6. S3 Access Points
SIMPLIFIED CONTROL FOR
SHARED BUCKETS
ACCESSED BY MANY TEAMS
DECENTRALIZED TEAMS
DATA LAKES
CROSS-ACCOUNT DATA EXCHANGE my-bucket.s3.amazonaws.com
{ }
finance
{ }
accounting
{ }
sales
7. Announcing S3 Access Points
How Access Points Work
my-bucket.s3.amazonaws.com
finance accounting sales
{ }{ }{ }
9. AWS Managed Rules for AWS WAF
help you spend less time writing firewall rules and more time building applications
10. AWS Managed Rules for AWS WAF
• Quickly get started and protect your web application or APIs against
common threats
• Select from many rule types:
• the Open Web Application Security Project (OWASP) Top 10 security risks
• threats specific to Content Management Systems (CMS),
• emerging Common Vulnerabilities and Exposures (CVE), etc..
• Rules are automatically updated as new issues emerge
NOW available in all regions
11.
12. What’s new?
1) Removed the limit of ten rules per web ACL; with the introduction of
the WAF Capacity Unit (WCU).
Why ? The switch to WCUs allows the creation of hundreds of rules.
Each rule added to a web access control list (ACL) consumes capacity
based on the type of rule being deployed, and each web ACL has a
defined WCU limit.
2) The new AWS WAF supports AWS CloudFormation, allowing you to
create and update your web ACL and rules to
use CloudFormation templates.
3) No additional charge for using AWS Managed Rules.
Each set of managed rules is counted as a single rule. You will not be
charged for the individual rules inside AWS Managed Rules.
14. Amazon VPC Ingress Routing
Amazon VPC ingress routing routes
inbound and outbound traffic
through third party or AWS
services
⁄ Pass all inline traffic through a single
appliance
⁄ Inline traffic inspection helps you screen
and secure your traffic before it reaches
your workload
⁄ Helps you extend your capabilities with
third-party solutions in AWS Marketplace
16. Is the access intended?
Amazon API Gateway Amazon Simple Queue
Service
Amazon CloudWatch
AWS Key Management
Service
AWS Lambda
Amazon Simple Storage
Service
AWS Identity and Access
Management
17. IAM Access Analyzer
AWS Identity and
Access Management
Access Analyzer
Uses automated reasoning, a form of
mathematical logic & inference, to determine all
access paths
Identify resources with public or cross-account
access in your AWS account
Resolve or archive findings based on your security
requirements
Analyze access continuously
Remediate broad access
The highest levels of security assurance
New!
18. How to get started
IAM Roles S3 Buckets Lambda Functions KMS Keys SQS Queues
Who has
access
to what
Who has
access
to what
19. Benefits of IAM Access Analyzer
Continuously monitor
impact of policy changes
on access to your
resources
Quickly analyze
thousands of resource
policies across your
account
Available at
no cost!!
21. What’s on Developer’s mind?
How can we
improve code
quality?
Are we giving
lowest latency to
our customers?
Are our
infrastructure
costs just bloating?
22. Amazon CodeGuru
New machine learning service to automate
code reviews, with the aim of improving code
quality and application performance
AVAILABLE IN PREVIEW TODAY
23. Pull Request-based Code Review Process
1. Developer creates a branch.
2. He/she makes code changes.
3. He/she creates a Pull Request.
4. Code reviewers provide
comments. Developer provides
responses.
5. The code changes are
merged after approval.
Pull
Request
Approval
Merge
Code
Review
Branch
Make
changes
locally
24. Pull Request-based Code Review Process
Flags critical defects and reliability issues in source code.
Pull
Request
Approval
Merge
Code
Review
Branch
Make
changes
locally
Amazon CodeGuru Reviewer
Amazon CodeGuru Reviewer augments human code review
process and does not replace it
26. Amazon CodeGuru code reviews
AWS BEST PRACTICES CONCURRENCY
ISSUES
RESOURCE LEAKS IDENTIFY CORRECT
INPUT VALIDATION
Correct use of AWS
APIs
Incorrect use results in
performance (e.g.,
polling) or correctness
and completeness
(e.g., pagination)
issues.
Correct implementation
of concurrency
constructs.
Incorrect use results in
correctness (e.g., missing
synchronization) or
performance issues (e.g.,
excessive
synchronization) and
hence impact
availability.
Correct resource
handling
Incorrect handling (e.g.,
not releasing database
connection) results in
slowdown and impacts
availability.
Leakage of Personally
Identifiable Information
Leakage of sensitive
information (e.g.,
logging of credit card
number) leads to
compliance issues.
27. CodeGuru profiler: how does it work?
Configure app
and install agent
CodeGuru
profiling
Code
profile
LATENCY AND
CPU UTLIZATION
MOST EXPENSIVE LINE
OF CODE
29. Summary
GA status Available regions
AWS IAM Access Analyzer generally available all commercial AWS regions
Amazon CodeGuru public preview US East (N. Virginia), US East (Ohio), US
West (Oregon), EU (Ireland), and Asia
Pacific (Sydney)
S3 Access Point generally available all commercial AWS regions
AWS Managed Rules for AWS WAF generally available all commercial AWS regions
Amazon VPC Ingress Routing generally available all commercial AWS regions
30. What’s next?
• Explore the use case and contact your AWS account manager
• Architecture review