Architecting for Enterprise Identity Across Multiple Operating Models (ENT413-R1) - AWS re:Invent 2018

•

1 like•216 views

A critical component of any cloud journey is ensuring that the identity architecture enables users and operators of cloud-based infrastructure to maintain or increase their level of productivity while maintaining appropriate levels of security. Such an architecture must take into account the likelihood that engineers from different organizations and differing operating models must work together to achieve outcomes. This talk explores how AWS Managed Services built such a system, leveraging industry standard components. Security experts from across multiple AWS service teams answer your questions about strategy and technical implementation.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Architecting for Enterprise Identity
Across Multiple Operating Models
Stephen Bowie
Senior Security Manager
AWS Managed Services
Ron Cully
Product Manager
Amazon Web Services

Managed Services (AMS)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AMS is AWS “out-of-the-box”
Production-ready virtual private cloud, landing zone & operating model

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Managed Services (AMS)

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Directory Service for Microsoft Active Directory
Customer—administer and configure
• Administer users, groups, GPOs, other AD content
• Administration via Active Directory Users and
Computers (ADUC) and other standard AD tools
• Configure password policies
• Add domain controllers as needed
• Configure trusts (resource forest deployment)
• Configure certificate authorities (for LDAPS)
• Configure federation
Amazon—operates
• Multi-AZ deployment, patch, monitor,
DC recovery, instance rotation, snapshot, restore
“AWS Managed Microsoft AD”
Customer VPC AWS Managed Service VPC
10.0.2.0/24
App 1 App 2
Availability Zone 1 Availability Zone 1
10.0.3.0/24
App 1 App 2
Availability Zone 1 Availability Zone 1
AWS Managed
Microsoft AD DC
AWS Managed
Microsoft AD DC
DC
AWS managed domain controllers, exclusively yours,
running on actual Microsoft Windows server

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Managed Microsoft AD

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
“Production-ready” identity requirements

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The solution
If customer wishes, AMS can revoke our access to the directory
and transfer control back to our customer
Most enterprise customers have established procedures
and tools to audit Active Directory forests
Combines persistent identity, with Active Directory dynamic groups
Leverages AWS Managed Microsoft AD
Mandates the use of multifactor authentication

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The solution in action

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The result

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Raucous discussion ensues
Recently, some customers have pushed
back on joining their servers to AWS
Managed Microsoft AD, over concerns that
legacy applications contain hard-coded
values to AD objects, such as OUs.
Allowing customers to leave their servers
attached to their legacy AD would result in
a multi-mastered managed environment.
Thoughts?

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Repeats
Wednesday, November 28
Architecting for Enterprise Identity Across Multiple Operating Models
9:15 AM–10:15 AM | Aria West, Level 3, Ironwood 3, T2
Friday, November 30
Architecting for Enterprise Identity Across Multiple Operating Models
11:30 AM–12:30 PM | Aria East, Plaza Level, Orovada 3, T1

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Related sessions
Cloud Ops Engineer: A Day in the Life
Friday, November 30th
8:30 AM–9:30 AM
Venetian Level 4

Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Stephen Bowie
shb@amazon.com
Ron Cully
rcully@amazon.com

The document discusses security best practices when using AWS. It highlights some common security anti-patterns to avoid, such as overcrowding AWS accounts, using personal AWS accounts, and relying only on manual technical auditing. It promotes practices like implementing least privilege access, continuous automated auditing using native AWS services, and adopting a DevSecOps approach to development that incorporates security testing and monitoring throughout the software development lifecycle.

Meeting Enterprise Security Requirements with AWS Native Security Services (S...

Amazon Web Services

GE has very deep security requirements for their cloud applications. In this session, hear their story on replacing on premises complex solutions with AWS native services like Amazon GuardDuty, VPC Flow logs, AWS CloudTrail, and AWS Config rules. Learn how large enterprises can accelerate their cloud adoption by meeting established security standards with AWS native services. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.

Getting Started with AWS Security

Amazon Web Services

Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...

Amazon Web Services

This document discusses using AWS services for ingesting, storing, sharing, and analyzing video content. It describes how to stream live video from millions of devices using Amazon Kinesis Video Streams and then analyze the video using Amazon Rekognition. It also provides an example of building a system to detect faces on video streams from cameras using DeepLens and storing the results in databases like DynamoDB for further processing.

IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accou...

