In this workshop, learn how to detect common resource misconfigurations using AWS Security Hub; how to extend coverage by deploying additional sets of existing rules or your own custom AWS Config rules using our Rule Development Kit (written in Python); and how to automatically remediate compliance violations when they are detected. Python basic skills and a basic understanding of boto3 are required for the coding portion of this workshop.
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Amazon Web Services
Customers must regularly attest to the security and compliance of AWS services in order to confidently operate within the cloud. To support customers with this task, AWS provides a number of resources to define our 13 control domains, differentiate between customer and AWS responsibilities, and demonstrate the mapping of an organization’s attestation needs to an AWS audit framework. During this session, customers familiarize themselves with our compliance reports (e.g., FedRAMP, SOC, ISO, PCI, etc.), dive deep on AWS compliance tools, and discuss mechanisms for leveraging the knowledge of AWS security subject matter experts.
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Amazon Web Services
"In this workshop, cloud architects, Cloud Center of Excellence (CCOE) team members, and IT managers learn how to launch and operate governed cloud workloads on AWS by leveraging AWS management tools. They extend a sample catalog containing Amazon EC2, Amazon S3, and so on, and enable catalog users to only manage the resources they create. They then perform the IT service management process integration using ServiceNow as an example solution.
Architecting security and governance through policy guardrails in Amazon EKS ...Amazon Web Services
Amazon EKS makes it easy to run Kubernetes on AWS without managing master nodes or etcd operators. Kubernetes offers a powerful abstraction layer for managing containerized infrastructure, which presents unique challenges to AWS media customers. In this session, we share lessons from Synamedia, and we discuss its reasons for moving to EKS and the security and governance implications for migrating workloads. Learn about the approach and benefits for establishing security and governance with Open Policy Agent (OPA), which uses Kubernetes validating and mutating admission controllers to establish policy guardrails for container registries, input, load balancers, and other objects within EKS.
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Amazon Web Services
The new Nitro architecture is fundamental to the Amazon EC2 virtual machine service. With Nitro, each host in the core compute platform is built with trusted computers that simulate the outside world and surround an untrusted CPU and memory computer that runs workloads. Those trusted Nitro computers appear to the customer workload computer as I/O devices that are accessible across the PCIe bus. Most of the traditional virtualization work is done via hardware emulation. The Nitro computers carefully control the workload computer access, providing a layer of protection. Learn about the security properties of this powerful architecture, which significantly increase cloud reliability and performance.
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Amazon Web Services
Customers trust AWS with mission-critical workloads because AWS is designed and built to deliver the most flexible, reliable, scalable, and secure cloud computing environment available today. AWS works to earn that trust by offering transparency, demonstrating consistency, and providing best practices to keep themselves secure. As customers adopt AWS, they traverse several trust-building milestones with due-diligence activities, such as assurance report and AWS Well-Architected Tool reviews and deep dives with AWS subject matter experts. This session addresses these milestones at common AWS adoption stages with examples, questions that customers often ask, and suggestions for how to get started.
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Amazon Web Services
Amazon Elastic Container Service for Kubernetes (Amazon EKS) is an AWS service offering a managed Kubernetes control plane for customers to orchestrate their containerized applications on Amazon EC2. In this chalk talk, Micah Hausler, AWS system development engineer, explains how customers can ensure the integrity and auditability of their applications on Amazon EKS. He demonstrates the exploitation of a misconfigured web application container, and he conducts a forensic analysis of what happened in the system.
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Amazon Web Services
For regulated data types, such as personally identifiable information, customers often ask the same questions. This session addresses questions on topics that range from deletion of data to third-party assurance reports, and it connects you with the corresponding risk discussions and the applicable AWS technology or supporting language from AWS documentation. Learn how to speed up your risk assessment by equipping yourself with facts and knowledge that will help you make informed decisions about your AWS journey.
Capital One case study: Addressing compliance and security within AWS - FND21...Amazon Web Services
Capital One is a leading global financial institution that has reimagined banking. Attend this session to learn how the company is governing and securing mission-critical infrastructure, its AWS environment, and its users and customers by building an integrated identity governance program that secures the organization and enables its workforce. Capital One shares its successes and lessons learned while building its identity strategy, and it covers what the company recommends that you consider when building or expanding your identity program. Learn how Capital One secures the wallet that it refers to when asking, “What’s in your wallet?”
