SlideShare a Scribd company logo

Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tech Talks

Download as PPTX, PDF
Amazon Web Services
Amazon Web Services

Learning Objectives: - Discover how to secure your cloud infrastructure with Amazon CloudFront, AWS Shield and AWS WAF - Learn how to offload security heavy-lifting to the AWS Edge - Learn about the built-in security in Amazon CloudFront - Get tips on how to develop an adaptive security strategy for your cloud In this tech talk, you will learn how you can better defend your websites and cloud infrastructure from cyberattacks using edge services from AWS, such as Amazon CloudFront, AWS Shield and AWS WAF. You will go behind the scenes to see how edge services help mitigate common DDoS attacks, how to use advanced protocols and ciphers, and how to enforce end-to-end HTTPS connections. You will also learn how to use additional features like AWS WAF's IP and bot blocking to implement tailored and advanced protection.

Technology
1 of 62
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Securing your AWS Infrastructure with Edge Services Nihar Bihani, Sr. Manager, Amazon CloudFront Venkat Vijayaraghavan, Principal Product Manager, AWS Shield May 30th 2017
Poll Question Q: What is the size of your organization?
Agenda • Anatomy of a typical Web Application • What are the challenges? • How can you secure it without compromising on availability, performance or flexibility? • Protect your applications with Amazon CloudFront, AWS Shield and AWS WAF
A typical Web Application Dynamic applications Personalized Content Static assets API Corporate Data Center End Users
Design Considerations  Security • Authentication • Encryption (TLS) • Layered Protection  Availability • Resiliency/Fault Tolerance • Request handling capacity  Performance  Routing  Throttling  Alerting & Monitoring Dynamic applications Personalized Content Static assets API Corporate Data Center End Users DDoS
Design & Implementation Challenges Dynamic applications Personalized Content Static assets API Corporate Data Center End Users App Servers Firewalls Database Servers Load Balancers Traffic Management Monitoring Web Servers Storage Servers
How does AWS help … Offload complexity without losing Flexibility still building Highly Secure, Highly Available, and a Highly Scalable application
Static Asset Delivery Dynamic applications Personalized Content Static assets API Corporate Data Center End Users • Latency matters • Scale matters - ability to handle large usage spikes ?
Static Assets delivered via CloudFront AWS Cloud Corporate Data Center Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFront Amazon Route 53
Edge Delivery Using CloudFront High Availability Application Acceleration AWS Integration Cost Effective An Enterprise Class CDN
Resiliency for Dynamic Content Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFrontAmazon Route 53 • Business Logic • Low or Zero TTL • Secure Connections ?
Resiliency for Dynamic Content Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFront Amazon Elastic Load Balancer Amazon Route 53
Why use CloudFront to Front Both Static & Dynamic Content? 1) TLS Termination closer to end users 2) Secure Full Duplex Connections 3) Connection Optimization between Edge and ELB 4) Even the small amounts of caching (Low TTL) provides significant increase in resiliency in case of request spikes
Edge Delivery of Dynamic Content Application Acceleration – CloudFront in front of ELB
Personalized Content Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFront Amazon Elastic Load Balancer Amazon Route 53 ? • Customized Content for every end user • Scale Matters • Latency Matters
AWS Lambda: Serverless computing Run code without servers. Pay only for the compute time you consume. Triggered by events or called from APIs: • PUT to an Amazon S3 bucket • Updates to Amazon DynamoDB table • Call to an Amazon API Gateway endpoint • Mobile app back-end call • CloudFront requests • And many more… Makes it easy to: • Perform real-time data processing • Build scalable back-end services • Glue and choreograph systems
Benefits of AWS Lambda Continuous scaling No servers to manage Never pay for idle – no cold servers (only happy accountants)
…but all triggered from within a single AWS Region
Imagine if you could run code at… North America South America EMEA APAC Edge Locations Cities Countries Continents
Introducing Lambda@Edge • Lambda@Edge is an extension of AWS Lambda that allows you to run Node.js code at AWS global edge locations. • Bring your own code to the edge and customize your content very close to your users, improving end user experience. Continuous scaling No servers to manage Never pay for idle – no cold servers Globally distributed
Write once, run everywhere
Lambda@Edge – Application Security Visitor Validation Handling bots Detect search engine bots and filter traffic from origin servers by displaying a Captcha page Confirm valid sessions View user-agent to confirm legitimacy of request and add an access-control allow header accordingly Validate access token to confirm authentication status
Lambda@Edge – Application Security RFC 6797 - HTTP Strict Transport Security (HSTS) Strict-Transport-Security: max-age=31536000; includeSubDomains Browser Support Introduced Internet Explorer Internet Explorer 11 on Windows 8.1 and Windows 7[2] Firefox 4 Opera 12 Safari Mavericks (Mac OS X 10.9) Chrome 4.0.211.0
Lambda@Edge – Application Security Authentication and Access Control Publishers such as the New York Times or HBR want to restrict the number of free articles each viewer can access a month before redirecting to a subscription page. Cookies can be used to count the number of access attempts per user, and a Lambda@Edge function can inspect cookies for access and redirect to a subscription page when the user reaches their limit
