By leveraging "serverless architectures", startups and enterprises are building and running modern applications and services with increased agility and simplified scalability—all without managing a single server. Many applications need to manage user identities and support sign-in/sign-up. In this session, we dive deep on how to support millions of user identities, as well as how to integrate with social identity providers (such as Google and Facebook) and existing corporate directories. You learn the real-world design patterns that AWS customers use to implement authentication and authorization. By combining Amazon Cognito identity pools and user pools with API Gateway, AWS Lambda, and AWS IAM, you can add security without adding servers.
Every business needs a mobile app, and AWS has the tools and services to make it easy to design, build and test apps. We will cover authentication, authorisation and quota management using Cognito User pools and Amazon API Gateway; building apps from scratch that integrate with SaaS products using AWS Mobile Hub; testing physical devices using Amazon Device Farm; and reaching out to your customers using Amazon PinPoint.
Speakers:
Ed Lima, Associate Solutions Architect, Amazon Web Services
Arden Packeer, Enterprise Solutions Architect, Amazon Web Services
By leveraging serverless architectures, organisations are building and running modern applications and services with increased agility and simplified scalability—all without managing a single server. Many applications need to manage user identities and support sign-in/sign-up. In this session, we dive deep on how to support millions of user identities, as well as how to integrate with social identity providers and existing corporate directories. We will show the real-world design patterns that AWS customers use to implement authentication and authorisation.
Speaker: Myles Hosford, Security Solutions Architect, Amazon Web Services
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksAmazon Web Services
Amazon Cognito enables you to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, and control for user permissions. In addition, we will cover key use cases and discuss the associated benefits.
Learning Objectives:
1. Understand Cognito’s comprehensive feature set and benefits
2. Learn how to use Cognito to address different needs for user management and authorization
3. See how to get started and learn more
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives: • Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily • Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...Amazon Web Services
In this talk, we’ll take well known architectural patterns such as 3-tier web application, stream processing, scheduled jobs and show how they can be realized without needing to manage servers.
Every business needs a mobile app, and AWS has the tools and services to make it easy to design, build and test apps. We will cover authentication, authorisation and quota management using Cognito User pools and Amazon API Gateway; building apps from scratch that integrate with SaaS products using AWS Mobile Hub; testing physical devices using Amazon Device Farm; and reaching out to your customers using Amazon PinPoint.
Speakers:
Ed Lima, Associate Solutions Architect, Amazon Web Services
Arden Packeer, Enterprise Solutions Architect, Amazon Web Services
By leveraging serverless architectures, organisations are building and running modern applications and services with increased agility and simplified scalability—all without managing a single server. Many applications need to manage user identities and support sign-in/sign-up. In this session, we dive deep on how to support millions of user identities, as well as how to integrate with social identity providers and existing corporate directories. We will show the real-world design patterns that AWS customers use to implement authentication and authorisation.
Speaker: Myles Hosford, Security Solutions Architect, Amazon Web Services
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksAmazon Web Services
Amazon Cognito enables you to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, and control for user permissions. In addition, we will cover key use cases and discuss the associated benefits.
Learning Objectives:
1. Understand Cognito’s comprehensive feature set and benefits
2. Learn how to use Cognito to address different needs for user management and authorization
3. See how to get started and learn more
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives: • Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily • Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...Amazon Web Services
In this talk, we’ll take well known architectural patterns such as 3-tier web application, stream processing, scheduled jobs and show how they can be realized without needing to manage servers.
by Quint Van Deman, Sr. Business Development Manager, AWS
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in.
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Web Services
Learning Objectives:
-Understand user identity and federation principles and practices
-Learn how Amazon Cognito supports SAML and 3rd party IdP integration
-Demonstrate how to use Amazon Cognito’s built-in UI for user identity management.
