SlideShare a Scribd company logo

Amazon Web Services User Group Sydney - February 2018

PolarSeven Pty Ltd
PolarSeven Pty Ltd

Hosted by PolarSeven Cloud Consulting - http://polarseven.com Our monthly AWS User Group Sydney presentation night. http://www.meetup.com/AWS-Sydney/ Introductions and What's New In AWS - by PolarSeven Bonus Session - AWS Mitch Beaumant - Amazon Fargate in 15 minutes Session 1: Security Policy Lifecycle Management "Automated security actions based on observed security events and protecting AWS deployments are some of the key challenges facing network and security teams. With the general availability of Palo Alto Networks PAN-OS 8.0 software, VM-Series virtualized next-generation firewall, network and security teams now have a simple, automated security management platform for managing and enforcing security policies within AWS deployments. This session will provide an advanced technical overview of the enhancements done over the last 12 months. The topics covered will include, • Technical overview of Panorama driven security workflows for AWS • Presentation of our github AWS templates with a focus on CFT and Terraform" Paloaltonetworks https://www.paloaltonetworks.com/ See video presentation here https://youtu.be/LLdto5LOcd8 Session 2: Automating the Service Desk using Amazon Lex and Amazon Connect Once considered a rare and difficult capability to achieve, the democratisation of artificial intelligence has made it possible for developers to easily access and leverage machine learning capabilities to automate and solve problems across multiple industries. This presentation aims to demonstrate how easy it is to take advantage of an AWS Machine Learning capability (Amazon Lex) with no deep learning experience and solve common everyday IT problems. Telstra https://www.telstra.com.au/ Watch the video presentation here https://youtu.be/8BP1OZk2wUs

