The document discusses authentication and authorization solutions from Amazon Web Services. It describes Amazon Cognito for authentication and managing user identities, along with built-in authorization. It also introduces Amazon Cloud Directory for advanced authorization with hierarchical permissions and relationships between identities and resources. The document provides examples and use cases for how customers can use these services together to manage user access for their applications.
Learning Objectives:
- Learn how to enable users to access their AWS accounts and business applications using their corporate credentials
- Learn how to manage SSO access to all of your AWS accounts managed in AWS Organizations
- Learn how to centrally manage user permissions to AWS resources when they access the AWS Management Console using AWS SSO
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Identity and Access Management (IAM) is first in the Security Perspective of the AWS Cloud Adoption Framework CAF because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multifactor authentication mechanisms; and operate IAM at scale.
This session is focused on diving into the AWS IAM policy categories to understand the differences, learn how the policy evaluation logic works, and go over some best practices. We will then walk through how to use permission boundaries to truly delegate administration in AWS.
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
by Vijay Sharma, Senior Product Manager, AWS
Creating multiple AWS accounts helps manage AWS resources for different users, teams, and applications, but managing access for multiple AWS accounts can be difficult to scale. AWS Single Sign-On (SSO), a new cloud SSO service, makes it easy to sign in to multiple AWS accounts and business applications. You will learn how to use AWS SSO and AWS Directory Service to enable users to access their AWS accounts and business applications using their existing corporate credentials. You will also learn how to manage user permissions centrally to AWS resources when users access the AWS Management Console using AWS SSO.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
by Brigid Johnson, Product Management Manager, AWS
How to Use IAM Roles to Grant Access to AWS: Customers use IAM roles to delegate access to services, applications, accounts, and federated users using temporary credentials. We will start by defining use cases for IAM roles, tools to use IAM roles in your account, and techniques to manage role permissions. We will cover how customers can use roles to grant access to AWS. Using demonstrations, we will learn how to monitor roles across accounts, grant cross account access, and scope down permissions for a particular entity. This session will cover how to use roles for developers building applications on AWS and for administrators controlling and monitoring access. Level 300
Learning Objectives:
- Learn how to enable users to access their AWS accounts and business applications using their corporate credentials
- Learn how to manage SSO access to all of your AWS accounts managed in AWS Organizations
- Learn how to centrally manage user permissions to AWS resources when they access the AWS Management Console using AWS SSO
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Identity and Access Management (IAM) is first in the Security Perspective of the AWS Cloud Adoption Framework CAF because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multifactor authentication mechanisms; and operate IAM at scale.
This session is focused on diving into the AWS IAM policy categories to understand the differences, learn how the policy evaluation logic works, and go over some best practices. We will then walk through how to use permission boundaries to truly delegate administration in AWS.
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
by Vijay Sharma, Senior Product Manager, AWS
Creating multiple AWS accounts helps manage AWS resources for different users, teams, and applications, but managing access for multiple AWS accounts can be difficult to scale. AWS Single Sign-On (SSO), a new cloud SSO service, makes it easy to sign in to multiple AWS accounts and business applications. You will learn how to use AWS SSO and AWS Directory Service to enable users to access their AWS accounts and business applications using their existing corporate credentials. You will also learn how to manage user permissions centrally to AWS resources when users access the AWS Management Console using AWS SSO.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
by Brigid Johnson, Product Management Manager, AWS
How to Use IAM Roles to Grant Access to AWS: Customers use IAM roles to delegate access to services, applications, accounts, and federated users using temporary credentials. We will start by defining use cases for IAM roles, tools to use IAM roles in your account, and techniques to manage role permissions. We will cover how customers can use roles to grant access to AWS. Using demonstrations, we will learn how to monitor roles across accounts, grant cross account access, and scope down permissions for a particular entity. This session will cover how to use roles for developers building applications on AWS and for administrators controlling and monitoring access. Level 300
by Michael St. Onge, Global Cloud Security Architect, AWS
Join us for this hands-on lab where you will learn about the new service Amazon GuardDuty by walking through its capabilities and some real-world attack scenarios. You will need an AWS account to do the lab. This should be your own personal account and not an account through your company given the activity in the lab. AWS Credits will be provided to help cover any costs incurred in the lab. Level 300
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.
