Currently CTO and Co-Founder of Jit, the Continuous Security platform for Developers. David has a PhD in Bioinformatics and for the past 20 years has been a full-stack developer, CTO & technical evangelist, mostly in the cloud, and specifically in cloud security, working for leading organizations such as MyHeritage, CloudLock (acquired by Cisco) and leading the 'advanced development team' for the CTO of Cisco's cloud security (a $500M ARR BU).
It's been 20 years since EC2 landed, and we've learned quite a bit about managing cloud operations at scale over these years. One area that remains a real pain point is securing AWS environments (a lot of moving parts and controls to think about), this is particularly acute in the world of fast-paced engineering today.
This talk will give an overview of how to secure AWS architecture through code, leveraging Terraform for automation. This will take a look at good security practices for managing your AWS organization - from the dedicated accounts per user, switching roles for additional access, enforcing MFA, segregation of different account types - dev vs. staging vs. prod, as well as SCP policies. In addition we will review best practices for working locally and deploying code changes to your SCM (with a Github example) without compromising your AWS keypairs, and all this with an everything-as-code approach built with Terraform.