App developers need a system to manage the identities of their users for sign-up, sign-in, and access control. Amazon Cognito now provides a public beta of built-in UI for developers to add user sign-up and sign-in pages to their application and customize the looks and feel of those pages simply through the Amazon Cognito console. Also in the public beta, Amazon Cognito now provides support for SAML based federation of user identities for integration with enterprise based directory systems and simplified support for 3rd party Identity Providers (IdP) such as Facebook and Google. This tech talk will provide a brief overview of Amazon Cognito and then discuss the details of the new features and capabilities of the public beta.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives:
*Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily
*Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014Amazon Web Services
Streamline your mobile app sign-up experience with Amazon Cognito. In this session, we demonstrate how to use Cognito to build secure mobile apps without storing keys in them. Learn how to apply policies to existing Facebook, Google, or Amazon identities to secure access to AWS resources, such as personnel files stored in Amazon S3. Finally, we show how to handle anonymous access to AWS from mobile apps when there is no user logged in.
Mobile Applications and The Internet of Things: AWS Lambda & AWS Cognito – Ad...Amazon Web Services
This session will show you how to get started quickly by covering key architectural design concepts and demonstrating the use of the AWS SDKs to simplify creating powerful applications for the always-on world that connects beyond the desktop.
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)Amazon Web Services
In this session, we will discuss how you can leverage the new cross-platform AWS Mobile Services to build a highly scalable and reliable mobile app, powered by the AWS cloud. We will explore core functionality like authentication and authorization of users, data synchronization, and back-end infrastructure without the need to manage servers. We'll also talk about understanding your user behavior, engaging your users, and bringing your users back to your app. No matter if you are building the next great social app, or a front-office enterprise mobile app, this session will discuss best practices for building reliable and scalable mobile apps.
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksAmazon Web Services
- Understand user identity and federation principles and practices
- Learn how Amazon Cognito works with federated identity providers
- See how to use Amazon Cognito to add the forms for user Sign-up and Sign-in to an application
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
Authentication and Authorization for Connected Mobile & Web Applications using Amazon Cognito and AWS AppSync
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
Level: Intermediate
Speaker: Brice Pelle - Enterprise Support Lead, AWS
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Amazon Web Services
Amazon Cognito lets you easily add user sign-up and sign-in to your mobile and web apps. Finding the right identity solution can often be challenging. In this session, we will look at how Cognito can support a wide range of authentication scenarios including customers, employees and systems to help you make the right choices.
Speaker: Stephen Liedig. Solutions Architect. Amazon Web Services
Level: 300
Add User Sign in and Management to your Apps with Amazon CognitoAmazon Web Services
Secure user sign up and sign in is an important starting point for many mobile and web applications. Amazon Cognito enables you to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, and control for user permissions. In addition, we will cover key use cases and discuss the associated benefits.
Learning Objectives:
• What is Cognito’s comprehensive feature set
• What are the benefits associated with using Cognito
• How to integrate Cognito into your applications
• Which use cases are best suited for Cognito
Who Should Attend?
• Developers
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
Learn how to set up an end-user directory, secure sign-up and sign-in, manage user profiles, authenticate and authorize your APIs, federate from enterprise and social identity providers, and use OAuth to integrate with your app—all without any server setup or code. With clear blueprints, we show you how to leverage Amazon Cognito to administer and secure your end users and enable identity for the applied patterns of mobile, web, and enterprise apps.
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKsAmazon Web Services
Businesses around the world are running the infrastructure that supports their websites and mobile applications in the cloud to lower costs, improve time-to-market, and enable rapid scalability. Join this webinar to learn how the AWS Mobile Services and Javascript SDKs make it easy to leverage the power of AWS to provide consistent user state across devices and platforms, authenticate users via public and private login providers, and to grant controlled access to AWS services and features right from your mobile or web application. Using a simple media application we will demonstrate how you can upload, store, repurpose and deliver content with Amazon S3, Amazon CloudFront and Amazon Elastic Transcoder, make efficient use of Amazon DynamoDB, take advantage of Amazon SQS to decouple your application workflow and to send push notifications to mobile devices via Amazon SNS.
