) AppSecUSA 2014 Monterey (inventory/testing system on AWS) Ben Hagen (Netflix) AppSecUSA 2014 Cloud Security Erik Peterson (Veracode) AppSecUSA 2014 Attacking Amazon Jay Zarfoss (Netflix) Cloud Security @ Netflix Alex Stamos (Yahoo!) Building Cloud Security from Scratch RE:Invent 2012 Jonathan Chittenden (iSEC Partners) AppSec 2012 AWS Scout AWS Security Tools Security Monkey (Netflix OSS tool for monitoring AWS security configuration) Reddalert (Prezi OSS tool for monitoring/alerting on top of Edda) Nimbostratus (tools for fingerprinting/exploiting AWS infrastructures) Edda (Netflix OSS tool for tracking AWS changes) Securosis' Security Squirrel (POC cloud/secops automation suite) iSEC Partners' AWS Scout and Scout2 (IAM, EC2, S3 auditing) CloudSploit (AWS security auditing and evaluation) 🔐💥 KeyNuker - nuke AWS keys accidentally leaked to Github Other Resources Nag Medida’s (Netflix) collection of AWS hacks Nag Medida’s (Netflix) blog - 25 tips for securing AWS Reddit’s AWS subreddit Useful/Interesting Individual Posts and Articles Instagram Engineering’s Post #1 on EC2→VPC→FB Migration Instagram Engineering’s Post #2 on EC2→VPC→FB Migration (Neti OSS release)