Lambda@Edge – Application Personalization A/B Testing “Flip a coin” to select a version of content Set cookies to ensure that users continue to see the corresponding versions of content Response Generation Redirect unauthenticated users to a specific login page that you create on the fly Generate custom error pages or static webpages directly from an edge location closest to the end user
Personalized Content at the Edge Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon Elastic Load Balancer Amazon Route 53 Lambda@Edge Amazon CloudFront
Un-cacheable APIs Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon Elastic Load Balancer Amazon Route 53 Lambda@Edge ? Amazon CloudFront
Un-cacheable APIs Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon Elastic Load Balancer Amazon Route 53 Lambda@Edge API Gateway AWS Lambda Amazon CloudFront
We looked at how to make your application resilient and fast, but what about security?
Poll Question Q: Has your company experienced a DDoS attack in the past?
Shield for Secured Application Delivery Edge Protect CloudFront for Secured Application Delivery Edge Delivery Security ? Web Application Firewall for application protection Application Protection
AWS Services - Built-in Security Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon Elastic Load Balancer Lambda@Edge API Gateway AWS Lambda Amazon CloudFrontRoute 53 DDoS
Types of Threats Bad BotsDDoS Application Attacks Reflection Layer 4 floods Slowloris SSL abuse HTTP floods Amplification Content scrapers Scanners & probes CrawlersApplication Layer Network / Transport Layer SQL injection Application exploits Bad Resolvers SSL Renegotiation SSL/TLS Vulnerabilities
Edge Protect AWS Shield AWS WAFCloudFront Built-in Security
Leveraging The Edge For TLS AWS Cloud Corporate Data Center Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFront DDoS
Amazon CloudFront: Built-in Security HTTPS Delivery AWS Certificate Manager  Terminate TLS at Edge  SNI Custom TLS (No Additional Cost)  Advanced Ciphers  Perfect Forward Secrecy  OCSP Stapling  Provision Certificates for Free  Easy to procure new certificate (Directly on CloudFront console)  Hassle-free automatic certificate renewal
Leveraging The Edge for DDoS Protection Corporate Data Center Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFrontDDoS
AWS Shield Advanced Managed DDoS Protection
AWS Shield Advanced Application Load Balancer Classic Load Balancer Amazon CloudFront Amazon Route 53 Available on..
AWS Shield Advanced AWS Integration DDoS protection without infrastructure changes Affordable Don’t make trade-offs between cost and quality Flexible Customize protections for your applications Always-On Detection and Mitigation Minimizes impact on application latency Four key pillars…
AWS Shield for DDoS Protection Available in ALL AWS Edge Locations Worldwide
Poll Question Q: Are you using AWS Shield Standard today for DDoS protection?
AWS Shield Standard Protection Advanced Protection Available to ALL AWS customers at No Additional Cost Paid service that provides additional protections, features and benefits.
AWS Shield Standard Layer 3/4 protection  Automatic detection & mitigation  Protection from most common attacks (SYN/UDP Floods, Reflection Attacks, etc.)  Built into AWS services Layer 7 protection  AWS WAF for Layer 7 DDoS attack mitigation  Self-service & pay-as-you-go Automatic Protection against 96% of Layer 3/4 attacks Available globally on all internet-facing AWS services
AWS Shield Advanced Additional Detection & Monitoring Protection against Large DDoS attacks Visibility into Attack Detection & Mitigation AWS WAF at No Additional Cost 24X7 DDoS Response Team Cost Protection (Absorb DDoS Scaling cost)
AWS Shield Advanced Always-on monitoring & detection Advanced L3/4 & L7 DDoS protection Attack notification and reporting 24x7 access to DDoS Response Team AWS bill protection
Leveraging Firewall the Edge and on ALB AWS Cloud Corporate Data Center Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFront DDoS
Poll Question Q: Are you using a Web Application Firewall (WAF) today?
AWS WAF for Application Threats
AWS WAF Available in ALL AWS Edge Locations Worldwide
How AWS WAF Protects Your App  Flexible Rules Language  Pre-configured Protection  Advanced Security Automation  Partner Rules AWS WAF (Web Application Firewall)
How AWS WAF Protects Your App  Flexible Rules Language  Pre-configured Protection  Advanced Security Automation  Partner Rules  Quick Incidence Response  Mitigations in < ~1 Min  Inspect Any Part of the Request
How AWS WAF Protects Your App  Flexible Rules Language  Pre-configured Protection  Advanced Security Automation  Partner Rules SQL injection IP reputation lists Cross-site scripting
How AWS WAF Protects Your App  Flexible Rules Language  Pre-configured Protection  Security Automation  Partner Rules
How AWS WAF Protects Your App  Flexible Rules Language  Pre-configured Protection  Security Automation  Partner Rules  Implement AWS WAF  Curated rulesets (in preview)
Lambda@Edge API Gateway Summary – Building Blocks for a Complete Web Application Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon Elastic Load Balancer AWS Lambda Amazon CloudFontRoute 53 DDoS
Summary – Key Takeaways • AWS has built-in Security - Perimeter Protection without infrastructure changes • Use CloudFront to front static, dynamic content and APIs • Lambda@Edge provides you the flexibility for personalizing content
How To Get Started @cloudfront
Getting Started @cloudfront • CloudFront • https://aws.amazon.com/cloudfront/getting-started/ • AWS Shield • https://aws.amazon.com/shield/ • AWS WAF • https://aws.amazon.com/waf/getting-started/
Upcoming Amazon CloudFront Office Hours CloudFront Office Hours Thursday, June 29th, 2017 10:00 am PDT How do you register? https://aws.amazon.com/cloudfront/events/ @cloudfront
Questions? @cloudfront
Thank You