Reasons to attend:
- Learn how you can deliver websites and applications that share state across platforms and devices, using Amazon Elastic Beanstalk and Amazon Cognito.
- Learn how to leverage the content repurposing, storage and delivery capabilities of Amazon Elastic Transcoder, Amazon S3 and Amazon CloudFront.
- Learn how to use the AWS Mobile and Javascript SDKs to create applications that manage media.
To develop cloud-native applications safely, it is good to follow some specific best practices. In this presentation, we'll look at how to leverage AWS services to accelerate the development of secure, scalable solutions, such as configuring Amazon API Gateway and Amazon Cognito for end user authentication and authorization, and what options are available to protect application credentials.
Many serverless applications need a way to manage end user identities and support sign-ups and sign-ins. Join this session to learn real-world design patterns for implementing authentication and authorization for your serverless application—such as how to integrate with social identity providers (such as Google and Facebook) and existing corporate directories. We cover how to use Amazon Cognito identity pools and user pools with API Gateway, Lambda, and IAM.
by Quint Van Deman, Sr. Business Development Manager, AWS
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in.
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Web Services
Learning Objectives:
-Understand user identity and federation principles and practices
-Learn how Amazon Cognito supports SAML and 3rd party IdP integration
-Demonstrate how to use Amazon Cognito’s built-in UI for user identity management.
App developers need a system to manage the identities of their users for sign-up, sign-in, and access control. Amazon Cognito now provides a public beta of built-in UI for developers to add user sign-up and sign-in pages to their application and customize the looks and feel of those pages simply through the Amazon Cognito console. Also in the public beta, Amazon Cognito now provides support for SAML based federation of user identities for integration with enterprise based directory systems and simplified support for 3rd party Identity Providers (IdP) such as Facebook and Google. This tech talk will provide a brief overview of Amazon Cognito and then discuss the details of the new features and capabilities of the public beta.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives:
*Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily
*Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014Amazon Web Services
Streamline your mobile app sign-up experience with Amazon Cognito. In this session, we demonstrate how to use Cognito to build secure mobile apps without storing keys in them. Learn how to apply policies to existing Facebook, Google, or Amazon identities to secure access to AWS resources, such as personnel files stored in Amazon S3. Finally, we show how to handle anonymous access to AWS from mobile apps when there is no user logged in.
Mobile Applications and The Internet of Things: AWS Lambda & AWS Cognito – Ad...Amazon Web Services
This session will show you how to get started quickly by covering key architectural design concepts and demonstrating the use of the AWS SDKs to simplify creating powerful applications for the always-on world that connects beyond the desktop.
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)Amazon Web Services
In this session, we will discuss how you can leverage the new cross-platform AWS Mobile Services to build a highly scalable and reliable mobile app, powered by the AWS cloud. We will explore core functionality like authentication and authorization of users, data synchronization, and back-end infrastructure without the need to manage servers. We'll also talk about understanding your user behavior, engaging your users, and bringing your users back to your app. No matter if you are building the next great social app, or a front-office enterprise mobile app, this session will discuss best practices for building reliable and scalable mobile apps.
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksAmazon Web Services
- Understand user identity and federation principles and practices
- Learn how Amazon Cognito works with federated identity providers
- See how to use Amazon Cognito to add the forms for user Sign-up and Sign-in to an application
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
Authentication and Authorization for Connected Mobile & Web Applications using Amazon Cognito and AWS AppSync
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
Level: Intermediate
Speaker: Brice Pelle - Enterprise Support Lead, AWS
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Amazon Web Services
Amazon Cognito lets you easily add user sign-up and sign-in to your mobile and web apps. Finding the right identity solution can often be challenging. In this session, we will look at how Cognito can support a wide range of authentication scenarios including customers, employees and systems to help you make the right choices.