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Amazon Web Services
Customers must regularly attest to the security and compliance of AWS services in order to confidently operate within the cloud. To support customers with this task, AWS provides a number of resources to define our 13 control domains, differentiate between customer and AWS responsibilities, and demonstrate the mapping of an organization’s attestation needs to an AWS audit framework. During this session, customers familiarize themselves with our compliance reports (e.g., FedRAMP, SOC, ISO, PCI, etc.), dive deep on AWS compliance tools, and discuss mechanisms for leveraging the knowledge of AWS security subject matter experts.
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Amazon Web Services
"In this workshop, cloud architects, Cloud Center of Excellence (CCOE) team members, and IT managers learn how to launch and operate governed cloud workloads on AWS by leveraging AWS management tools. They extend a sample catalog containing Amazon EC2, Amazon S3, and so on, and enable catalog users to only manage the resources they create. They then perform the IT service management process integration using ServiceNow as an example solution.
Architecting security and governance through policy guardrails in Amazon EKS ...Amazon Web Services
Amazon EKS makes it easy to run Kubernetes on AWS without managing master nodes or etcd operators. Kubernetes offers a powerful abstraction layer for managing containerized infrastructure, which presents unique challenges to AWS media customers. In this session, we share lessons from Synamedia, and we discuss its reasons for moving to EKS and the security and governance implications for migrating workloads. Learn about the approach and benefits for establishing security and governance with Open Policy Agent (OPA), which uses Kubernetes validating and mutating admission controllers to establish policy guardrails for container registries, input, load balancers, and other objects within EKS.
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Amazon Web Services
The new Nitro architecture is fundamental to the Amazon EC2 virtual machine service. With Nitro, each host in the core compute platform is built with trusted computers that simulate the outside world and surround an untrusted CPU and memory computer that runs workloads. Those trusted Nitro computers appear to the customer workload computer as I/O devices that are accessible across the PCIe bus. Most of the traditional virtualization work is done via hardware emulation. The Nitro computers carefully control the workload computer access, providing a layer of protection. Learn about the security properties of this powerful architecture, which significantly increase cloud reliability and performance.
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Amazon Web Services
Customers trust AWS with mission-critical workloads because AWS is designed and built to deliver the most flexible, reliable, scalable, and secure cloud computing environment available today. AWS works to earn that trust by offering transparency, demonstrating consistency, and providing best practices to keep themselves secure. As customers adopt AWS, they traverse several trust-building milestones with due-diligence activities, such as assurance report and AWS Well-Architected Tool reviews and deep dives with AWS subject matter experts. This session addresses these milestones at common AWS adoption stages with examples, questions that customers often ask, and suggestions for how to get started.
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Amazon Web Services
Amazon Elastic Container Service for Kubernetes (Amazon EKS) is an AWS service offering a managed Kubernetes control plane for customers to orchestrate their containerized applications on Amazon EC2. In this chalk talk, Micah Hausler, AWS system development engineer, explains how customers can ensure the integrity and auditability of their applications on Amazon EKS. He demonstrates the exploitation of a misconfigured web application container, and he conducts a forensic analysis of what happened in the system.
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Amazon Web Services
For regulated data types, such as personally identifiable information, customers often ask the same questions. This session addresses questions on topics that range from deletion of data to third-party assurance reports, and it connects you with the corresponding risk discussions and the applicable AWS technology or supporting language from AWS documentation. Learn how to speed up your risk assessment by equipping yourself with facts and knowledge that will help you make informed decisions about your AWS journey.
Capital One case study: Addressing compliance and security within AWS - FND21...Amazon Web Services
Capital One is a leading global financial institution that has reimagined banking. Attend this session to learn how the company is governing and securing mission-critical infrastructure, its AWS environment, and its users and customers by building an integrated identity governance program that secures the organization and enables its workforce. Capital One shares its successes and lessons learned while building its identity strategy, and it covers what the company recommends that you consider when building or expanding your identity program. Learn how Capital One secures the wallet that it refers to when asking, “What’s in your wallet?”
Don’t be a haven for attackers: Mitigate misconfigurations with AWS Service C...Amazon Web Services
Security is a growing concern. Misconfigurations and inconsistent deployments provide opportunities for attackers to find vulnerabilities. This underscores the need to enforce policies as more and more production workloads move to the cloud. In this session, we focus on how customers are using Service Catalog as a layered defense-in-depth mechanism to mitigate misconfigurations and variability in workload deployments. In addition, we discuss how Control Tower provides guardrails for policy enforcement. These help customers like World Bank enforce security and manage compliance.
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...Amazon Web Services
In this session, we walk you through a demo of how a security team can build dashboards in minutes without having to gain deep knowledge on analytics. The AWS serverless services we use include AWS WAF logs, AWS Glue, Amazon Athena, and Amazon QuickSight.
