AWS re:Invent 2016: Workshop: Choose Your Own SAML Adventure: A Self-Directed Journey to AWS Identity Federation Mastery (SEC306)

•

4 likes•2,380 views

AWS supports identity federation using SAML (Security Assertion Markup Language) 2.0. Using SAML, you can configure your AWS accounts to integrate with your identity provider (IdP). Your federated users then are authenticated and authorized by your organization's IdP, and they can use single sign-on (SSO) to access AWS. In this workshop, you choose your own path through the exercises to direct yourself to the technologies and use cases that matter to you. We start by guiding you through deploying an IdP and configuring SAML federation for AWS, including federated CLI access. We will then continue to walk you through a number of advanced SAML use cases, including how to: Write S3 bucket policies for specific federated users. Use SAML attributes to enforce additional authorization requirements. Automate federation configurations across a large number of AWS accounts. Implement other advanced SAML use cases for AWS.

Technology

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Quint Van Deman, AWS Professional Services
Balaji Iyer, AWS Professional Services
Rahul Sareen, AWS Professional Services
Zaher Dannawi, AWS Identity
November 29, 2016
SEC306
Workshop: Choose Your Own SAML Adventure
A Self-Directed Journey to AWS Identity Federation Mastery

What to expect from the session
SAML for AWS:
State of the Union
• Federation rationale
• Prior art & remaining
challenges
Collaborative
hands-on exercise
• Foundational →
advanced
• Non-linear progression
Ask the AWS
Federation Ninjas
• Your own challenges
• Your feedback & ideas

Federation rationale
Before:
After:
Result:
Unique credentials
Single sign-on (SSO)
Long-lived keys
Short-term tokens
One-off
Naturally aligned
Users Security Compliance

Prior art
Generally “known science”*:
• Basic federation with <insert your
favorite identity provider here>
• SSO experience for AWS
Management Console users.
• Federated access for AWS
CLI/API.
*Compiled list within session materials

Remaining challenges
Option overload:
• Many accounts: direct
federation or hub/spoke?
• Role mapping: groups,
attributes, or a
combination?
Solutions not yet widely
published:
• Attribute-driven
authorizations.
• Strong authentication
techniques.
• Resource permissions for
federated users.

Collaborative hands-on exercise
& Ask the Experts

Collaborative hands-on exercise
Choose your own
SAML adventure!
Initial Path:
Open source
or Microsoft?
1st hour:
Build initial
federation setup
2nd hour:
Your choice of
advanced use
cases

Exercise architecture
Instance with EIP
SAML IdP and
user directory
Note: The IdP architecture represented here
has been simplified to focus on the learning
objectives. Not appropriate for production use.
Amazon S3
permissions
Many AWS accounts
Custom
durations
MFA for
SAML

Time for teamwork!
Pair up Strangers only Open source → Stage left
Microsoft → Stage right
Find match:
8 ≤ Total ≤ 12
?

Ask the Experts
• Your opportunity to tap into the collective federation knowledge of
the Amazonians in the room.
• Runs parallel to hands-on exercise.
• Submissions via email (details on following slide):
• Your name.
• Your question/topic/feature request.
• Your table number.
• We will answer what we can in the room. We will follow up with an
AWS Security Blog post before the end of December in which we
address as many questions asked here as possible.

Lab materials
Let’s get started
Ask the Experts
federationworkshopreinvent2016
@amazon.com
(Include: name, table, question)
http://bit.ly/2dBXMUq

Review and recap
• This slide is a placeholder.
• We will take 2-3 of the “Ask the Experts” submissions:
• Build a slide in the room for each
• Summarize the question
• Provide our perspective on how best to tackle
• 2-3 minutes max per question