Speaker: Stephen Liedig. Solutions Architect. Amazon Web Services
Level: 300
Add User Sign in and Management to your Apps with Amazon CognitoAmazon Web Services
Secure user sign up and sign in is an important starting point for many mobile and web applications. Amazon Cognito enables you to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, and control for user permissions. In addition, we will cover key use cases and discuss the associated benefits.
Learning Objectives:
• What is Cognito’s comprehensive feature set
• What are the benefits associated with using Cognito
• How to integrate Cognito into your applications
• Which use cases are best suited for Cognito
Who Should Attend?
• Developers
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
Learn how to set up an end-user directory, secure sign-up and sign-in, manage user profiles, authenticate and authorize your APIs, federate from enterprise and social identity providers, and use OAuth to integrate with your app—all without any server setup or code. With clear blueprints, we show you how to leverage Amazon Cognito to administer and secure your end users and enable identity for the applied patterns of mobile, web, and enterprise apps.
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKsAmazon Web Services
Businesses around the world are running the infrastructure that supports their websites and mobile applications in the cloud to lower costs, improve time-to-market, and enable rapid scalability. Join this webinar to learn how the AWS Mobile Services and Javascript SDKs make it easy to leverage the power of AWS to provide consistent user state across devices and platforms, authenticate users via public and private login providers, and to grant controlled access to AWS services and features right from your mobile or web application. Using a simple media application we will demonstrate how you can upload, store, repurpose and deliver content with Amazon S3, Amazon CloudFront and Amazon Elastic Transcoder, make efficient use of Amazon DynamoDB, take advantage of Amazon SQS to decouple your application workflow and to send push notifications to mobile devices via Amazon SNS.
Reasons to attend:
- Learn how you can deliver websites and applications that share state across platforms and devices, using Amazon Elastic Beanstalk and Amazon Cognito.
- Learn how to leverage the content repurposing, storage and delivery capabilities of Amazon Elastic Transcoder, Amazon S3 and Amazon CloudFront.
- Learn how to use the AWS Mobile and Javascript SDKs to create applications that manage media.
To develop cloud-native applications safely, it is good to follow some specific best practices. In this presentation, we'll look at how to leverage AWS services to accelerate the development of secure, scalable solutions, such as configuring Amazon API Gateway and Amazon Cognito for end user authentication and authorization, and what options are available to protect application credentials.
Many serverless applications need a way to manage end user identities and support sign-ups and sign-ins. Join this session to learn real-world design patterns for implementing authentication and authorization for your serverless application—such as how to integrate with social identity providers (such as Google and Facebook) and existing corporate directories. We cover how to use Amazon Cognito identity pools and user pools with API Gateway, Lambda, and IAM.
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...Amazon Web Services
Build a serverless microservices application demonstrating end-to-end authentication and authorization through the use of Amazon Cognito, Amazon API Gateway, AWS Lambda, and all-things AWS Identity and Access Management (IAM). You will build an end-to-end functional app with a secure identity provider showcasing user authentication patterns.
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
Are you curious about how to authenticate and authorize your applications on AWS? Have you thought about how to integrate AWS Identity and Access Management (IAM) with your app authentication? Have you tried to integrate third-party SAML providers with your app authentication? Look no further. This workshop walks you through step by step to configure and create Amazon Cognito user pools and identity pools. This workshop presents you with the framework to build an application using Java, .NET, and serverless. You choose the stack and build the app with local users. See the service being used not only with mobile applications, but with other stacks that normally don’t include Amazon Cognito.
Amazon Cognito now makes it easy to sign up and sign in users to your mobile and web apps. Previously, with Amazon Cognito you can use social identity providers like Facebook, Google, Twitter, and Amazon for user sign-in and federate these identities to allow secure access to AWS resources. Now with User Identity Pools in Amazon Cognito, you get a secure, low-cost, and fully managed user directory that can scale to 100s of millions of users. Join us for an overview of Amazon Cognito and how to get started with User Identity Pools.