Technology
1 of 83
Download to read offline
February 7th 2018 #68PRESENTS
Sponsors:
Tonight: ● Introductions ● AWS Services: AWS - Mitch Beaumont “Amazon Fargate” ● Session 1: Paloalto Networks - Mauricio Sabena “Automated Security Management on AWS” ● Break – Networking, Beers & Pizza ● Session 2: Kloud - Bobbie Couhbor “Automating the Service Desk using Amazon Lex and Amazon Connect” ● Close Networking & Prize Draw - Win an Amazon Dot and also a Beats Pill + Speaker.
AWS Services: Mitch Beaumont Enterprise Solutions Architect at Amazon Web Services “AWS Fargate in 15 minutes!”
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Fargate in 15 minutes! M i t c h B e a u m o n t , S o l u t i o n s A r c h i t e c t , A W S . F e b r u a r y 7 , 2 0 1 7
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. No instances to manage Task native API Resource based pricing Simple, easy to use, powerful – and new consumption model = What is AWS Fargate?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FARGATE: UNDER THE HOOD
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FARGATE USE CASES
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. MICROSERVICES
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. BATCH JOBS
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. MIGRATION TO THE CLOUD
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. HOW DO I RUN CONTAINERS ON FARGATE?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING CONTAINER
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task RUNNING CONTAINERS
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS AMI Docker agent ECS agent ECSTaskECSTask ECSTaskECSTask EC2 Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING FARGATE CONTAINERS WITH ECS
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING FARGATE CONTAINERS WITH ECS Use ECS APIs to launch Fargate Containers Easy migration – Run Fargate and EC2 launch type tasks in the same cluster Same Task Definition schema
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING WITH FARGATE IN ECS Internet Gateway 172.31.0.0/16
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING WITH FARGATE IN ECS Internet Gateway 172.31.0.0/16 Subnet 1 Fargate Task Public IP 54.191.135.66 172.31.1.0/24 ENI
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING WITH FARGATE IN ECS Internet Gateway 172.31.0.0/16 Subnet 1 Fargate Task Public IP 54.191.135.66 172.31.1.0/24 ENI Subnet 2 Fargate Task 172.31.2.0/24 ENI
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING WITH FARGATE IN ECS Internet Gateway 172.31.0.0/16 Subnet 3 Fargate Task Public IP 54.191.135.69 172.31.3.0/24 ENI Subnet 1 Fargate Task Public IP 54.191.135.66 172.31.1.0/24 ENI Subnet 2 Fargate Task 172.31.2.0/24 ENI
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING WITH FARGATE IN ECS Internet Gateway 172.31.0.0/16 Subnet 3 Fargate Task Public IP 54.191.135.69 172.31.3.0/24 ENI Subnet 1 Fargate Task Public IP 54.191.135.66 172.31.1.0/24 ENI Subnet 2 Fargate Task 172.31.2.0/24 ENI • AWS VPC Networking Mode – each task gets its own interface • Full control of network access via Security Groups and Network ACLs • Public IP support
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. LOAD BALANCING APPLICATION LOAD BALANCER NETWORK LOAD BALANCER
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SECURITY
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLUSTER LEVEL ISOLATION Web Web Shopping Cart Shopping Cart Notifications NotificationsWeb Shopping Cart NotificationsWeb Shopping Cart Shopping Cart Notifications NotificationsWeb Web PROD CLUSTER BETA CLUSTER DEV CLUSTER QA CLUSTER
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLUSTER LEVEL ISOLATION PROD Cluster Infrastructure DEV Cluster Infrastructure BETA Cluster Infrastructure QA Cluster Infrastructure Web Web Shopping Cart Shopping Cart Notifications NotificationsWeb Shopping Cart NotificationsWeb Shopping Cart Shopping Cart Notifications NotificationsWeb Web PROD CLUSTER BETA CLUSTER DEV CLUSTER QA CLUSTER
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PERMISSION TIERS Cluster Permissions Application Permissions Task Housekeeping Permissions Cluster Fargate Task Cluster Permissions: Who can run/see tasks in the cluster? Application (Task) Permissions: Which of my AWS resources can this application access? Housekeeping Permissions: What permissions do I want to grant ECS to perform? e.g. • ECR Image Pull • CloudWatch logs pushing • ENI creation • Register/Deregister targets into ELB
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CONTAINER REGISTRIES
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. REGISTRY SUPPORT 3rd Party Private Repositories (coming soon!) Public Repositories supported Amazon Elastic Container Registry (ECR)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VISIBILITY AND MONITORING Service-level metrics available CloudWatch Logs CloudWatch Events supported
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. STORAGE Container Storage Space – 10GB Ephemeral storage backed by EBS Shared volume space for containers within the task – 4GB
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CONFIGURATIONS & PRICING
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PRICING DIMENSIONS { "memory": “1 vCPU”, "cpu": “3GB”, "networkMode": ”AWSVPC", "compatibilities": [”FARGATE", ”EC2"], "placementConstraints": [], "containerDefinitions": [ { <snip>….... Task level resources • Configurable independently (within a range) Dimensions: Task level CPU and memory Per-second billing
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TASK CPU & MEMORY CONFIGURATIONS Flexible configuration options – 50 CPU/memory configurations CPU Memory 256 (.25 vCPU) 512MB, 1GB, 2GB 512 (.5 vCPU) 1GB, 2GB, 3GB, 4GB 1024 (1 vCPU) 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB 2048 (2 vCPU) Between 4GB and 16GB in 1GB increments 4096 (4 vCPU) Between 8GB and 30GB in 1GB increments
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS Instance ECS Instance ECS Instance ECS InstanceECS Instance ECS Instance EC2 FARGATE Notifications Amazon ECS CLUSTER Availability Zone #1 Availability Zone #2 Availability Zone #3 Subnet 2 172.31.2.0/24 Subnet 1 172.31.1.0/24 Subnet 3 172.31.3.0/24 Web Shopping Cart
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DEMO TIME
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. EKS SUPPORT FOR FARGATE IN 2018
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction to AWS Fargate Fargate Deep Dive
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. THANK YOU https://aws.amazon.com/fargate
Session 1: Mauricio Sabena System Engineering Manager ANZ North for Palo Alto Networks where he leads the engineering team to drive security solutions to address customers business challenges across enterprise and government. “AUTOMATED SECURITY MANAGEMENT ON AWS”
AUTOMATED SECURITY MANAGEMENT ON AWS Mauricio Sabena – Systems Engineer Manager
