Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation and billing requirements. In this session, we discuss considerations, limitations, and security patterns when building out a multi-account strategy. We explore topics such as identity federation, cross-account roles, consolidated logging, and account governance.
At the end of the session, we present an enterprise-ready, multi-account architecture that you can start leveraging today.
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudNew Relic
The process of building new apps or migrating existing apps to a cloud-based platform is complex. There are hundreds of paths you can take and only a few will make sense for you and your business. Get a step-by-step guide on how to plan for a successful app migration.
Reduce Costs and Build a Strong Operational Foundation with the AWS Migration...Amazon Web Services
Speaker: Romulo Gapuz, Solutions Architect, AWS
Up to 80% of enterprise IT budgets are spent on maintaining existing workloads and keeping the lights on versus focusing on new products and services to better serve customers. Migrating existing workloads to the cloud provide a lever to do that, providing efficiencies and benefits on your existing workloads.
What if you could focus your attention and resources on differentiating your company in the marketplace? What if you could innovate at startup-like speed? And finally, what if you could dramatically reduce the risks inherent in your present infrastructure?
The Ideal Approach to Application Modernization; Which Way to the Cloud?Codit
Determine your best way to modernize your organization’s applications with Microsoft Azure.
Want to know more? Don't hesitate to download our White Paper 'Making the Move to Application Modernization; Your Compass to Cloud Native': http://bit.ly/39XylZp
Amazon Web Services gives you fast access to flexible and low cost IT resources, so you can rapidly scale and build virtually any big data and analytics application including data warehousing, clickstream analytics, fraud detection, recommendation engines, event-driven ETL, serverless computing, and internet-of-things processing regardless of volume, velocity, and variety of data.
In this one-hour webinar, we will look at the portfolio of AWS Big Data services and how they can be used to build a modern data architecture.
We will cover:
Using different SQL engines to analyze large amounts of structured data
Analysing streaming data in near-real time
Architectures for batch processing
Best practices for Data Lake architectures
This session is suited for:
Solution and enterprise architects
Data architects/ Data warehouse owners
IT & Innovation team members
Cloud Migration, Application Modernization and Security for PartnersAmazon Web Services
As AWS continues to expand, enterprise customers are increasingly looking to our partner ecosystem to assist in migrating their workloads to the cloud. This session describes the challenges, lessons learned and best practices for large scale application migrations. We will use real examples from our consulting partners and AWS Professional Services to illustrate how to move workloads to the cloud while modernizing the associated applications to take advantage of AWS’ unique benefits. We will also dive into how to use an array of AWS services and features to improve a customer’s security posture as they are migrating and once they are up and running in the cloud.
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudNew Relic
The process of building new apps or migrating existing apps to a cloud-based platform is complex. There are hundreds of paths you can take and only a few will make sense for you and your business. Get a step-by-step guide on how to plan for a successful app migration.
Reduce Costs and Build a Strong Operational Foundation with the AWS Migration...Amazon Web Services
Speaker: Romulo Gapuz, Solutions Architect, AWS
Up to 80% of enterprise IT budgets are spent on maintaining existing workloads and keeping the lights on versus focusing on new products and services to better serve customers. Migrating existing workloads to the cloud provide a lever to do that, providing efficiencies and benefits on your existing workloads.
What if you could focus your attention and resources on differentiating your company in the marketplace? What if you could innovate at startup-like speed? And finally, what if you could dramatically reduce the risks inherent in your present infrastructure?
The Ideal Approach to Application Modernization; Which Way to the Cloud?Codit
Determine your best way to modernize your organization’s applications with Microsoft Azure.
Want to know more? Don't hesitate to download our White Paper 'Making the Move to Application Modernization; Your Compass to Cloud Native': http://bit.ly/39XylZp
Amazon Web Services gives you fast access to flexible and low cost IT resources, so you can rapidly scale and build virtually any big data and analytics application including data warehousing, clickstream analytics, fraud detection, recommendation engines, event-driven ETL, serverless computing, and internet-of-things processing regardless of volume, velocity, and variety of data.
In this one-hour webinar, we will look at the portfolio of AWS Big Data services and how they can be used to build a modern data architecture.
We will cover:
Using different SQL engines to analyze large amounts of structured data
Analysing streaming data in near-real time
Architectures for batch processing
Best practices for Data Lake architectures
This session is suited for:
Solution and enterprise architects
Data architects/ Data warehouse owners
IT & Innovation team members
Cloud Migration, Application Modernization and Security for PartnersAmazon Web Services
As AWS continues to expand, enterprise customers are increasingly looking to our partner ecosystem to assist in migrating their workloads to the cloud. This session describes the challenges, lessons learned and best practices for large scale application migrations. We will use real examples from our consulting partners and AWS Professional Services to illustrate how to move workloads to the cloud while modernizing the associated applications to take advantage of AWS’ unique benefits. We will also dive into how to use an array of AWS services and features to improve a customer’s security posture as they are migrating and once they are up and running in the cloud.
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018Amazon Web Services
In modern, microservices-based applications, it’s critical to have end-to-end observability of each microservice and the communications between them in order to quickly identify and debug issues. In this session, we cover the techniques and tools to achieve consistent, full-application observability, including monitoring, tracing, logging, and service mesh.
Cloud migration is more than simply a business efficiency or a cost-saving measure. It’s a critical step towards digital transformation, innovation and operational resilience that has opened up opportunities for those who’ve embraced cloud adoption.
Whether you are looking to embark on your cloud migration or scaling the number of applications you’re moving to the cloud, it does not need to be a daunting task or one that you go at alone. AWS offers 10 years of experience helping businesses to efficiently move their legacy on-premises systems to the cloud. We work closely alongside numerous local delivery partners to help you meet your business needs.
Our Cloud Migration insights forum helps you to learn how to simplify your cloud journey with AWS.