Recommended

Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Amazon Web Services
 
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...Amazon Web Services
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
 
Best Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSBest Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Running your Windows Enterprise Workloads on AWS - Technical 201
Running your Windows Enterprise Workloads on AWS - Technical 201Running your Windows Enterprise Workloads on AWS - Technical 201
Running your Windows Enterprise Workloads on AWS - Technical 201Amazon Web Services
 
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...Amazon Web Services
 
Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Amazon Web Services
 

Recommended

Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Amazon Web Services
 
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...Amazon Web Services
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
 
Best Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSBest Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Running your Windows Enterprise Workloads on AWS - Technical 201
Running your Windows Enterprise Workloads on AWS - Technical 201Running your Windows Enterprise Workloads on AWS - Technical 201
Running your Windows Enterprise Workloads on AWS - Technical 201Amazon Web Services
 
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...Amazon Web Services
 
Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Amazon Web Services
 
Secure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontSecure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontAmazon Web Services
 
Cloud is the New Normal, So How Do I Get Started? - Business
Cloud is the New Normal, So How Do I Get Started? - BusinessCloud is the New Normal, So How Do I Get Started? - Business
Cloud is the New Normal, So How Do I Get Started? - BusinessAmazon Web Services
 
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...Amazon Web Services
 
Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...Amazon Web Services
 
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...Amazon Web Services
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceAmazon Web Services
 
DDoS Resiliency
DDoS ResiliencyDDoS Resiliency
DDoS ResiliencyAmazon Web Services
 
New Achitectures
New AchitecturesNew Achitectures
New AchitecturesAmazon Web Services
 
Expanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud InfrastructureExpanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud InfrastructureAmazon Web Services
 
Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Amazon Web Services
 
Running Enterprise Workloads on AWS
Running Enterprise Workloads on AWSRunning Enterprise Workloads on AWS
Running Enterprise Workloads on AWSAmazon Web Services
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAmazon Web Services
 
SRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration ServiceSRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration ServiceAmazon Web Services
 
Automate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAutomate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAmazon Web Services
 
AWS re:Invent 2016: Driving Innovation with Big Data and IoT (GPSST304)
AWS re:Invent 2016: Driving Innovation with Big Data and IoT (GPSST304)AWS re:Invent 2016: Driving Innovation with Big Data and IoT (GPSST304)
AWS re:Invent 2016: Driving Innovation with Big Data and IoT (GPSST304)Amazon Web Services
 
Automate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAutomate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Amazon Cloudfront
Amazon CloudfrontAmazon Cloudfront
Amazon CloudfrontAmazon Web Services
 
Getting Started with Managed Services | AWS Public Sector Summit 2016
Getting Started with Managed Services | AWS Public Sector Summit 2016Getting Started with Managed Services | AWS Public Sector Summit 2016
Getting Started with Managed Services | AWS Public Sector Summit 2016Amazon Web Services
 
Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioni
Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioniContent Delivery: accelerare in modo sicuro e flessibile siti web e applicazioni
Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioniAmazon Web Services
 
Expanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud InfrastructureExpanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud InfrastructureAmazon Web Services
 

More Related Content

What's hot

Secure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontSecure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontAmazon Web Services
 
Cloud is the New Normal, So How Do I Get Started? - Business
Cloud is the New Normal, So How Do I Get Started? - BusinessCloud is the New Normal, So How Do I Get Started? - Business
Cloud is the New Normal, So How Do I Get Started? - BusinessAmazon Web Services
 
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...Amazon Web Services
 
Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...Amazon Web Services
 
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...Amazon Web Services
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceAmazon Web Services
 
Expanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud InfrastructureExpanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud InfrastructureAmazon Web Services
 
Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Amazon Web Services
 
Running Enterprise Workloads on AWS
Running Enterprise Workloads on AWSRunning Enterprise Workloads on AWS
Running Enterprise Workloads on AWSAmazon Web Services
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAmazon Web Services
 
SRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration ServiceSRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration ServiceAmazon Web Services
 
Automate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAutomate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAmazon Web Services
 
AWS re:Invent 2016: Driving Innovation with Big Data and IoT (GPSST304)
AWS re:Invent 2016: Driving Innovation with Big Data and IoT (GPSST304)AWS re:Invent 2016: Driving Innovation with Big Data and IoT (GPSST304)
AWS re:Invent 2016: Driving Innovation with Big Data and IoT (GPSST304)Amazon Web Services
 
Automate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAutomate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Getting Started with Managed Services | AWS Public Sector Summit 2016
Getting Started with Managed Services | AWS Public Sector Summit 2016Getting Started with Managed Services | AWS Public Sector Summit 2016
Getting Started with Managed Services | AWS Public Sector Summit 2016Amazon Web Services
 

What's hot (20)

Secure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontSecure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFront
 
Cloud is the New Normal, So How Do I Get Started? - Business
Cloud is the New Normal, So How Do I Get Started? - BusinessCloud is the New Normal, So How Do I Get Started? - Business
Cloud is the New Normal, So How Do I Get Started? - Business
 
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
 
Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...
 
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
SRV418 Deep Dive on Accelerating Content, APIs, and Applications with Amazon ...
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
 
DDoS Resiliency
DDoS ResiliencyDDoS Resiliency
DDoS Resiliency
 
New Achitectures
New AchitecturesNew Achitectures
New Achitectures
 
Expanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud InfrastructureExpanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud Infrastructure
 
Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201
 
Running Enterprise Workloads on AWS
Running Enterprise Workloads on AWSRunning Enterprise Workloads on AWS
Running Enterprise Workloads on AWS
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with Security
 
SRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration ServiceSRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration Service
 
Automate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAutomate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resources
 