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Amazon Web Services
Slack stores lots of customer data, and it’s essential that it’s protected. Some customers need tight control over their keys, so Slack worked with AWS KMS to enable customers to revoke data access independently. With Slack’s Enterprise Key Management (EKM) capability, customers control master keys that unlock access to their data from KMS accounts. Using precise, granular KMS access controls, customers allow or deny access to individual channels, workspaces, or Slack channels and audit keys in AWS CloudTrail logs. This session covers KMS and how Slack used KMS to build the EKM capability. Learn how KMS can help you give your customers control over their data.
Securing your block storage on AWS - GRC207 - AWS re:Inforce 2019 Amazon Web Services
Want to simplify the process of meeting compliance goals in a world of increasing data regulation? AWS customers run mission-critical workloads—SQL and NoSQL databases, business applications, data analytics, log analysis—on Amazon EC2, backed by Amazon EBS and EC2 instance storage. Securing data content and storage access is critical to maintaining uptime and meeting compliance needs. In this session, we discuss data security and review the security capabilities of Amazon EBS and EC2 instance storage. Learn how you can benefit from new Amazon EBS features such as encryption by default, launch of encrypted instances from unencrypted AMIs, and simplified sharing of encrypted AMIs.
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
In this presentation, FINRA discusses different aspects of its holistic security strategy. Topics covered include how to leverage AWS native security solutions, how to use logs that tie IP and identity together for network access, how to implement a software-defined perimeter model to augment network-layer security controls, and how FINRA sped up DevOps through a unified and frictionless access strategy.
Build security into CI/CD pipelines for effective security automation on AWS ...Amazon Web Services
Realizing DevSecOps and effectively implementing security into CI/CD pipelines on AWS remains a challenging proposition for most organizations today. In this session, we share the essential principles of achieving security automation in your CI/CD pipelines and across the build, deploy, and run phases of your applications. Finally, we conclude with a demonstration of security automation across all three phases of your applications that are deployed on AWS infrastructure, showing you how to bring security automation to your organization today.
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...Amazon Web Services
With Amazon EC2, Amazon EBS, Amazon S3, AWS KMS, and more, Intuit’s data platform was able meet the requirements of high availability and rapid infrastructure scaling for 100 percent of the tax year’s seasonal demands. In this session, Intuit answers questions such as: Which portions of a complex system can be forklifted directly? Which need to be reengineered? How can highly sensitive data be migrated and stored securely in AWS? Are operational best practices in AWS different than those on premises? Intuit shares its strategy for establishing sufficient confidence in your business partners and delivering 100 percent product uptime.
Architect proper segmentation for PCI DSS workloads on AWS - GRC306 - AWS re:...Amazon Web Services
In this session, we discuss how to successfully architect for proper segmentation involving PCI DSS workloads running on AWS. We show you how the segmentation strategies and controls are different from those designed in a traditional on-premises environment, keeping in mind the unique characteristic of the AWS platform.
Design for compliance: Practical patterns for meeting your IT compliance requ...Amazon Web Services
AWS offers a wide variety of services and features that help regulated firms meet IT governance requirements and operate in an agile manner. This session is a guided tour of emerging patterns and solutions that help address common IT governance concerns such as zero-trust architecture, immutable production, and controlled change management.
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Amazon Web Services
Security is a growing concern. Misconfigurations and inconsistent deployments provide opportunities for attackers to find vulnerabilities. This underscores the need to enforce policies as more and more production workloads move to the cloud.
In this session, discover how customers are using AWS Service Catalog as a layered defense and an in-depth mechanism to mitigate misconfigurations and variability in workload deployments. Additionally, learn how AWS Control Tower provides guardrails for policy enforcement to help customers like World Bank enforce security and manage compliance.
Speakers:
Kaushik Mohanty, Principal BD, Service Catalog and Control Tower, AWS
Durga Prasad, Manager, Solutions Architect, AWS
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Amazon Web Services
This workshop is designed to support customers who apply due diligence and discovery efforts around data privacy regulations and compliance frameworks. We provide an introductory overview of AWS and data privacy. We also discuss the AWS shared responsibility model and where data can live in AWS environments. Finally, we give an overview of the available AWS services and features that support data privacy compliance.
Auditing in the cloud is different from auditing in on-premises environments. In this workshop, we discuss those differences and share best practices for auditing in the cloud. We provide a cloud- and customer-agnostic foundation for cloud security auditing. In addition to covering necessary building blocks of cloud security, we cover cloud-specific considerations and guidelines that auditors should keep in mind when verifying security controls. Join us, and learn the cloud considerations for auditing from the experts.