AgendaPAN/AWS 2 | © 2015, Palo Alto Networks. Confidential and Proprietary. - Securing AWS and public cloud workloads - Automation - Q&A
DATA AND APPLICATIONS ARE EVERYWHERE SAASPRIVATE PHYSICAL IAAS PAAS
SECURING THE CLOUD IS HARD Fragmented Security Human Error Manual Security
WHAT’S NEEDED Frictionless Deployment & Management Advanced Application & Data Breach Prevention Consistent Protections Across Locations
The Shared Security Model
WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server CRITICAL CLOUD PROTECTIONS INLINE Protect and Segment Cloud Workloads API HOST Secure OS & App Within Workloads API Continuous Security & ComplianceOn-Premises Cloud Application
3. INLINE SECURITY1. ACCOUNT MGMT • Segmentation • Malware Prevention • Secure Access • VPC Edge Security • Key rotation • Inbound Accessible Services • Unencrypted storage • Nonstandard AMI’s • Password Policy 2. DATA GOVERNANCE • Exposed Data • Keys stored in the open • Admin Access API Aperture CRITICAL CLOUD PROTECTIONS
344 KB 172.16.1.10 source IP 64.81.2.23 destination IP TCP/443 destination port Security Groups/NACLs vs Dedicated: Control & Visibility
344 KB mjacobsen user canada destination country 172.16.1.10 source IP 64.81.2.23 destination IP TCP/443 destination port SSL protocol Security Groups/NACLs vs Dedicated: Control & Visibility
344 KB file-sharing URL category PowerPoint file type “Confidential and Proprietary” content mjacobsen user prodmgmt group canada destination country 172.16.1.10 source IP 64.81.2.23 destination IP TCP/443 destination port SSL protocol HTTP protocol slideshare application slideshare-uploading application function Security Groups/NACLs vs Dedicated: Control & Visibility
Automation 12
PLATFORM AUTOMATION URL Filtering CLOUD- DELIVERED SECURITY SERVICES WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server API 3rd party feeds Customer data Amazon GuardDuty MineMeld Threat Prevention Malware Analysis
Dynamic Address Groups – “commitless” 14
CFT Templates
Terraform • Automatic deployment and configuration with Vagrant • Overlaps • Using bootstrapping (S3 region restrictions etc.) • NEW: Terraform provider • 1 product • No bootstrapping • No restriction
Terraform AWS # Declare the data source #data "aws_availability_zones" "available" {} /* EXTERNAL NETWORG , IG, ROUTE TABLE */ resource "aws_internet_gateway" "gw" { vpc_id = "${aws_vpc.main.id}" tags { Name = "internet gw terraform generated" } } resource "aws_network_acl" "all" { vpc_id = "${aws_vpc.main.id}" egress { protocol = "-1" rule_no = 2 action = "allow" cidr_block = "0.0.0.0/0" from_port = 0 to_port = 0 } ingress { protocol = "-1" rule_no = 1 action = "allow" cidr_block = "0.0.0.0/0" } name = "FirewallBootstrapInstanceProfile2Tier" role = "${aws_iam_role.FirewallBootstrapRole2Tier.name}" path = "/" } resource "aws_subnet" "NewPublicSubnet" { vpc_id = "${aws_vpc.main.id}" cidr_block = "${var.PublicCIDR_Block}" availability_zone = "${data.aws_availability_zones.available.names[0]}" #map_public_ip_on_launch = true tags { "Application" = "${var.StackName}" "Name" = "${join("", list(var.StackName, "NewPublicSubnet"))}" } }
resource "panos_security_policies" "security_policies" { rule { name = "SSH inbound" source_zones = ["${panos_zone.zone_untrust.name}"] source_addresses = ["any"] source_users = ["any"] hip_profiles = ["any"] destination_zones = ["${panos_zone.zone_trust.name}"] destination_addresses = ["any"] applications = ["ssh", "ping"] services = ["application-default"] categories = ["any"] action = "allow" } rule { name = "SSH 221-222 inbound" source_zones = ["${panos_zone.zone_untrust.name}"] source_addresses = ["any"] source_users = ["any"] hip_profiles = ["any"] destination_zones = ["${panos_zone.zone_trust.name}"] destination_addresses = ["any"] applications = ["ssh", "ping"] services = ["${panos_service_object.so_221.name}", "${panos_service_object.so_222.name}"] categories = ["any"] action = "allow" } provider "panos" { hostname = "${var.ipaddress}" username = "paloalto" password = “booyah" } PAN Provider
Github 20
22 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Thanks! Questions?
Break & Networking: • Refresh your drink • Grab some pizza • Make new contacts
Session 2: Bobbie Couhbor Cloud Infrastructure Consultant and Technology and Solutions Advisor “Automating the Service Desk using Amazon Lex and Amazon Connect”
Automating the Service Desk with Amazon Lex and Connect
•  Artificial Intelligence & automation will result in reduction of IT services staff by 7-10% in India, US by 2022 – Economic Times •  56,000 layoffs and counting: India’s IT bloodbath this year may just be the start – Quartz India •  India faces youth unemployment spike as automation threatens traditional jobs – ABC News Headlines
Democratisation of Artificial Intelligence The democratisation of AI is the driving force behind automation across industries, making AI capabilities available to every developer, as a service via the cloud. •  Amazon Comprehend •  Amazon Lex •  Amazon Rekognition •  Amazon Polly •  Amazon Transcribe •  Amazon Translate
High Level Architecture 1.  User calls the service desk and asks for their password to be reset 2.  Amazon Lex manages conversational dialog and collects user verification information 3.  Amazon Lex passes the collected information to AWS Lambda 4.  AWS Lambda verifies the user with Active Directory 5.  Password is reset and sent to the user
{ "currentIntent": { "slots": { "DOB": "1983-04-14", "MonthStarted": "April", "UserID": "123456" }, "confirmationStatus": "Confirmed", "name": "ResetPW", "slotDetails": { "DOB": { "originalValue": "fourteenth of april nineteen eighty three", "resolutions": [] }, "MonthStarted": { "originalValue": "April", "resolutions": [ { "value": "April" } ] }, "UserID": { "originalValue": "one two three four five six", "resolutions": [] } } }, "userId": "ijy54vlrxbg2uyjatb6ey6m8jbaqz7vn", "bot": { "alias": "$LATEST", "version": "$LATEST", "name": "UserAdministration" }, "inputTranscript": "yes", "requestAttributes": None, "invocationSource": "FulfillmentCodeHook", "outputDialogMode": "Text", "messageVersion": "1.0", "sessionAttributes": { "Completed": "confirmed" } }
Lambda function 1.  Get encrypted AD service account using KMS 2.  Perform secure LDAP bind 3.  Query AD for user attributes 4.  Compares AD and slot values 5.  If successful, resets password and SMS to user otherwise exit
Amazon Connect
Final words… •  Implementation guide: https://blog.kloud.com.au/2018/01/23/replacing-the-service-desk-with-bots- using-amazon-lex-and-amazon-connect-part-4/ •  Reach out to me! LinkedIn: www.linkedin.com/in/bobbiecouhbor Email: Bobbie.Couhbor@kloud.com.au •  Questions?
Prize Draw: Amazon Dot Beats Pill + Speaker Sponsored by Sponsored by
Thanks For Coming: Join Us Next Month – March 7th 2018 >> Register @ http://www.meetup.com/AWS-Sydney/ << In the Meantime Keep In Touch http://bit.ly/polarseven-webinars