AWS re:Invent 2016: Driving Innovation with Big Data and IoT (GPSST304)
AWS re:Invent 2016: Driving Innovation with Big Data and IoT (GPSST304)AWS re:Invent 2016: Driving Innovation with Big Data and IoT (GPSST304)
AWS re:Invent 2016: Driving Innovation with Big Data and IoT (GPSST304)
 
Automate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAutomate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS Resources
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Amazon Cloudfront
Amazon CloudfrontAmazon Cloudfront
Amazon Cloudfront
 
Getting Started with Managed Services | AWS Public Sector Summit 2016
Getting Started with Managed Services | AWS Public Sector Summit 2016Getting Started with Managed Services | AWS Public Sector Summit 2016
Getting Started with Managed Services | AWS Public Sector Summit 2016
 

Similar to Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tech Talks

Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioni
Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioniContent Delivery: accelerare in modo sicuro e flessibile siti web e applicazioni
Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioniAmazon Web Services
 
Expanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud InfrastructureExpanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud InfrastructureAmazon Web Services
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersAmazon Web Services
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
AWS Application Service Workshop - Serverless Architecture
AWS Application Service Workshop - Serverless ArchitectureAWS Application Service Workshop - Serverless Architecture
AWS Application Service Workshop - Serverless ArchitectureJohn Yeung
 
How to build and deploy serverless apps - AWS Summit Cape Town 2018
How to build and deploy serverless apps - AWS Summit Cape Town 2018How to build and deploy serverless apps - AWS Summit Cape Town 2018
How to build and deploy serverless apps - AWS Summit Cape Town 2018Amazon Web Services
 
AWS Startup Day Bangalore: Being Well-Architected in the Cloud
AWS Startup Day Bangalore: Being Well-Architected in the CloudAWS Startup Day Bangalore: Being Well-Architected in the Cloud
AWS Startup Day Bangalore: Being Well-Architected in the CloudAdrian Hornsby
 
2016-06 - Design your api management strategy - AWS - Microservices on AWS
2016-06 - Design your api management strategy - AWS - Microservices on AWS2016-06 - Design your api management strategy - AWS - Microservices on AWS
2016-06 - Design your api management strategy - AWS - Microservices on AWSSmartWave
 
Getting started building your first serverless web application on AWS
Getting started building your first serverless web application on AWSGetting started building your first serverless web application on AWS
Getting started building your first serverless web application on AWSIoannis Polyzos
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWSAmazon Web Services
 
Build an app on aws for your first 10 million users (2)
Build an app on aws for your first 10 million users (2)Build an app on aws for your first 10 million users (2)
Build an app on aws for your first 10 million users (2)AWS Vietnam Community
 
NEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the EdgeNEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the EdgeAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
AWS FSI Symposium 2017 NYC - Moving at the Speed of Serverless ft Broadridge
AWS FSI Symposium 2017 NYC - Moving at the Speed of Serverless ft BroadridgeAWS FSI Symposium 2017 NYC - Moving at the Speed of Serverless ft Broadridge
AWS FSI Symposium 2017 NYC - Moving at the Speed of Serverless ft BroadridgeAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsBela Sojina MBA, PMP
 
Cloud Security-how to create serverless applications
Cloud Security-how to create serverless applicationsCloud Security-how to create serverless applications
Cloud Security-how to create serverless applicationsAmazon Web Services
 

Similar to Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tech Talks (20)

Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioni
Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioniContent Delivery: accelerare in modo sicuro e flessibile siti web e applicazioni
Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioni
 
Expanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud InfrastructureExpanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud Infrastructure
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million Users
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million Users
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
AWS Application Service Workshop - Serverless Architecture
AWS Application Service Workshop - Serverless ArchitectureAWS Application Service Workshop - Serverless Architecture
AWS Application Service Workshop - Serverless Architecture
 
How to build and deploy serverless apps - AWS Summit Cape Town 2018
How to build and deploy serverless apps - AWS Summit Cape Town 2018How to build and deploy serverless apps - AWS Summit Cape Town 2018
How to build and deploy serverless apps - AWS Summit Cape Town 2018
 