Amazon QuickSight is a fast BI service that makes it easy for you to build visualizations, perform ad-hoc analysis, and quickly get business insights from your data. QuickSight is built to harness the power and scalability of the cloud, so you can easily run analysis on large datasets, and support hundreds of thousands of users. In this session, we’ll demonstrate how you can easily get started with Amazon QuickSight, uploading files, connecting to S3 and Redshift and creating analyses from visualizations that are optimized based on the underlying data. Once we’ve built our analysis and dashboard, we’ll show you easy it is to share it with colleagues and stakeholders in just a few seconds. And with SPICE – QuickSight’s in-memory calculation engine – you can go from data to insights, faster than ever.
by Jeet Shangari, Sr. Technical Account Manager, AWS
Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high-quality software at a fast pace. In this session, we will cover how you can begin your DevOps journey by sharing best practices and tools used by the engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows. We will also cover an introduction to AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, AWS Cloud9, and AWS X-Ray the services inspired by Amazon's internal developer tools and DevOps practice. Level 200
When migrating applications to the AWS Cloud, it’s important to architect cloud environments that are efficient, secure, and compliant. Companies depend on critical enterprise applications to run their business. In this session, learn about the compute, storage, and networking services that AWS offers to help you build, run, and scale your business-critical applications more quickly, securely, and cost-efficiently. We also cover the AWS services and partners that are available to help you modernize and migrate your business-critical applications to the cloud.
Best Practices for Migrating Oracle Databases to the Cloud - AWS Online Tech ...Amazon Web Services
Learning Objectives:
- Learn how to migrate Oracle databases to the cloud
- Learn how to run additional components of the Oracle stack on AWS
- Get acquainted with other database options on AWS
Here we go! Our Experts take on Legacy Application Modernization with Microsoft Azure.
With Microsoft Azure gaining ground in the Cloud infrastructure race, this article aims to discuss the cutting-edge features and advantages of Legacy App Modernization using Microsoft Azure and the Key things to consider when your application takes on the Azure outfit. Article below derived from the White Paper presented by our MS Azure team. Read on to explore the top ways how Application Modernization using Microsoft Azure helps you gain the competitive edge.
Read more, please visit here: https://www.optisolbusiness.com/insight/legacy-application-modernization-with-microsoft-azure
There are options beyond a straight forward lift and shift into Infrastructure as a Service. This session is about learning about how Azure helps modernize applications faster utilising modern technologies like PaaS, containers and serverless
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...Amazon Web Services
Whether you are moving a small application or entire datacenters, migrating to the cloud can be a complex process. In this session, we will share some of the common challenges that our customers face on their journey to the cloud and discuss how these challenges can be overcome. We will outline the patterns of success that we have observed from partnering with hundreds of customers on their large-scale migrations as well as highlight the mechanisms we have created to help our customers migrate faster.
About the Event:
AWS Transformation Day is designed for enterprise organizations migrating to the cloud to become more responsive, agile and innovative, while staying secure and compliant. Join us for this one-day event and we’ll share our experiences of helping enterprise customers accelerate the pace of migration and adoption of strategic services.
Who should attend?
This event is recommended for IT and business leaders who are looking to create sustainable benefits and a competitive advantage by using the AWS Cloud. CIOs, CTOs, CISOs, CDOs, CFOs, IT leaders and IT professionals, enterprise developers, business decision makers, and finance executives.
Amazon S3 hosts trillions of objects and is used for storing a wide range of data, from system backups to digital media. This presentation from the Amazon S3 Masterclass webinar we explain the features of Amazon S3 from static website hosting, through server side encryption to Amazon Glacier integration. This webinar will dive deep into the feature sets of Amazon S3 to give a rounded overview of its capabilities, looking at common use cases, APIs and best practice.
See a recording of this video here on YouTube: http://youtu.be/VC0k-noNwOU
Check out future webinars in the Masterclass series here: http://aws.amazon.com/campaigns/emea/masterclass/
View the Journey Through the Cloud webinar series here: http://aws.amazon.com/campaigns/emea/journey/
In this session, AWS will present an overview of the AWS Landing Zone – an automated solution for setting up a robust and flexible AWS environment. Customers can expect to learn how AWS works with customers to accelerate their journey to AWS confidently and securely and how the AWS Landing Zone can be customized to meet each organization’s specific needs.
Presenter: Sadegh Nadimi, Senior Consultant, Global Migrations, AWS
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, cost optimization and operational excellence when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud. In this session, you'll learn how to use the Well-Architected Framework to follow AWS guidelines and best practices to your architecture on AWS.
In this session, we introduce AWS Glue, provide an overview of its components, and share how you can use AWS Glue to automate discovering your data, cataloging it, and preparing it for analysis.
AWS offers a variety of data migration services and tools to help you easily and rapidly move everything from gigabytes to petabytes of data. We can provide guidance and methodologies to help you find the right service or tool to fit your requirements, and we share examples of customers who have used these options in their cloud journey.
Are you looking to automate your infrastructure but not sure where to start? View this presentation on ‘Getting started with Infrastructure as code’ to learn how to leverage IaC to deploy and manage resources on Azure. You will learn:
• Introduction to IaC
• Develop a simple IaC using Terraform
• Manage the deployed infrastructure using Terraform
View webinar recording at https://www.winwire.com/webinars
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018Amazon Web Services
In modern, microservices-based applications, it’s critical to have end-to-end observability of each microservice and the communications between them in order to quickly identify and debug issues. In this session, we cover the techniques and tools to achieve consistent, full-application observability, including monitoring, tracing, logging, and service mesh.
Cloud migration is more than simply a business efficiency or a cost-saving measure. It’s a critical step towards digital transformation, innovation and operational resilience that has opened up opportunities for those who’ve embraced cloud adoption.
Whether you are looking to embark on your cloud migration or scaling the number of applications you’re moving to the cloud, it does not need to be a daunting task or one that you go at alone. AWS offers 10 years of experience helping businesses to efficiently move their legacy on-premises systems to the cloud. We work closely alongside numerous local delivery partners to help you meet your business needs.
Our Cloud Migration insights forum helps you to learn how to simplify your cloud journey with AWS.