AWS CloudFormation is a comprehensive templating language that enables you to create managed 'stacks' of AWS resources, with a growing library of templates available for you to use. But how do you create one from scratch? This presentation will take you through building an AWS CloudFormation template from the ground up, so you can see all the essential template constructs in action.
Watch a recording of the webinar based on this presentation on YouTube here: http://youtu.be/6R44BADNJA8
Check out other upcoming webinars in the Masterclass Series here: http://aws.amazon.com/campaigns/emea/masterclass/
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...Amazon Web Services Korea
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴
강동환 솔루션즈 아키텍트, AWS
고객의 조직, 서비스 구조에 따라 함께 늘어나는 VPC를 효과적으로 통합, 관리, 운영하기 위한 서비스와 아키텍처 패턴을 소개합니다. Peering의 한계를 넘어 VPC간 자유로운 연동을 제공하는 Transit Gateway(TGW), 조직내 다양한 Account간의 VPC 공유를 위한 Multi-Account VPC(MAVPC), 그리고 AWS 자원의 안전한 공유를 제공하기 위한 Resource Access Manager(RAM)를 활용하는 다양한 아키텍처 패턴을 살펴봅니다.
온디맨드 다시보기: https://www.youtube.com/watch?v=LMBSWl9Uo-4
2021년 1분기에 서울 리전에 출시 예정인 AWS Control Tower는 모범 사례를 기반으로 고객의 다중 AWS 계정 환경을 자동으로 구성해 줍니다. 본 세션에서는 AWS Control Tower를 활용하여 고객의 조직에서 필요로 하는 다중 AWS 계정 구조을 설계 및 구현하고, 각 계정에 포함해야 하는 기본 가드레일을 정의 및 생성하고, 거버넌스 체계를 구현하는 방법에 대해서 다룹니다.
서비스 가용성을 높이기 위해 Amazon EKS를 멀티 AZ로 사용할 경우, 노드의 위치에 따라 데이터 전송 비용이 추가로 과금됩니다. 본 세션에서는 쿠버네티스 내에서 같은 서비스를 하는 포드의 경우 동일 AZ에서 통신을 하도록 로컬리티 설정을 통해 비용 절감한 사례를 소개합니다.
Amazon EKS 환경에서 오토스케일링을 위해 Karpenter를 쓰는 경우, 노드 그룹이 죽거나 DB 연결에 문제가 생기는 등 장애 상황을 미리 검증하기 어렵습니다. 본 세션에서는 카오스 엔지니어링에 사용되는 AWS Fault Injection을 활용하여 EKS 장애 검증 사례를 소개합니다.
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...Amazon Web Services Korea
AWS re:Invent에서 소개된 개발에서 운영까지 이어지는 파이프라인 전체에 대한 최신 기술을 통해, 사일로를 분리하고 협업을 향상하는 방법을 소개합니다. 거버넌스 제어를 위한 AWS Control Tower, 코드 수준에서의 위험성 사전 탐지를 위한 Amazon CodeGuru Reviewer, 더 빠르고 풍부한 기능의 앱 제작을 위한 AWS Amplify Studio, IaC를 위한 AWS Cloud Development Kit, 그리고 운영 효율성을 향상 시키는 Amazon CloudWatch의 신규 기능을 알아봅니다.
발표영상 다시보기: https://youtu.be/ACBblaLv868
클라우드 환경에는 다양한 보안 위협이 존재합니다. 사용자의 설정 오류에서부터 외부 공격자의 악의적인 접근 시도 및 공격 행위까지 다양한 공격 유형과 위협들이 존재하는데요, AWS 에서는 이와 같은 보안 위협을 탐지하고 사냥하는데 도움을 드리는 서비스들을 제공하고 있습니다. Amazon GuardDuty 와 Amazon Detective 를 통합한 SecurityHub 를 이용해서 클라우드 환경에서의 보안 위협에 대한 탐지 및 대응 방안을 소개합니다.
보안 사고 예방을 위한 주요 AWS 모범 사례 – 신은수, AWS 보안 담당 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집Amazon Web Services Korea
* 발표 동영상: https://youtu.be/KGibV5yV9U8
AWS 사용 환경에서 발생할 수 있는 다양한 보안 사고의 원인 중 상위 5개 (부적절한 보안 그룹 설정, 부적절한 자격증명 관리, 패치미적용, S3 버킷 퍼블릭 공개, DDoS 에 취약한 아키텍처)의 보안 위협에 대해 설명하고 각 보안 위협을 해소할 수 있는 AWS 모범 사례에 대해 설명합니다.