Have you had any concerns with a selection of tool for authentication? This talk about Rodauth, awesome authentication framework. We will see how Rodauth can compete with existing libraries and which advantages and disadvantages do they have.
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
AWS Community Day Kochi 2019 - Technical Session
Enterprise grade security for web and mobile applications on AWS by Robin Varghese , Chief Architect - TCS
Serverless identity management, authentication, and authorization - SDD405-R ...Amazon Web Services
"In this workshop, you learn how to build a serverless microservices application demonstrating end-to-end authentication and authorization using Amazon Cognito, Amazon API Gateway, AWS Lambda, and all things IAM. You have the opportunity to build an end-to-end functional app with a secure identity provider showcasing user authentication patterns.
All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services."
by Dennis Hills, Developer Advocate, AWS
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...Amazon Web Services
Identity is a foundational element of SaaS design, and getting it right can be challenging. You need a strategy that allows you to connect users to tenants, roles, and policies in a seamless model that doesn't handcuff developers. Fortunately, identity providers and OpenID Connect give us a model that equips SaaS providers with the tools they need to address all the moving parts of SaaS identity. In this session, we dive into the details of how you can use these solutions to build a robust identity solution—a solution that covers binding identities to tenants, supports tenant and system roles, and isolates tenant access. The goal here is to provide a concrete example of how to orchestrate all of these elements of the SaaS identity model on AWS.
With services like AWS Lambda, Amazon DynamoDB and Amazon API Gateway, you can build and run applications and services without having to manage infrastructure. By leveraging these fully managed AWS services, organizations can increase developer productivity while continuously scaling to meet their demand.
Services: AWS Lambda, Amazon API Gateway, Amazon DynamoDB, Amazon Cognito User Pools.
Presenters: Oren Reuveni & Oren Katz
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Amazon Web Services
Serverless architecture and a microservices approach has changed the way we develop applications. Increased composability doesn't have to mean decreased auditability or security. In this talk, we discuss the security model for applications based on AWS Lambda functions and Amazon API Gateway. Learn about the security and compliance that comes with Lambda right out of the box and with no extra charge or management. We also cover services like AWS Config, AWS Identity and Access Management (IAM), Amazon Cognito, and AWS Secrets Manager available on the platform to help manage application security.
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
Web Based APIs have become a powerful tool for reaching end users in an increasingly fragmented market. The emergence of public and private APIs have introduced new challenges in identity management and access control. Attend this session to get a crash course in Web APIs, the risks they introduce and the emerging standards that can make them safer to use (including OAuth 2 and Open ID Connect)
by Nader Dabit, Developer Advocate AWS
You’ve got an awesome startup idea – Wild Rydes! The next generation in transportation will be driven by a willing unicorn population and your new startup will produce the worlds first unicorn hailing services. It’s just seven days to launch, and your designers have delivered the final designs for your website, but your idea depends on the mobile economy! Can you build out your web and mobile infrastructure in time for your launch?
Across three days, AWS experts will guide you through all the pieces that are needed to produce an awesome mobile experience for both your unicorns and your riders.
by Brice Pelle, Enterprise Support Lead, AWS
The designers have included a custom UI for a sign-in and sign-up page, but they forgot to actually include a service sign-up. In this session, we’ll wire up the sign-up and sign-in process with Amazon Cognito and link it to Amazon Pinpoint so you can run campaigns in the future to engage your users.
