AWS re:Invent 2017: Automating and Auditing Cloud Governance and Compliance in Multi (ENT324)

Опубликовано 28 ноября 2017, 19:05

In this session, we explore multi-account considerations for compliance and auditing. We include topics such as API call prefiltering, a repeatable approach to SCP and IAM policy creation, internal separation of duty and need to know, compliance scope ring-fencing, scope of impact limitation, and mandatory access control. We review approaches for log and event analytics and log record lifecycle management (including redaction where necessary) and alerting. We also discuss how you can deploy compliance assessment tools in multi-account environments and how you can interpret these tools' output so it makes sense. Finally, no set of detailed multi-account sessions is complete without discussing tools for visualization.