AWS Startup Day Bangalore: Being Well-Architected in the Cloud
AWS Startup Day Bangalore: Being Well-Architected in the CloudAWS Startup Day Bangalore: Being Well-Architected in the Cloud
AWS Startup Day Bangalore: Being Well-Architected in the Cloud
 
2016-06 - Design your api management strategy - AWS - Microservices on AWS
2016-06 - Design your api management strategy - AWS - Microservices on AWS2016-06 - Design your api management strategy - AWS - Microservices on AWS
2016-06 - Design your api management strategy - AWS - Microservices on AWS
 
Getting started building your first serverless web application on AWS
Getting started building your first serverless web application on AWSGetting started building your first serverless web application on AWS
Getting started building your first serverless web application on AWS
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWS
 
Build an app on aws for your first 10 million users (2)
Build an app on aws for your first 10 million users (2)Build an app on aws for your first 10 million users (2)
Build an app on aws for your first 10 million users (2)
 
NEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the EdgeNEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the Edge
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
AWS FSI Symposium 2017 NYC - Moving at the Speed of Serverless ft Broadridge
AWS FSI Symposium 2017 NYC - Moving at the Speed of Serverless ft BroadridgeAWS FSI Symposium 2017 NYC - Moving at the Speed of Serverless ft Broadridge
AWS FSI Symposium 2017 NYC - Moving at the Speed of Serverless ft Broadridge
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on aws
 
194325_EdgeatScale_NoNotes.pptx
194325_EdgeatScale_NoNotes.pptx194325_EdgeatScale_NoNotes.pptx
194325_EdgeatScale_NoNotes.pptx
 
Cloud Security-how to create serverless applications
Cloud Security-how to create serverless applicationsCloud Security-how to create serverless applications
Cloud Security-how to create serverless applications
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWS
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tech Talks