Recommended

K8s on AWS - Introducing Amazon EKS
K8s on AWS - Introducing Amazon EKSK8s on AWS - Introducing Amazon EKS
K8s on AWS - Introducing Amazon EKSAmazon Web Services
 
Introduction to Amazon EKS - KubeCon 2018
Introduction to Amazon EKS - KubeCon 2018Introduction to Amazon EKS - KubeCon 2018
Introduction to Amazon EKS - KubeCon 2018Arun Gupta
 
K8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSK8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSAmazon Web Services
 
Containers - Amazon EKS
Containers - Amazon EKSContainers - Amazon EKS
Containers - Amazon EKSAmazon Web Services
 
Getting Started on Amazon EKS
Getting Started on Amazon EKSGetting Started on Amazon EKS
Getting Started on Amazon EKSMatthew Barlocker
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
Mastering Kubernetes on AWS - Tel Aviv Summit
Mastering Kubernetes on AWS - Tel Aviv SummitMastering Kubernetes on AWS - Tel Aviv Summit
Mastering Kubernetes on AWS - Tel Aviv SummitArun Gupta
 
使用 Amazon EKS 打造高效的服務架構設計
使用 Amazon EKS 打造高效的服務架構設計使用 Amazon EKS 打造高效的服務架構設計
使用 Amazon EKS 打造高效的服務架構設計Amazon Web Services
 

Recommended

K8s on AWS - Introducing Amazon EKS
K8s on AWS - Introducing Amazon EKSK8s on AWS - Introducing Amazon EKS
K8s on AWS - Introducing Amazon EKSAmazon Web Services
 
Introduction to Amazon EKS - KubeCon 2018
Introduction to Amazon EKS - KubeCon 2018Introduction to Amazon EKS - KubeCon 2018
Introduction to Amazon EKS - KubeCon 2018Arun Gupta
 
K8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSK8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSAmazon Web Services
 
Containers - Amazon EKS
Containers - Amazon EKSContainers - Amazon EKS
Containers - Amazon EKSAmazon Web Services
 
Getting Started on Amazon EKS
Getting Started on Amazon EKSGetting Started on Amazon EKS
Getting Started on Amazon EKSMatthew Barlocker
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
Mastering Kubernetes on AWS - Tel Aviv Summit
Mastering Kubernetes on AWS - Tel Aviv SummitMastering Kubernetes on AWS - Tel Aviv Summit
Mastering Kubernetes on AWS - Tel Aviv SummitArun Gupta
 
使用 Amazon EKS 打造高效的服務架構設計
使用 Amazon EKS 打造高效的服務架構設計使用 Amazon EKS 打造高效的服務架構設計
使用 Amazon EKS 打造高效的服務架構設計Amazon Web Services
 
Introducing Amazon EKS
Introducing Amazon EKSIntroducing Amazon EKS
Introducing Amazon EKSAmazon Web Services
 
Containers on AWS: What You Missed at re:Invent 2017 - AWS Online Tech Talks
Containers on AWS: What You Missed at re:Invent 2017 - AWS Online Tech TalksContainers on AWS: What You Missed at re:Invent 2017 - AWS Online Tech Talks
Containers on AWS: What You Missed at re:Invent 2017 - AWS Online Tech TalksAmazon Web Services
 
Running Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdfRunning Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdfAmazon Web Services
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
CON317_Advanced container management at catsndogs.lol
CON317_Advanced container management at catsndogs.lolCON317_Advanced container management at catsndogs.lol
CON317_Advanced container management at catsndogs.lolAmazon Web Services
 
Getting Started with Kubernetes on AWS
Getting Started with Kubernetes on AWSGetting Started with Kubernetes on AWS
Getting Started with Kubernetes on AWSAmazon Web Services
 
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017Amazon Web Services
 
Amazon EKS: Getting Started
Amazon EKS: Getting StartedAmazon EKS: Getting Started
Amazon EKS: Getting StartedTanya Seno
 
CON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWSCON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWSAmazon Web Services
 
Aws container services overview
Aws container services overviewAws container services overview
Aws container services overviewPatricio Vazquez
 