Similar to AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Management for Serverless Architectures (MBL306) (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
2. What to expect from the session
• Assumes high-level familiarity with serverless API
architectures (API Gateway, Lambda)
• Learn how to implement identity management for your
serverless apps, using
• Amazon Cognito User Pools
• Amazon Cognito Federated Identities
• Amazon API Gateway
• AWS Lambda
• AWS Identity and Access Management (IAM)
3. Hybrid mobile app
• Runs in web browser, Android, Apple iOS devices
• Built using Ionic 2 Framework
• Angular 2 / TypeScript
• AWS SDKs for JavaScript
Do try this at home
• Mobile app + API are open-sourced
(Apache 2.0 license)
• https://github.com/awslabs/
aws-serverless-auth-reference-app
SpaceFinder
Helps you book conference rooms and desks
9. • Never store passwords in plaintext!
• Vulnerable to rogue employees
• A hacked DB results in
all passwords being compromised
Username Email Password
beverly123 beverly123@example.com Password$123
pilotjane pilotjane@example.com a##eroplan3
sudhir1977 sudhir197@example.com mmd414997a
Sign-up and sign-in
2. Sign-in
1. Sign-up
10. Sign-up and sign-in
Username Email Hashed Password
beverly123 beverly123@example.com 21a730e7d6cc9d715efcc0514ed69a1f
pilotjane pilotjane@example.com fea74fde863cd38f88b3393f590ae883
sudhir1977 sudhir197@example.com 6ce6be14f0c775cc9b3dbe4e18d9fc7d
2. Sign in
1. Sign up
11. • MD5/SHA1 collisions
• Rainbow Tables
• Dictionary attacks, brute-force (GPUs can compute
billions of hashes/sec)
Username Email Hashed Password
beverly123 beverly123@example.com 21a730e7d6cc9d715efcc0514ed69a1f
pilotjane pilotjane@example.com fea74fde863cd38f88b3393f590ae883
sudhir1977 sudhir197@example.com 6ce6be14f0c775cc9b3dbe4e18d9fc7d
Sign-up and sign-in
2. Sign in
1. Sign up
12. Sign-up and sign-in
Username Email Salted Hash
beverly123 beverly123@example.com 1e66f9358530620b2bcae79dada717c…
pilotjane pilotjane@example.com 88fccd9cf82377d11d2fede177457d47…
sudhir1977 sudhir197@example.com 08a5981de4fecf04b1359a179962a48...
2. Sign in
1. Sign up
• Incorporate app-specific salt +
random user-specific salt
• Use algorithm with configurable # of iterations (e.g.
bcrypt, PBKDF2), to slow down brute force attacks
13. Sign-up and sign-in
2. Sign in
1. Sign up
Username Email
beverly123 beverly123@example.com
pilotjane pilotjane@example.com
sudhir1977 sudhir197@example.com
14. Sign-up and sign-in
Username Email SRP Verifier function
beverly123 beverly123@example.com <password-specific verifier>
pilotjane pilotjane@example.com <password-specific verifier>
sudhir1977 sudhir197@example.com <password-specific verifier>
2. Sign in
1. Sign up
15. Sign-up and sign-in
Username Email SRP Verifier function
beverly123 beverly123@example.com <password-specific verifier>
pilotjane pilotjane@example.com <password-specific verifier>
sudhir1977 sudhir197@example.com <password-specific verifier>
2. Sign in
1. Sign up
• Secure Remote Password (SRP) Protocol
• Verifier-based protocol
• Passwords never travel over the wire
• Resistant to several attack vectors
• Perfect Forward Secrecy
16. Sign-up and sign-in
Username Email SRP Verifier function
beverly123 beverly123@example.com <password-specific verifier>
pilotjane pilotjane@example.com <password-specific verifier>
sudhir1977 sudhir197@example.com <password-specific verifier>
2. Sign in
1. Sign up
Best practices
☐ Secure password handling
17. Sign-up and sign-in
Username Email SRP Verifier function
beverly123 beverly123@example.com <password-specific verifier>
