SlideShare a Scribd company logo

AWS re:Invent re:Cap Security Highlights

A
Amy McElroy

This document summarizes key announcements and security topics from AWS re:Invent 2018. It discusses AWS Security Hub, Amazon S3 updates including public access settings and S3 object lock, Amazon Lambda improvements such as layers and custom runtimes, and serverless best practices. The presenters provide an overview of these services and recommend related AWS talks for additional information.

Software
1 of 30
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com AWS re:Invent re:Cap December 5, 2018
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com WHO WE ARE Jerry Gamblin Principal Security Engineer, Kenna Security @JGamblin John Poulin Director of Engineering, nVisium @forced_request Jonn Callahan Principal Security Consultant & AWS Security Lead, nVisium @JonnCallahan
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com About nVisium & Kenna Security
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Security Hub
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Security Hub
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Security Hub • Integrates with: – Amazon GuardDuty – Amazon Inspector – Amazon Macie • Performs Automatic CIS Benchmark scanning
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Security Hub
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Security Hub Talks • Introduction to AWS Security Hub (SEC397)
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 • 2nd Oldest AWS Service (Circa 2006) • Rich history of Access Control failures – Publicly Readable/Listable S3 Buckets • Popular for content delivery
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 (the new) • Public Access Settings • AWS Transfer for SFTP • Intelligent-Tiering • S3 Object Lock
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – Public Access – Control public settings for accounts
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – SFTP – Create an S3-backed SFTP Server – Select Identity Provider for access control
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – Intelligent Tiering – Switches between Standard / Infrequently Accessed – Select Identity Provider for access control
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – S3 Object Lock – Prevent Removal/Modification of Object – Governance/Compliance Modes dictate who can modify the data – Enabled at Bucket level during creation
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – Best Practices • Review Bucket ACLs (legacy) • Review Bucket Policies • Enable Server and Object-level Logging • Encrypt Files • Utilize Versioning
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 Talks • Best Practices to Secure Data Lake on AWS (ANT327) • AWS Transfer for SFTP, a Fully Managed SFTP Service (STG326)
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Serverless
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda • Lambda Layers • Lambda Custom Runtime • Firecracker • Lambda + Application Load Balancer
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Layers • Integrate Libraries / Dependencies with Lambda functions • Up to 5 Layers per function • Cannot exceed (unzipped) package size: 250MB • Supports public layers
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Layers
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Custom Runtimes • Add custom runtime as a Layer • Published Implementations: C++ and Rust • Ruby added as native runtime
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Custom Runtimes
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Firecracker • Lightweight MicroVM • Powering AWS Lambda and AWS Fargate • Open Source Project – https://github.com/firecracker- microvm/firecracker • Available on .metal instances, and on- prem bare metal servers
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Application Load Balancer • Lambda triggered via ALB • Process HTTP(S) reqs via a serverless arch • Great for green/blue hybrid arch migration • Health checks + failover meets serverless
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Best Practices • Manually set timeouts when calling external services depending on how much exec time is left for the Lambda • Reserved concurrency • Avoid recursion (99% of the time, anyway) • Take care calling invoke + invoke_async with user-provided data • Pre-warming (but pre-mature optimization should be avoided)
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Serverless Talks • A Serverless Journey: AWS Lambda Under the Hood (SRV409) • Applying Principles of Chaos Engineering to Serverless (DVC305)
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com AWS RE:INFORCE
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Questions? • Q&A • Slides and recommended talks will be made available after this webinar.
Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Contact Us • nVisium Contact Info: – https://www.nVisium.com – contact@nvisium.com – @nVisium • Kenna Security Contact Info: – https://www.kennasecurity.com/ – hello@kennasecurity.com – @KennaSecurity

Recommended

How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)
How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)
How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)Amazon Web Services
 
How Netflix Monitors Applications in Near Real-time w Amazon Kinesis - ABD401...
How Netflix Monitors Applications in Near Real-time w Amazon Kinesis - ABD401...How Netflix Monitors Applications in Near Real-time w Amazon Kinesis - ABD401...
How Netflix Monitors Applications in Near Real-time w Amazon Kinesis - ABD401...Amazon Web Services
 