Senior Principal Security Engineer Don "Beetle" Bailey and Corey Quinn from the highly acclaimed "Last Week in AWS" newsletter present best practices, features, and security updates you may have missed in the AWS Cloud. With more than 1,000 service updates per year being released, having expert distillation of what's relevant to your environment can accelerate your adoption of the cloud. As techniques for operationalizing cloud security, compliance, and identity remain a critical business need, this leadership session considers a strategic path forward for all levels of enterprises and users, from beginner to advanced.
Privacy, ethics, and engineering in emerging technology - SEP204 - AWS re:Inf...Amazon Web Services
In this session, both customer and AWS speakers discuss how organizations incorporate privacy protections into the design of their products and services (i.e., privacy by design). It also covers how they use privacy-enhancing technologies to protect their customers’ personal data. Learn about the impact that the regulatory environment and ethics considerations have on engineering and emerging technology development and adoption.
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
As you continually evolve your use of the AWS platform, it’s important to consider ways to improve your security posture and take advantage of new security services and features. In this advanced session, we share architectural patterns for meeting common challenges, service limits and tips, tricks, and ways to continually evaluate your architecture against best practices. Automation and tools are featured throughout, and there will be code giveaways! Be prepared for a technically deep session on AWS security.
AWS event engineering at scale - SEP329 - AWS re:Inforce 2019 Amazon Web Services
"Are you interested in how AWS provides network infrastructure and IT security at global events? In this session, learn about the network and security challenges encountered when running events for 2,000 to 60,000 attendees. We describe the architecture used to deliver high-quality connectivity, considerations for large-scale attendee Wi-Fi, integration with other AWS services using AWS Direct Connect, and examples of incidents and events that we’ve managed over the years. Join the AWS event engineering team to see what it takes to deploy a huge temporary network for one week, provide secure and reliable service, and then remove it, leaving no trace!
The evolution of automated reasoning technology at AWS - SEP201 - AWS re:Info...Amazon Web Services
The Automated Reasoning Group strengthened the foundations of AWS and provided customers with tools to verify their own security posture. In this session, we'll discuss the evolution of automated reasoning technology at AWS and how it works in the services in which it is embedded, including Amazon S3, AWS Config, and Amazon Macie. Attendees also learn what's ahead for automated reasoning at AWS and the customer problems it continues to solve in the security and broader cloud space.
AWS identity services - Enabling & securing your cloud journey - SEC202 - San...Amazon Web Services
Throughout your journey to the AWS Cloud, you will encounter and rely on a number of AWS identity services. In this session, we provide an overview of AWS identity services within the context of a typical cloud journey. Learn about each service, the capabilities it provides, and how the services fit and work together to provide you with a robust foundation and enable you to advance your journey with confidence and speed. Finally, we take a deeper look at a number of identity-based use cases, where the power and programmability of the cloud is radically simplifying implementation and strengthening security.
Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...Amazon Web Services
In this session, learn how AWS helps customers effectively manage and govern their infrastructure and resources, simplifying compliance and improving efficiency when completing operational tasks. Come hear Anik Mazumder, principal infrastructure architect at Intuit, speak about his company’s experience. We also share some of the latest innovation from AWS Config in this space, and we cover recent releases in AWS management and governance services.
Join us for this hands-on workshop where we walk through some real-world threat scenarios and show you the AWS services involved with threat detection and remediation. Learn about the threat detection capabilities of Amazon GuardDuty, Amazon Macie, AWS Config, and the available remediation options. For each hands-on scenario, we review methods to remediate the threat using the following services: AWS CloudFormation, Amazon S3, AWS CloudTrail, VPC Flow Logs, Amazon CloudWatch Events, Amazon SNS, Macie, DNS logs, AWS Lambda, AWS Config, Amazon Inspector, and of course, GuardDuty.
Set Up Compliance Automation Using AWS Management Tools (SEC317) - AWS re:Inv...Amazon Web Services
In this workshop, learn how to detect common resource misconfigurations using AWS Config, AWS CloudTrail and Amazon CloudWatch. Learn how to author custom AWS Config rules using our Rule Development Kit, and learn how to automatically remediate compliance violations when they are detected.
Don’t be a haven for attackers: Mitigate misconfigurations with AWS Service C...Amazon Web Services
Security is a growing concern. Misconfigurations and inconsistent deployments provide opportunities for attackers to find vulnerabilities. This underscores the need to enforce policies as more and more production workloads move to the cloud. In this session, we focus on how customers are using Service Catalog as a layered defense-in-depth mechanism to mitigate misconfigurations and variability in workload deployments. In addition, we discuss how Control Tower provides guardrails for policy enforcement. These help customers like World Bank enforce security and manage compliance.