Amazon QuickSight is a fast BI service that makes it easy for you to build visualizations, perform ad-hoc analysis, and quickly get business insights from your data. QuickSight is built to harness the power and scalability of the cloud, so you can easily run analysis on large datasets, and support hundreds of thousands of users. In this session, we’ll demonstrate how you can easily get started with Amazon QuickSight, uploading files, connecting to S3 and Redshift and creating analyses from visualizations that are optimized based on the underlying data. Once we’ve built our analysis and dashboard, we’ll show you easy it is to share it with colleagues and stakeholders in just a few seconds. And with SPICE – QuickSight’s in-memory calculation engine – you can go from data to insights, faster than ever.
by Jeet Shangari, Sr. Technical Account Manager, AWS
Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high-quality software at a fast pace. In this session, we will cover how you can begin your DevOps journey by sharing best practices and tools used by the engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows. We will also cover an introduction to AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, AWS Cloud9, and AWS X-Ray the services inspired by Amazon's internal developer tools and DevOps practice. Level 200
When migrating applications to the AWS Cloud, it’s important to architect cloud environments that are efficient, secure, and compliant. Companies depend on critical enterprise applications to run their business. In this session, learn about the compute, storage, and networking services that AWS offers to help you build, run, and scale your business-critical applications more quickly, securely, and cost-efficiently. We also cover the AWS services and partners that are available to help you modernize and migrate your business-critical applications to the cloud.
Best Practices for Migrating Oracle Databases to the Cloud - AWS Online Tech ...Amazon Web Services
Learning Objectives:
- Learn how to migrate Oracle databases to the cloud
- Learn how to run additional components of the Oracle stack on AWS
- Get acquainted with other database options on AWS
Here we go! Our Experts take on Legacy Application Modernization with Microsoft Azure.
With Microsoft Azure gaining ground in the Cloud infrastructure race, this article aims to discuss the cutting-edge features and advantages of Legacy App Modernization using Microsoft Azure and the Key things to consider when your application takes on the Azure outfit. Article below derived from the White Paper presented by our MS Azure team. Read on to explore the top ways how Application Modernization using Microsoft Azure helps you gain the competitive edge.
Read more, please visit here: https://www.optisolbusiness.com/insight/legacy-application-modernization-with-microsoft-azure
There are options beyond a straight forward lift and shift into Infrastructure as a Service. This session is about learning about how Azure helps modernize applications faster utilising modern technologies like PaaS, containers and serverless
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...Amazon Web Services
Whether you are moving a small application or entire datacenters, migrating to the cloud can be a complex process. In this session, we will share some of the common challenges that our customers face on their journey to the cloud and discuss how these challenges can be overcome. We will outline the patterns of success that we have observed from partnering with hundreds of customers on their large-scale migrations as well as highlight the mechanisms we have created to help our customers migrate faster.
About the Event:
AWS Transformation Day is designed for enterprise organizations migrating to the cloud to become more responsive, agile and innovative, while staying secure and compliant. Join us for this one-day event and we’ll share our experiences of helping enterprise customers accelerate the pace of migration and adoption of strategic services.
Who should attend?
This event is recommended for IT and business leaders who are looking to create sustainable benefits and a competitive advantage by using the AWS Cloud. CIOs, CTOs, CISOs, CDOs, CFOs, IT leaders and IT professionals, enterprise developers, business decision makers, and finance executives.
Amazon S3 hosts trillions of objects and is used for storing a wide range of data, from system backups to digital media. This presentation from the Amazon S3 Masterclass webinar we explain the features of Amazon S3 from static website hosting, through server side encryption to Amazon Glacier integration. This webinar will dive deep into the feature sets of Amazon S3 to give a rounded overview of its capabilities, looking at common use cases, APIs and best practice.
See a recording of this video here on YouTube: http://youtu.be/VC0k-noNwOU
Check out future webinars in the Masterclass series here: http://aws.amazon.com/campaigns/emea/masterclass/
View the Journey Through the Cloud webinar series here: http://aws.amazon.com/campaigns/emea/journey/
In this session, AWS will present an overview of the AWS Landing Zone – an automated solution for setting up a robust and flexible AWS environment. Customers can expect to learn how AWS works with customers to accelerate their journey to AWS confidently and securely and how the AWS Landing Zone can be customized to meet each organization’s specific needs.
Presenter: Sadegh Nadimi, Senior Consultant, Global Migrations, AWS
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, cost optimization and operational excellence when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud. In this session, you'll learn how to use the Well-Architected Framework to follow AWS guidelines and best practices to your architecture on AWS.
In this session, we introduce AWS Glue, provide an overview of its components, and share how you can use AWS Glue to automate discovering your data, cataloging it, and preparing it for analysis.
AWS offers a variety of data migration services and tools to help you easily and rapidly move everything from gigabytes to petabytes of data. We can provide guidance and methodologies to help you find the right service or tool to fit your requirements, and we share examples of customers who have used these options in their cloud journey.
Are you looking to automate your infrastructure but not sure where to start? View this presentation on ‘Getting started with Infrastructure as code’ to learn how to leverage IaC to deploy and manage resources on Azure. You will learn:
• Introduction to IaC
• Develop a simple IaC using Terraform
• Manage the deployed infrastructure using Terraform
View webinar recording at https://www.winwire.com/webinars
Integrating the CDO Role Into Your Organization; Managing the Disruption (MIT...Caserta
The role of the Chief Data Officer (CDO) has become integral to the evolution needed to turn a wisdom-driven company into an analytics-driven company. With Data Governance at the core of your responsibility, moving the innovation meter is a global challenge among CDOs. Specifically the CDO must:
• Provide a single point of accountability for data initiatives and issues
• Innovate ways to use existing data and evangelize a data vision for the organization
• Support & enforce data governance policies via outreach, training & tools
• Work with IT to develop/maintain an enterprise data repository
• Set standards for analytical reporting and generate data insights through data science
In this session, Joe Caserta addresses real-word CDO challenges, shares techniques to overcome them, manage corporate disruption and achieve success.
Conociendo los servicios adicionales en big dataSpanishPASSVC
Todos han empezado a usar y a conocer Hadoop y HDInsight, en parte los lenguajes usados para su consumo, pero poco se hablado de los servicios complementarios que pueden enriquecer la experiencia BigData, conozca estos servicios y su aplicación.
