The document provides an overview of advanced security best practices when using AWS. It discusses identity and access management with IAM, defining virtual networks with Amazon VPC, networking and security for Amazon EC2 instances, working with container and abstracted services, and encryption and key management in AWS. The presentation emphasizes sharing security responsibility between AWS and customers, implementing least privilege access, enabling auditing and monitoring, and using services like IAM, VPC, security groups, and AWS Key Management Service to help secure workloads in AWS.
AWS AWSome Day - Getting Started Best PracticesIan Massingham
An updated version of the Getting Started Best Practices slides from the AWS AWSome Day Management track, enhanced with coverage of the AWS Well Architected Framework
Amazon WorkSpaces is a secure, managed, virtual desktop service running on the AWS cloud. The service helps organizations support a modern mobile workforce, improve information security, and save money with a pay-as-you-go model. In this session, we'll cover how cloud desktops can benefit your organization, what's new with Amazon WorkSpaces, and some of the top technical considerations like user identity and access management, VPC design, network traffic flow, and application delivery. This session is for IT professionals and business decision makers interested in learning how to simplify desktop management and productivity for their organizations.
AWS AWSome Day - Getting Started Best PracticesIan Massingham
An updated version of the Getting Started Best Practices slides from the AWS AWSome Day Management track, enhanced with coverage of the AWS Well Architected Framework
Amazon WorkSpaces is a secure, managed, virtual desktop service running on the AWS cloud. The service helps organizations support a modern mobile workforce, improve information security, and save money with a pay-as-you-go model. In this session, we'll cover how cloud desktops can benefit your organization, what's new with Amazon WorkSpaces, and some of the top technical considerations like user identity and access management, VPC design, network traffic flow, and application delivery. This session is for IT professionals and business decision makers interested in learning how to simplify desktop management and productivity for their organizations.
by Rahul Sareen, Sr. Consultant, AWS
In this workshop you'll learn to build a web application using a serverless architecture. With fresh funding from its seed investors, Wild Rydes (www.wildrydes.com) is seeking to build the world’s greatest mobile/VR/AR unicorn transportation system. The scrappy startup needs a first-class webpage to begin marketing to new users and to begin its plans for global domination. Join us to help Wild Rydes build a website using a serverless architecture. You’ll build a scalable website using services like AWS Lambda, Amazon API Gateway, Amazon DynamoDB, Amazon Cognito, and Amazon S3.
In this session, Amit Patel, General Manager of AWS Mobile Services, will share our vision, customer trends and the latest additions to AWS Mobile Services.
How to use big data to improve a EC platform is a hot topic. In this session, we will discuss some big data case studies in retail and EC, and introduce how to create a recommendation service with Amazon Machine Learning.
In dynamic cloud environments, many organizations have a need to implement a unified threat management solution that enhances visibility across their workloads. Learn how REAN Cloud adopted Sophos Unified Threat Management (UTM) for increased simplicity, visibility, and security of their AWS workloads. Sophos is an Advanced Technology Partner in the AWS Partner Network that provides a reliable, unified security solution capable of scaling to meet the agility and speed of the AWS Cloud. Join the upcoming webinar to hear Sri Vasireddy from REAN Cloud, Bryan Nairn from Sophos, and Nick Matthews from AWS discuss security innovations on the AWS Cloud. Join us to learn: • Why Sophos end user REAN Cloud trusts Sophos UTM for simplicity, visibility and security. • How easy it can be to protect your AWS workloads, with a proven and scalable solution designed for the AWS Cloud. • AWS security innovations, including support across multiple Availability Zones and UTM Auto Scaling.
Who should attend: Security Managers, Security Engineers, Security Architects, IT System Administrators, System Administrators, IT Administrators, IT Managers, DevOps, Architects, IT Architects, IT Security Engineers, Business Decision Makers
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
For eCommerce customers, to build a scalable platform to support their daily business is very important. In this session, we will discuss how to use AWS features to build low-cost and highly scalable web and mobile application on the cloud
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and will cover solutions for account structure, user configuration, provisioning, networking and operation automation. This solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and Amazon Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations. Additionally, Philips will explain their cloud journey and how they have applied their guiding principles when building their landing zone.
