IAM is your friend

•

0 likes•67 views

There are no limits to what IAM can help you with: prevent mistakes; secure your assets; organise both your team and your micro services; partition customer access to your data. We will give you a hands-on, nuts-and-bolts walk through real examples of common IAM uses that we employ in our day to day work. The aim is to make you want to go away and experiment with IAM yourself, becoming more familiar and confident with it, which in turn will help your understanding of and confidence with using AWS itself. See video here: https://youtu.be/HYDdpo7y1ZA

Technology

5+ years ago…
API Gateway EC2
S3
database

5+ years ago…
• Server/resource architecture
• Regulate access to resources
• InfoSec concern
2019
• Microservices architecture
• Enforce contracts between (micro) services
• Software design concern

5+ years ago…
• Broad, complex policies
• Role reuse
• Start off with lax blueprints
Another way!
• Tiny, single-action policies
• Unique roles
• Blank canvas

Step 1 (no code)
• Create new, unique role
• Mix and match single-purpose policies
Example: adding Lambda function

Step 1 (no code)
Example: adding Lambda function

Step 2
• Write the code
• Test it
• Encounter an IAM error?
• Information about access patterns (= cash!)
Example: adding Lambda function

Layers
Example: adding Lambda function
lambda_A lambda_B
shared_func
layer

Layers
Example: adding Lambda function
lambda_A lambda_B
shared_func
layer
getItem
scan

With an IAM-first approach we gain:
• free, continuous enforcement of contracts
between services
• an easy, building-block technique for designing
our architecture
• clean, easy-to-read policies
• reduced risk of unexpected bills

• AWS in 2019 mirrors language design of 1980s
• Objects / processes that pass messages between one
another
• SmallTalk, Erlang…
• Since then: strong typing and access annotation
• Don’t yet have strong typing
• … but IAM policies are a form of access annotation
Final thought…

What's hot

Hybrid Integration with BizTalk Server - ACSUG

Wagner Silveira

Graphql

Girish Talekar

Azure Functions & Serverless Computing

Abhimanyu Singhal

Building A Webb App with Firebase and Angular 2

Alex Hoffman

Michiel Fokke - ASAS 2017

Michiel Fokke

Alfresco Day Amsterdam 2015, Technical Track - Doing more with Activiti

Alfresco Software

AWS Finland meetup 2018 August

Rolf Koski

TechEvent Einführung in die Amazon Cloud

Trivadis

Data mining technique in securing the cloud

rano33

The business and end user guide into the new and modern SharePoint

BIWUG

Evolutionary changes are often used to gradually increase the quality of a software. However, if back-end systems have to be replaced with a different technologies, the resulting changes are more radical. One example for such a change is the migration of database servers from a relational to a document-oriented storage engine. Based on an example application, we present an approach to perform such a migration and conclude some general guidance for migrating future applications.

EUNIS 2018 - Migration of a web service back-end from a relational to a docum...

Marius Politze

Technologies for the capture and analysis of streaming data has changed over the years and cloud technologies have taken us to a new level. Many people are not aware of the new technologies and architectural paradigms that are available today for near-real-time capture and analysis of high-volume data. This presentation will examine Amazon Web Services’ offerings for streaming data analysis, compare how it’s changed over the years, and take a look at what might be coming in the future. Real-life case-studies and architectures will be shared to demonstrate how these technologies can, and have been, used to successfully meet customer needs.

High Volume Streaming Data: How Amazon Web Services is Changing Our Approach

Michael Krouze

Our road to microservices - or how we learned to love async events

Thomas Bøgh Fangel

Logstash, Elasticsearch and Kibana

Saroj Panyasrivanit

How stlrda does data

Adam Doyle

Angular 2 On Production (IT Talk in Dnipro)

Oleksandr Tryshchenko

Micro-Servicing Linked Data

openCypher

Serverless Days Milano - Developing Serverless applications with GraphQL

Marcia Villalba

Serverless Architecture - Azure Logic apps

Puneet Ghanshani

SPS Brussels 2017

Joëlle Ruelle

What's hot (20)

Hybrid Integration with BizTalk Server - ACSUG

Graphql

Azure Functions & Serverless Computing

Building A Webb App with Firebase and Angular 2

Michiel Fokke - ASAS 2017

Alfresco Day Amsterdam 2015, Technical Track - Doing more with Activiti

AWS Finland meetup 2018 August

TechEvent Einführung in die Amazon Cloud

Data mining technique in securing the cloud

The business and end user guide into the new and modern SharePoint

EUNIS 2018 - Migration of a web service back-end from a relational to a docum...