How To: De Raspberry Pi als downloadmachineIDG Nederland
Vind je het onhandig dat je jouw computer ‘s avonds niet kunt uitschakelen omdat hij nog torrents aan het downloaden is? Met de Raspberry Pi kan je zelf een energiezuinige computer maken die torrents downloadt en die je probleemloos aan laat staan. We hangen er een externe harde schijf aan en installeren Deluge, een opensource bittorrent-pakket. Op een Windows-pc draai je de desktopclient van Deluge, die dan al je bittorrent-taken afhandelt in combinatie met de Deluge-server op je Raspberry Pi. Tot slot zorgen we ervoor dat je Raspberry Pi de gedownloade bestanden op je netwerk deelt, zodat je er eenvoudig toegang tot hebt. Kortom: bouw je eigen torrentbox!
Everything generates logs. Applications, infrastructure, security ... everything. Keeping track of the flood of log data is a big challenge, yet critical to your ability to understand your systems and troubleshoot (or prevent) issues. In this session, we will use both Amazon CloudWatch and application logs to show you how to build an end-to-end log analytics solution. First, we cover how to configure an Amazon Elaticsearch Service domain and ingest data into it using Amazon Kinesis Firehose, demonstrating how easy it is to transform data with Firehose. We look at best practices for choosing instance types, storage options, shard counts, and index rotations based on the throughput of incoming data and configure a secure analytics environment. We demonstrate how to set up a Kibana dashboard and build custom dashboard widgets. Finally, we dive deep into the Elasticsearch query DSL and review approaches for generating custom, ad-hoc reports.
The Biggest Lies That Digital Marketers Tell Themselves - 3XE DigitalEduardas Gricius
3XE Digital Proudly presents:
Samuel Scott, Marcom Director at Logz.io & Columnist at The Drum
Too much of the time, people accept whatever so-called experts and influencers tell them. We believe whatever we hear within the digital marketing echo chamber — even when those ideas are presented without evidence and later shown to be false. In this keynote address, Samuel Scott, the Marcom Director of log analytics platform Logz.io and a columnist for The Drum, will highlight the biggest lies and falsehoods within online marketing.
**presentation is NOT for commercial use**
For more info visit: www.3xedigital.com
(SEC320) Leveraging the Power of AWS to Automate Security & ComplianceAmazon Web Services
"You’ve made the move to AWS and are now reaping the benefits of decreased costs and increased business agility. How can you reap those same benefits for your cloud security and compliance operations? As building cloud-native applications requires different skill sets, architectures, integrations, and processes, implementing effective, scalable, and robust security for the cloud requires rethinking everything from your security tools to your team culture.
Attend this session to learn how to start down the path toward security and compliance automation and hear how DevSecOps leaders such as Intuit and Capital One are using AWS, DevOps, and automation to transform their security operations.
Session sponsored by evident.io"
Lifehacking met Evernote is een Nederlandstalig handboek voor Evernote - het digitale notitieboekje voor je computer, tablet én smartphone.
Geschreven door Frank Meeuwsen, Oskar van Rijswijk en Patrick Mackaaij.
High Availability Architecture for Legacy Stuff - a 10.000 feet overviewMarco Amado
An overview of the tools and tricks you could use to turn a monolithic big pile of... Apache, PHP, and MariaDB into an awesome high-availability, load balanced, shiny new pile of... Apache, PHP, and MariaDB. Zero, or almost zero changes to the codebase.
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
An organisation’s security controls are defined in part as a result of a need to comply with external industry regulatory requirements, and in part as a result of the organisation’s own risk appetite and culture. In this session we discuss our recommendations for producing a highly-secure AWS baseline environment, comprising multiple AWS accounts to enforce separation of duty, and each configured with a set of base controls for implementing access control, log capture and aggregation, and attack mitigation. We then map common sets of security controls to this architecture, and show how such an architecture can meet the requirements of various external standards.
This AWS Security Checklist webinar will help you and your auditors assess the security of your AWS environment in accordance with industry or regulatory standards. This security focused checklist builds on recently revised Operational Checklists for AWS, which helps you evaluate your applications against a list of best practices before deployment.
Learning Objectives:
* Evaluate the ability of AWS services to meet information security objectives and ensure future deployments within the AWS cloud are done in a secure and compliant way
* Assess your existing organisational use of AWS and to ensure it meets security best practices
* Develop AWS usage policies or validate that existing policies are being followed
This session will start with an overview of the AWS security & compliance programs that enable financial services institutions to create secure workloads as they move to the cloud. We will dive into Financial Services Institutions (FSI) specific security considerations and regional regulations that may need to be considered.
Tom Jones, Solution Architect at Amazon Web Services leads a 60-minute tour through everything you need to know to develop, deploy and operate your first secure applications and services on AWS.
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
This session will review how AWS allows FinTech’s across APAC to innovate at pace while maintaining the high level of security expected by the financial services community. We will review security domains including Infrastructure Security, Data Protection, Logging & Monitoring, Identity & Access Management and Intrusion Detection.
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...Amazon Web Services
This session covers what a real-world production deployment of a fully automated deployment pipeline looks like with instances that are deployed without SSH keys. By leveraging AWS CloudFormation along with Docker and AWS CodeDeploy, we show how we achieved semi-immutable and fully immutable infrastructures, and what the challenges and remediations were.
Cloud Migration, Application Modernization, and Security Tom Laszewski
As AWS continues to expand, enterprise customers are looking to our partner ecosystem to assist in migrating their workloads to the cloud. This session describes the challenges, lessons learned and best practices for large scale application migrations. We will use real examples from our consulting partners and AWS Professional Services to illustrate how to move workloads to the cloud while modernizing the associated applications to take advantage of AWS’ unique benefits. We will also dive into how to use an array of AWS services and features to improve a customer’s security posture as they are migrating and once they are up and running in the cloud
Security Best Practices - Transformation Day Public Sector London 2017Amazon Web Services
This session showcases best practices for operating securely at scale on AWS. We’ll introduce the AWS Security Best Practices whitepaper that covers a range of security recommendations for identity and access management, logging and monitoring, infrastructure security, and data protection. We’ll also examine practical examples found in the Center for Internet Security’s CIS AWS Foundations and CIS AWS Three-Tier Web Architecture benchmarks. Come learn how to "Just Turn It On!"