This presentation will give you the opening introduction on what is cloud computing with AWS, getting started, and the technical modules presented on the day.
Module 2: AWS Infrastructure: Storage (S3, EBS), Compute (EC2), Networking (VPC)
Module 3: Security, Identity, and Access Management: IAM
Module 4: Databases: Amazon DynamoDB and Amazon RDS
Module 5: AWS Elasticity and Management Tools: Auto Scaling, Elastic Load Balancing, Amazon CloudWatch, and AWS Trusted Advisor
AWS Fundamentals @Back2School by CloudZoneIdan Tohami
This class is all about the basics. Here you will learn about the services AWS has to offer in compute, storage, databases and various application services.
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Amazon Web Services
This session enables security operators to automate governance and implement use cases addressed by AWS services such as AWS CloudTrail, AWS Config Rules, Amazon CloudWatch Events, and Trusted Advisor. Based on the nature of vulnerabilities, internal processes, compliance regimes, and other priorities, this session discusses the service to use when. We also show how to detect, report, and fix vulnerabilities, or gain more information about attackers. We dive deep into new features and capabilities of relevant services and use an example from an AWS customer, Siemens AG, about how to best automate governance and scale. A prerequisite for this session is knowledge of security and basic software development using Java, Python, or Node.
by Rahul Sareen, Sr. Consultant, AWS
In this workshop you'll learn to build a web application using a serverless architecture. With fresh funding from its seed investors, Wild Rydes (www.wildrydes.com) is seeking to build the world’s greatest mobile/VR/AR unicorn transportation system. The scrappy startup needs a first-class webpage to begin marketing to new users and to begin its plans for global domination. Join us to help Wild Rydes build a website using a serverless architecture. You’ll build a scalable website using services like AWS Lambda, Amazon API Gateway, Amazon DynamoDB, Amazon Cognito, and Amazon S3.
In this session, Amit Patel, General Manager of AWS Mobile Services, will share our vision, customer trends and the latest additions to AWS Mobile Services.
How to use big data to improve a EC platform is a hot topic. In this session, we will discuss some big data case studies in retail and EC, and introduce how to create a recommendation service with Amazon Machine Learning.
In dynamic cloud environments, many organizations have a need to implement a unified threat management solution that enhances visibility across their workloads. Learn how REAN Cloud adopted Sophos Unified Threat Management (UTM) for increased simplicity, visibility, and security of their AWS workloads. Sophos is an Advanced Technology Partner in the AWS Partner Network that provides a reliable, unified security solution capable of scaling to meet the agility and speed of the AWS Cloud. Join the upcoming webinar to hear Sri Vasireddy from REAN Cloud, Bryan Nairn from Sophos, and Nick Matthews from AWS discuss security innovations on the AWS Cloud. Join us to learn: • Why Sophos end user REAN Cloud trusts Sophos UTM for simplicity, visibility and security. • How easy it can be to protect your AWS workloads, with a proven and scalable solution designed for the AWS Cloud. • AWS security innovations, including support across multiple Availability Zones and UTM Auto Scaling.
Who should attend: Security Managers, Security Engineers, Security Architects, IT System Administrators, System Administrators, IT Administrators, IT Managers, DevOps, Architects, IT Architects, IT Security Engineers, Business Decision Makers
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
For eCommerce customers, to build a scalable platform to support their daily business is very important. In this session, we will discuss how to use AWS features to build low-cost and highly scalable web and mobile application on the cloud
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and will cover solutions for account structure, user configuration, provisioning, networking and operation automation. This solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and Amazon Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations. Additionally, Philips will explain their cloud journey and how they have applied their guiding principles when building their landing zone.
This presentation will give you the opening introduction on what is cloud computing with AWS, getting started, and the technical modules presented on the day.