ARC330_How the BBC Built a Massive Media Pipeline Using Microservices
ARC330_How the BBC Built a Massive Media Pipeline Using MicroservicesARC330_How the BBC Built a Massive Media Pipeline Using Microservices
ARC330_How the BBC Built a Massive Media Pipeline Using MicroservicesAmazon Web Services
 
ARC209_A Day in the Life of A Netflix Engineer
ARC209_A Day in the Life of A Netflix EngineerARC209_A Day in the Life of A Netflix Engineer
ARC209_A Day in the Life of A Netflix EngineerAmazon Web Services
 
ABD335_Real-Time Anomaly Detection Using Amazon Kinesis
ABD335_Real-Time Anomaly Detection Using Amazon KinesisABD335_Real-Time Anomaly Detection Using Amazon Kinesis
ABD335_Real-Time Anomaly Detection Using Amazon KinesisAmazon Web Services
 
HLC308_Refactoring to the Cloud
HLC308_Refactoring to the CloudHLC308_Refactoring to the Cloud
HLC308_Refactoring to the CloudAmazon Web Services
 
Introducing Amazon EKS
Introducing Amazon EKSIntroducing Amazon EKS
Introducing Amazon EKSAmazon Web Services
 
STG401_This Is My Architecture
STG401_This Is My ArchitectureSTG401_This Is My Architecture
STG401_This Is My ArchitectureAmazon Web Services
 

Recommended

How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)
How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)
How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)Amazon Web Services
 
How Netflix Monitors Applications in Near Real-time w Amazon Kinesis - ABD401...
How Netflix Monitors Applications in Near Real-time w Amazon Kinesis - ABD401...How Netflix Monitors Applications in Near Real-time w Amazon Kinesis - ABD401...
How Netflix Monitors Applications in Near Real-time w Amazon Kinesis - ABD401...Amazon Web Services
 
ARC330_How the BBC Built a Massive Media Pipeline Using Microservices
ARC330_How the BBC Built a Massive Media Pipeline Using MicroservicesARC330_How the BBC Built a Massive Media Pipeline Using Microservices
ARC330_How the BBC Built a Massive Media Pipeline Using MicroservicesAmazon Web Services
 
ARC209_A Day in the Life of A Netflix Engineer
ARC209_A Day in the Life of A Netflix EngineerARC209_A Day in the Life of A Netflix Engineer
ARC209_A Day in the Life of A Netflix EngineerAmazon Web Services
 
ABD335_Real-Time Anomaly Detection Using Amazon Kinesis
ABD335_Real-Time Anomaly Detection Using Amazon KinesisABD335_Real-Time Anomaly Detection Using Amazon Kinesis
ABD335_Real-Time Anomaly Detection Using Amazon KinesisAmazon Web Services
 
HLC308_Refactoring to the Cloud
HLC308_Refactoring to the CloudHLC308_Refactoring to the Cloud
HLC308_Refactoring to the CloudAmazon Web Services
 
Introducing Amazon EKS
Introducing Amazon EKSIntroducing Amazon EKS
Introducing Amazon EKSAmazon Web Services
 
STG401_This Is My Architecture
STG401_This Is My ArchitectureSTG401_This Is My Architecture
STG401_This Is My ArchitectureAmazon Web Services
 
GuardDuty Hands-on Lab
GuardDuty Hands-on LabGuardDuty Hands-on Lab
GuardDuty Hands-on LabAmazon Web Services
 
How Nextdoor Built a Scalable, Serverless Data Pipeline for Billions of Event...
How Nextdoor Built a Scalable, Serverless Data Pipeline for Billions of Event...How Nextdoor Built a Scalable, Serverless Data Pipeline for Billions of Event...
How Nextdoor Built a Scalable, Serverless Data Pipeline for Billions of Event...Amazon Web Services
 
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage ManagementSTG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage ManagementAmazon Web Services
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Amazon Web Services
 
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...Amazon Web Services
 
IOT203_Getting Started with AWS IoT
IOT203_Getting Started with AWS IoTIOT203_Getting Started with AWS IoT
IOT203_Getting Started with AWS IoTAmazon Web Services
 
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017Amazon Web Services
 
ABD202_Best Practices for Building Serverless Big Data Applications
ABD202_Best Practices for Building Serverless Big Data ApplicationsABD202_Best Practices for Building Serverless Big Data Applications
ABD202_Best Practices for Building Serverless Big Data ApplicationsAmazon Web Services
 