Speaker:
Angus McAllister, Solutions Architect, Amazon Web Services
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Amazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture decisions made by Fortune 500 organizations during actual sensitive workload deployments as told by the AWS professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture & service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
Cloud Migration, Application Modernization and Security for PartnersAmazon Web Services
As AWS continues to expand, enterprise customers are increasingly looking to our partner ecosystem to assist in migrating their workloads to the cloud. This session describes the challenges, lessons learned, and best practices for large-scale application migrations. We will use real examples from our consulting partners and AWS Professional Services to illustrate how to move workloads to the cloud while modernizing the associated applications to take advantage of the unique benefits of AWS. We will also dive into how to use an array of AWS services and features to improve customers' security posture as they migrate and once they are up and running in the cloud.
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
Kseniya Leshchenko: Shared development support service model as the way to ma...Lviv Startup Club
Kseniya Leshchenko: Shared development support service model as the way to make small projects with small budgets profitable for the company (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
In the Adani-Hindenburg case, what is SEBI investigating.pptxAdani case
Adani SEBI investigation revealed that the latter had sought information from five foreign jurisdictions concerning the holdings of the firm’s foreign portfolio investors (FPIs) in relation to the alleged violations of the MPS Regulations. Nevertheless, the economic interest of the twelve FPIs based in tax haven jurisdictions still needs to be determined. The Adani Group firms classed these FPIs as public shareholders. According to Hindenburg, FPIs were used to get around regulatory standards.
Implicitly or explicitly all competing businesses employ a strategy to select a mix
of marketing resources. Formulating such competitive strategies fundamentally
involves recognizing relationships between elements of the marketing mix (e.g.,
price and product quality), as well as assessing competitive and market conditions
(i.e., industry structure in the language of economics).
Recruiting in the Digital Age: A Social Media MasterclassLuanWise
In this masterclass, presented at the Global HR Summit on 5th June 2024, Luan Wise explored the essential features of social media platforms that support talent acquisition, including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok.
The world of search engine optimization (SEO) is buzzing with discussions after Google confirmed that around 2,500 leaked internal documents related to its Search feature are indeed authentic. The revelation has sparked significant concerns within the SEO community. The leaked documents were initially reported by SEO experts Rand Fishkin and Mike King, igniting widespread analysis and discourse. For More Info:- https://news.arihantwebtech.com/search-disrupted-googles-leaked-documents-rock-the-seo-world/
Building Your Employer Brand with Social MediaLuanWise
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement – helping to position your organization as an employer of choice in today's competitive talent landscape.
4. “Everything starts with a threat model”
• STRIDE, DREAD, others
• Identify:
• Actors
• Vectors
• “Bad stuff that could happen when bad people get creative”
• Probabilities and consequences of bad stuff happening
• Apply technical and procedural mitigations
• All the way up the OSI stack, from network to application
• Dan Ionita's "Gazetteer of threat / risk modelling frameworks":
http://eprints.eemcs.utwente.nl/23767/
7. Attack vectors
• Application-level and API-level attacks
• “If it takes input, it likely has an in-band attack vector”
• “If it has a control point, it likely has an out-of-band attack vector”
• “Even if it doesn’t itself have a useful compromise, it might be a useful
propagation vector”
• A successful attack = disruption or corruption of service output, or
reduction in responsiveness to future service calls, or being a conduit
of “bad content” to vulnerable consumers of the service
• Consider the OWASP Top 10 and other application-level attacks
9. Why a Mapping of Security Controls?
• PCI-DSS
• standards for merchants which process credit card payments and
have strict security requirements to protect cardholder data. A point-
in-time certification.
• SOC 1-3
• designed by the “big 4” auditors as an evolution of SSAE16, SAS70
etc, and to address perceived shortcomings in ISO27001. A
continuous-assessment certification, covering process and
implementation.
• ISO 27001
• outlines the requirements for Information Security Management
Systems. A point-in-time certification, but one which requires
mature processes.
10. General Headings:
• Infrastructure meta-security
• Host security
• Network security
• Logging and Auditing
• Resilience
• User Access Control and Management
• Cryptography and Key Management
• Incident Response and Forensics
• “Anti-Malware”
• Separation of Duty
• Data Lifecycle Management
• Geolocation
• Anti-DDoS
11. “Can our current Security Functions be mapped onto AWS?”
AWS Environment Management
Logging and Auditing
Asset Management
Management Access Control
Configuration Management
Configuration
Monitoring
AWS CloudTrail
AWS Config, API
AWS IAM, Organizations
Web Console
AWS CloudFormation
AWS OpsWorks
CLI
API
SDKs
Amazon CloudWatch
12. “Can our current Security Functions be mapped onto AWS?”
Network
AWS to Customer Networks
Layer 2 Network Segregation
Stateless Traffic Management
IPsec VPN
Firewall/ Layer 3 Packet Filter
IDS/IPS
Managed DDoS Prevention
Internet and/or Direct Connect
Amazon VPC
Network Access Control Lists
VPC VGW, Marketplace
Security Groups
AWS CloudTrail, CloudWatch
Logs,SNS, VPC Flow Logging
Included in Amazon CloudFront
13. “Can our current Security Functions be mapped onto AWS?”
Encryption, Key Management
Data-In-Flight
Volume Encryption
Object Encryption
Key Management
Dedicated HSMs
Database Encryption
IPsec or TLS or your own
Amazon EBS Encryption
Amazon S3 Encryption (Server and Client Side)
AWS Key Management Service
AWS CloudHSM
TDE (RDS / Oracle EE)
Encrypted Amazon EBS (with KMS)
Encrypted Amazon Redshift
14. “Can our Current Security Functions be mapped onto AWS?”
Data Management
Hierarchical Storage
Deletion Protection
Versioning
Archiving
Amazon S3 Lifecycle
Amazon S3 MFA Delete
Amazon S3 Versioning
Amazon Glacier (optionally, with Vault Lock)
15. “Can our Current Security Functions be mapped onto AWS?”