AWS provides several security capabilities and services to increase privacy and control infrastructure access. Built-in firewalls allow you to create private networks within AWS, and also control network access to your instances and subnets. Identity and access management capabilities enable you to define individual user accounts with permissions across AWS resources. AWS also provides tools and features that enable you to see exactly what’s happening in your AWS environment. In this session, you will gain an understanding of preventive and detective controls at the infrastructure level on AWS. We will cover Identity and Access Management as well as the security aspects of Amazon EC2, Virtual Private Cloud (VPC), Elastic Load Balancing (ELB), and CloudTrail.
This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources.
악성코드는 끊임없이 지능화되어 가며 사용자들의 데이터를 노리고 있는데, 우리는 이러한 공격으로부터 안전할까요? 나는 아니겠지 하는 한순간의 방심으로 우리 회사의 데이터가 공격자로부터의 인질이 될 수 있습니다. AWS 인프라 환경에서 랜섬웨어로부터 보호하기 위한 방법은 무엇인지 살펴보며, 안전하게 구축하기 위한 전략을 함께 찾아봅니다. 완벽한 보안은 항상 어려운 일이지만, 이 몇 단계의 기본을 지키는 준비만으로도 여러분의 AWS 보안은 달라질 것입니다.
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
Learn about best practices on how to secure your AWS environment with AWS Identity and Access Management (IAM). We will discuss how you best create access policies; manage security credentials (i.e., access keys, password, multi factor authentication (MFA) devices etc); how to set up least privilege; minimizing the use of your root account etc.
Big Data Meets AI - Driving Insights and Adding Intelligence to Your SolutionsAmazon Web Services
Over 90% of today’s data has been generated in the last two years, and growth rates continue to climb. In this session, we’ll step through challenges and best practices with data capturing, how to derive meaningful insights to help predict the future, and common pitfalls in data analysis.
Come discover how integrated solutions involving Amazon S3, AWS Glue, Amazon Redshift, Amazon Athena, Amazon EMR, Amazon Kinesis, and Amazon Machine Learning, and Deep Learning on AWS result in effective data systems for data scientists and business users, alike.
Ben Snively, Principal Solutions Architect, AWS; Kate Werling, Solutions Architect, AWS
A decade ago, relational databases were used for nearly every use case. Today, new technologies are enabling a revolution in databases, creating new options for document, key: value, in-memory, search, and graph capabilities that do not use relational tables. We’ll discuss this revolution in database options and who is using them.
Level: 200
Speaker: Samir Karande - Sr. Manager, Solutions Architecture, AWS
by Michael St. Onge, Global Cloud Security Architect, AWS
Join us for this hands-on lab where you will learn about the new service Amazon GuardDuty by walking through its capabilities and some real-world attack scenarios. You will need an AWS account to do the lab. This should be your own personal account and not an account through your company given the activity in the lab. AWS Credits will be provided to help cover any costs incurred in the lab. Level 300
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.
AWS CloudFormation is a comprehensive templating language that enables you to create managed 'stacks' of AWS resources, with a growing library of templates available for you to use. But how do you create one from scratch? This presentation will take you through building an AWS CloudFormation template from the ground up, so you can see all the essential template constructs in action.
Watch a recording of the webinar based on this presentation on YouTube here: http://youtu.be/6R44BADNJA8
Check out other upcoming webinars in the Masterclass Series here: http://aws.amazon.com/campaigns/emea/masterclass/
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...Amazon Web Services Korea
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴
강동환 솔루션즈 아키텍트, AWS
고객의 조직, 서비스 구조에 따라 함께 늘어나는 VPC를 효과적으로 통합, 관리, 운영하기 위한 서비스와 아키텍처 패턴을 소개합니다. Peering의 한계를 넘어 VPC간 자유로운 연동을 제공하는 Transit Gateway(TGW), 조직내 다양한 Account간의 VPC 공유를 위한 Multi-Account VPC(MAVPC), 그리고 AWS 자원의 안전한 공유를 제공하기 위한 Resource Access Manager(RAM)를 활용하는 다양한 아키텍처 패턴을 살펴봅니다.