Amazon Web Services

In this session, learn how Vanguard has matured their IAM controls and automation to support a micro-account strategy, providing further agility to developers while reducing blast radius and improving governance. You learn how Vanguard uses STS Federation at the OU level, builds common roles across all micro accounts, implements AWS Organizations SCPs, and uses different network control zones for admin vs. non-admin functions. Vanguard also shares how they are using AWS Lambda to block escalation of privilege.

Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...

Amazon Web Services

Are you interested in becoming a IAM policy master and learning about powerful techniques for controlling access to AWS resources? If your answer is “yes,” this session is for you. Join us as we cover the different types of policies and describe how they work together to control access to resources in your account and across your AWS organization. We walk through use cases that help you delegate permission management to developers by demonstrating IAM permission boundaries. We take an in-depth look at controlling access to specific AWS regions using condition keys. Finally, we explain how to use tags to scale permissions management in your account. This session requires you to know the basics of IAM policies.

How to Implement a Well-Architected Security Solution.pdf

Amazon Web Services

Landing Zones Creating a Foundation - AWS Summit Sydney 2018

Amazon Web Services

Landing Zones: Creating a Foundation for Your AWS Migrations When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices. Ali Juzer, Cloud Architect, Professional Services, Amazon Web Services

As you continue to grow your footprint on AWS, centralized tools and features are required to help govern multiple AWS accounts for account management, security and access control, and resource sharing. This session discusses how you can use AWS Organizations to manage and govern multi-account environments on AWS with security and compliance in mind. This session covers AWS Organizations, IAM, AWS Config, AWS Firewall Manager, CloudTrail, CloudWatch Events, Directory Service, License Manager, Resource Access Manager, and Single Sign-On.

Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...

Amazon Web Services

by Fritz Kunstler, Sr. AWS Security Consultant, AWS In AWS, identity comes first. Before you can provision buckets, instances, VPCs, or any other infrastructure, you have to have an identity to authenticate and authorize those API calls. In this session, we'll rapidly immerse you in the fundamental primitives, mental models, and implementation patterns of the core AWS identity services such as AWS Identity & Access Management and AWS Organizations. With this knowledge in hand you'll be able to confidently construct a solid identity foundation for your workloads to sit atop. Level 200

Security@Scale

Amazon Web Services

This session will review how to secure your enterprise adoption of AWS at scale. At AWS security is job zero and at the heart of everything we build. This session will review the patterns of usage for AWS Identity and Access Management, AWS Key Management Service, AWS CloudTrail, AWS Config, Amazon GuardDuty AWS Systems Manager Parameter Store, Amazon EC2 Run Command, AWS Single Sign-On, AWS WAF, AWS Shield, and AWS Service Catalog to an create end-to-end security approach for your AWS cloud adoption. You will gain insight how these AWS services come together to increase your security posture in ways that are unique to AWS workloads.

Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018

Amazon Web Services

AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore

Amazon Web Services

The document discusses AWS landing zones, which provide standardized account structures, networking designs, security policies, and automation tools to help organizations centrally govern their use of AWS accounts at scale. It describes the key components of a landing zone, including account structure, network design, identity and access management, security and visibility features, shared services, and automation tools. The landing zone approach aims to provide guardrails rather than blockers to help customers deploy and manage multiple AWS accounts in a standardized, scalable, and auditable manner.

How Nubank Automates Fine-Grained Security with IAM, AWS Lambda, and CI/CD (F...

Amazon Web Services

Cloud-native and with security integrated early in the software development process, Nubank is the largest digital bank in the world outside of Asia. Demand for higher levels of service and value, constantly evolving technology capabilities, and stringent regulatory requirements are all powerful forces reshaping retail banking. In this session, Nubank CTO Edward Wible discusses how the company mixes engineering culture, security philosophy and structure, automation, and integration with AWS security services. Learn how to leverage the day-to-day software development workflow for extensive security and maximum engineering throughput while minimizing the operational pain of running a large infrastructure.

How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...

Amazon Web Services

by Vijay Sharma, Senior Product Manager, AWS Creating multiple AWS accounts helps manage AWS resources for different users, teams, and applications, but managing access for multiple AWS accounts can be difficult to scale. AWS Single Sign-On (SSO), a new cloud SSO service, makes it easy to sign in to multiple AWS accounts and business applications. You will learn how to use AWS SSO and AWS Directory Service to enable users to access their AWS accounts and business applications using their existing corporate credentials. You will also learn how to manage user permissions centrally to AWS resources when users access the AWS Management Console using AWS SSO.

Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...

Amazon Web Services

The document discusses applying the NIST 800-53 high impact controls on AWS for GDPR compliance. It describes how AWS and third-party security tools like Trend Micro can help customers automate compliance with these controls by leveraging AWS services for identity and access management, logging, networking, and security tools for intrusion prevention, firewalls, and more. An AWS CloudFormation template called the Enterprise Accelerator provides an automated reference deployment of Trend Micro with AWS to help customers meet key NIST controls and simplify GDPR compliance efforts.

Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018

Amazon Web Services

The document discusses how the Well-Architected framework from AWS was used to help a customer transition their 20+ year old technology to the AWS cloud. It describes the challenges the customer faced with their on-premises infrastructure and how the Well-Architected pillars of security, reliability, performance efficiency, cost optimization, and operational excellence were applied. Examples are given for how tools like EC2, S3, CloudFormation, and Trusted Advisor can help optimize infrastructure for reliability, security, costs and operations on AWS.

Deep Dive - AWS Security by Design

Amazon Web Services

Security by design examines a wide range of issues, such as: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. This standardized, automated, prescriptive and repeatable design can be deployed for common use cases, security standards and audit requirements across multiple industries and workloads.

AWS-Vizalytics-March-2018 2.pdf

Amazon Web Services

The document discusses AWS and Vizalytics technology for smart cities solutions. It provides an overview of AWS cloud capabilities for infrastructure, analytics, IoT, machine learning and other services. It also presents customer stories of how cities like Chicago and Transport for London have used AWS to power applications and platforms for open data, transportation, and other smart city initiatives. Finally, it outlines a logical architecture for a smart city platform leveraging AWS cloud services for data ingestion, processing, storage in a data lake, and analysis.

McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...

Amazon Web Services

According to Gartner, the IaaS market grew at a blistering 42.8% in 2017—twice as fast as SaaS. And with last year’s high-profile data exposures, the focus on bolstering IaaS security practices has increased. We’ve worked with AWS and hundreds of IaaS security professionals to develop a list of security practices specifically designed to protect AWS environments and the applications and data within them. In this session, you’ll discover: common yet preventable scenarios that can result in the loss of corporate data, security best practices for user and admin behavior monitoring, secure auditable configuration, Amazon S3 data loss and threat prevention, blueprints for how a solution-based approach (including bridging to your on-premises best practices) can provide IaaS visibility and control, step-by-step guidance on how to gain visibility across all workloads, protect against advanced threats, and discover insights into lateral threat movements, and recommendations for creating a successful DevOps workflow that integrates security.

Best Practices for Encrypting Data on AWS

Amazon Web Services

The Perimeter Is Dead

Amazon Web Services

by Roy Feintuch, Dome9 Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.

Managing Security on AWS

Amazon Web Services

Customers using AWS benefit from a multitude of security and compliance controls built into AWS solutions. In this session, you will learn how to take advantage of the advanced security features of AWS to gain the visibility, agility, and control that the cloud affords users over legacy environments. We will take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the Shared Responsibility Model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS. Matt Johnson, Solutions Architect, AWS

Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...

Amazon Web Services

The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...

Amazon Web Services

by Fritz Kunstler, Sr. AWS Security Consultant, AWS Across the AWS customer base there's a wide spectrum of experience levels. In this session, we'll dive deep into a number of advanced patterns that some of our most advanced customers are using to make themselves successful. By equipping you with these deep learnings, you'll be able to raise the bar within your organization, allowing you to achieve greater levels of control, speed, and visibility at a greatly accelerated pace.

How You Can Use AWS Identity Services to Be Successful on Your AWS Cloud Journey

Amazon Web Services

by Ron Cully, Manager, Product Management, AWS Every journey to the AWS Cloud is unique. Some customers are migrating existing applications, while others are building new applications using cloud-native services. Along each of these journeys, identity and access management helps customers protect their applications and resources. In this session, you will learn how AWS’ Identity Services provide you a secure, flexible, and easy solution for managing identities and access on the AWS Cloud. With AWS’ Identity Services, you do not have to adapt to AWS. Instead, you have a choice of services designed to meet you anywhere along your journey to the AWS Cloud.