Accelerate Digital Experience with Serverless Computing - DEM86 - re:Invent 2017
Accelerate Digital Experience with Serverless Computing - DEM86 - re:Invent 2017Accelerate Digital Experience with Serverless Computing - DEM86 - re:Invent 2017
Accelerate Digital Experience with Serverless Computing - DEM86 - re:Invent 2017Amazon Web Services
 
Deep Dive on Container Networking at Scale on Amazon EKS, Amazon ECS, & Amazo...
Deep Dive on Container Networking at Scale on Amazon EKS, Amazon ECS, & Amazo...Deep Dive on Container Networking at Scale on Amazon EKS, Amazon ECS, & Amazo...
Deep Dive on Container Networking at Scale on Amazon EKS, Amazon ECS, & Amazo...Amazon Web Services
 
Kubernetes on AWS
Kubernetes on AWSKubernetes on AWS
Kubernetes on AWSAmazon Web Services
 
Amazon EKS Deep Dive
Amazon EKS Deep DiveAmazon EKS Deep Dive
Amazon EKS Deep DiveAndrzej Komarnicki
 
Introducing AWS Fargate
Introducing AWS FargateIntroducing AWS Fargate
Introducing AWS FargateAmazon Web Services
 
Run Kubernetes with Amazon EKS - SRV318 - Chicago AWS Summit
Run Kubernetes with Amazon EKS - SRV318 - Chicago AWS SummitRun Kubernetes with Amazon EKS - SRV318 - Chicago AWS Summit
Run Kubernetes with Amazon EKS - SRV318 - Chicago AWS SummitAmazon Web Services
 
Serverless DevOps to the Rescue
Serverless DevOps to the RescueServerless DevOps to the Rescue
Serverless DevOps to the RescueAmazon Web Services
 
Introduction to EKS (AWS User Group Slovakia)
Introduction to EKS (AWS User Group Slovakia)Introduction to EKS (AWS User Group Slovakia)
Introduction to EKS (AWS User Group Slovakia)Vladimir Simek
 
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019AWS Summits
 
Build a Serverless Web Application in One Day
Build a Serverless Web Application in One DayBuild a Serverless Web Application in One Day
Build a Serverless Web Application in One DayAmazon Web Services
 
Introducing Amazon Fargate
Introducing Amazon FargateIntroducing Amazon Fargate
Introducing Amazon FargateAmazon Web Services
 
Running Container on AWS - Builders Day Israel
Running Container on AWS - Builders Day IsraelRunning Container on AWS - Builders Day Israel
Running Container on AWS - Builders Day IsraelAmazon Web Services
 

More Related Content

What's hot

Containers on AWS: What You Missed at re:Invent 2017 - AWS Online Tech Talks
Containers on AWS: What You Missed at re:Invent 2017 - AWS Online Tech TalksContainers on AWS: What You Missed at re:Invent 2017 - AWS Online Tech Talks
Containers on AWS: What You Missed at re:Invent 2017 - AWS Online Tech TalksAmazon Web Services
 
CON317_Advanced container management at catsndogs.lol
CON317_Advanced container management at catsndogs.lolCON317_Advanced container management at catsndogs.lol
CON317_Advanced container management at catsndogs.lolAmazon Web Services
 
Getting Started with Kubernetes on AWS
Getting Started with Kubernetes on AWSGetting Started with Kubernetes on AWS
Getting Started with Kubernetes on AWSAmazon Web Services
 
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017Amazon Web Services
 
Amazon EKS: Getting Started
Amazon EKS: Getting StartedAmazon EKS: Getting Started
Amazon EKS: Getting StartedTanya Seno
 
CON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWSCON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWSAmazon Web Services
 
Aws container services overview
Aws container services overviewAws container services overview
Aws container services overviewPatricio Vazquez
 
Accelerate Digital Experience with Serverless Computing - DEM86 - re:Invent 2017
Accelerate Digital Experience with Serverless Computing - DEM86 - re:Invent 2017Accelerate Digital Experience with Serverless Computing - DEM86 - re:Invent 2017
Accelerate Digital Experience with Serverless Computing - DEM86 - re:Invent 2017Amazon Web Services
 
Deep Dive on Container Networking at Scale on Amazon EKS, Amazon ECS, & Amazo...
Deep Dive on Container Networking at Scale on Amazon EKS, Amazon ECS, & Amazo...Deep Dive on Container Networking at Scale on Amazon EKS, Amazon ECS, & Amazo...
Deep Dive on Container Networking at Scale on Amazon EKS, Amazon ECS, & Amazo...Amazon Web Services
 
Run Kubernetes with Amazon EKS - SRV318 - Chicago AWS Summit
Run Kubernetes with Amazon EKS - SRV318 - Chicago AWS SummitRun Kubernetes with Amazon EKS - SRV318 - Chicago AWS Summit
Run Kubernetes with Amazon EKS - SRV318 - Chicago AWS SummitAmazon Web Services
 
Introduction to EKS (AWS User Group Slovakia)
Introduction to EKS (AWS User Group Slovakia)Introduction to EKS (AWS User Group Slovakia)
Introduction to EKS (AWS User Group Slovakia)Vladimir Simek
 
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019AWS Summits
 
Build a Serverless Web Application in One Day
Build a Serverless Web Application in One DayBuild a Serverless Web Application in One Day
Build a Serverless Web Application in One DayAmazon Web Services
 

What's hot (20)

Introducing Amazon EKS
Introducing Amazon EKSIntroducing Amazon EKS
Introducing Amazon EKS
 
Containers on AWS: What You Missed at re:Invent 2017 - AWS Online Tech Talks
Containers on AWS: What You Missed at re:Invent 2017 - AWS Online Tech TalksContainers on AWS: What You Missed at re:Invent 2017 - AWS Online Tech Talks
Containers on AWS: What You Missed at re:Invent 2017 - AWS Online Tech Talks
 
Running Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdfRunning Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdf
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKS
 
CON317_Advanced container management at catsndogs.lol
CON317_Advanced container management at catsndogs.lolCON317_Advanced container management at catsndogs.lol
CON317_Advanced container management at catsndogs.lol
 
Getting Started with Kubernetes on AWS
Getting Started with Kubernetes on AWSGetting Started with Kubernetes on AWS
Getting Started with Kubernetes on AWS
 
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
 
Amazon EKS: Getting Started
Amazon EKS: Getting StartedAmazon EKS: Getting Started
Amazon EKS: Getting Started
 
CON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWSCON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWS
 
Aws container services overview
Aws container services overviewAws container services overview
Aws container services overview
 
Accelerate Digital Experience with Serverless Computing - DEM86 - re:Invent 2017
Accelerate Digital Experience with Serverless Computing - DEM86 - re:Invent 2017Accelerate Digital Experience with Serverless Computing - DEM86 - re:Invent 2017
Accelerate Digital Experience with Serverless Computing - DEM86 - re:Invent 2017
 
Deep Dive on Container Networking at Scale on Amazon EKS, Amazon ECS, & Amazo...
Deep Dive on Container Networking at Scale on Amazon EKS, Amazon ECS, & Amazo...Deep Dive on Container Networking at Scale on Amazon EKS, Amazon ECS, & Amazo...
Deep Dive on Container Networking at Scale on Amazon EKS, Amazon ECS, & Amazo...
 