Module 2: AWS Infrastructure: Storage (S3, EBS), Compute (EC2), Networking (VPC)
Module 3: Security, Identity, and Access Management: IAM
Module 4: Databases: Amazon DynamoDB and Amazon RDS
Module 5: AWS Elasticity and Management Tools: Auto Scaling, Elastic Load Balancing, Amazon CloudWatch, and AWS Trusted Advisor
AWS Fundamentals @Back2School by CloudZoneIdan Tohami
This class is all about the basics. Here you will learn about the services AWS has to offer in compute, storage, databases and various application services.
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Amazon Web Services
This session enables security operators to automate governance and implement use cases addressed by AWS services such as AWS CloudTrail, AWS Config Rules, Amazon CloudWatch Events, and Trusted Advisor. Based on the nature of vulnerabilities, internal processes, compliance regimes, and other priorities, this session discusses the service to use when. We also show how to detect, report, and fix vulnerabilities, or gain more information about attackers. We dive deep into new features and capabilities of relevant services and use an example from an AWS customer, Siemens AG, about how to best automate governance and scale. A prerequisite for this session is knowledge of security and basic software development using Java, Python, or Node.
Scalable Web Applications Session at CodebaseIan Massingham
This is the presentation from the session at Codebase on June 17. Building Scalable Web Applications on AWS. Including content on why you might chose to use AWS for scalable web applications, a rule Book for buidling scalable web application on AWS, common patterns for web applications and where to go next to learn more about AWS.
AWS CloudFormation is a comprehensive templating language that enables you to create managed 'stacks' of AWS resources, with a growing library of templates available for you to use. But how do you create one from scratch? This presentation will take you through building an AWS CloudFormation template from the ground up, so you can see all the essential template constructs in action.
Watch a recording of the webinar based on this presentation on YouTube here: http://youtu.be/6R44BADNJA8
Check out other upcoming webinars in the Masterclass Series here: http://aws.amazon.com/campaigns/emea/masterclass/
Opportunities that the Cloud Brings for Carriers @ Carriers World 2014Ian Massingham
In this presentation from Total Telecom's Carriers World Conference in 2014 I discussed the opportunities that cloud computing presents for Telecommunications Carriers.
Slides from the partner event that I spoke at on the 24 April 2014. Includes and introduction to AWS and details of common adoption patterns for Enterprises that are moving to the cloud
AWS DevOps Event - Innovating with DevOps on AWSIan Massingham
Hear how high growth startups and established organisations are delivering software-based innovation, disrupting markets and delivering feature rich services that their customers love.
If you ever wondered why do some of these large enterprises even with access to all kind of resources still fail to innovate? The attached slides talks about some of the challenges that the large companies face in their path to innovation. Thanks, Hemanth Kempanna
Getting started with AWS Lambda and the Serverless CloudIan Massingham
Slides from the MongoDB user group meetup talk that I did in March 2017.
https://gist.github.com/ianmas-aws/ce847270ecedf9a58cbcc1ed736cf541
^^ Gist containing (a very simple) code sample is here
From the AWS Briefing that took place at Croke Park, Dublin on 20 March 2014. Aa short tour around a small selection the innovative uses for AWS Services.
Under the AWS shared responsibility model, AWS provides a secure global infrastructure, including computing, storage, networking and database services, as well as a range of high level services. AWS provides a range of security services and features that AWS customers can use to secure their content and meet their own specific business requirements for security. In this presentation, we focus on advanced security best practices and recently introduced security services from AWS.
See a recording of the webinar based on this presentation here: https://youtu.be/zU1x5SfKEzs
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Amazon Web Services
We constantly hear about huge hacks in the media, with companies losing millions of dollars in an instant. While this problem is large for the enterprise side of the world, it is even more detrimental when it comes to the fedspace. CloudCheckr Co-Founder & CEO Aaron Newman will highlight effective strategies and tools that AWS users can employ to improve their security posture. Often times the biggest threat to security is the human, Aaron will go through ways to work around this and how you can shore up security to avoid these errors. Specific emphasis will be placed upon leveraging native AWS services and the talk will include concrete steps that users can begin employing immediately. Learn More: https://aws.amazon.com/government-education/
This session will cover AWS Identity and Access Management (IAM) best practices that help improve your security posture. We will cover how to manage users and their security credentials. We’ll also explain why you should delete your root access keys—or at the very least, rotate them regularly. Using common use cases, we will demonstrate when to choose between using IAM users and IAM roles. Finally, we will explore how to set permissions to grant least privilege access control in one or more of your AWS accounts.