SRV310_Designing Microservices with Serverless
SRV310_Designing Microservices with ServerlessSRV310_Designing Microservices with Serverless
SRV310_Designing Microservices with ServerlessAmazon Web Services
 
ABD215_Serverless Data Prep with AWS Glue
ABD215_Serverless Data Prep with AWS GlueABD215_Serverless Data Prep with AWS Glue
ABD215_Serverless Data Prep with AWS GlueAmazon Web Services
 
SRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeSRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeAmazon Web Services
 
AWS PrivateLink Fundamentals
AWS PrivateLink FundamentalsAWS PrivateLink Fundamentals
AWS PrivateLink FundamentalsAmazon Web Services
 
GPSTEC313_GPS Real-Time Data Processing with AWS Lambda Quickly, at Scale, an...
GPSTEC313_GPS Real-Time Data Processing with AWS Lambda Quickly, at Scale, an...GPSTEC313_GPS Real-Time Data Processing with AWS Lambda Quickly, at Scale, an...
GPSTEC313_GPS Real-Time Data Processing with AWS Lambda Quickly, at Scale, an...Amazon Web Services
 
CON213_Hands-on Kubernetes on AWS
CON213_Hands-on Kubernetes on AWSCON213_Hands-on Kubernetes on AWS
CON213_Hands-on Kubernetes on AWSAmazon Web Services
 
Deep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech TalksDeep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech TalksAmazon Web Services
 
How to Determine If You Are Well Architected for Resiliency (or How I Learned...
How to Determine If You Are Well Architected for Resiliency (or How I Learned...How to Determine If You Are Well Architected for Resiliency (or How I Learned...
How to Determine If You Are Well Architected for Resiliency (or How I Learned...Amazon Web Services
 
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...Amazon Web Services
 
NEW LAUNCH! Building Alexa Skills for Businesses (ALX204)
NEW LAUNCH! Building Alexa Skills for Businesses (ALX204) NEW LAUNCH! Building Alexa Skills for Businesses (ALX204)
NEW LAUNCH! Building Alexa Skills for Businesses (ALX204) Amazon Web Services
 
Give REST a Rest: Easily Migrate Your APIs to GraphQL (MOB318-R1) - AWS re:In...
Give REST a Rest: Easily Migrate Your APIs to GraphQL (MOB318-R1) - AWS re:In...Give REST a Rest: Easily Migrate Your APIs to GraphQL (MOB318-R1) - AWS re:In...
Give REST a Rest: Easily Migrate Your APIs to GraphQL (MOB318-R1) - AWS re:In...Amazon Web Services
 
AWS re:Invent 2017 re:View
AWS re:Invent 2017 re:ViewAWS re:Invent 2017 re:View
AWS re:Invent 2017 re:ViewMark Nunnikhoven
 
Don’t Let SFTP Weigh Down Your Migration to the Cloud (STG381-R1) - AWS re:In...
Don’t Let SFTP Weigh Down Your Migration to the Cloud (STG381-R1) - AWS re:In...Don’t Let SFTP Weigh Down Your Migration to the Cloud (STG381-R1) - AWS re:In...
Don’t Let SFTP Weigh Down Your Migration to the Cloud (STG381-R1) - AWS re:In...Amazon Web Services
 
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...Amazon Web Services
 

More Related Content

What's hot

How Nextdoor Built a Scalable, Serverless Data Pipeline for Billions of Event...
How Nextdoor Built a Scalable, Serverless Data Pipeline for Billions of Event...How Nextdoor Built a Scalable, Serverless Data Pipeline for Billions of Event...
How Nextdoor Built a Scalable, Serverless Data Pipeline for Billions of Event...Amazon Web Services
 
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage ManagementSTG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage ManagementAmazon Web Services
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Amazon Web Services
 
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...Amazon Web Services
 
IOT203_Getting Started with AWS IoT
IOT203_Getting Started with AWS IoTIOT203_Getting Started with AWS IoT
IOT203_Getting Started with AWS IoTAmazon Web Services
 
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017Amazon Web Services
 
ABD202_Best Practices for Building Serverless Big Data Applications
ABD202_Best Practices for Building Serverless Big Data ApplicationsABD202_Best Practices for Building Serverless Big Data Applications
ABD202_Best Practices for Building Serverless Big Data ApplicationsAmazon Web Services
 