High Volume Streaming Data: How Amazon Web Services is Changing Our Approach

Our road to microservices - or how we learned to love async events

Logstash, Elasticsearch and Kibana

How stlrda does data

Angular 2 On Production (IT Talk in Dnipro)

Micro-Servicing Linked Data

Serverless Days Milano - Developing Serverless applications with GraphQL

Serverless Architecture - Azure Logic apps

SPS Brussels 2017

Similar to IAM is your friend

Demistifying serverless on aws

AWS Riyadh User Group

It can be argued that the future of cloud computing is going to be serverless (and containerless) and cloud providers will be responsible for providing the runtime environment and all the building blocks needed for creating large scale, distributed systems. Rafal Gancarz presents how such a future could look like based on currently available AWS stack (Lambda, API Gateway, DynamoDB, S3, Kinesis, CloudWatch and more). Gatling is a scalable performance testing framework providing a rich and flexible DSL written in Scala. If you need to perf/load test a REST API or a web app you can use Gatling to generate a substantial amount of load and define your testing scenarios with ease. Rafal will provide an overview of the DSL and show how easy and productive using Gatling is, including a live demo. About Rafal Gancarz Rafal GanCarz is a Lead Consultant for OpenCredo having joined the company in 2014. Rafal is responsible for leading engagements for OpenCredo with its clients. He is a technologist with experience in high quality distributed systems, improving project delivery and building high performance Agile teams.

Microservices Manchester: Serverless Architectures By Rafal Gancarz

OpenCredo

IBM Social Business Toolkit

Van Staub, MBA

<November 2017 Updated from earlier presentations on Cloud-native Data> Cloud-native applications form the foundation for modern, cloud-scale digital solutions, and the patterns and practices for cloud-native at the app tier are becoming widely understood – statelessness, service discovery, circuit breakers and more. But little has changed in the data tier. Our modern apps are often connected to monolithic shared databases that have monolithic practices wrapped around them. As a result, the autonomy promised by moving to a microservices application architecture is compromised. What we need are patterns and practices for cloud-native data. The anti-patterns of shared databases and simple proxy-style web services to front them give way to approaches that include use of caches (Netflix calls caching their hidden microservice), database per service and polyglot persistence, modern versions of ETL and data integration and more. In this session, aimed at the application developer/architect, Cornelia will look at those patterns and see how they serve the needs of the cloud-native application.

Cloud-native Data

cornelia davis

Cloud-Native-Data with Cornelia Davis

VMware Tanzu

Building a Machine Learning App with AWS Lambda

Sri Ambati

Serverless operations for the iRobot fleet

Ben Kehoe

Serverless computing - Build and run applications without thinking about servers

Amazon Web Services

Migrating data into any platform is a difficult task, especially if you are moving into Office 365. If you are migrating to either SharePoint On-Premise or O365, you will need preparation, good planning, and detailed execution activities are keys to avoid migration nightmare. This session will help you learn a methodology, adopted based on many previous migration, to help you deliver a successful migration project with happy users. We will learn the steps you need in your pre-migration analysis, migration checklists, post migration support, and any issues you might face during and after completing the migration efforts.

aOS Canadian Tour Share point migration tips

Mike Maadarani

Workshop: AWS Lamda Signal Corps vs Zombies

Amazon Web Services

This session will be an introduction to the new Azure Integration features: Logic Apps and also a glimpse about API Apps. They are still in preview but how can we get start using these new features? We will learn how you can use Azure Logic Apps to automate business processes without using code. This course will demonstrate the new graphical designer and how to best take advantage of different Logic App capabilities for your scenarios.

2015-12-02 - WebCamp - Microsoft Azure Logic Apps

Sandro Pereira

AWS Serverless Application Model (AWS SAM) is a tool for developing, deploying, and managing your serverless applications on AWS. Learn best practices and tricks for using AWS SAM at scale, including how to make the most of its dynamic template capabilities, how to use advanced features, and how to debug serverless applications. Also explore the Approved open-source AWS SAM translator, and see how AWS SAM works under the hood.

Build and Deploy Serverless Applications with AWS SAM

Amazon Web Services

Learn how to collaboratively plan and design APIs to establish a single source of truth for your API lifecycle. This workshop will focus on building Collections to represent APIs from the point of view of both producers and consumers of an API. We will show how you can use API schemas (OpenAPI/RAML/GraphQL) in Postman, manage versions of collections, and document them. We will also deep-dive into Mock Servers, and show how you can use them in your development.

POST/CON 2019 Workshop: Design, Develop, and Mock APIs with Postman

Postman

Join us to learn about the state of serverless computing from Dr. Tim Wagner, General Manager of AWS Lambda. Dr. Wagner discusses the latest developments from AWS Lambda and the serverless computing ecosystem. He talks about how serverless computing is becoming a core component in how companies build and run their applications and services, and he also discusses how serverless computing will continue to evolve.

SMC301 The State of Serverless Computing

Amazon Web Services

GITHUB https://github.com/spdavid/SPSVIE Gaining SPFx Super Abilities with React and Office UI Fabric Want to create really good looking web parts and do it fast? Microsoft has given us an official front-end framework to build great experiences in office 365. Currently the best way to apply this framework is with React. React is a simple and powerful JavaScript framework. Combine that with the Office UI Fabric and you can make good looking, mobile friendly web parts with ease. Join me and I will show you how react works and how to use the Office UI Fabric and make awesome looking web parts.

