Building a secure AWS VPC: the good, the bad, the UX presented at DevSecConBoston 2018

by Matt Jones,

Summary : Building a secure VPC in AWS is nothing new, it has been done many times. It has also been done many times with automation tools such as Terraform and Ansible. As a newly minted infrastructure engineer, when given a project like this though how do you manage the obvious and not so obvious security requirements with the user experience. The UX is often an afterthought leading to circumvention at the first opportunity, poor adoption, or incomplete protocols and a fractured design. This then leads to developer stress and frustration over design requirements they may not be accustomed to.What practices can be utilized to help ensure a solid design while also not presenting users with a negative picture of your team, the project, or worse turning into to stereotypical no person? How can automation tools be leveraged to provide the users, the admins, and security with a holistic view and interface with which to manage the operations and audit requirements.Join me on a tale of high adventure, political intrigue, and an exploration into the depths of SSH, AWS, Golang, and Python from which you may never be the same. You will be horrified, you will shake your head in astoundment, and you will laugh, oh you will laugh. When you turn an infrastructure engineer loose in AWS with the simple task of creating a secure vpc in three months, what could possibly go wrong?