SRV310_Designing Microservices with Serverless
SRV310_Designing Microservices with ServerlessSRV310_Designing Microservices with Serverless
SRV310_Designing Microservices with ServerlessAmazon Web Services
 
ABD215_Serverless Data Prep with AWS Glue
ABD215_Serverless Data Prep with AWS GlueABD215_Serverless Data Prep with AWS Glue
ABD215_Serverless Data Prep with AWS GlueAmazon Web Services
 
SRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeSRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeAmazon Web Services
 
GPSTEC313_GPS Real-Time Data Processing with AWS Lambda Quickly, at Scale, an...
GPSTEC313_GPS Real-Time Data Processing with AWS Lambda Quickly, at Scale, an...GPSTEC313_GPS Real-Time Data Processing with AWS Lambda Quickly, at Scale, an...
GPSTEC313_GPS Real-Time Data Processing with AWS Lambda Quickly, at Scale, an...Amazon Web Services
 
CON213_Hands-on Kubernetes on AWS
CON213_Hands-on Kubernetes on AWSCON213_Hands-on Kubernetes on AWS
CON213_Hands-on Kubernetes on AWSAmazon Web Services
 
Deep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech TalksDeep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech TalksAmazon Web Services
 
How to Determine If You Are Well Architected for Resiliency (or How I Learned...
How to Determine If You Are Well Architected for Resiliency (or How I Learned...How to Determine If You Are Well Architected for Resiliency (or How I Learned...
How to Determine If You Are Well Architected for Resiliency (or How I Learned...Amazon Web Services
 
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...Amazon Web Services
 
NEW LAUNCH! Building Alexa Skills for Businesses (ALX204)
NEW LAUNCH! Building Alexa Skills for Businesses (ALX204) NEW LAUNCH! Building Alexa Skills for Businesses (ALX204)
NEW LAUNCH! Building Alexa Skills for Businesses (ALX204) Amazon Web Services
 
Give REST a Rest: Easily Migrate Your APIs to GraphQL (MOB318-R1) - AWS re:In...
Give REST a Rest: Easily Migrate Your APIs to GraphQL (MOB318-R1) - AWS re:In...Give REST a Rest: Easily Migrate Your APIs to GraphQL (MOB318-R1) - AWS re:In...
Give REST a Rest: Easily Migrate Your APIs to GraphQL (MOB318-R1) - AWS re:In...Amazon Web Services
 
AWS re:Invent 2017 re:View
AWS re:Invent 2017 re:ViewAWS re:Invent 2017 re:View
AWS re:Invent 2017 re:ViewMark Nunnikhoven
 

What's hot (20)

GuardDuty Hands-on Lab
GuardDuty Hands-on LabGuardDuty Hands-on Lab
GuardDuty Hands-on Lab
 
How Nextdoor Built a Scalable, Serverless Data Pipeline for Billions of Event...
How Nextdoor Built a Scalable, Serverless Data Pipeline for Billions of Event...How Nextdoor Built a Scalable, Serverless Data Pipeline for Billions of Event...
How Nextdoor Built a Scalable, Serverless Data Pipeline for Billions of Event...
 
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage ManagementSTG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
 
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
 
IOT203_Getting Started with AWS IoT
IOT203_Getting Started with AWS IoTIOT203_Getting Started with AWS IoT
IOT203_Getting Started with AWS IoT
 
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
 
ABD202_Best Practices for Building Serverless Big Data Applications
ABD202_Best Practices for Building Serverless Big Data ApplicationsABD202_Best Practices for Building Serverless Big Data Applications
ABD202_Best Practices for Building Serverless Big Data Applications
 
SRV310_Designing Microservices with Serverless
SRV310_Designing Microservices with ServerlessSRV310_Designing Microservices with Serverless
SRV310_Designing Microservices with Serverless
 
ABD215_Serverless Data Prep with AWS Glue
ABD215_Serverless Data Prep with AWS GlueABD215_Serverless Data Prep with AWS Glue
ABD215_Serverless Data Prep with AWS Glue
 
SRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeSRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the Edge
 
AWS PrivateLink Fundamentals
AWS PrivateLink FundamentalsAWS PrivateLink Fundamentals
AWS PrivateLink Fundamentals
 
GPSTEC313_GPS Real-Time Data Processing with AWS Lambda Quickly, at Scale, an...
GPSTEC313_GPS Real-Time Data Processing with AWS Lambda Quickly, at Scale, an...GPSTEC313_GPS Real-Time Data Processing with AWS Lambda Quickly, at Scale, an...
GPSTEC313_GPS Real-Time Data Processing with AWS Lambda Quickly, at Scale, an...
 