Host / Instance Security
Traditional Controls
Instance Management
Incident Management
Asset Management
Instance Separation
Traditional Controls (mostly)
Delete-and-promote
More alternatives!
“What the API returns, is true”
PCI Level 1 Hypervisor
Dedicated Instances
16. “Can our Current Security Functions be mapped onto AWS?”
Logging, Analysis, Alerting
Traditional OS Sources
Database Logs
Traditional OS Sources
CloudWatch Logs
EC2 Systems Manager Inventory
RDS / Redshift Logs
17. Logs→metrics→alerts→actions
AWS Config
CloudWatch /
CloudWatch Logs
CloudWatch
alarms
AWS CloudTrail
Amazon EC2 OS logs
Amazon VPC
Flow Logs
Amazon SNS
email notification
HTTP/S
notification
SMS
notifications
Mobile push
notifications
API calls
from most
services
Monitoring data
from AWS
services
Custom
metrics
19. The Story So Far
• MASCOT
• fully role- and identity-managed implementation from ProServe
• Presented at Re:Invent 2016 SAC319
(https://www.youtube.com/watch?v=pqq39mZKQXU ), SAC320
(https://www.youtube.com/watch?v=xjtSWd8z_bE )
• Bertram Dorn's work from 2014
• similar structure, but a number of differences
• https://youtu.be/CNSaJs7pWjA
• Neither covers Organizations (quite yet)
• MASCOT has coverage for KMS
21. • Less obvious cases:
• Look at your own org chart and body of policies
• Consider how Separation of Duty and Need to Know operate
• both within and between departments
• Within org charts, policy, compliance scoping, and the need to
ringfence dev accounts where bugs could impact API access, lies the
answers to "how many:
• AWS Organizations
• KMS CMKs
• AWS accounts
• ...do I need?"
What Needs Segregating from What?
36. Best practices – AWS Organizations
1. Monitor activity in the master account using CloudTrail
2. Do not manage resources in the master account
3. Manage your organization using the principal of “Least privilege”
4. Use OUs to assign controls
5. Test controls on single AWS account first
6. Only assign controls to root of organization if necessary
7. Avoid mixing “whitelisting” and “blacklisting” SCPs in organization
8. Create new AWS accounts for the right reasons
37. More on SCPs
• Service Control Policies
• ...which look like IAM policies
• (but without support for Conditions, in v1.0)
• Imposed by Master account on child accounts
• essentially concatenate with per-child-account IAM policies
• Allows / Denies access to specific per-service API calls, or whole services
• as with IAM policies, a single explicit Deny overrides any number of explicit
Allows
• But: they are also applied to the root user in the child account
• Here's where we get into Mandatory Access Control! J
38. More on SCPs
• Also:
• you don't have to apply an SCP before you populate your account with
assets...
• this lends the idea of "immutable infrastructure" to other services, from
the point of view of the child accounts
• (including Serverless)
• eg:
• S3 websites which can't have their contents changed
• Lambda functions which are invoke-only "black boxes"
• ACM cert / key pairs which can't be deleted
• Prevent CloudTrail, Config ever being turned off
• ...
43. Now Add an Incident Response Baseline:
• Have a small NACLed subnet per AZ, per VPC for isolation of misbehaving
instances
• flip their ENIs to it, as needed
• Have a Forensics role like the Audit role, per-account
• read-only access to (essentially) everything
• Have a runbook so a Forensic Investigator can work with the network admin
team to:
• provision a forensic workstation AMI onto the isolation subnet
• open a hole in the NACL to the workstation from an appropriate bastion
(or use Run Command to remotely operate forensic CLI tools)
47. Billing Records Handled by Organizations Master
ItemDescription
UsageStart
Date
UsageEnd
Date
UsageQuanti
ty
Currency
Code
CostBefo
reTax
Cred
its
TaxAm
ount
TaxTy
pe
TotalCo
st
$0.000 per GB - regional data transfer under the monthly
global free tier
01.04.14
00:00
30.04.14
23:59 0.00000675 USD 0.00 0.0
0.0000
00 None
0.00000
0
$0.05 per GB-month of provisioned storage - US West
(Oregon)
01.04.14
00:00
30.04.14
23:59
1.126.666.5
54 USD 0.56 0.0
0.0000
00 None
0.56000
0
First 1,000,000 Amazon SNS API Requests per month are
free
01.04.14
00:00
30.04.14
23:59 10.0 USD 0.00 0.0
0.0000
00 None
0.00000
0
First 1,000,000 Amazon SQS Requests per month are free
01.04.14
00:00
30.04.14
23:59 4153.0 USD 0.00 0.0
0.0000
00 None
0.00000
0
$0.00 per GB - EU (Ireland) data transfer from US West
(Northern California)
01.04.14
00:00
30.04.14
23:59 0.00003292 USD 0.00 0.0
0.0000
00 None
0.00000
0
$0.000 per GB - data transfer out under the monthly
global free tier
01.04.14
00:00
30.04.14
23:59 0.02311019 USD 0.00 0.0
0.0000
00 None
0.00000
0
First 1,000,000 Amazon SNS API Requests per month are
free
01.04.14
00:00
30.04.14
23:59 88.0 USD 0.00 0.0
0.0000
00 None
0.00000
0
$0.000 per GB - data transfer out under the monthly
global free tier
01.04.14
00:00
30.04.14
23:59 3.3E-7 USD 0.00 0.0
0.0000
00 None
0.00000
0
49. S3 Subtleties
• S3 write-only cross-account sharing
• Share write-only (no reading or listing of contents) from owner account
via bucket policy
• Writer accounts have IAM permissions to write
52. Staging and Masking Logs
• Extend it to mask relevant fields in:
• CloudWatch logs
• ELB, CloudFront, Amazon VPC flow log, etc. records
• ...all of which use CloudWatch Logs
• If we use CloudWatch Events, we can use a Lambda function to land
our logs in a local S3 bucket, then use a cross-account Lambda function
to mask-and-forward
• Config records can be forwarded as-is
55. On-premise
bucket
AWS Account: Bill
Aggregation
IdP server
Organization member
account
Organization non-member
account
API Endpoints