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Securing your AWS Infrastructure with Edge Services Nihar Bihani, Sr. Manager, Amazon CloudFront Venkat Vijayaraghavan, Principal Product Manager, AWS Shield May 30th 2017
  • 2. Poll Question Q: What is the size of your organization?
  • 3. Agenda • Anatomy of a typical Web Application • What are the challenges? • How can you secure it without compromising on availability, performance or flexibility? • Protect your applications with Amazon CloudFront, AWS Shield and AWS WAF
  • 4. A typical Web Application Dynamic applications Personalized Content Static assets API Corporate Data Center End Users
  • 5. Design Considerations  Security • Authentication • Encryption (TLS) • Layered Protection  Availability • Resiliency/Fault Tolerance • Request handling capacity  Performance  Routing  Throttling  Alerting & Monitoring Dynamic applications Personalized Content Static assets API Corporate Data Center End Users DDoS
  • 6. Design & Implementation Challenges Dynamic applications Personalized Content Static assets API Corporate Data Center End Users App Servers Firewalls Database Servers Load Balancers Traffic Management Monitoring Web Servers Storage Servers
  • 7. How does AWS help … Offload complexity without losing Flexibility still building Highly Secure, Highly Available, and a Highly Scalable application
  • 8. Static Asset Delivery Dynamic applications Personalized Content Static assets API Corporate Data Center End Users • Latency matters • Scale matters - ability to handle large usage spikes ?
  • 9. Static Assets delivered via CloudFront AWS Cloud Corporate Data Center Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFront Amazon Route 53
  • 10. Edge Delivery Using CloudFront High Availability Application Acceleration AWS Integration Cost Effective An Enterprise Class CDN
  • 11. Resiliency for Dynamic Content Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFrontAmazon Route 53 • Business Logic • Low or Zero TTL • Secure Connections ?
  • 12. Resiliency for Dynamic Content Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFront Amazon Elastic Load Balancer Amazon Route 53
  • 13. Why use CloudFront to Front Both Static & Dynamic Content? 1) TLS Termination closer to end users 2) Secure Full Duplex Connections 3) Connection Optimization between Edge and ELB 4) Even the small amounts of caching (Low TTL) provides significant increase in resiliency in case of request spikes
  • 14. Edge Delivery of Dynamic Content Application Acceleration – CloudFront in front of ELB
  • 15. Personalized Content Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFront Amazon Elastic Load Balancer Amazon Route 53 ? • Customized Content for every end user • Scale Matters • Latency Matters
  • 16. AWS Lambda: Serverless computing Run code without servers. Pay only for the compute time you consume. Triggered by events or called from APIs: • PUT to an Amazon S3 bucket • Updates to Amazon DynamoDB table • Call to an Amazon API Gateway endpoint • Mobile app back-end call • CloudFront requests • And many more… Makes it easy to: • Perform real-time data processing • Build scalable back-end services • Glue and choreograph systems
  • 17. Benefits of AWS Lambda Continuous scaling No servers to manage Never pay for idle – no cold servers (only happy accountants)
  • 18. …but all triggered from within a single AWS Region
  • 19. Imagine if you could run code at… North America South America EMEA APAC Edge Locations Cities Countries Continents
  • 20. Introducing Lambda@Edge • Lambda@Edge is an extension of AWS Lambda that allows you to run Node.js code at AWS global edge locations. • Bring your own code to the edge and customize your content very close to your users, improving end user experience. Continuous scaling No servers to manage Never pay for idle – no cold servers Globally distributed
  • 21. Write once, run everywhere
  • 22. Lambda@Edge – Application Security Visitor Validation Handling bots Detect search engine bots and filter traffic from origin servers by displaying a Captcha page Confirm valid sessions View user-agent to confirm legitimacy of request and add an access-control allow header accordingly Validate access token to confirm authentication status
  • 23. Lambda@Edge – Application Security RFC 6797 - HTTP Strict Transport Security (HSTS) Strict-Transport-Security: max-age=31536000; includeSubDomains Browser Support Introduced Internet Explorer Internet Explorer 11 on Windows 8.1 and Windows 7[2] Firefox 4 Opera 12 Safari Mavericks (Mac OS X 10.9) Chrome 4.0.211.0
  • 24. Lambda@Edge – Application Security Authentication and Access Control Publishers such as the New York Times or HBR want to restrict the number of free articles each viewer can access a month before redirecting to a subscription page. Cookies can be used to count the number of access attempts per user, and a Lambda@Edge function can inspect cookies for access and redirect to a subscription page when the user reaches their limit
  • 25. Lambda@Edge – Application Personalization A/B Testing “Flip a coin” to select a version of content Set cookies to ensure that users continue to see the corresponding versions of content Response Generation Redirect unauthenticated users to a specific login page that you create on the fly Generate custom error pages or static webpages directly from an edge location closest to the end user
  • 26. Personalized Content at the Edge Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon Elastic Load Balancer Amazon Route 53 Lambda@Edge Amazon CloudFront