[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018

Amazon Web Services

Want to learn about your options for running Microsoft Active Directory on AWS? When you move Microsoft workloads to AWS, it is important to consider how to deploy Microsoft Active Directory in support of group policy management, authentication, and authorization. In this session, we discuss options for deploying Microsoft Active Directory to AWS, including AWS Managed Microsoft AD and deploying Active Directory to Windows on Amazon EC2. We cover such topics as how to integrate your on-premises Microsoft Active Directory environment to the cloud and how to leverage SaaS applications, such as Office 365, with the AWS Single Sign-On service.

Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft

Amazon Web Services

This document discusses identity and access management for serverless applications. It provides an overview of AWS Identity and Access Management (IAM) including IAM users, groups, roles, and policies. It also discusses Amazon Cognito for user management and the WildRydes serverless application workshop which involves restricting access to an S3 bucket and setting up user authentication with Cognito user pools.

What's hot

How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...

Amazon Web Services

Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks

Amazon Web Services

Managing and governing multi-account AWS environments using AWS Organizations...

Amazon Web Services

Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...

Amazon Web Services

Security@Scale

Amazon Web Services

Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018

Amazon Web Services

AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore

Amazon Web Services

How Nubank Automates Fine-Grained Security with IAM, AWS Lambda, and CI/CD (F...

Amazon Web Services

How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...

Amazon Web Services

Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...

Amazon Web Services

Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018

Amazon Web Services

Deep Dive - AWS Security by Design

Amazon Web Services

AWS-Vizalytics-March-2018 2.pdf

Amazon Web Services

McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...

Amazon Web Services

Best Practices for Encrypting Data on AWS

Amazon Web Services

The Perimeter Is Dead

Amazon Web Services

Managing Security on AWS

Amazon Web Services

Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...

Amazon Web Services

The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...

Amazon Web Services

How You Can Use AWS Identity Services to Be Successful on Your AWS Cloud Journey

Amazon Web Services

What's hot (20)

How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...

Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks

Managing and governing multi-account AWS environments using AWS Organizations...

Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...

Security@Scale

Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018

AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore

How Nubank Automates Fine-Grained Security with IAM, AWS Lambda, and CI/CD (F...

How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...

Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...

Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018

Deep Dive - AWS Security by Design

AWS-Vizalytics-March-2018 2.pdf

McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...

Best Practices for Encrypting Data on AWS

The Perimeter Is Dead

Managing Security on AWS

Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...

The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...

How You Can Use AWS Identity Services to Be Successful on Your AWS Cloud Journey

Similar to Architecting for Enterprise Identity Across Multiple Operating Models (ENT413-R1) - AWS re:Invent 2018

[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018

Amazon Web Services

Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft

Amazon Web Services

深入淺出 AWS 混合式雲端架構

Amazon Web Services

對於投資現場部署技術的大多數組織而言，在混合式架構中運作是採用雲端的必要部分。遷移IT系統需要好一段時間。因此，選擇一個雲端廠商，能夠幫助您實行經過深思熟慮的混合策略，並不需要在本地硬件和軟件上進行昂貴的新投資，這對簡化運營及輕鬆實現業務目標非常重要。在這場線上研討會中，我們將介紹 AWS 如何在存儲、網絡、安全、應用程序部署和管理工具中構建業界最廣泛的混合功能，以便您輕鬆及安全地擴展您現有的投資。 For most organizations with on-premises technology investments, operating in a hybrid architecture is a necessary part of cloud adoption. Migrating legacy IT systems takes time. Therefore, selecting a cloud provider who can help you implement a thoughtful hybrid strategy, without requiring costly new investments in on-premises hardware and software, is important to simplify operations and more easily achieve your business goals. In this webinar, we will describe how we at AWS have built the industry’s broadest set of hybrid capabilities across storage, networking, security, application deployment, and management tools to make it easy for you to integrate the cloud as a seamless and secure extension of your existing investments.

Introduction to Hybrid Cloud on AWS

Tom Laszewski

This document provides an overview of hybrid cloud solutions on AWS. It discusses key hybrid cloud use cases like integrated identity and access, data integration, and cloud bursting. It also describes AWS services that support hybrid architectures, like VPC, Direct Connect, Storage Gateway and EC2 Systems Manager. Finally, it presents examples of how large customers like John Deere and Kellogg's implement hybrid solutions with AWS.

Introduction to Hybrid Cloud on AWS - AWS Online Tech Talks

Amazon Web Services

Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018

Amazon Web Services

Securing your data platforms in job zero. Powerful encryption capabilities are available in the core services of the AWS cloud. AWS continues to innovate and release enhancements to encryption-specific services, and expand the encryption capabilities in new services to make encryption easy for everyone. Learn how to take advantage of these services and features to protect and secure your data in the cloud.

Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...

Amazon Web Services

Learning Objectives: - Learn about common architecture patterns for network design, Microsoft Active Directory, and business productivity solutions like Dynamics AX, CRM, and Microsoft SharePoint - Explore common scenarios for legacy and custom .NET, .NET Core with Microsoft SQL deployments and migrations - Gain insights on simplifying your IT infrastructure and managing your Microsoft workloads in a familiar environment

Migrate & Modernize your legacy Microsoft applications with AWS

Amazon Web Services

There are a large number of legacy enterprise Microsoft applications still running on-premises. This session will focus on retiring technical debt and bringing some of those apps into AWS using next generation platforms. You will learn how AWS supports Microsoft applications and how you can leverage application lifecycle management features to move your applications to cloud and serverless .NET platforms. We’ll also show how AWS can help you focus on your core business, and be more agile and cost efficient.

2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...

Modern Workplace Conference Paris

Cloud Migration Insights Forum, Perth

Amazon Web Services

Move Your Desktop to AWS with Amazon Workspaces

Amazon Web Services

IT organizations today need to support a modern, flexible, global workforce and ensure their users can be productive from anywhere. Moving desktops and applications to AWS offers improved security, scale, and performance with cloud economics. In this session, we provide an overview of Amazon WorkSpaces and discuss the use cases for it. Then, we dive deep into best practices for implementing Amazon WorkSpaces, including integrating with your existing identity, security, networking, and storage solutions. Diego Magalhaes, Senior Solutions Architect, Amazon Web Services

Costruire Architetture Ibride con AWS

Amazon Web Services

Il cloud ibrido fa riferimento all'uso di risorse locali in aggiunta alle risorse pubbliche del cloud. Un cloud ibrido consente a un'organizzazione di migrare applicazioni e dati nel cloud, estendere la capacità del data center, utilizzare nuove funzionalità native del cloud, avvicinare le applicazioni ai clienti e creare una soluzione di backup e disaster recovery con una elevata disponibilità. In questa sessione verranno presentate le principali architetture ed i tool AWS per realizzarle.

Cloud Migration Insights Forum, Sydney

Amazon Web Services

Security Automation using AWS Management Tools

Amazon Web Services

In order to ensure security best practices in your AWS accounts, you must establish a security baseline and then enforce it across all of these accounts. In this session, you will learn how to use AWS CloudFormation and AWS Organizations to execute security best practices (AWS CloudTrail, AWS Config, Flow Logs, S3 Access logs, etc...) in scenarios where you are managing many AWS accounts across an organization. You will see how to leverage Service Catalog across multiple accounts. Learn how to store all of these logs in a centralized logging system such as Amazon ElasticSearch Service, set up alerts, and drift detection on anomalous or high-risk activity.

Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018

Amazon Web Services

Most workloads on AWS resemble a finely crafted cake, with delight at every layer. In this session, we help you master identity at each layer of deliciousness: from platform, to infrastructure, to applications, using services like AWS Identity and Access Management (IAM), AWS Directory Service, Amazon Cognito, and many more. Leave with a firm mental model for how identity works both harmoniously and independently throughout these layers, and with ready-to-use reference architectures and sample code. We keep things fun and lively along the way with lots of demos, which will hopefully make up for our decided lack of anything resembling the sweet confections we'll be talking so much about!

Evolving perimeters with guardrails, not gates: Improving developer agility -...

Amazon Web Services

AWS Systems Manage: Bridging Operational Models

Amazon Web Services

Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018

Amazon Web Services

In this session, we discuss how customers in regulated industries like government, finance, and life sciences can use Amazon WorkSpaces to help meet security and regulatory compliance requirements for user applications and devices. Organizations who have to deal with various regulatory and security requirements (such as HIPAA, PCI, ITAR, and FedRAMP) have to consider how and where their users access applications and store data. In this session, we discuss how Amazon WorkSpaces can help you meet these unique requirements and help provide users throughout your organization with secure, fast access to desktop applications and data.

Foundations: Understanding the Critical Building Blocks of AWS Identity and G...