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)Amazon Web Services
CloudCheckr Co-Founders Aaron Newman and Aaron Klein will highlight effective strategies and tools that AWS users can employ to improve their security posture. Specific emphasis will be placed upon leveraging native AWS services and the talk will include concrete steps that users can begin employing immediately. Session sponsored by CloudCheckr.
AWS Competency Partner
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.
by Apurv Awasthi, Sr. Technical Product Manager, AWS
This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources. We also cover the concept of trust relationships, and how you can use them to delegate access to your AWS resources. This session covers also covers IAM best practices that can help improve your security posture. We cover how to manage IAM users and roles, and their security credentials. We also explain ways for how you can securely manage you AWS access keys. Using common use cases, we demonstrate how to choose between using IAM users or IAM roles. Finally, we explore how to set permissions to grant least privilege access control in one or more of your AWS accounts. Level 100
Slides from my talk at the Leeds IoT Meetup on November 20th. Includes links to resources to help you get started with creating connected device applications with the AWS IoT Service
Building Better IoT Applications without ServersIan Massingham
This deck introduces the benefits of using a the AWS Cloud to build Connected Device/IoT Applications without running virtual machines or other high-maintenance service components.
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-endIan Massingham
Slides from my session at Goto Stockholm where I talked about AWS Lambda and how it can be used to build reliable, scalable & low-cost applications, without servers for you to manage.
Special thanks to James Hall at Parallax for allowing me to talk about the awesome application that they built using AWS Lambda, Amazon API Gateway & Amazon DynanmoDB :)
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
2. Masterclass
Intended to educate you on how to get the best from AWS services
Show you how things work and how to get things done
A technical deep dive that goes beyond the basics
1
2
3
3. Advanced Security Best Practices
Security is job zero at AWS
Built to satisfy the most security-sensitive organisations
Provides visibility, auditability, controllability & agility
Lower operational overhead that traditional IT
4. AWS security
approach
Size of AWS
security team
Visibility into
usage & resources
Increasing your Security Posture in the Cloud
7. Agenda
Sharing the Security Responsibility
Identity and Access Management with IAM
Defining virtual networks with Amazon VPC
Networking & Security for Amazon EC2 Instances
Working with Container and Abstracted Services
Encryption and Key Management in AWS
15. Create individual users
Benefits
• Unique credentials
• Individual credential rotation
• Individual permissions
How to get started
• Identify which IAM users you want
to create
• Use the console, CLI or API to:
- Create user
- Assign credentials
- Assign permissions
17. Grant least privilege
Benefits
• Less chance of people
making mistakes
• Easier to relax than tighten up
• More granular control
– API and resource
How to get started
• Identify what permissions
are required
• Password or access keys?
• Avoid assigning *:* policy
• Default Deny
• Use policy templates
IMPORTANT NOTE: Permissions do not apply to root!
19. Manage permissions with groups
Benefits
• Easier to assign the same
permissions to multiple users
• Simpler to re-assign
permissions based on change
in responsibilities
• Only one change to update
permissions for multiple users
How to get started
• Map permissions to a specific
business function
• Assign users to that function
• Manage groups in the Group
section of the IAM console
21. Restrict privileged access further with conditions
Benefits
• Additional granularity when
defining permissions
• Can be enabled for any AWS
service API
• Minimizes chances of
accidentally performing
privileged actions
How to get started
• Use conditions where
applicable
• Two types of conditions
- AWS common
- Service-specific
22. Restrict privileged access further with conditions
{
"Statement":[{
"Effect":"Allow",
"Action":["ec2:TerminateInstances"],
"Resource":["*"],
"Condition":{
"Null":{"aws:MultiFactorAuthAge":"false"}
}
}
]
}
Enables a user to terminate EC2 instances only if the
user has authenticated with their MFA device.