Reference materials
• AWS Docs: About SAML 2.0-based Federation
• AWS Docs: Configuring SAML Assertions
• AWS Docs: Integrating 3rd Party SAML Providers
• AWS Security Blog: SAML API/CLI Solution
• AWS Whitepaper: Shibboleth + OpenLDAP Walkthrough
• AWS Security Blog: ADFS How to
• AWS Security Blog: ADFS Multi-Account How to
• AWS Security Blog: AWS CloudTrail for Federated Users

Whether you are a traditional enterprise exploring migrating workloads to the cloud or are already “all-in” on AWS, performing common tasks of inventory collection, OS patch management, and image creation at scale is increasingly complicated in hybrid infrastructure environments. Amazon EC2 Systems Manager allows you to perform automated configuration and ongoing management of your hybrid environment systems at scale. This session provides an overview of key EC2 Systems Manager capabilities that help you define and track system configurations, prevent drift, and maintain software compliance of your EC2 and on-premises configurations. We will also discuss common use cases for EC2 Systems Manager and give you a demonstration of a hybrid-cloud management scenario.

AWS Multi-Account Architecture and Best PracticesAmazon Web Services

Deep dive into AWS IAM

Amazon Web Services

AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...Amazon Web Services

Identity and Access Management: The First Step in AWS Security

Amazon Web Services

How to use IAM roles grant access to AWS

Amazon Web Services

by Brigid Johnson, Product Management Manager, AWS How to Use IAM Roles to Grant Access to AWS: Customers use IAM roles to delegate access to services, applications, accounts, and federated users using temporary credentials. We will start by defining use cases for IAM roles, tools to use IAM roles in your account, and techniques to manage role permissions. We will cover how customers can use roles to grant access to AWS. Using demonstrations, we will learn how to monitor roles across accounts, grant cross account access, and scope down permissions for a particular entity. This session will cover how to use roles for developers building applications on AWS and for administrators controlling and monitoring access. Level 300

IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)

Amazon Web Services Korea

영상 다시보기: https://youtu.be/aoQOqhVtdGo 기존 온-프레미스 환경에서 운영 중인 서버들을 AWS 클라우드로 옮겨오기 위한 방법은 무엇일까요? 본 세션에서는 리눅스 서버, 윈도우 서버 그리고 VMWare 등에서 운영되는 기존 서버의 클라우드 이전 방법을 소개합니다. 이를 통해 AWS의 기업 고객이 대량 마이그레이션을 진행했는지 고객 사례도 함께 공유합니다. 뿐만 아니라 VMware on AWS 및 AWS Outpost 같은 하이브리드 옵션을 통해 클라우드 도입을 가속화 하는 신규 서비스 동향도 살펴봅니다.

Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale. Level: 100 Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS

Deep Dive Amazon EC2

Amazon Web Services

AWS Connectivity, VPC Design and Security Pro Tips

Shiva Narayanaswamy

Identity and Access Management: The First Step in AWS Security

Amazon Web Services

by Fritz Kunstler, Sr. Security Consultant, AWS AWS Identity and Access Management (IAM) is first in the Security Perspective of the AWS Cloud Adoption Framework CAF because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multifactor authentication mechanisms; and operate IAM at scale.

Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...

Edureka!

*****AWS Training: https://www.edureka.co/cloudcomputing ***** This Edureka Tutorial on "Amazon CloudWatch Tutorial” will help you understand how to monitor your AWS resources and applications using Amazon CloudWatch a versatile monitoring service offered by Amazon. Following are the list of topics covered in this session: 1. What is Amazon CloudWatch? 2. Why do we need Amazon CloudWatch Events? 3. What does Amazon CloudWatch Logs do? 4. Hands-on

Introduction to AWS Security

Amazon Web Services

Amazon S3 Masterclass

Amazon Web Services

Amazon S3 hosts trillions of objects and is used for storing a wide range of data, from system backups to digital media. This presentation from the Amazon S3 Masterclass webinar we explain the features of Amazon S3 from static website hosting, through server side encryption to Amazon Glacier integration. This webinar will dive deep into the feature sets of Amazon S3 to give a rounded overview of its capabilities, looking at common use cases, APIs and best practice. See a recording of this video here on YouTube: http://youtu.be/VC0k-noNwOU Check out future webinars in the Masterclass series here: http://aws.amazon.com/campaigns/emea/masterclass/ View the Journey Through the Cloud webinar series here: http://aws.amazon.com/campaigns/emea/journey/

Deep Dive on Amazon Elastic Container Service (ECS) and Fargate

Amazon Web Services

AWS Monitoring & Logging

Jason Poley

Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...