SharePoint Saturday Vienna Slides

David Opdendries

Enterprise Serverless Adoption. An Experience Report

SheenBrisals

[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...

WSO2

Kotlin is a language from the tool gurus at JetBrains. In 2016, after about six years of development, Kotlin reached version 1.0. In 2017 it won the hearts of developers and became an officially supported language for Android. Kotlin, like Java, is for more than creating Android applications. It can replace or enhance Java most places it is used today including on AWS. AWS Lambda functions sometimes called Serverless Computing, is a service which lets us developers build web services without worrying about configuring servers. In this session, we will create a lambda service on AWS using Kotlin. Along the way, we will learn what a makes Kotlin an excellent replacement for Java and how simple it is to construct an AWS Lambda function.

AWS Lambda Function with Kotlin

Troy Miles

Service as-a-software

Jean-Jacques Dubray

Building complex applications using microservices-based architecture naturally involves a great amount of remote communication based on RESTful APIs. The REST APIs represent the contract of the microservice, with both external and internal stakeholders. Microservices, with poorly designed and unstable APIs, might pose a challenge for the whole application stack, for both adoption and maintenance. In this session, we will dig into the benefits of the API-First development approach, for designing stable, clean, and robust microservice APIs. We will showcase a practical example of how API-First development can be streamlined for developing and consuming Spring-based Java microservices, leveraging mostly free and open source technologies.

Practical Application of API-First in microservices development

Chavdar Baikov

Similar to IAM is your friend (20)

Demistifying serverless on aws

Microservices Manchester: Serverless Architectures By Rafal Gancarz

IBM Social Business Toolkit

Cloud-native Data

Cloud-Native-Data with Cornelia Davis

Building a Machine Learning App with AWS Lambda

Serverless operations for the iRobot fleet

Serverless computing - Build and run applications without thinking about servers

aOS Canadian Tour Share point migration tips

Workshop: AWS Lamda Signal Corps vs Zombies

2015-12-02 - WebCamp - Microsoft Azure Logic Apps

Build and Deploy Serverless Applications with AWS SAM

POST/CON 2019 Workshop: Design, Develop, and Mock APIs with Postman

SMC301 The State of Serverless Computing

SharePoint Saturday Vienna Slides

Enterprise Serverless Adoption. An Experience Report

[WSO2 Integration Summit Nairobi 2019] Role of Integration in an API Driven W...

AWS Lambda Function with Kotlin

Service as-a-software

Practical Application of API-First in microservices development

Recently uploaded

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Manulife - Insurer Innovation Award 2024

The Digital Insurer

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Boost PC performance: How more available memory can improve productivity

Why Teams call analytics are critical to your entire business

A Domino Admins Adventures (Engage 2024)

Partners Life - Insurer Innovation Award 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Boost Fertility New Invention Ups Success Rates.pdf

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Tata AIG General Insurance Company - Insurer Innovation Award 2024

AWS Community Day CPH - Three problems of Terraform

MINDCTI Revenue Release Quarter One 2024

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Manulife - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

How to Troubleshoot Apps for the Modern Connected Worker

IAM is your friend

1. Roland Hougs

2. 5+ years ago… API Gateway EC2 S3 database

3. 5+ years ago… API Gateway EC2 S3 database

4. 2019

5. 5+ years ago… • Server/resource architecture • Regulate access to resources • InfoSec concern 2019 • Microservices architecture • Enforce contracts between (micro) services • Software design concern

6. 5+ years ago… • Broad, complex policies • Role reuse • Start off with lax blueprints Another way! • Tiny, single-action policies • Unique roles • Blank canvas

7. Step 1 (no code) • Create new, unique role • Mix and match single-purpose policies Example: adding Lambda function

8. Step 1 (no code) Example: adding Lambda function

9. Step 1 (no code) Example: adding Lambda function

10. Step 1 (no code) Example: adding Lambda function

11. Step 2 • Write the code • Test it • Encounter an IAM error? • Information about access patterns (= cash!) Example: adding Lambda function

12. Layers Example: adding Lambda function lambda_A lambda_B shared_func layer

13. Layers Example: adding Lambda function lambda_A lambda_B shared_func layer getItem scan

14. Layers Example: adding Lambda function

15. With an IAM-first approach we gain: • free, continuous enforcement of contracts between services • an easy, building-block technique for designing our architecture • clean, easy-to-read policies • reduced risk of unexpected bills

16. • AWS in 2019 mirrors language design of 1980s • Objects / processes that pass messages between one another • SmallTalk, Erlang… • Since then: strong typing and access annotation • Don’t yet have strong typing • … but IAM policies are a form of access annotation Final thought…

17. Questions?

IAM is your friend

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to IAM is your friend

Similar to IAM is your friend (20)

More from AWSCOMSUM

More from AWSCOMSUM (20)

Recently uploaded

Recently uploaded (20)

IAM is your friend