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
56. On-premise
bucket
AWS Account: Bill
Aggregation
IdP server
AWS
Organizations
Organization member
account
Organization non-member
account
API Endpoints
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
57. On-premise
AWS
Lambda
role
bucket
AWS Account: Bill
Aggregation and
Anonymisation
bucket
IdP server
AWS
Organizations
Organization member
account
Organization non-member
account
API Endpoints
AWS Account:
Anonymised
Bills
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
58. AWS Account: Log
aggregation
On-premise
bucket
AWS
Lambda
role
bucket
AWS Account: Bill
Aggregation and
Anonymisation
bucket
IdP server
AWS
Organizations
Organization member
account
Organization non-member
account
API Endpoints
AWS Account:
Anonymised
Bills
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
60. role
On-premise
AWS
Lambda
role
bucketbucket
AWS Account:
Anonymised
Logs
AWS
Lambda
role
bucket
AWS Account: Bill
Aggregation and
Anonymisation
bucket
AWS IAM
IdP server
AWS
Organizations
Organization member
account
Organization non-member
account
AWS Account: IAM
Federation
API Endpoints
AWS Account: Log
aggregation and
anonymisation
AWS Account:
Anonymised
Bills
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
61. role
On-premise
AWS
Lambda
role
bucketbucket
AWS Account:
Anonymised
Logs
AWS
Lambda
role
bucket
AWS Account: Bill
Aggregation and
Anonymisation
bucket
AWS IAM
IdP server
AWS
Organizations
Organization member
account
Organization non-member
account
AWS Account: IAM
Federation
API Endpoints
AWS Account: Security Team
AWS IAM
Scanning
tools
Forensics
tools
AWS Account: Log
aggregation and
anonymisation
AWS Account:
Anonymised
Bills
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
62. AWS Account: Resources
AWS IAM
role
On-premise
AWS
Lambda
role
bucketbucket
AWS Account:
Anonymised
Logs
AWS
Lambda
role
bucket
AWS Account: Bill
Aggregation and
Anonymisation
bucket
AWS IAM
IdP server
AWS KMS
AWS
Organizations
Organization member
account
Organization non-member
account
AWS Account: IAM
Federation
API Endpoints
AWS Account: Security Team
AWS IAM
Scanning
tools
Forensics
tools
AWS Account: Log
aggregation and
anonymisation
AWS Account:
Anonymised
Bills
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
63. AWS Account: Resources
AWS IAM
role
On-premise
AWS
Lambda
role
bucketbucket
AWS Account:
Anonymised
Logs
AWS
Lambda
role
bucket
AWS Account: Bill
Aggregation and
Anonymisation
bucket
AWS IAM
IdP server
AWS IAM
AWS Account: Resources
AWS KMS
AWS
Organizations
Organization member
account
Organization non-member
account
AWS Account: IAM
Federation
API Endpoints
AWS KMS
AWS Account: Security Team
AWS IAM
Scanning
tools
Forensics
tools
AWS Account: Log
aggregation and
anonymisation
AWS Account:
Anonymised
Bills
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
64. AWS Account: Resources
AWS IAM
role
On-premise
AWS
Lambda
role
bucketbucket
AWS Account:
Anonymised
Logs
AWS
Lambda
role
bucket
AWS Account: Bill
Aggregation and
Anonymisation
bucket
AWS IAM
IdP server
AWS IAM
AWS Account: ResourcesAWS IAM
AWS KMS
AWS
Organizations
LDAP
AWS Account: Shared
Svcs
AWS
CloudHSM
Organization member
account
Organization non-member
account
AWS Account: IAM
Federation
API Endpoints
AWS KMS
Internal
DNS
Scanning
tools
AWS Account: Security Team
AWS IAM
Scanning
tools
Forensics
tools
AWS Account: Log
aggregation and
anonymisation
AWS Account:
Anonymised
Bills
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
65. AWS Account: Resources
AWS IAM
role
On-premise
AWS
Lambda
role
bucketbucket
AWS Account:
Anonymised
Logs
AWS
Lambda
role
bucket
AWS Account: Bill
Aggregation and
Anonymisation
bucket
AWS IAM
IdP server
AWS Account:
Audit
(Internal)
AWS IAM
AWS Account: ResourcesAWS IAM
AWS KMS
AWS
Organizations
LDAP
AWS Account: Shared
Svcs
AWS
CloudHSM
Organization member
account
Organization non-member
account
AWS Account: IAM
Federation
API Endpoints
AWS KMS
Internal
DNS
Scanning
tools
AWS Account: Security Team
AWS IAM
Scanning
tools
Forensics
tools
AWS Account: Log
aggregation and
anonymisation
AWS Account:
Anonymised
Bills
Amazon
QuickSight
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
66. AWS Account: Resources
AWS IAM
role
On-premise
AWS
Lambda
role
bucketbucket
AWS Account:
Anonymised
Logs
AWS
Lambda
role
bucket
AWS Account: Bill
Aggregation and
Anonymisation
bucket
AWS IAM
IdP server
AWS Account:
Audit
(Internal)
AWS IAM
AWS Account: Resources
AWS Account:
Audit
(External)
AWS IAM
AWS KMS
AWS
Organizations
LDAP
AWS Account: Shared
Svcs
AWS
CloudHSM
Amazon
Athena
Organization member
account
Organization non-member
account
AWS Account: IAM
Federation
API Endpoints
AWS KMS
Internal
DNS
Scanning
tools
AWS Account: Security Team
AWS IAM
Scanning
tools
Forensics
tools
AWS Account: Log
aggregation and
anonymisation
AWS Account:
Anonymised
Bills
Amazon
QuickSight
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
67. AWS Account: Resources
AWS IAM
role
On-premise
AWS
Lambda
role
bucketbucket
AWS Account:
Anonymised
Logs
AWS
Lambda
role
bucket
AWS Account: Bill
Aggregation and
Anonymisation
bucket
AWS IAM
IdP server
AWS Account:
Audit
(Internal)
AWS IAM
AWS Account: Resources
AWS Account:
Audit
(External)
AWS Account:
Regulator
AWS IAM
AWS KMS
AWS
Organizations
LDAP
AWS Account: Shared
Svcs
AWS
CloudHSM
Amazon
Athena
Amazon
Redshift*
Organization member
account
Organization non-member
account
AWS Account: IAM
Federation
API Endpoints
AWS KMS
Internal
DNS
Scanning
tools
AWS Account: Security Team
AWS IAM
Scanning
tools
Forensics
tools
AWS Account: Log
aggregation and
anonymisation
AWS Account:
Anonymised
Bills
Amazon
QuickSight
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