MFA
{
"Statement":[{
"Effect":"Allow",
"Action":"iam:*AccessKey*",
"Resource”:"arn:aws:iam::123456789012:user/*",
"Condition":{
"Bool":{"aws:SecureTransport":"true"}
}
}
]
}
Enables a user to manage access keys for all IAM users only if the
user is coming over SSL.
SSL
{
"Statement":[{
"Effect":"Allow",
"Action":["ec2:TerminateInstances“],
"Resource":["*“],
"Condition":{
"IpAddress":{"aws:SourceIP":"192.168.176.0/24"}
}
}
]
}
Enables a user to terminate EC2 instances only if the user is
accessing Amazon EC2 from 192.168.176.0/24.
SourceIP
{
"Statement":[{
"Effect": "Allow",
"Action":"ec2:TerminateInstances",
"Resource": "*",
"Condition":{
"StringEquals":{"ec2:ResourceTag/Environment":"Dev"}
}
}
]
}
Enables a user to terminate EC2 instances only if the instance is
tagged with “Environment=Dev”.
Tags
24. Enable AWS CloudTrail to get logs of API calls
Benefits
• Visibility into your user activity
by recording AWS API calls to
an Amazon S3 bucket
How to get started
• Set up an Amazon S3
bucket
• Enable AWS CloudTrail
Ensure the services you want are integrated with AWS CloudTrail
aws.amazon.com/cloudtrail
26. Configure a strong password policy
Benefits
• Ensures your users and your
data are protected
How to get started
• What is your company’s
password policy?
• You can configure
- Password expiration
- Password strength
• Uppercase, lowercase,
numbers, non-alphanumeric
- Password re-use
IMPORTANT NOTE: Password policy does not apply to root!
28. Rotate/Delete security credentials regularly
Benefits
• Normal best practice
How to get started
• Use Credential Reports to identity
credentials that should be rotated
or deleted
• IAM console displays when
password last used
• Grant IAM user permission to
rotate credentials
• IAM roles for Amazon EC2 rotate
credentials automatically
30. Enable MFA for privileged users
Benefits
• Supplements user name and
password to require a one-time
code during authentication
How to get started
• Choose type of MFA
- Virtual MFA
- Hardware
• Use IAM console to assign MFA
device
31. Sharing
Use IAM roles to share access
http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html
32. Use IAM roles to share access
Benefits
• No need to share security credentials
• No need to store long term
credentials
• Easy to break sharing relationship
• Use cases
- Cross-account access
- Intra-account delegation
- Federation
How to get started
• Create a role
- Specify who you trust
- Describe what the role can
do
• Share the name of the role
• Use ExternalID when sharing
with a 3rd party
IMPORTANT NOTE: Never share credentials.
33. Roles
Use IAM roles for Amazon EC2 instances
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
34. Use IAM roles for Amazon EC2 instances
Benefits
• Easy to manage access keys
on EC2 instances
• Automatic key rotation
• Assign least privilege to the
application
• AWS SDKs fully integrated
• AWS CLI fully integrated
How to get started
• Create an IAM role
• Assign permissions to role
• Launch instances w / role
• If not using SDKs, sign all
requests to AWS services with
the role’s temporary credentials
36. Reduce or remove use of root
Benefits
• Reduce potential for misuse of
credentials
How to get started
• Security Credentials Page
- Delete access keys
- Activate an MFA device
• Ensure you have set a “strong”
password
39. A virtual network in your own logically isolated
area within the AWS cloud populated by
infrastructure, platform, and application services that
share common security and interconnection
Amazon VPC
aws.amazon.com/vpc/
40. ▶︎ Elastic Network Interface (ENI)
▶︎ Subnet
▶︎ Network Access Control List (NACL)
▶︎ Route Table
▶︎ Internet Gateway
▶︎ Virtual Private Gateway
▶︎ Route 53 Private Hosted Zone
VPC Networking
41. VPC Network Topology
A VPC can span multiple AZs, but each
subnet must reside entirely within one AZ
Use at least 2 subnets in different AZs for
each layer of your network
45. VPC Peering
A networking connection between two VPCs
docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html
46. Using Network Access Control Lists
An optional layer of security that acts as a firewall
for controlling traffic in and out of a subnet
You might set up network ACLs with rules similar to
your security groups in order to add an additional
layer of security to your VPC
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html
53. Amazon EC2 Security Groups
aws.amazon.com/ec2/
A security group acts as a virtual firewall that
controls the traffic for one or more instances.