Amazon Web Services

by Jeff Levine, Security Specialist, Solutions Architect, AWS In AWS, identity comes first. Before you can provision buckets, instances, VPCs, or any other infrastructure, you have to have an identity to authenticate and authorize those API calls. In this session, we'll rapidly immerse you in the fundamental primitives, mental models, and implementation patterns of the core AWS identity services such as AWS Identity & Access Management and AWS Organizations. With this knowledge in hand you'll be able to confidently construct a solid identity foundation for your workloads to sit atop.

The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks

Amazon Web Services

Similar to Architecting for Enterprise Identity Across Multiple Operating Models (ENT413-R1) - AWS re:Invent 2018 (20)

[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018

Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft

深入淺出 AWS 混合式雲端架構

Introduction to Hybrid Cloud on AWS

Introduction to Hybrid Cloud on AWS - AWS Online Tech Talks

Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018

Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...

Migrate & Modernize your legacy Microsoft applications with AWS

2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...

Cloud Migration Insights Forum, Perth

Move Your Desktop to AWS with Amazon Workspaces

Costruire Architetture Ibride con AWS

Cloud Migration Insights Forum, Sydney

Security Automation using AWS Management Tools

Mastering Identity at Every Layer of the Cake (SEC401-R1) - AWS re:Invent 2018

Evolving perimeters with guardrails, not gates: Improving developer agility -...

AWS Systems Manage: Bridging Operational Models

Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018

Foundations: Understanding the Critical Building Blocks of AWS Identity and G...

The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Costruire Applicazioni Moderne con AWS

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Open banking as a service

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Computer Vision con AWS

Amazon Web Services

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Tools for building your MVP on AWS

Amazon Web Services

1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS). 2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels. 3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.

How to Build a Winning Pitch Deck

Amazon Web Services

This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.

Building a web application without servers

Amazon Web Services

This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.

Fundraising Essentials

Amazon Web Services

This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Amazon Web Services

This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.

Introduzione a Amazon Elastic Container Service

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

Architecting for Enterprise Identity Across Multiple Operating Models (ENT413-R1) - AWS re:Invent 2018

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Architecting for Enterprise Identity Across Multiple Operating Models Stephen Bowie Senior Security Manager AWS Managed Services Ron Cully Product Manager Amazon Web Services

6. AMS is AWS “out-of-the-box” Production-ready virtual private cloud, landing zone & operating model

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Directory Service for Microsoft Active Directory Customer—administer and configure • Administer users, groups, GPOs, other AD content • Administration via Active Directory Users and Computers (ADUC) and other standard AD tools • Configure password policies • Add domain controllers as needed • Configure trusts (resource forest deployment) • Configure certificate authorities (for LDAPS) • Configure federation Amazon—operates • Multi-AZ deployment, patch, monitor, DC recovery, instance rotation, snapshot, restore “AWS Managed Microsoft AD” Customer VPC AWS Managed Service VPC 10.0.2.0/24 App 1 App 2 Availability Zone 1 Availability Zone 1 10.0.3.0/24 App 1 App 2 Availability Zone 1 Availability Zone 1 AWS Managed Microsoft AD DC AWS Managed Microsoft AD DC DC AWS managed domain controllers, exclusively yours, running on actual Microsoft Windows server

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The solution If customer wishes, AMS can revoke our access to the directory and transfer control back to our customer Most enterprise customers have established procedures and tools to audit Active Directory forests Combines persistent identity, with Active Directory dynamic groups Leverages AWS Managed Microsoft AD Mandates the use of multifactor authentication

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Raucous discussion ensues Recently, some customers have pushed back on joining their servers to AWS Managed Microsoft AD, over concerns that legacy applications contain hard-coded values to AD objects, such as OUs. Allowing customers to leave their servers attached to their legacy AD would result in a multi-mastered managed environment. Thoughts?

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Repeats Wednesday, November 28 Architecting for Enterprise Identity Across Multiple Operating Models 9:15 AM–10:15 AM | Aria West, Level 3, Ironwood 3, T2 Friday, November 30 Architecting for Enterprise Identity Across Multiple Operating Models 11:30 AM–12:30 PM | Aria East, Plaza Level, Orovada 3, T1

Architecting for Enterprise Identity Across Multiple Operating Models (ENT413-R1) - AWS re:Invent 2018

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Architecting for Enterprise Identity Across Multiple Operating Models (ENT413-R1) - AWS re:Invent 2018

Similar to Architecting for Enterprise Identity Across Multiple Operating Models (ENT413-R1) - AWS re:Invent 2018 (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Architecting for Enterprise Identity Across Multiple Operating Models (ENT413-R1) - AWS re:Invent 2018