pilotjane pilotjane@example.com <password-specific verifier>
sudhir1977 sudhir197@example.com <password-specific verifier>
2. Sign in
1. Sign up
Best practices
☐ Secure password handling
☐ Encrypt all data server-side
☐ Enforce password policies (min length, valid characters)
☐ Token-based Authentication
☐ MFA - via SMS for sign-in and forgot password flows
☐ Support CAPTCHAs and other custom authentication flows
☐ Scalable to 100s of millions of users
18. Sign-up and sign-in
Username Email SRP Verifier function
beverly123 beverly123@example.com <password-specific verifier>
pilotjane pilotjane@example.com <password-specific verifier>
sudhir1977 sudhir197@example.com <password-specific verifier>
2. Sign in
1. Sign up
User flows
☐ Registration
☐ Verify email/phone
☐ Secure sign-in
☐ Forgot password
☐ Change password
☐ Sign-out
Best practices
☐ Secure password handling
☐ Encrypt all data server-side
☐ Enforce password policies (min length, valid characters)
☐ Token-based Authentication
☐ MFA - via SMS for sign-in and forgot password flows
☐ Support CAPTCHAs and other custom authentication flows
☐ Scalable to 100s of millions of users
19. Sign-up and sign-in
2. Sign in
1. Sign up
User flows
☐ Registration
☐ Verify email/phone
☐ Secure sign-in
☐ Forgot password
☐ Change password
☐ Sign-out
Best practices
☐ Secure password handling
☐ Encrypt all data server-side
☐ Enforce password policies (min length, valid characters)
☐ Token-based Authentication
☐ MFA - via SMS for sign-in and forgot password flows
☐ Support CAPTCHAs and other custom authentication flows
☐ Scalable to 100s of millions of users
Amazon Cognito
User Pools
21. Sign up and sign in
Amazon Cognito
User Pools
Register
22. Sign up and sign in
Amazon Cognito
User Pools
Register
Verification SMS / Email
23. Sign up and sign in
Amazon Cognito
User Pools
Register
Verification SMS / Email
Confirm registration
24. Sign up and sign in
Amazon Cognito
User Pools
Register
Verification SMS or email
Confirm registration
Successful registration
25. Sign up and sign in
Amazon Cognito
User Pools
Register
Verification SMS or email
Confirm registration
Successful registration
Authenticate (via SRP)
26. Sign up and sign in
Amazon Cognito
User Pools
Register
Verification SMS or email
Confirm registration
Successful registration
Authenticate (via SRP)
JWT Tokens
27. Sign up and sign in
Amazon Cognito
User Pools
Register
Verification SMS or email
Confirm registration
Successful registration
28. Sign up and sign in
Amazon Cognito
User Pools
Register
Verification SMS or email
Confirm registration
Successful registration
Authenticate (via SRP)
29. Sign up and sign in
Amazon Cognito
User Pools
Register
Verification SMS or email
Confirm registration
Successful registration
Authenticate (via SRP)
Define Authentication
Challenge
30. Sign up and sign in
Amazon Cognito
User Pools
Register
Verification SMS or email
Confirm registration
Successful registration
Define Authentication
Challenge
Custom challenge (CAPTCHA, custom 2FA)
Authenticate (via SRP)
31. Sign up and sign in
Amazon Cognito
User Pools
Register
Verification SMS or email
Confirm registration
Successful registration
Define Authentication
Challenge
Verify Authentication
Challenge Response
Custom challenge (CAPTCHA, custom 2FA)
Authenticate (via SRP)
Challenge response
32. Sign up and sign in
Amazon Cognito
User Pools
Register
Verification SMS or email
Confirm registration
Successful registration
Define Authentication
Challenge
Verify Authentication
Challenge Response
Custom challenge (CAPTCHA, custom 2FA)
Authenticate (via SRP)
Challenge response
JWT Tokens
33. Sign up and sign in