온디맨드 다시보기: https://www.youtube.com/watch?v=LMBSWl9Uo-4
2021년 1분기에 서울 리전에 출시 예정인 AWS Control Tower는 모범 사례를 기반으로 고객의 다중 AWS 계정 환경을 자동으로 구성해 줍니다. 본 세션에서는 AWS Control Tower를 활용하여 고객의 조직에서 필요로 하는 다중 AWS 계정 구조을 설계 및 구현하고, 각 계정에 포함해야 하는 기본 가드레일을 정의 및 생성하고, 거버넌스 체계를 구현하는 방법에 대해서 다룹니다.
서비스 가용성을 높이기 위해 Amazon EKS를 멀티 AZ로 사용할 경우, 노드의 위치에 따라 데이터 전송 비용이 추가로 과금됩니다. 본 세션에서는 쿠버네티스 내에서 같은 서비스를 하는 포드의 경우 동일 AZ에서 통신을 하도록 로컬리티 설정을 통해 비용 절감한 사례를 소개합니다.
Amazon EKS 환경에서 오토스케일링을 위해 Karpenter를 쓰는 경우, 노드 그룹이 죽거나 DB 연결에 문제가 생기는 등 장애 상황을 미리 검증하기 어렵습니다. 본 세션에서는 카오스 엔지니어링에 사용되는 AWS Fault Injection을 활용하여 EKS 장애 검증 사례를 소개합니다.
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...Amazon Web Services Korea
AWS re:Invent에서 소개된 개발에서 운영까지 이어지는 파이프라인 전체에 대한 최신 기술을 통해, 사일로를 분리하고 협업을 향상하는 방법을 소개합니다. 거버넌스 제어를 위한 AWS Control Tower, 코드 수준에서의 위험성 사전 탐지를 위한 Amazon CodeGuru Reviewer, 더 빠르고 풍부한 기능의 앱 제작을 위한 AWS Amplify Studio, IaC를 위한 AWS Cloud Development Kit, 그리고 운영 효율성을 향상 시키는 Amazon CloudWatch의 신규 기능을 알아봅니다.
발표영상 다시보기: https://youtu.be/ACBblaLv868
클라우드 환경에는 다양한 보안 위협이 존재합니다. 사용자의 설정 오류에서부터 외부 공격자의 악의적인 접근 시도 및 공격 행위까지 다양한 공격 유형과 위협들이 존재하는데요, AWS 에서는 이와 같은 보안 위협을 탐지하고 사냥하는데 도움을 드리는 서비스들을 제공하고 있습니다. Amazon GuardDuty 와 Amazon Detective 를 통합한 SecurityHub 를 이용해서 클라우드 환경에서의 보안 위협에 대한 탐지 및 대응 방안을 소개합니다.
보안 사고 예방을 위한 주요 AWS 모범 사례 – 신은수, AWS 보안 담당 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집Amazon Web Services Korea
* 발표 동영상: https://youtu.be/KGibV5yV9U8
AWS 사용 환경에서 발생할 수 있는 다양한 보안 사고의 원인 중 상위 5개 (부적절한 보안 그룹 설정, 부적절한 자격증명 관리, 패치미적용, S3 버킷 퍼블릭 공개, DDoS 에 취약한 아키텍처)의 보안 위협에 대해 설명하고 각 보안 위협을 해소할 수 있는 AWS 모범 사례에 대해 설명합니다.
AWS provides several security capabilities and services to increase privacy and control infrastructure access. Built-in firewalls allow you to create private networks within AWS, and also control network access to your instances and subnets. Identity and access management capabilities enable you to define individual user accounts with permissions across AWS resources. AWS also provides tools and features that enable you to see exactly what’s happening in your AWS environment. In this session, you will gain an understanding of preventive and detective controls at the infrastructure level on AWS. We will cover Identity and Access Management as well as the security aspects of Amazon EC2, Virtual Private Cloud (VPC), Elastic Load Balancing (ELB), and CloudTrail.
This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources.
악성코드는 끊임없이 지능화되어 가며 사용자들의 데이터를 노리고 있는데, 우리는 이러한 공격으로부터 안전할까요? 나는 아니겠지 하는 한순간의 방심으로 우리 회사의 데이터가 공격자로부터의 인질이 될 수 있습니다. AWS 인프라 환경에서 랜섬웨어로부터 보호하기 위한 방법은 무엇인지 살펴보며, 안전하게 구축하기 위한 전략을 함께 찾아봅니다. 완벽한 보안은 항상 어려운 일이지만, 이 몇 단계의 기본을 지키는 준비만으로도 여러분의 AWS 보안은 달라질 것입니다.