CON213_Hands-on Kubernetes on AWS
CON213_Hands-on Kubernetes on AWSCON213_Hands-on Kubernetes on AWS
CON213_Hands-on Kubernetes on AWS
 
Deep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech TalksDeep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech Talks
 
How to Determine If You Are Well Architected for Resiliency (or How I Learned...
How to Determine If You Are Well Architected for Resiliency (or How I Learned...How to Determine If You Are Well Architected for Resiliency (or How I Learned...
How to Determine If You Are Well Architected for Resiliency (or How I Learned...
 
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
 
NEW LAUNCH! Building Alexa Skills for Businesses (ALX204)
NEW LAUNCH! Building Alexa Skills for Businesses (ALX204) NEW LAUNCH! Building Alexa Skills for Businesses (ALX204)
NEW LAUNCH! Building Alexa Skills for Businesses (ALX204)
 
Give REST a Rest: Easily Migrate Your APIs to GraphQL (MOB318-R1) - AWS re:In...
Give REST a Rest: Easily Migrate Your APIs to GraphQL (MOB318-R1) - AWS re:In...Give REST a Rest: Easily Migrate Your APIs to GraphQL (MOB318-R1) - AWS re:In...
Give REST a Rest: Easily Migrate Your APIs to GraphQL (MOB318-R1) - AWS re:In...
 
AWS re:Invent 2017 re:View
AWS re:Invent 2017 re:ViewAWS re:Invent 2017 re:View
AWS re:Invent 2017 re:View
 

Similar to AWS re:Invent re:Cap Security Highlights

Don’t Let SFTP Weigh Down Your Migration to the Cloud (STG381-R1) - AWS re:In...
Don’t Let SFTP Weigh Down Your Migration to the Cloud (STG381-R1) - AWS re:In...Don’t Let SFTP Weigh Down Your Migration to the Cloud (STG381-R1) - AWS re:In...
Don’t Let SFTP Weigh Down Your Migration to the Cloud (STG381-R1) - AWS re:In...Amazon Web Services
 
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...Amazon Web Services
 
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017Amazon Web Services
 
How to build scalable and resilient applications in the cloud - AWS Summit Ca...
How to build scalable and resilient applications in the cloud - AWS Summit Ca...How to build scalable and resilient applications in the cloud - AWS Summit Ca...
How to build scalable and resilient applications in the cloud - AWS Summit Ca...Amazon Web Services
 
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...Amazon Web Services
 
Case Study: The internals of Amazon.com's architecture that allows it to secu...
Case Study: The internals of Amazon.com's architecture that allows it to secu...Case Study: The internals of Amazon.com's architecture that allows it to secu...
Case Study: The internals of Amazon.com's architecture that allows it to secu...Amazon Web Services
 
Make Your Data Move: Best Practices for Migrating Data to AWS
Make Your Data Move: Best Practices for Migrating Data to AWSMake Your Data Move: Best Practices for Migrating Data to AWS
Make Your Data Move: Best Practices for Migrating Data to AWSAmazon Web Services
 
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Amazon Web Services
 
AWS Initiate - Migrando Dados Para a Nuvem: Explorando suas opções com AWS
AWS Initiate - Migrando Dados Para a Nuvem: Explorando suas opções com AWSAWS Initiate - Migrando Dados Para a Nuvem: Explorando suas opções com AWS
AWS Initiate - Migrando Dados Para a Nuvem: Explorando suas opções com AWSAmazon Web Services LATAM
 
Migrando seus dados para nuvem: Explore as opções da nuvem AWS
Migrando seus dados para nuvem: Explore as opções da nuvem AWSMigrando seus dados para nuvem: Explore as opções da nuvem AWS
Migrando seus dados para nuvem: Explore as opções da nuvem AWSAmazon Web Services LATAM
 