Amazon Cognito
User Pools
Pre Sign-Up
Validation
Post Confirmation
Custom logic
Define Authentication
Challenge
Verify Authentication
Challenge Response
Pre Authentication
Validation
Post Authentication
custom logic
Register
Verification SMS or email
Confirm registration
Successful registration
Authenticate (via SRP)
Custom challenge (CAPTCHA, custom 2FA)
Challenge response
JWT Tokens
34. Sign up and sign in
Amazon Cognito
User Pools
Authenticate (via SRP)
JWT Tokens
35. Sign up and sign in
Amazon Cognito
User Pools
Authenticate (via SRP)
JWT Tokens
56. SpaceFinder API
POST /locations
GET /locations
GET /locations/{locationId}
DELETE /locations/{locationId}
GET /locations/{locationId}/resources
POST /locations/{locationId}/resources
DELETE /locations/{locationId}/resources/{resourceId}
GET /locations/{locationId}/resources/{resourceId}/bookings
GET /users/{userId}/bookings
POST /users/{userId}/bookings
DELETE /users/{userId}/bookings/{bookingId}
57. SpaceFinder API
Admin only
Admin only
Admin only
Admin only
POST /locations
GET /locations
GET /locations/{locationId}
DELETE /locations/{locationId}
GET /locations/{locationId}/resources
POST /locations/{locationId}/resources
DELETE /locations/{locationId}/resources/{resourceId}
GET /locations/{locationId}/resources/{resourceId}/bookings
GET /users/{userId}/bookings
POST /users/{userId}/bookings
DELETE /users/{userId}/bookings/{bookingId}
58. API Gateway: three types of authorization
Amazon Cognito
User Pools
Amazon Cognito
Federated Identities
Custom Identity Providers
AWS IAM authorization
Custom Authorizers
User Pools Authorizers
59. API Gateway: three types of authorization
Amazon Cognito
User Pools
Amazon Cognito
Federated Identities
Custom Identity Providers
AWS IAM authorization
Custom Authorizers
User Pools Authorizers
67. API Gateway: three types of authorization
Amazon Cognito
User Pools
Amazon Cognito
Federated Identities
Custom Identity Providers
AWS IAM authorization
Custom Authorizers
User Pools Authorizers
78. API Gateway: three types of authorization
Amazon Cognito
User Pools
Amazon Cognito
Federated Identities
Custom Identity Providers
AWS IAM authorization
Custom Authorizers
User Pools Authorizers
88. Custom authorizer Lambda
var testPolicy = new AuthPolicy(”userIdentifier", "XXXXXXXXXXXX", apiOptions);
testPolicy.allowMethod(AuthPolicy.HttpVerb.POST, "/locations/*");
testPolicy.allowMethod(AuthPolicy.HttpVerb.DELETE, "/locations/*");
callback(null, testPolicy.getPolicy());
Sample Code
89. API Gateway: three types of authorization
Amazon Cognito
User Pools
Amazon Cognito
Federated Identities
Custom Identity Providers
AWS IAM authorization
Custom Authorizers
User Pools Authorizers
93. Integrating with SAML
• Microsoft Active Directory Federation Services (ADFS)
and Shibboleth are popular SAML providers.
• SAML 2.0 supports two bindings:
• POST
• Re-direct
• Capturing the SAML response in a mobile app is non-
trivial.
96. SAML
Endpoint
e.g. ADFS
or Shibboleth
Amazon Cognito
Federated Identities
2. Get AWS credentials
Integrating with SAML
Corporate Directory
e.g. Active Directory
or OpenLDAP
Serverless APIs or AWS resources
100. Do try this at home
• Mobile app + API are open-sourced (Apache 2.0 license)
https://github.com/awslabs/
aws-serverless-auth-reference-app
SpaceFinder
103. Related Sessions
• MLB404 – Real-World Deep Dive: Native, Hybrid, and
Web with Serverless and AWS Mobile
Services
• MLB310 – Add User Sign-In, User Management, and
Security to your Mobile and Web Applications
with Amazon Cognito
• MLB305 – Developing Mobile Apps and Serverless
Microservices for Enterprises using AWS