Amazon Web Services

Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.

AWS for Backup and Recovery

Amazon Web Services

by Isaiah Weiner, Sr. Manager of Solutions Architecture, AWS Companies are using AWS to create and deploy efficient, fast, and cost-effective backup and restore capabilities to protect critical IT systems without incurring the infrastructure expense of a second physical site. In this session, we will talk about cloud-based services AWS provides to enable robust backup and rapid recovery of your IT infrastructure and data.

Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...

Amazon Web Services

The AWS Landing Zone solution provides a consolidated collection of AWS best practices, prescriptive guidance, and templates for automatically configuring and securing AWS multi-accounts, networks, and core services. In this workshop, you will learn the Landing Zone solution design. With your laptop, you will go through demonstrations of AWS Landing Zone deployment, automated new account creation using the built-in account vending machine, and Landing Zone customization for additional services. You will leave the workshop with an understanding of the AWS Landing Zone solution mechanisms, CI/CD deployment pipeline, and Landing Zone extension methods. This workshop is intended for architects, IT administrators, and engineers of consulting and technology partners as well as customers who will design, deploy, extend, or operate AWS Landing Zones. We encourage you to attend the full AWS Landing Zone track including SEC303; search for #awslandingzone in the session catalog.

AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인

Amazon Web Services Korea

온디맨드 다시보기: https://www.youtube.com/watch?v=LMBSWl9Uo-4 2021년 1분기에 서울 리전에 출시 예정인 AWS Control Tower는 모범 사례를 기반으로 고객의 다중 AWS 계정 환경을 자동으로 구성해 줍니다. 본 세션에서는 AWS Control Tower를 활용하여 고객의 조직에서 필요로 하는 다중 AWS 계정 구조을 설계 및 구현하고, 각 계정에 포함해야 하는 기본 가드레일을 정의 및 생성하고, 거버넌스 체계를 구현하는 방법에 대해서 다룹니다.

Landing Zones - Creating a Foundation for Your AWS Migrations

Amazon Web Services

Dean Samuels, Head of Solutions Architecture, Hong Kong & Taiwan, AWS When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices.

Azure conditional access

Tad Yoke

ElastiCache & Redis

Amazon Web Services

Redis is an open source, in-memory data store that delivers sub-millisecond response times enabling millions of requests per second to power real-time applications. It can be used as a fast database, cache, message broker, and queue. Amazon ElastiCache delivers the ease-of-use and power of Redis along with the availability, reliability, scalability, security, and performance suitable for the most demanding applications. We’ll take a close look at Redis and how to use it to power different use cases. Speaker: Samir Karande - Sr. Manager, Solutions Architecture, AWS

Best Practices for Getting Started with AWS

Amazon Web Services

Getting started with Amazon Web Services (AWS) is fast and simple. The webinar based on this presentation outlined best practice guidance from AWS customers and the Amazon Web Services team, helping you launch your projects in AWS Cloud rapidly and ensure your applications are simple to manage, resilient and cost effective. This webinar also explores how to set up accounts, use consolidated billing and how to securely control access through AWS Identity and Access Management (IAM). Topics covered in this presentation include: • Understand the best practices for getting started in the AWS Cloud • Learn to build resilient, reliable, cost effective applications • Learn more about secure control and access to AWS for your users • Discover how to structure your AWS accounts • Hear more about cost management, instance bootstrapping and the use of availability zones You can see a recording of this webinar on YouTube here: http://youtu.be/T64qFcyTGAU