How a Biotech Firm Streamlined Data Protection on AWS
How a Biotech Firm Streamlined Data Protection on AWS How a Biotech Firm Streamlined Data Protection on AWS
How a Biotech Firm Streamlined Data Protection on AWSAmazon Web Services
 
Migrating Data to the Cloud, Exploring your Options from AWS
Migrating Data to the Cloud, Exploring your Options from AWSMigrating Data to the Cloud, Exploring your Options from AWS
Migrating Data to the Cloud, Exploring your Options from AWSAmazon Web Services
 
Make your data move: Best practices for migrating data to AWS - STG201 - New ...
Make your data move: Best practices for migrating data to AWS - STG201 - New ...Make your data move: Best practices for migrating data to AWS - STG201 - New ...
Make your data move: Best practices for migrating data to AWS - STG201 - New ...Amazon Web Services
 
Using AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsUsing AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsAmazon Web Services
 
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...Amazon Web Services
 
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018Amazon Web Services
 
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...Amazon Web Services
 
AWS Initiate Day Manchester 2019 – AWS Migrating Data to the Cloud
AWS Initiate Day Manchester 2019 – AWS Migrating Data to the CloudAWS Initiate Day Manchester 2019 – AWS Migrating Data to the Cloud
AWS Initiate Day Manchester 2019 – AWS Migrating Data to the CloudAmazon Web Services
 

Similar to AWS re:Invent re:Cap Security Highlights (20)

Don’t Let SFTP Weigh Down Your Migration to the Cloud (STG381-R1) - AWS re:In...
Don’t Let SFTP Weigh Down Your Migration to the Cloud (STG381-R1) - AWS re:In...Don’t Let SFTP Weigh Down Your Migration to the Cloud (STG381-R1) - AWS re:In...
Don’t Let SFTP Weigh Down Your Migration to the Cloud (STG381-R1) - AWS re:In...
 
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
 
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017
 
How to build scalable and resilient applications in the cloud - AWS Summit Ca...
How to build scalable and resilient applications in the cloud - AWS Summit Ca...How to build scalable and resilient applications in the cloud - AWS Summit Ca...
How to build scalable and resilient applications in the cloud - AWS Summit Ca...
 
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
 
Case Study: The internals of Amazon.com's architecture that allows it to secu...
Case Study: The internals of Amazon.com's architecture that allows it to secu...Case Study: The internals of Amazon.com's architecture that allows it to secu...
Case Study: The internals of Amazon.com's architecture that allows it to secu...
 
Make Your Data Move: Best Practices for Migrating Data to AWS
Make Your Data Move: Best Practices for Migrating Data to AWSMake Your Data Move: Best Practices for Migrating Data to AWS
Make Your Data Move: Best Practices for Migrating Data to AWS
 
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
 
AWS Initiate - Migrando Dados Para a Nuvem: Explorando suas opções com AWS
AWS Initiate - Migrando Dados Para a Nuvem: Explorando suas opções com AWSAWS Initiate - Migrando Dados Para a Nuvem: Explorando suas opções com AWS
AWS Initiate - Migrando Dados Para a Nuvem: Explorando suas opções com AWS
 
Migrando seus dados para nuvem: Explore as opções da nuvem AWS
Migrando seus dados para nuvem: Explore as opções da nuvem AWSMigrando seus dados para nuvem: Explore as opções da nuvem AWS
Migrando seus dados para nuvem: Explore as opções da nuvem AWS
 
AWS re:Invent recap
AWS re:Invent recapAWS re:Invent recap
AWS re:Invent recap
 
How a Biotech Firm Streamlined Data Protection on AWS
How a Biotech Firm Streamlined Data Protection on AWS How a Biotech Firm Streamlined Data Protection on AWS
How a Biotech Firm Streamlined Data Protection on AWS
 
Migrating Data to the Cloud, Exploring your Options from AWS
Migrating Data to the Cloud, Exploring your Options from AWSMigrating Data to the Cloud, Exploring your Options from AWS
Migrating Data to the Cloud, Exploring your Options from AWS
 
Make your data move: Best practices for migrating data to AWS - STG201 - New ...
Make your data move: Best practices for migrating data to AWS - STG201 - New ...Make your data move: Best practices for migrating data to AWS - STG201 - New ...
Make your data move: Best practices for migrating data to AWS - STG201 - New ...
 
Using AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsUsing AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure Workloads
 
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...
 