68. AWS Account: Resources
AWS IAM
role
On-premise
AWS
Lambda
role
bucketbucket
AWS Account:
Anonymised
Logs
AWS
Lambda
role
bucket
AWS Account: Bill
Aggregation and
Anonymisation
bucket
AWS IAM
IdP server
AWS Account:
Audit
(Internal)
AWS IAM
AWS Account: Resources
AWS Account:
Audit
(External)
AWS Account:
Regulator
AWS IAM
AWS KMS
AWS
Organizations
LDAP
AWS Account: Shared
Svcs
AWS
CloudHSM
Amazon
Athena
Amazon
Redshift*
AWS Account:
Incident
Response
Organization member
account
Organization non-member
account
AWS Account: IAM
Federation
API Endpoints
AWS KMS
Internal
DNS
Scanning
tools
AWS Account: Security Team
AWS IAM
Scanning
tools
Forensics
tools
AWS Account: Log
aggregation and
anonymisation
AWS Account:
Anonymised
Bills
Amazon
QuickSight
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
69. AWS Account: Resources
AWS IAM
role
AWS Account: Log
aggregation and
anonymisation
On-premise
AWS
Lambda
role
bucketbucket
AWS Account:
Anonymised
Logs
AWS
Lambda
role
bucket
AWS Account: Bill
Aggregation and
Anonymisation
bucket
AWS Account:
Anonymised
Bills
AWS IAM
IdP server
AWS Account:
Audit
(Internal)
AWS IAM
AWS Account: Resources
AWS Account:
Audit
(External)
AWS Account:
Regulator
AWS IAM
AWS KMS
AWS
Organizations
LDAP
AWS Account: Shared
Svcs
AWS
CloudHSM
Amazon
Athena
Amazon
QuickSight
Amazon
Redshift*
bucket
AWS Account:
Forensic Repo
AWS Account:
Incident
Response
bucket
AWS Account:
Forensic
Working Repo
Read-only, read-all flow
API and IAM call flow
Logging traffic flow
Billing traffic flow
Organization member
account
Organization non-member
account
AWS Account: IAM
Federation
API Endpoints
AWS KMS
Internal
DNS
Scanning
tools
AWS Account: Security Team
AWS IAM
Scanning
tools
Forensics
tools
71. The Shared Security Model in Detail: https://youtu.be/RwUSPklR24M
IAM Recommended Practices: https://youtu.be/R-PyVnhxx-U
Encryption on AWS: https://youtu.be/DXqDStJ4epE
Securing Serverless Architectures: https://www.youtube.com/watch?v=8mpTpOXmws8
Helpful Videos
The 3 standards everyone asks me about, outside of industry-specific ones
PCI *is* industry-specific to a large degree, but if you need SOC, it's also good to have as SOC doesn't cover everything. For exampole, PCI has most detailed treatment of how AWS works with you and your investigators in the event of forensics work being needed.
PCI and ISO are assessed point-in-time, SOC is assessed over a period.
Be sure to look into the details, and get the standards for the details you need.
These are the 12 top-level subject areas I get asked about, and where I'd start on a mapping.
The start of a mapping, at AWS level.
As well as CloudWatch for monitoring hypervisor-visible load - so, CPU and network I/O, you also have CloudWatch Logs which can give you info on memory and storage capacity.
Direct Connect gives you known routing to your DX partner and on to us - also consistent performance.
VPC, see "A Day in the Life of a Billion Packets"
Most interesting here, is IDS / IPS and Managed DDoS - as it happens we released a new reference architecture whitepaper on this last Friday. There's a bit more later on host- or network-based IDS / IPS.
Post-LogJam, we've supplanted service suites which included SSL to ones which are TLS only in ELB
ELB encryption is transparent when using KMS.
KMS makes key management, including rotation, easy. CloudHSM can integrate with Safenet KeySecure for S3 encryption and key management, and ProtectV for encryption of EBS volumes, including root volumes of EBS-backed instances. CloudHSM is the option to go for when you need hard asurance that AWS can't get access to your keys.
Redshift can talk directly to CLoudHSM, as can Oracle EE deployed on top of RDS.
Lifecycle Management = hierarchical management, and Glacier vault contents aren't modifiable in-place once written.
Actually get one more step on this – EBS gets snapshotted to S3.
Deletion protection and versioning on S3 gives you something close to an append-only filesystem - great for logs and other data where you want to have measures in place to preserve evidence or other important data which shouldn't be modifiable.
Trad controls on-instance still work - except TPM, but some of this can be worked around.
Asset management - "No virtual desks to hide your virtual servers under". No way of provisioning something other than via the API, so the feedback loop is closed - API returns truth.
Trad controls on-instance still work - except TPM, but some of this can be worked around.
Asset management - "No virtual desks to hide your virtual servers under". No way of provisioning something other than via the API, so the feedback loop is closed - API returns truth.
This leads into a program called GoldBase
Talk about Launch Constraints – Leveraging an IAM Role to perform Launch for User
Talk about Template Constraints – limiting VPCs, Instance Types etc
aka "how to manage your logging buckets, continued".
If you share your versioned, MFA-delete bucket write-only across accounts from a dedicated Audit acct to Production, Staging, etc, then the policy on the bucket and the contents are both invisible and immutable to the account it's being shared with, even its root user - and having spent about half my working life in a multilevel, cross-domain, modified Bell-LaPadula world, this amounts to Mandatory Access Control.
You can also set SELinux up in properly constrained Enforcing Mode on EC2 - you could set up user-data at instance launch time to call a script to generate keys and then go into Enforcing mode, if you need to simulate TPM functionality. There may be better ways of doing this, as CloudHSM can be called from Java as well as PKCS#11 - get creative!