You add rules to each security group that
allow traffic to or from its associated
instances.
54. Amazon EC2 Security Groups
aws.amazon.com/ec2/
Availability Zone 1 Availability Zone 2
Security Group: GameServers
Security Group: APIServers
55. Amazon EC2 Security Groups
aws.amazon.com/ec2/
Availability Zone 1 Availability Zone 2
Security Group: GameServers
Security Group: APIServers
62. Availability Zone 1: Private Subnet Availability Zone 2: Private Subnet
Amazon RDS Security Groups
Availability Zone 1: Public Subnet Availability Zone 2: Public Subnet
Security Group: APIServers
Security Group: GameServers
RDS Security Group: APIServers
71. DIY Key Management in AWS
Encrypt data client-side and send ciphertext to AWS storage services
Your encryption
client application
Your key management
infrastructure
Your
applications
in your data
center
Your application in
Amazon EC2
Your key
management
infrastructure in EC2
Your Encrypted Data in AWS Services
…
72. DIY Key Management in AWS
Amazon S3 Encryption Client in AWS SDKs
Your key management
infrastructure
Your
applications
in your data
center
Your key
management
infrastructure in EC2
Your Encrypted Data in Amazon S3
Your application in
Amazon EC2
AWS SDK with
S3 Encryption Client
73. DIY Key Management in AWS
Amazon S3 Server-Side Encryption with Customer-Provided Keys
Plaintext
Data
Encrypted
Data
Customer
Provided KeyAmazon S3 Web
Server
HTTPS
Customer
Data
Amazon S3
Storage Fleet
• Key is used at Amazon S3 webserver, then deleted
• Customer must provide same key when downloading to allow
Amazon S3 to decrypt data
Customer
Provided Key
74. AWS Key Management Service
• A managed service that makes it easy for you to create,
control, rotate, and use your encryption keys
• Integrated with AWS SDKs and AWS services including
Amazon EBS, Amazon S3, and Amazon Redshift
• Integrated with AWS CloudTrail to provide auditable logs to
help your regulatory and compliance activities
79. How AWS Services Integrate with AWS Key Management
Service
• Two-tiered key hierarchy using envelope
encryption
• Unique data key encrypt customer data
• AWS KMS master keys encrypt data keys
• Benefits of envelope encryption:
• Limits risk of a compromised data key
• Better performance for encrypting large data
• Easier to manage a small number of master
keys than millions of data keys
Customer Master
Key(s)
Data Key 1
Amazon S3
Object
Amazon EBS
Volume
Amazon
Redshift Cluster
Data Key 2 Data Key 3 Data Key 4
Custom
Application
AWS KMS
80. AWS Key Management Service
Providing security for your keys
• Plaintext keys are never stored in persistent memory on runtime systems
• Automatically rotate your keys for you
• Separation of duties between systems that use master keys and data
keys
• Multi-party controls for all maintenance on systems that use your master
keys
• See public white papers and Service Organization Control (SOC 1)
compliance package
85. Introduction to AWS Security
Security at Scale: Governance in AWS
Security at Scale: Logging in AWS
AWS Security Best Practices
Securing Data at Rest with Encryption
AWS Security Whitepaper
AWS Security White Papers