  • 27. Un-cacheable APIs Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon Elastic Load Balancer Amazon Route 53 Lambda@Edge ? Amazon CloudFront
  • 28. Un-cacheable APIs Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon Elastic Load Balancer Amazon Route 53 Lambda@Edge API Gateway AWS Lambda Amazon CloudFront
  • 29. We looked at how to make your application resilient and fast, but what about security?
  • 30. Poll Question Q: Has your company experienced a DDoS attack in the past?
  • 31. Shield for Secured Application Delivery Edge Protect CloudFront for Secured Application Delivery Edge Delivery Security ? Web Application Firewall for application protection Application Protection
  • 32. AWS Services - Built-in Security Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon Elastic Load Balancer Lambda@Edge API Gateway AWS Lambda Amazon CloudFrontRoute 53 DDoS
  • 33. Types of Threats Bad BotsDDoS Application Attacks Reflection Layer 4 floods Slowloris SSL abuse HTTP floods Amplification Content scrapers Scanners & probes CrawlersApplication Layer Network / Transport Layer SQL injection Application exploits Bad Resolvers SSL Renegotiation SSL/TLS Vulnerabilities
  • 34. Edge Protect AWS Shield AWS WAFCloudFront Built-in Security
  • 35. Leveraging The Edge For TLS AWS Cloud Corporate Data Center Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFront DDoS
  • 36. Amazon CloudFront: Built-in Security HTTPS Delivery AWS Certificate Manager  Terminate TLS at Edge  SNI Custom TLS (No Additional Cost)  Advanced Ciphers  Perfect Forward Secrecy  OCSP Stapling  Provision Certificates for Free  Easy to procure new certificate (Directly on CloudFront console)  Hassle-free automatic certificate renewal
  • 37. Leveraging The Edge for DDoS Protection Corporate Data Center Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFrontDDoS
  • 38. AWS Shield Advanced Managed DDoS Protection
  • 39. AWS Shield Advanced Application Load Balancer Classic Load Balancer Amazon CloudFront Amazon Route 53 Available on..
  • 40. AWS Shield Advanced AWS Integration DDoS protection without infrastructure changes Affordable Don’t make trade-offs between cost and quality Flexible Customize protections for your applications Always-On Detection and Mitigation Minimizes impact on application latency Four key pillars…
  • 41. AWS Shield for DDoS Protection Available in ALL AWS Edge Locations Worldwide
  • 42. Poll Question Q: Are you using AWS Shield Standard today for DDoS protection?
  • 43. AWS Shield Standard Protection Advanced Protection Available to ALL AWS customers at No Additional Cost Paid service that provides additional protections, features and benefits.
  • 44. AWS Shield Standard Layer 3/4 protection  Automatic detection & mitigation  Protection from most common attacks (SYN/UDP Floods, Reflection Attacks, etc.)  Built into AWS services Layer 7 protection  AWS WAF for Layer 7 DDoS attack mitigation  Self-service & pay-as-you-go Automatic Protection against 96% of Layer 3/4 attacks Available globally on all internet-facing AWS services
  • 45. AWS Shield Advanced Additional Detection & Monitoring Protection against Large DDoS attacks Visibility into Attack Detection & Mitigation AWS WAF at No Additional Cost 24X7 DDoS Response Team Cost Protection (Absorb DDoS Scaling cost)
  • 46. AWS Shield Advanced Always-on monitoring & detection Advanced L3/4 & L7 DDoS protection Attack notification and reporting 24x7 access to DDoS Response Team AWS bill protection
  • 47. Leveraging Firewall the Edge and on ALB AWS Cloud Corporate Data Center Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon CloudFront DDoS
  • 48. Poll Question Q: Are you using a Web Application Firewall (WAF) today?
  • 49. AWS WAF for Application Threats
  • 50. AWS WAF Available in ALL AWS Edge Locations Worldwide
  • 51. How AWS WAF Protects Your App  Flexible Rules Language  Pre-configured Protection  Advanced Security Automation  Partner Rules AWS WAF (Web Application Firewall)
  • 52. How AWS WAF Protects Your App  Flexible Rules Language  Pre-configured Protection  Advanced Security Automation  Partner Rules  Quick Incidence Response  Mitigations in < ~1 Min  Inspect Any Part of the Request
  • 53. How AWS WAF Protects Your App  Flexible Rules Language  Pre-configured Protection  Advanced Security Automation  Partner Rules SQL injection IP reputation lists Cross-site scripting
  • 54. How AWS WAF Protects Your App  Flexible Rules Language  Pre-configured Protection  Security Automation  Partner Rules
  • 55. How AWS WAF Protects Your App  Flexible Rules Language  Pre-configured Protection  Security Automation  Partner Rules  Implement AWS WAF  Curated rulesets (in preview)
  • 56. Lambda@Edge API Gateway Summary – Building Blocks for a Complete Web Application Dynamic applications Personalized Web applications Static assets Un-cacheable API Amazon Elastic Load Balancer AWS Lambda Amazon CloudFontRoute 53 DDoS
  • 57. Summary – Key Takeaways • AWS has built-in Security - Perimeter Protection without infrastructure changes • Use CloudFront to front static, dynamic content and APIs • Lambda@Edge provides you the flexibility for personalizing content
  • 58. How To Get Started @cloudfront
  • 59. Getting Started @cloudfront • CloudFront • https://aws.amazon.com/cloudfront/getting-started/ • AWS Shield • https://aws.amazon.com/shield/ • AWS WAF • https://aws.amazon.com/waf/getting-started/
  • 60. Upcoming Amazon CloudFront Office Hours CloudFront Office Hours Thursday, June 29th, 2017 10:00 am PDT How do you register? https://aws.amazon.com/cloudfront/events/ @cloudfront