AWS Lake Formation Deep Dive

Cobus Bernard

Introduction to Amazon Athena

Amazon Web Services

Architecting for High Availability

Amazon Web Services

AWS provides a platform that is ideally suited for building highly available systems, enabling you to build reliable, affordable, fault-tolerant systems that operate with a minimal amount of human interaction. This session covers many of the high-availability and fault-tolerance concepts and features of the various services that you can use to build highly reliable and highly available applications in the AWS Cloud: architectures involving multiple Availability Zones, including EC2 best practices and RDS Multi-AZ deployments; loosely coupled and self-healing systems involving SQS and Auto Scaling; networking best practices for high availability, including Elastic IP addresses, load balancing, and DNS; leveraging services that inherently are built with high-availability and fault tolerance in mind, including S3, Elastic Beanstalk and more.

AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...

Amazon Web Services

AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...

Amazon Web Services

Cloud computing offers many advantages, such as the ability to scale your web applications or website on demand. But how do you scale your security and compliance infrastructure along with the business? Join this session to understand best practices for scaling your security resources as you grow from zero to millions of users. Specifically, you learn the following: How to scale your security and compliance infrastructure to keep up with a rapidly expanding threat base. The security implications of scaling for numbers of users and numbers of applications, and how to satisfy both needs. How agile development with integrated security testing and validation leads to a secure environment. Best practices and design patterns of a continuous delivery pipeline and the appropriate security-focused testing for each. The necessity of treating your security as code, just as you would do with infrastructure. The services covered in this session include AWS IAM, Auto Scaling, Amazon Inspector, AWS WAF, and Amazon Cognito.

What's hot

Identity and Access Management: The First Step in AWS Security

Amazon Web Services

Deep Dive Amazon EC2

Amazon Web Services

AWS Connectivity, VPC Design and Security Pro Tips

Shiva Narayanaswamy

Identity and Access Management: The First Step in AWS Security

Amazon Web Services

Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...

Edureka!

Introduction to AWS Security

Amazon Web Services

Amazon S3 Masterclass

Amazon Web Services

Deep Dive on Amazon Elastic Container Service (ECS) and Fargate

Amazon Web Services

AWS Monitoring & Logging

Jason Poley

Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...

Amazon Web Services

AWS for Backup and Recovery

Amazon Web Services

Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...

Amazon Web Services

AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인

Amazon Web Services Korea

Landing Zones - Creating a Foundation for Your AWS Migrations

Amazon Web Services

Azure conditional access

Tad Yoke

ElastiCache & Redis

Amazon Web Services

Best Practices for Getting Started with AWS

Amazon Web Services

AWS Lake Formation Deep Dive

Cobus Bernard

Introduction to Amazon Athena

Amazon Web Services

Architecting for High Availability

Amazon Web Services

What's hot (20)

Identity and Access Management: The First Step in AWS Security

Deep Dive Amazon EC2

AWS Connectivity, VPC Design and Security Pro Tips

Identity and Access Management: The First Step in AWS Security

Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...

Introduction to AWS Security

Amazon S3 Masterclass

Deep Dive on Amazon Elastic Container Service (ECS) and Fargate

AWS Monitoring & Logging

Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...

AWS for Backup and Recovery

Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...

AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인

Landing Zones - Creating a Foundation for Your AWS Migrations

Azure conditional access

ElastiCache & Redis

Best Practices for Getting Started with AWS

AWS Lake Formation Deep Dive

Introduction to Amazon Athena

Architecting for High Availability

Viewers also liked

AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...

Amazon Web Services

AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...

Amazon Web Services

AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...

Amazon Web Services

This session shows you how to reduce your blast radius by using multiple AWS accounts per region and service, which helps limit the impact of a critical event such as a security breach. Using multiple accounts helps you define boundaries and provides blast-radius isolation. Though managing multiple accounts can be difficult, we will present an upcoming AWS solution that will help automate the process for controlling cross- account access by managing roles across multiple accounts.

AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...

Amazon Web Services

With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and will cover solutions for account structure, user configuration, provisioning, networking and operation automation. This solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and Amazon Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations. Additionally, Philips will explain their cloud journey and how they have applied their guiding principles when building their landing zone.

AWS re:Invent 2016: Cloud Monitoring - Understanding, Preparing, and Troubles...

Amazon Web Services

Applications running in a typical data center are static entities. Dynamic scaling and resource allocation are the norm in AWS. Technologies such as Amazon EC2, Docker, AWS Lambda, and Auto Scaling make tracking resources and resource utilization a challenge. The days of static server monitoring are over. In this session, we examine trends we’ve observed across thousands of customers using dynamic resource allocation and discuss why dynamic infrastructure fundamentally changes your monitoring strategy. We discuss some of the best practices we’ve learned by working with New Relic customers to build, manage, and troubleshoot applications and dynamic cloud services. Session sponsored by New Relic. AWS Competency Partner

Presentación Jaime Vela, PERU INCUBA

COPEME

Proceedit 20130205 modelo de negocio para miembros

Aurora López García

Pais de MeghaMegha Jindal

Capitulo 6

Claudia Garcia Cortés

Trabajo de compuMCGT

Lexpro Litigation PresentationDanielle van der linde

2008 Trends

TBledsoe

Natural Language Processing (NLP) Market - Information Technology Outlook (20...

ResearchFox

With growing usage of computers, internet, smart phones and other personal devices, the need for human and machine level interaction has increased. Businesses to individual users now want machines that respond to their queries, assist them in their day-to-day operations and all-in-all make their life easier and organized. This has given rise to increased demand for technologies like Natural Language Processing (NLP) which is now being rapidly commercialized. NLP, which was earlier a topic of research for various educational and research organizations is now growing to be a commercial product. Additionally, there is growing technology advancement in smartphones, bio-metrics and social media which has forced the organizations to bring the enhanced customer service experience which in-turn is driving the demand for NLP based solutions. Language processing tools that were developed earlier concentrated only on few languages and were used largely in developed countries. However, with growing computing capabilities and businesses going global, the need for multi-lingual language processing tools is growing and this has paved way to development of new and advanced version of Natural Language Processing tools. This report presents interpretative and easy-to-understand facts on how the current NLP market is segmented based on end-user, verticals, application types, technology, solution type and geographies. It cuts through several facets of the NLP market such as market size, market share for each segment, the drivers and constraints of Natural Language Processing marketplace. It also sheds light on various verticals where NLP is being rigorously implemented and the NLP applications that are most sought. Report also provides information on the challenges and opportunities that lie ahead for these solutions.

Day2 sp5 2015-icgfm_miami conference_sawadogo_final_sp

icgfmconference

Pga 2012 2013

IESGasparSanz

Innere Aufrüstung in der EU und Aktivismus im Netz: Chancen & Risiken

Aktion Freiheit statt Angst e.V.

Presentación del Consejo Regulador DOP Azafrán de La Mancha utilizada en el c...

Consejo Regulador DOP Azafrán de La Mancha

Minneapolis RiverCurrent 9-29-11Mill City Times

Tabletakdbh4bgonzaloalcorta

Cisco UCCX használata külsős szoftverrel

Gloster telekom Kft.

Viewers also liked (20)

AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...

AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...

AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...

AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...

AWS re:Invent 2016: Cloud Monitoring - Understanding, Preparing, and Troubles...

Presentación Jaime Vela, PERU INCUBA

Proceedit 20130205 modelo de negocio para miembros

Pais de Megha

Capitulo 6

Trabajo de compu

Lexpro Litigation Presentation

2008 Trends

Natural Language Processing (NLP) Market - Information Technology Outlook (20...