Kubernetes on AWS
Kubernetes on AWSKubernetes on AWS
Kubernetes on AWS
 
Amazon EKS Deep Dive
Amazon EKS Deep DiveAmazon EKS Deep Dive
Amazon EKS Deep Dive
 
Introducing AWS Fargate
Introducing AWS FargateIntroducing AWS Fargate
Introducing AWS Fargate
 
Run Kubernetes with Amazon EKS - SRV318 - Chicago AWS Summit
Run Kubernetes with Amazon EKS - SRV318 - Chicago AWS SummitRun Kubernetes with Amazon EKS - SRV318 - Chicago AWS Summit
Run Kubernetes with Amazon EKS - SRV318 - Chicago AWS Summit
 
Serverless DevOps to the Rescue
Serverless DevOps to the RescueServerless DevOps to the Rescue
Serverless DevOps to the Rescue
 
Introduction to EKS (AWS User Group Slovakia)
Introduction to EKS (AWS User Group Slovakia)Introduction to EKS (AWS User Group Slovakia)
Introduction to EKS (AWS User Group Slovakia)
 
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019
 
Build a Serverless Web Application in One Day
Build a Serverless Web Application in One DayBuild a Serverless Web Application in One Day
Build a Serverless Web Application in One Day
 

Similar to Amazon Web Services User Group Sydney - February 2018

Running Container on AWS - Builders Day Israel
Running Container on AWS - Builders Day IsraelRunning Container on AWS - Builders Day Israel
Running Container on AWS - Builders Day IsraelAmazon Web Services
 
Introduction to AWS Fargate & Amazon Elastic Container Service for Kubernetes
Introduction to AWS Fargate & Amazon Elastic Container Service for KubernetesIntroduction to AWS Fargate & Amazon Elastic Container Service for Kubernetes
Introduction to AWS Fargate & Amazon Elastic Container Service for KubernetesAmazon Web Services
 
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017Amazon Web Services
 
Getting Started with Containers on AWS
Getting Started with Containers on AWSGetting Started with Containers on AWS
Getting Started with Containers on AWSAmazon Web Services
 
CON203_Driving Innovation with Containers
CON203_Driving Innovation with ContainersCON203_Driving Innovation with Containers
CON203_Driving Innovation with ContainersAmazon Web Services
 
Driving Innovation with Containers - CON203 - re:Invent 2017
Driving Innovation with Containers - CON203 - re:Invent 2017Driving Innovation with Containers - CON203 - re:Invent 2017
Driving Innovation with Containers - CON203 - re:Invent 2017Amazon Web Services
 
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017Amazon Web Services
 
AWS User Group 5/12 meetup - ECS
AWS User Group 5/12 meetup - ECSAWS User Group 5/12 meetup - ECS
AWS User Group 5/12 meetup - ECSShimon Tolts
 
CON309_Containerized Machine Learning on AWS
CON309_Containerized Machine Learning on AWSCON309_Containerized Machine Learning on AWS
CON309_Containerized Machine Learning on AWSAmazon Web Services
 
Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017
Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017
Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017Amazon Web Services
 
AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...
AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...
AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...Amazon Web Services Japan
 
Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...
Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...
Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...Amazon Web Services
 
DVC303-Technological Accelerants for Organizational Transformation
DVC303-Technological Accelerants for Organizational TransformationDVC303-Technological Accelerants for Organizational Transformation
DVC303-Technological Accelerants for Organizational TransformationAmazon Web Services
 
Getting Started with Containers in the Cloud: AWS Developer Workshop at Web S...
Getting Started with Containers in the Cloud: AWS Developer Workshop at Web S...Getting Started with Containers in the Cloud: AWS Developer Workshop at Web S...
Getting Started with Containers in the Cloud: AWS Developer Workshop at Web S...Amazon Web Services
 
Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28Amazon Web Services
 

Similar to Amazon Web Services User Group Sydney - February 2018 (20)

Introducing Amazon Fargate
Introducing Amazon FargateIntroducing Amazon Fargate
Introducing Amazon Fargate
 
Running Container on AWS - Builders Day Israel
Running Container on AWS - Builders Day IsraelRunning Container on AWS - Builders Day Israel
Running Container on AWS - Builders Day Israel
 
Introduction to AWS Fargate & Amazon Elastic Container Service for Kubernetes
Introduction to AWS Fargate & Amazon Elastic Container Service for KubernetesIntroduction to AWS Fargate & Amazon Elastic Container Service for Kubernetes
Introduction to AWS Fargate & Amazon Elastic Container Service for Kubernetes
 
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
 
Getting Started with Containers on AWS
Getting Started with Containers on AWSGetting Started with Containers on AWS
Getting Started with Containers on AWS
 
AWS 容器服務入門實務
AWS 容器服務入門實務AWS 容器服務入門實務
AWS 容器服務入門實務
 
CON203_Driving Innovation with Containers
CON203_Driving Innovation with ContainersCON203_Driving Innovation with Containers
CON203_Driving Innovation with Containers
 
Driving Innovation with Containers - CON203 - re:Invent 2017
Driving Innovation with Containers - CON203 - re:Invent 2017Driving Innovation with Containers - CON203 - re:Invent 2017
Driving Innovation with Containers - CON203 - re:Invent 2017
 
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
 
AWS User Group 5/12 meetup - ECS
AWS User Group 5/12 meetup - ECSAWS User Group 5/12 meetup - ECS
AWS User Group 5/12 meetup - ECS
 
Building with Containers on AWS
Building with Containers on AWSBuilding with Containers on AWS
Building with Containers on AWS
 
CON309_Containerized Machine Learning on AWS
CON309_Containerized Machine Learning on AWSCON309_Containerized Machine Learning on AWS
CON309_Containerized Machine Learning on AWS
 
Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017
Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017
Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017
 
AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...
AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...
AWS Black Belt Online Seminar 2018 re:Invent Recap: Compute, Container and Ne...
 