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
Learn about best practices on how to secure your AWS environment with AWS Identity and Access Management (IAM). We will discuss how you best create access policies; manage security credentials (i.e., access keys, password, multi factor authentication (MFA) devices etc); how to set up least privilege; minimizing the use of your root account etc.
Big Data Meets AI - Driving Insights and Adding Intelligence to Your SolutionsAmazon Web Services
Over 90% of today’s data has been generated in the last two years, and growth rates continue to climb. In this session, we’ll step through challenges and best practices with data capturing, how to derive meaningful insights to help predict the future, and common pitfalls in data analysis.
Come discover how integrated solutions involving Amazon S3, AWS Glue, Amazon Redshift, Amazon Athena, Amazon EMR, Amazon Kinesis, and Amazon Machine Learning, and Deep Learning on AWS result in effective data systems for data scientists and business users, alike.
Ben Snively, Principal Solutions Architect, AWS; Kate Werling, Solutions Architect, AWS
A decade ago, relational databases were used for nearly every use case. Today, new technologies are enabling a revolution in databases, creating new options for document, key: value, in-memory, search, and graph capabilities that do not use relational tables. We’ll discuss this revolution in database options and who is using them.
Level: 200
Speaker: Samir Karande - Sr. Manager, Solutions Architecture, AWS
Database Week at the San Francicso Loft
Non-Relational Revolution
A decade ago, relational databases were used for nearly every use case. Today, new technologies are enabling a revolution in databases, creating new options for document, key: value, in-memory, search, and graph capabilities that do not use relational tables. We’ll discuss this revolution in database options and who is using them.
Level: 200
Speakers:
Smitty Weygant - Solutions Architect, AWS
Karan Desai - Solutions Architect, AWS
Identity and access control for custom enterprise applications - SDD412 - AWS...Amazon Web Services
This session by the AWS Security Jam team looks at some Amazon Cognito patterns used by the Jam Platform. The team shares their experience building SSO-enabled internal apps with fine-grained role-based access control using an identity provider based on Security Assertion Markup Language (SAML) 2.0.
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftAmazon Web Services
Identity Round Robin Workshop - Serverless Round: Security Week at the San Francisco Loft
Start the day off by learning how to properly configure identity and access controls for a serverless application built with Amazon S3, Amazon CloudFront, and Amazon Cognito. With a combination of talking and hands-on exercises we will be diving into AWS IAM policy types to better understand the differences and learn how the policy evaluation logic works. We will also be diving into how you can use Cognito User Pools for user management within your serverless applications.
Level: 300
Speaker: Jesse Fuchs - Sr. Solutions Architect, AWS
The first step towards knowing your customer is to collect and extract insights and actionable information from your data. Learn how AWS enables you to cost efficiently store any amount of data and build an agile approach to data mining and visualization - helping you to make efficient business decisions and targeted offerings.
AWS Webinar Series - Build web-based and native mobile applications on AWS Amazon Web Services
Building mobile apps on iOS or Android with React Native? The open-source AWS Amplify tool helps developers quickly add authentication, API’s, storage, cacheing, and analytics to apps using a declarative programming style. In this session we will cover how to build a mobile app for iOS and Android using AWS MobileHub, AWS Amplify, and React Native. You'll also see some framework specific techniques such as leveraging Higher Order Components (HOCs) in a React or React Native application as well as best practices and utilities from AWS MobileHub
We'll take a look at the fast, cloud-powered business analytics service that makes it easy to build visualizations, perform ad-hoc analysis, and quickly get business insights from your data. We'll show how you can use Amazon QuickSight to easily connect to your data, perform advanced analysis, and create stunning visualizations and rich dashboards that can be accessed from any browser or mobile device.
Speakers:
Natalie Rabinovich- Solutions Architect, AWS
Charles Hammell - Principal Enterprise Architect, AWS
We'll take a look at the fast, cloud-powered business analytics service that makes it easy to build visualizations, perform ad-hoc analysis, and quickly get business insights from your data. We'll show how you can use Amazon QuickSight to easily connect to your data, perform advanced analysis, and create stunning visualizations and rich dashboards that can be accessed from any browser or mobile device.