Day2 sp5 2015-icgfm_miami conference_sawadogo_final_sp

Pga 2012 2013

Innere Aufrüstung in der EU und Aktivismus im Netz: Chancen & Risiken

Presentación del Consejo Regulador DOP Azafrán de La Mancha utilizada en el c...

Minneapolis RiverCurrent 9-29-11

Tabletak

Cisco UCCX használata külsős szoftverrel

Similar to AWS re:Invent 2016: Workshop: Choose Your Own SAML Adventure: A Self-Directed Journey to AWS Identity Federation Mastery (SEC306)

IAM Federation - Pop-up Loft TLV 2017

Amazon Web Services

When working in a multi-account AWS environment, or when external or internal security and compliance requirements necessitate the constraining of user identity information to a geography where there isn’t an AWS Region or the use of MFA tokens based on standards other than RFC6238, it is recommended to federate user identity details to a customer-maintained identity provider (IdP). We demonstrate the integration of a customer-based IdP with AWS IAM using a SAML trust relationship at Group level, and discuss multi-account access stretegy and how federation fits into it.

AWS re:Invent 2016: Workshop: Addressing Your Business Needs with AWS (ARC210)

Amazon Web Services

Querying and Analyzing Data in Amazon S3

Amazon Web Services

AWS 201 - Development and Test on AWS Webinar

Amazon Web Services

Organizations today are increasingly looking for faster and cost effective ways to develop and test products before deployment. Often, in an on-premise environment, it can be time consuming to obtain compute resources such as servers or it's usual to have multiple environments so that development and testing can take place outside the production environment. That often involves duplication of infrastructure with associated costs and ongoing maintenance effort. Together, these factors can lower your pace of innovation. An easy way to get started using Amazon Web Services is by deploying development and test workloads.

Workshop: AWS Lamda Signal Corps vs Zombies

Amazon Web Services

Aws slides

princesly

Aws slides

Vinay Gali

Open Writing ! - Collaborative Authoring on Apache’s First Open-Source Cloud ...Radhika Puthiyetath

Deep Dive on AWS Lambda

Amazon Web Services

Do you want to run your code without the cost and effort of provisioning and managing servers? Find out how in this deep dive session on AWS Lambda, which allows you to run code for virtually any type of application or back end service – all with zero administration. During the session, we’ll look at a number of key AWS Lambda features and benefits, including automated application scaling with high availability; pay-as-you-consume billing; and the ability to automatically trigger your code from other AWS services or from any web or mobile app.

Hacking Exposed EBS Volumes

Bishop Fox

Did you know that Elastic Block Storage (Amazon EBS) has a "public" mode that makes your virtual hard disk available to anyone on the internet? Apparently hundreds of thousands of others didn't either, because they're out there exposing secrets for everyone to see. I tore apart the petabytes of data for you and have some dirty laundry to air: encryption keys, passwords, authentication tokens, PII, you name it and it's here. Whole (virtual) hard drives to live sites and apps, just sitting there for anyone to read. So much data in fact that I had to invent a custom system to process it all. There's a massive Wall of Sheep out there on the internet, and you might not have even noticed that you're on it. Actually, you should stop reading and go check that out right now.

Masterclass - Amazon WorkSpaces

Amazon Web Services

This presentation is from our webinar focusing on Amazon WorkSpaces. Learn how, with a few clicks in the AWS Management Console, you can provision a high-quality desktop experience for any number of users at a cost that is highly competitive with traditional desktops and half the cost of most virtual desktop infrastructure (VDI) solutions. • Understand the features of Amazon WorkSpaces • Learn how to launch Amazon WorkSpaces, integrating with either a cloud directory or an existing Active Directory • Find out more about integrating Amazon WorkSpaces within an Amazon Virtual Private Cloud (VPC) • Learn about syncing documents to Amazon WorkSpaces with Amazon Zocalo Sync You can view a recording of this webinar on YouTube here: http://youtu.be/6VLzMMLzB1g