Containers - State of the Union
Containers - State of the UnionContainers - State of the Union
Containers - State of the Union
 
Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...
Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...
Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...
 
DVC303-Technological Accelerants for Organizational Transformation
DVC303-Technological Accelerants for Organizational TransformationDVC303-Technological Accelerants for Organizational Transformation
DVC303-Technological Accelerants for Organizational Transformation
 
Getting Started with Containers in the Cloud: AWS Developer Workshop at Web S...
Getting Started with Containers in the Cloud: AWS Developer Workshop at Web S...Getting Started with Containers in the Cloud: AWS Developer Workshop at Web S...
Getting Started with Containers in the Cloud: AWS Developer Workshop at Web S...
 
Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28
 
Using Containers on AWS
Using Containers on AWSUsing Containers on AWS
Using Containers on AWS
 

More from PolarSeven Pty Ltd

AWS Forcecast: DeepAR Predictor Time-series
AWS Forcecast: DeepAR Predictor Time-series AWS Forcecast: DeepAR Predictor Time-series
AWS Forcecast: DeepAR Predictor Time-series PolarSeven Pty Ltd
 
Aws user group #04 landing zones
Aws user group #04 landing zonesAws user group #04 landing zones
Aws user group #04 landing zonesPolarSeven Pty Ltd
 
Aws user group #03 - All things Iot
Aws user group #03 - All things IotAws user group #03 - All things Iot
Aws user group #03 - All things IotPolarSeven Pty Ltd
 
Aws user group #01 lets talk serverless
Aws user group #01 lets talk serverlessAws user group #01 lets talk serverless
Aws user group #01 lets talk serverlessPolarSeven Pty Ltd
 
Amazon Web Services User Group Sydney - March 2018
Amazon Web Services User Group Sydney - March 2018Amazon Web Services User Group Sydney - March 2018
Amazon Web Services User Group Sydney - March 2018PolarSeven Pty Ltd
 
Deep Dive on Cloud Policies and Automation
Deep Dive on Cloud Policies and AutomationDeep Dive on Cloud Policies and Automation
Deep Dive on Cloud Policies and AutomationPolarSeven Pty Ltd
 
Securing Traffic Leaving A VPC
Securing Traffic Leaving A VPCSecuring Traffic Leaving A VPC
Securing Traffic Leaving A VPCPolarSeven Pty Ltd
 
Telstra Programmable Networks & Scaling a Serverless Team with Automation
Telstra Programmable Networks & Scaling a Serverless Team with Automation Telstra Programmable Networks & Scaling a Serverless Team with Automation
Telstra Programmable Networks & Scaling a Serverless Team with AutomationPolarSeven Pty Ltd
 
AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60PolarSeven Pty Ltd
 
Visibility, Optimization & Governance for Cloud Services
Visibility, Optimization & Governance for Cloud ServicesVisibility, Optimization & Governance for Cloud Services
Visibility, Optimization & Governance for Cloud ServicesPolarSeven Pty Ltd
 
AWS OpsWorks for Chef Automate
AWS OpsWorks for Chef AutomateAWS OpsWorks for Chef Automate
AWS OpsWorks for Chef AutomatePolarSeven Pty Ltd
 
AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...
AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...
AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...PolarSeven Pty Ltd
 
AWS User Group Sydney - Atlassian 5-10-16
AWS User Group Sydney - Atlassian 5-10-16AWS User Group Sydney - Atlassian 5-10-16
AWS User Group Sydney - Atlassian 5-10-16PolarSeven Pty Ltd
 

More from PolarSeven Pty Ltd (20)

AWS Forcecast: DeepAR Predictor Time-series
AWS Forcecast: DeepAR Predictor Time-series AWS Forcecast: DeepAR Predictor Time-series
AWS Forcecast: DeepAR Predictor Time-series
 
Aws user group #04 landing zones
Aws user group #04 landing zonesAws user group #04 landing zones
Aws user group #04 landing zones
 
Aws user group #03 - All things Iot
Aws user group #03 - All things IotAws user group #03 - All things Iot
Aws user group #03 - All things Iot
 
Aws user group #01 lets talk serverless
Aws user group #01 lets talk serverlessAws user group #01 lets talk serverless
Aws user group #01 lets talk serverless
 
AWS Reinvent Recap 2018
AWS Reinvent Recap 2018 AWS Reinvent Recap 2018
AWS Reinvent Recap 2018
 
AWS User Group October
AWS User Group OctoberAWS User Group October
AWS User Group October
 
AWS User Group August
AWS User Group AugustAWS User Group August
AWS User Group August
 
AWS User Group November
AWS User Group NovemberAWS User Group November
AWS User Group November
 
AWS User Group September
AWS User Group September AWS User Group September
AWS User Group September
 
Amazon Web Services User Group Sydney - March 2018
Amazon Web Services User Group Sydney - March 2018Amazon Web Services User Group Sydney - March 2018
Amazon Web Services User Group Sydney - March 2018
 
Deep Dive on Cloud Policies and Automation
Deep Dive on Cloud Policies and AutomationDeep Dive on Cloud Policies and Automation
Deep Dive on Cloud Policies and Automation
 
Securing Traffic Leaving A VPC
Securing Traffic Leaving A VPCSecuring Traffic Leaving A VPC
Securing Traffic Leaving A VPC
 
Telstra Programmable Networks & Scaling a Serverless Team with Automation
Telstra Programmable Networks & Scaling a Serverless Team with Automation Telstra Programmable Networks & Scaling a Serverless Team with Automation
Telstra Programmable Networks & Scaling a Serverless Team with Automation
 
AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60
 
Shared Security in AWS
Shared Security in AWSShared Security in AWS
Shared Security in AWS
 
Visibility, Optimization & Governance for Cloud Services
Visibility, Optimization & Governance for Cloud ServicesVisibility, Optimization & Governance for Cloud Services
Visibility, Optimization & Governance for Cloud Services
 
AWS OpsWorks for Chef Automate
AWS OpsWorks for Chef AutomateAWS OpsWorks for Chef Automate
AWS OpsWorks for Chef Automate
 
AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...
AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...
AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...
 