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018
 
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
AWS Initiate Day Manchester 2019 – AWS Migrating Data to the Cloud
AWS Initiate Day Manchester 2019 – AWS Migrating Data to the CloudAWS Initiate Day Manchester 2019 – AWS Migrating Data to the Cloud
AWS Initiate Day Manchester 2019 – AWS Migrating Data to the Cloud
 

Recently uploaded

Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 

Recently uploaded (20)

Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 

AWS re:Invent re:Cap Security Highlights

  • 1. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com AWS re:Invent re:Cap December 5, 2018
  • 2. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com WHO WE ARE Jerry Gamblin Principal Security Engineer, Kenna Security @JGamblin John Poulin Director of Engineering, nVisium @forced_request Jonn Callahan Principal Security Consultant & AWS Security Lead, nVisium @JonnCallahan
  • 3. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com About nVisium & Kenna Security
  • 4. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Security Hub
  • 5. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Security Hub
  • 6. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Security Hub • Integrates with: – Amazon GuardDuty – Amazon Inspector – Amazon Macie • Performs Automatic CIS Benchmark scanning
  • 7. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Security Hub
  • 8. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Security Hub Talks • Introduction to AWS Security Hub (SEC397)
  • 9. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3
  • 10. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 • 2nd Oldest AWS Service (Circa 2006) • Rich history of Access Control failures – Publicly Readable/Listable S3 Buckets • Popular for content delivery
  • 11. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 (the new) • Public Access Settings • AWS Transfer for SFTP • Intelligent-Tiering • S3 Object Lock
  • 12. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – Public Access – Control public settings for accounts
  • 13. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – SFTP – Create an S3-backed SFTP Server – Select Identity Provider for access control
  • 14. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – Intelligent Tiering – Switches between Standard / Infrequently Accessed – Select Identity Provider for access control
  • 15. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – S3 Object Lock – Prevent Removal/Modification of Object – Governance/Compliance Modes dictate who can modify the data – Enabled at Bucket level during creation
  • 16. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 – Best Practices • Review Bucket ACLs (legacy) • Review Bucket Policies • Enable Server and Object-level Logging • Encrypt Files • Utilize Versioning
  • 17. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon S3 Talks • Best Practices to Secure Data Lake on AWS (ANT327) • AWS Transfer for SFTP, a Fully Managed SFTP Service (STG326)
  • 18. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Serverless
  • 19. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda • Lambda Layers • Lambda Custom Runtime • Firecracker • Lambda + Application Load Balancer
  • 20. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Layers • Integrate Libraries / Dependencies with Lambda functions • Up to 5 Layers per function • Cannot exceed (unzipped) package size: 250MB • Supports public layers
  • 21. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Layers
  • 22. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Custom Runtimes • Add custom runtime as a Layer • Published Implementations: C++ and Rust • Ruby added as native runtime
  • 23. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Custom Runtimes
  • 24. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Firecracker • Lightweight MicroVM • Powering AWS Lambda and AWS Fargate • Open Source Project – https://github.com/firecracker- microvm/firecracker • Available on .metal instances, and on- prem bare metal servers
  • 25. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Application Load Balancer • Lambda triggered via ALB • Process HTTP(S) reqs via a serverless arch • Great for green/blue hybrid arch migration • Health checks + failover meets serverless
  • 26. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Lambda Best Practices • Manually set timeouts when calling external services depending on how much exec time is left for the Lambda • Reserved concurrency • Avoid recursion (99% of the time, anyway) • Take care calling invoke + invoke_async with user-provided data • Pre-warming (but pre-mature optimization should be avoided)
  • 27. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Amazon Serverless Talks • A Serverless Journey: AWS Lambda Under the Hood (SRV409) • Applying Principles of Chaos Engineering to Serverless (DVC305)
  • 28. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com AWS RE:INFORCE
  • 29. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Questions? • Q&A • Slides and recommended talks will be made available after this webinar.
  • 30. Copyright © 2018 nVisium LLC · 590 Herndon Parkway Suite 120, Herndon VA 20170 · 571.353.7551 · www.nvisium.com Contact Us • nVisium Contact Info: – https://www.nVisium.com – contact@nvisium.com – @nVisium • Kenna Security Contact Info: – https://www.kennasecurity.com/ – hello@kennasecurity.com – @KennaSecurity