Start building for voice with alexa

Eitan Sela

The iot acdemy_awstraining_part4_aws_lab

The IOT Academy

AWS Summit Auckland - Getting Started with AWS Lambda and the Serverless Cloud

Amazon Web Services

What i-wish-i-knew-about-aws-certification

Andrew Brown

Federation

Amazon Web Services

AWS IAM and security

Erik Paulsson

AWS CloudFormation under the Hood (DMG303) | AWS re:Invent 2013

Amazon Web Services

You already know that AWS CloudFormation is a powerful tool for provisioning and managing your AWS infrastructure, but did you know that it can also provision and manage resources outside of AWS? Did you know that CloudFormation can fully bootstrap your EC2 instances, securely download data from S3, and even supports Mustache templates? In this session you will go on a deep dive, touring of some of CloudFormation's most advanced features with a member of the team that built the service. Explore custom resources, cfn-init, S3 authentication, and Mustache templates in a series of technical demos with code samples available for download afterwards.

Federation

Amazon Web Services

Serverless Web Apps using API Gateway, Lambda and DynamoDB

Amazon Web Services

Similar to AWS re:Invent 2016: Workshop: Choose Your Own SAML Adventure: A Self-Directed Journey to AWS Identity Federation Mastery (SEC306) (20)

IAM Federation - Pop-up Loft TLV 2017

AWS re:Invent 2016: Workshop: Addressing Your Business Needs with AWS (ARC210)

Querying and Analyzing Data in Amazon S3

AWS 201 - Development and Test on AWS Webinar

Workshop: AWS Lamda Signal Corps vs Zombies

Aws slides

Open Writing ! - Collaborative Authoring on Apache’s First Open-Source Cloud ...

Deep Dive on AWS Lambda

Hacking Exposed EBS Volumes

Masterclass - Amazon WorkSpaces

Start building for voice with alexa

The iot acdemy_awstraining_part4_aws_lab

AWS Summit Auckland - Getting Started with AWS Lambda and the Serverless Cloud

What i-wish-i-knew-about-aws-certification

Federation

AWS IAM and security

AWS CloudFormation under the Hood (DMG303) | AWS re:Invent 2013

Federation

Serverless Web Apps using API Gateway, Lambda and DynamoDB

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Costruire Applicazioni Moderne con AWS

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Open banking as a service

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Computer Vision con AWS

Amazon Web Services

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Tools for building your MVP on AWSAmazon Web Services

How to Build a Winning Pitch DeckAmazon Web Services

Building a web application without serversAmazon Web Services

Fundraising EssentialsAmazon Web Services

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services

Introduzione a Amazon Elastic Container Service

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

Recently uploaded

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

UiPath Test Automation using UiPath Test Suite series, part 5

DianaGray10

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Peter Spielvogel

Building better applications for business users with SAP Fiori. • What is SAP Fiori and why it matters to you • How a better user experience drives measurable business benefits • How to get started with SAP Fiori today • How SAP Fiori elements accelerates application development • How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities • How SAP Fiori paves the way for using AI in SAP apps

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

Free Complete Python - A step towards Data Science

RinaMondal9

Recently uploaded (20)

Securing your Kubernetes cluster_ a step-by-step guide to success !

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

FIDO Alliance Osaka Seminar: Overview.pdf

Introduction to CHERI technology - Cybersecurity

Communications Mining Series - Zero to Hero - Session 1

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

National Security Agency - NSA mobile device best practices

UiPath Test Automation using UiPath Test Suite series, part 5

The Art of the Pitch: WordPress Relationships and Sales

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

UiPath Test Automation using UiPath Test Suite series, part 4

Monitoring Java Application Security with JDK Tools and JFR Events

Climate Impact of Software Testing at Nordic Testing Days

Essentials of Automations: The Art of Triggers and Actions in FME

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

PHP Frameworks: I want to break free (IPC Berlin 2024)

Free Complete Python - A step towards Data Science

AWS re:Invent 2016: Workshop: Choose Your Own SAML Adventure: A Self-Directed Journey to AWS Identity Federation Mastery (SEC306)