AWS User Group December 2016
AWS User Group December 2016AWS User Group December 2016
AWS User Group December 2016
 
AWS User Group Sydney - Atlassian 5-10-16
AWS User Group Sydney - Atlassian 5-10-16AWS User Group Sydney - Atlassian 5-10-16
AWS User Group Sydney - Atlassian 5-10-16
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Amazon Web Services User Group Sydney - February 2018

  • 3. Tonight: ● Introductions ● AWS Services: AWS - Mitch Beaumont “Amazon Fargate” ● Session 1: Paloalto Networks - Mauricio Sabena “Automated Security Management on AWS” ● Break – Networking, Beers & Pizza ● Session 2: Kloud - Bobbie Couhbor “Automating the Service Desk using Amazon Lex and Amazon Connect” ● Close Networking & Prize Draw - Win an Amazon Dot and also a Beats Pill + Speaker.
  • 4. AWS Services: Mitch Beaumont Enterprise Solutions Architect at Amazon Web Services “AWS Fargate in 15 minutes!”
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Fargate in 15 minutes! M i t c h B e a u m o n t , S o l u t i o n s A r c h i t e c t , A W S . F e b r u a r y 7 , 2 0 1 7
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. No instances to manage Task native API Resource based pricing Simple, easy to use, powerful – and new consumption model = What is AWS Fargate?
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FARGATE: UNDER THE HOOD
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FARGATE USE CASES
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. MICROSERVICES
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. BATCH JOBS
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. MIGRATION TO THE CLOUD
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. HOW DO I RUN CONTAINERS ON FARGATE?
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING CONTAINER
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task RUNNING CONTAINERS
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS AMI Docker agent ECS agent ECSTaskECSTask ECSTaskECSTask EC2 Instance
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING FARGATE CONTAINERS WITH ECS
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING FARGATE CONTAINERS WITH ECS Use ECS APIs to launch Fargate Containers Easy migration – Run Fargate and EC2 launch type tasks in the same cluster Same Task Definition schema
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING WITH FARGATE IN ECS Internet Gateway 172.31.0.0/16
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING WITH FARGATE IN ECS Internet Gateway 172.31.0.0/16 Subnet 1 Fargate Task Public IP 54.191.135.66 172.31.1.0/24 ENI
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING WITH FARGATE IN ECS Internet Gateway 172.31.0.0/16 Subnet 1 Fargate Task Public IP 54.191.135.66 172.31.1.0/24 ENI Subnet 2 Fargate Task 172.31.2.0/24 ENI
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING WITH FARGATE IN ECS Internet Gateway 172.31.0.0/16 Subnet 3 Fargate Task Public IP 54.191.135.69 172.31.3.0/24 ENI Subnet 1 Fargate Task Public IP 54.191.135.66 172.31.1.0/24 ENI Subnet 2 Fargate Task 172.31.2.0/24 ENI
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING WITH FARGATE IN ECS Internet Gateway 172.31.0.0/16 Subnet 3 Fargate Task Public IP 54.191.135.69 172.31.3.0/24 ENI Subnet 1 Fargate Task Public IP 54.191.135.66 172.31.1.0/24 ENI Subnet 2 Fargate Task 172.31.2.0/24 ENI • AWS VPC Networking Mode – each task gets its own interface • Full control of network access via Security Groups and Network ACLs • Public IP support
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. LOAD BALANCING APPLICATION LOAD BALANCER NETWORK LOAD BALANCER
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SECURITY
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLUSTER LEVEL ISOLATION Web Web Shopping Cart Shopping Cart Notifications NotificationsWeb Shopping Cart NotificationsWeb Shopping Cart Shopping Cart Notifications NotificationsWeb Web PROD CLUSTER BETA CLUSTER DEV CLUSTER QA CLUSTER
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLUSTER LEVEL ISOLATION PROD Cluster Infrastructure DEV Cluster Infrastructure BETA Cluster Infrastructure QA Cluster Infrastructure Web Web Shopping Cart Shopping Cart Notifications NotificationsWeb Shopping Cart NotificationsWeb Shopping Cart Shopping Cart Notifications NotificationsWeb Web PROD CLUSTER BETA CLUSTER DEV CLUSTER QA CLUSTER
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PERMISSION TIERS Cluster Permissions Application Permissions Task Housekeeping Permissions Cluster Fargate Task Cluster Permissions: Who can run/see tasks in the cluster? Application (Task) Permissions: Which of my AWS resources can this application access? Housekeeping Permissions: What permissions do I want to grant ECS to perform? e.g. • ECR Image Pull • CloudWatch logs pushing • ENI creation • Register/Deregister targets into ELB
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CONTAINER REGISTRIES
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. REGISTRY SUPPORT 3rd Party Private Repositories (coming soon!) Public Repositories supported Amazon Elastic Container Registry (ECR)
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VISIBILITY AND MONITORING Service-level metrics available CloudWatch Logs CloudWatch Events supported
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. STORAGE Container Storage Space – 10GB Ephemeral storage backed by EBS Shared volume space for containers within the task – 4GB
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CONFIGURATIONS & PRICING
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PRICING DIMENSIONS { "memory": “1 vCPU”, "cpu": “3GB”, "networkMode": ”AWSVPC", "compatibilities": [”FARGATE", ”EC2"], "placementConstraints": [], "containerDefinitions": [ { <snip>….... Task level resources • Configurable independently (within a range) Dimensions: Task level CPU and memory Per-second billing
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TASK CPU & MEMORY CONFIGURATIONS Flexible configuration options – 50 CPU/memory configurations CPU Memory 256 (.25 vCPU) 512MB, 1GB, 2GB 512 (.5 vCPU) 1GB, 2GB, 3GB, 4GB 1024 (1 vCPU) 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB 2048 (2 vCPU) Between 4GB and 16GB in 1GB increments 4096 (4 vCPU) Between 8GB and 30GB in 1GB increments
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS Instance ECS Instance ECS Instance ECS InstanceECS Instance ECS Instance EC2 FARGATE Notifications Amazon ECS CLUSTER Availability Zone #1 Availability Zone #2 Availability Zone #3 Subnet 2 172.31.2.0/24 Subnet 1 172.31.1.0/24 Subnet 3 172.31.3.0/24 Web Shopping Cart
  • 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DEMO TIME
  • 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. EKS SUPPORT FOR FARGATE IN 2018
  • 45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction to AWS Fargate Fargate Deep Dive
  • 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. THANK YOU https://aws.amazon.com/fargate
  • 47. Session 1: Mauricio Sabena System Engineering Manager ANZ North for Palo Alto Networks where he leads the engineering team to drive security solutions to address customers business challenges across enterprise and government. “AUTOMATED SECURITY MANAGEMENT ON AWS”
  • 49. AgendaPAN/AWS 2 | © 2015, Palo Alto Networks. Confidential and Proprietary. - Securing AWS and public cloud workloads - Automation - Q&A
  • 50. DATA AND APPLICATIONS ARE EVERYWHERE SAASPRIVATE PHYSICAL IAAS PAAS
  • 51. SECURING THE CLOUD IS HARD Fragmented Security Human Error Manual Security
  • 52. WHAT’S NEEDED Frictionless Deployment & Management Advanced Application & Data Breach Prevention Consistent Protections Across Locations
  • 54. WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server CRITICAL CLOUD PROTECTIONS INLINE Protect and Segment Cloud Workloads API HOST Secure OS & App Within Workloads API Continuous Security & ComplianceOn-Premises Cloud Application
  • 55. 3. INLINE SECURITY1. ACCOUNT MGMT • Segmentation • Malware Prevention • Secure Access • VPC Edge Security • Key rotation • Inbound Accessible Services • Unencrypted storage • Nonstandard AMI’s • Password Policy 2. DATA GOVERNANCE • Exposed Data • Keys stored in the open • Admin Access API Aperture CRITICAL CLOUD PROTECTIONS
  • 56. 344 KB 172.16.1.10 source IP 64.81.2.23 destination IP TCP/443 destination port Security Groups/NACLs vs Dedicated: Control & Visibility
  • 57. 344 KB mjacobsen user canada destination country 172.16.1.10 source IP 64.81.2.23 destination IP TCP/443 destination port SSL protocol Security Groups/NACLs vs Dedicated: Control & Visibility
  • 58. 344 KB file-sharing URL category PowerPoint file type “Confidential and Proprietary” content mjacobsen user prodmgmt group canada destination country 172.16.1.10 source IP 64.81.2.23 destination IP TCP/443 destination port SSL protocol HTTP protocol slideshare application slideshare-uploading application function Security Groups/NACLs vs Dedicated: Control & Visibility
  • 60. PLATFORM AUTOMATION URL Filtering CLOUD- DELIVERED SECURITY SERVICES WEB Object Storage Caching Database IaaS PaaS Web Server APP App Server API 3rd party feeds Customer data Amazon GuardDuty MineMeld Threat Prevention Malware Analysis
  • 61. Dynamic Address Groups – “commitless” 14
  • 63.
  • 64. Terraform • Automatic deployment and configuration with Vagrant • Overlaps • Using bootstrapping (S3 region restrictions etc.) • NEW: Terraform provider • 1 product • No bootstrapping • No restriction
  • 65. Terraform AWS # Declare the data source #data "aws_availability_zones" "available" {} /* EXTERNAL NETWORG , IG, ROUTE TABLE */ resource "aws_internet_gateway" "gw" { vpc_id = "${aws_vpc.main.id}" tags { Name = "internet gw terraform generated" } } resource "aws_network_acl" "all" { vpc_id = "${aws_vpc.main.id}" egress { protocol = "-1" rule_no = 2 action = "allow" cidr_block = "0.0.0.0/0" from_port = 0 to_port = 0 } ingress { protocol = "-1" rule_no = 1 action = "allow" cidr_block = "0.0.0.0/0" } name = "FirewallBootstrapInstanceProfile2Tier" role = "${aws_iam_role.FirewallBootstrapRole2Tier.name}" path = "/" } resource "aws_subnet" "NewPublicSubnet" { vpc_id = "${aws_vpc.main.id}" cidr_block = "${var.PublicCIDR_Block}" availability_zone = "${data.aws_availability_zones.available.names[0]}" #map_public_ip_on_launch = true tags { "Application" = "${var.StackName}" "Name" = "${join("", list(var.StackName, "NewPublicSubnet"))}" } }
  • 66. resource "panos_security_policies" "security_policies" { rule { name = "SSH inbound" source_zones = ["${panos_zone.zone_untrust.name}"] source_addresses = ["any"] source_users = ["any"] hip_profiles = ["any"] destination_zones = ["${panos_zone.zone_trust.name}"] destination_addresses = ["any"] applications = ["ssh", "ping"] services = ["application-default"] categories = ["any"] action = "allow" } rule { name = "SSH 221-222 inbound" source_zones = ["${panos_zone.zone_untrust.name}"] source_addresses = ["any"] source_users = ["any"] hip_profiles = ["any"] destination_zones = ["${panos_zone.zone_trust.name}"] destination_addresses = ["any"] applications = ["ssh", "ping"] services = ["${panos_service_object.so_221.name}", "${panos_service_object.so_222.name}"] categories = ["any"] action = "allow" } provider "panos" { hostname = "${var.ipaddress}" username = "paloalto" password = “booyah" } PAN Provider
  • 68.
  • 69. 22 | © 2015, Palo Alto Networks. Confidential and Proprietary.
  • 71. Break & Networking: • Refresh your drink • Grab some pizza • Make new contacts
  • 72. Session 2: Bobbie Couhbor Cloud Infrastructure Consultant and Technology and Solutions Advisor “Automating the Service Desk using Amazon Lex and Amazon Connect”
  • 73. Automating the Service Desk with Amazon Lex and Connect
  • 74. •  Artificial Intelligence & automation will result in reduction of IT services staff by 7-10% in India, US by 2022 – Economic Times •  56,000 layoffs and counting: India’s IT bloodbath this year may just be the start – Quartz India •  India faces youth unemployment spike as automation threatens traditional jobs – ABC News Headlines
  • 75. Democratisation of Artificial Intelligence The democratisation of AI is the driving force behind automation across industries, making AI capabilities available to every developer, as a service via the cloud. •  Amazon Comprehend •  Amazon Lex •  Amazon Rekognition •  Amazon Polly •  Amazon Transcribe •  Amazon Translate
  • 76. High Level Architecture 1.  User calls the service desk and asks for their password to be reset 2.  Amazon Lex manages conversational dialog and collects user verification information 3.  Amazon Lex passes the collected information to AWS Lambda 4.  AWS Lambda verifies the user with Active Directory 5.  Password is reset and sent to the user
  • 77.
  • 79. Lambda function 1.  Get encrypted AD service account using KMS 2.  Perform secure LDAP bind 3.  Query AD for user attributes 4.  Compares AD and slot values 5.  If successful, resets password and SMS to user otherwise exit
  • 81. Final words… •  Implementation guide: https://blog.kloud.com.au/2018/01/23/replacing-the-service-desk-with-bots- using-amazon-lex-and-amazon-connect-part-4/ •  Reach out to me! LinkedIn: www.linkedin.com/in/bobbiecouhbor Email: Bobbie.Couhbor@kloud.com.au •  Questions?
  • 82. Prize Draw: Amazon Dot Beats Pill + Speaker Sponsored by Sponsored by
  • 83. Thanks For Coming: Join Us Next Month – March 7th 2018 >> Register @ http://www.meetup.com/AWS-Sydney/ << In the Meantime Keep In Touch http://bit.ly/polarseven-webinars