Level: Intermediate
Speakers:
Jay Formosa - Solutions Architect, AWS
Aser Moustafa - Data Warehouse Specialist Solutions Architect, AWS
Saunak Chandra - Partner Solutions Architect, Redshift Specialist, AWS
Do you want to ramp up your knowledge of AWS analytics services and launch your first big data application on the cloud? In this session, we walk you through simplifying big data processing as a data bus comprising of ingestion, storage, processing, and visualization. You build a big data application using AWS managed services, including Amazon Athena, Amazon Kinesis, Amazon EMR, AWS Glue, Amazon Redshift, Amazon QuickSight, and Amazon S3. Along the way, we review architecture design patterns for big data applications and give you access to a take-home lab so you can rebuild and customize the application yourself. To get the most from this session, bring your own laptop and have some familiarity with AWS services.
AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...Amazon Web Services
Gaining key real-time insights is a key differentiator in retail decision making. Traditional or legacy retail processes are often batch-based or delayed in data processing systems that offer post insights to events. Placing a best practice messaging substrate into stores and other environments can provide an over-the-top real-time channel for insights into multiple use cases. Similarly, actions can be pushed in real-time back to the store to action responses to those insights gained. In this session, we demonstrate how AWS Greengrass and AWS IoT services continue gathering data from devices in a store, such as point of sales for analysis, even when connectivity to the cloud is not constant. We dive into how you can leverage Lambda functions on local AWS Greengrass devices to stream in-store events in real time to a data lake in Amazon S3. This data can then be used to derive business insights to drive appropriate action.
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Amazon Web Services
Serverless architecture and a microservices approach has changed the way we develop applications. Increased composability doesn't have to mean decreased auditability or security. In this talk, we discuss the security model for applications based on AWS Lambda functions and Amazon API Gateway. Learn about the security and compliance that comes with Lambda right out of the box and with no extra charge or management. We also cover services like AWS Config, AWS Identity and Access Management (IAM), Amazon Cognito, and AWS Secrets Manager available on the platform to help manage application security.
by Androski Spicer, Solutions Architect AWS
AWS Data & Analytics Week is an opportunity to learn about Amazon’s family of managed analytics services. These services provide easy, scalable, reliable, and cost-effective ways to manage your data in the cloud. We explain the fundamentals and take a technical deep dive into Amazon Redshift data warehouse; Data Lake services including Amazon EMR, Amazon Athena, & Amazon Redshift Spectrum; Log Analytics with Amazon Elasticsearch Service; and data preparation and placement services with AWS Glue and Amazon Kinesis. You'll will learn how to get started, how to support applications, and how to scale.
Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...Amazon Web Services
Learning Objectives:
- Learn patterns for building APIs for various backend technologies
- Learn how to secure your APIs
- Learn how to handle updates, versioning, and environments using Amazon API Gateway
Breaking the Ice: Transform Cold Archival Data into Fresh Insights (STG355) -...Amazon Web Services
Broadridge Financial has a long history of providing solutions for regulatory archival content on behalf of its clients. Many archival solutions rely on legacy technology, requiring regular refresh and overhaul. With the advent of cloud technology, Broadridge has re-imagined archival systems as intelligent information management solutions. Broadridge's solution uses a wide array of AWS services, such as Amazon Glacier, Amazon S3, AWS Lambda, Amazon EC2, Amazon Aurora, Amazon EBS, AWS CloudTrail, Amazon SQS, AWS Direct Connect, Amazon Lex, and Amazon API Gateway. In this session, we explore the architecture behind Broadridge's solution. Attendees gain an understanding of how archival content can become a valuable repository of information that drives client services, data analytics, and business growth.
Enabling Governance, Compliance, Operational, and Risk Auditing with AWS Mana...Amazon Web Services
In this session, you’ll learn how to enable governance compliance and undertake operational and risk auditing of your AWS account through a combination of continuous monitoring auditing and evaluation of your AWS resources. With AWS management tools you can see a history of AWS API calls for your account, review changes in configurations and relationships among AWS resources, and dive into detailed resource configuration histories. You can determine your overall compliance with the configurations specified in your internal guidelines and you can give developers and systems administrators a secure and compliant means to create and manage AWS resources.
Serverless architectures let you build and deploy applications and services with infrastructure resources that require zero administration. In the past you had to provision and scale servers to run your application code install and operate distributed databases and build and run custom software to handle API requests. Now AWS provides a stack of scalable fully-managed services that eliminates these operational complexities. In this session you will learn about the the basics of serverless and especially how your business can benefit from it.
Similar to AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with Amazon Cognito & Amazon Cloud Directory (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.