1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Quint Van Deman, AWS Professional Services Balaji Iyer, AWS Professional Services Rahul Sareen, AWS Professional Services Zaher Dannawi, AWS Identity November 29, 2016 SEC306 Workshop: Choose Your Own SAML Adventure A Self-Directed Journey to AWS Identity Federation Mastery

2. What to expect from the session SAML for AWS: State of the Union • Federation rationale • Prior art & remaining challenges Collaborative hands-on exercise • Foundational → advanced • Non-linear progression Ask the AWS Federation Ninjas • Your own challenges • Your feedback & ideas

3. SAML for AWS: State of the Union

4. Federation rationale Before: After: Result: Unique credentials Single sign-on (SSO) Long-lived keys Short-term tokens One-off Naturally aligned Users Security Compliance

5. Prior art Generally “known science”*: • Basic federation with <insert your favorite identity provider here> • SSO experience for AWS Management Console users. • Federated access for AWS CLI/API. *Compiled list within session materials

6. Remaining challenges Option overload: • Many accounts: direct federation or hub/spoke? • Role mapping: groups, attributes, or a combination? Solutions not yet widely published: • Attribute-driven authorizations. • Strong authentication techniques. • Resource permissions for federated users.

7. Collaborative hands-on exercise & Ask the Experts

8. Collaborative hands-on exercise Choose your own SAML adventure! Initial Path: Open source or Microsoft? 1st hour: Build initial federation setup 2nd hour: Your choice of advanced use cases

9. Exercise architecture Instance with EIP SAML IdP and user directory Note: The IdP architecture represented here has been simplified to focus on the learning objectives. Not appropriate for production use. Amazon S3 permissions Many AWS accounts Custom durations MFA for SAML

10. Time for teamwork! Pair up Strangers only Open source → Stage left Microsoft → Stage right Find match: 8 ≤ Total ≤ 12 ?

11. Ask the Experts • Your opportunity to tap into the collective federation knowledge of the Amazonians in the room. • Runs parallel to hands-on exercise. • Submissions via email (details on following slide): • Your name. • Your question/topic/feature request. • Your table number. • We will answer what we can in the room. We will follow up with an AWS Security Blog post before the end of December in which we address as many questions asked here as possible.

12. Lab materials Let’s get started Ask the Experts federationworkshopreinvent2016 @amazon.com (Include: name, table, question) http://bit.ly/2dBXMUq

13. Review and recap • This slide is a placeholder. • We will take 2-3 of the “Ask the Experts” submissions: • Build a slide in the room for each • Summarize the question • Provide our perspective on how best to tackle • 2-3 minutes max per question

14. Reference materials • AWS Docs: About SAML 2.0-based Federation • AWS Docs: Configuring SAML Assertions • AWS Docs: Integrating 3rd Party SAML Providers • AWS Security Blog: SAML API/CLI Solution • AWS Whitepaper: Shibboleth + OpenLDAP Walkthrough • AWS Security Blog: ADFS How to • AWS Security Blog: ADFS Multi-Account How to • AWS Security Blog: AWS CloudTrail for Federated Users

15. Thank you!

16. Remember to complete your evaluations!

AWS re:Invent 2016: Workshop: Choose Your Own SAML Adventure: A Self-Directed Journey to AWS Identity Federation Mastery (SEC306)

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to AWS re:Invent 2016: Workshop: Choose Your Own SAML Adventure: A Self-Directed Journey to AWS Identity Federation Mastery (SEC306)

Similar to AWS re:Invent 2016: Workshop: Choose Your Own SAML Adventure: A Self-Directed Journey to AWS Identity Federation Mastery (SEC306) (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Recently uploaded

Recently uploaded (20)

AWS re:Invent 2016: Workshop: Choose Your Own SAML Adventure: A Self-Directed Journey to AWS Identity Federation Mastery (SEC306)