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...Amazon Web Services
In this session, we walk you through a demo of how a security team can build dashboards in minutes without having to gain deep knowledge on analytics. The AWS serverless services we use include AWS WAF logs, AWS Glue, Amazon Athena, and Amazon QuickSight.
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Amazon Web Services
Slack stores lots of customer data, and it’s essential that it’s protected. Some customers need tight control over their keys, so Slack worked with AWS KMS to enable customers to revoke data access independently. With Slack’s Enterprise Key Management (EKM) capability, customers control master keys that unlock access to their data from KMS accounts. Using precise, granular KMS access controls, customers allow or deny access to individual channels, workspaces, or Slack channels and audit keys in AWS CloudTrail logs. This session covers KMS and how Slack used KMS to build the EKM capability. Learn how KMS can help you give your customers control over their data.
Securing your block storage on AWS - GRC207 - AWS re:Inforce 2019 Amazon Web Services
Want to simplify the process of meeting compliance goals in a world of increasing data regulation? AWS customers run mission-critical workloads—SQL and NoSQL databases, business applications, data analytics, log analysis—on Amazon EC2, backed by Amazon EBS and EC2 instance storage. Securing data content and storage access is critical to maintaining uptime and meeting compliance needs. In this session, we discuss data security and review the security capabilities of Amazon EBS and EC2 instance storage. Learn how you can benefit from new Amazon EBS features such as encryption by default, launch of encrypted instances from unencrypted AMIs, and simplified sharing of encrypted AMIs.
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
In this presentation, FINRA discusses different aspects of its holistic security strategy. Topics covered include how to leverage AWS native security solutions, how to use logs that tie IP and identity together for network access, how to implement a software-defined perimeter model to augment network-layer security controls, and how FINRA sped up DevOps through a unified and frictionless access strategy.
Build security into CI/CD pipelines for effective security automation on AWS ...Amazon Web Services
Realizing DevSecOps and effectively implementing security into CI/CD pipelines on AWS remains a challenging proposition for most organizations today. In this session, we share the essential principles of achieving security automation in your CI/CD pipelines and across the build, deploy, and run phases of your applications. Finally, we conclude with a demonstration of security automation across all three phases of your applications that are deployed on AWS infrastructure, showing you how to bring security automation to your organization today.
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...Amazon Web Services
With Amazon EC2, Amazon EBS, Amazon S3, AWS KMS, and more, Intuit’s data platform was able meet the requirements of high availability and rapid infrastructure scaling for 100 percent of the tax year’s seasonal demands. In this session, Intuit answers questions such as: Which portions of a complex system can be forklifted directly? Which need to be reengineered? How can highly sensitive data be migrated and stored securely in AWS? Are operational best practices in AWS different than those on premises? Intuit shares its strategy for establishing sufficient confidence in your business partners and delivering 100 percent product uptime.
Architect proper segmentation for PCI DSS workloads on AWS - GRC306 - AWS re:...Amazon Web Services
In this session, we discuss how to successfully architect for proper segmentation involving PCI DSS workloads running on AWS. We show you how the segmentation strategies and controls are different from those designed in a traditional on-premises environment, keeping in mind the unique characteristic of the AWS platform.
Design for compliance: Practical patterns for meeting your IT compliance requ...Amazon Web Services
AWS offers a wide variety of services and features that help regulated firms meet IT governance requirements and operate in an agile manner. This session is a guided tour of emerging patterns and solutions that help address common IT governance concerns such as zero-trust architecture, immutable production, and controlled change management.
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Amazon Web Services
Security is a growing concern. Misconfigurations and inconsistent deployments provide opportunities for attackers to find vulnerabilities. This underscores the need to enforce policies as more and more production workloads move to the cloud.
In this session, discover how customers are using AWS Service Catalog as a layered defense and an in-depth mechanism to mitigate misconfigurations and variability in workload deployments. Additionally, learn how AWS Control Tower provides guardrails for policy enforcement to help customers like World Bank enforce security and manage compliance.
Speakers:
Kaushik Mohanty, Principal BD, Service Catalog and Control Tower, AWS
Durga Prasad, Manager, Solutions Architect, AWS
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Amazon Web Services
This workshop is designed to support customers who apply due diligence and discovery efforts around data privacy regulations and compliance frameworks. We provide an introductory overview of AWS and data privacy. We also discuss the AWS shared responsibility model and where data can live in AWS environments. Finally, we give an overview of the available AWS services and features that support data privacy compliance.
Auditing in the cloud is different from auditing in on-premises environments. In this workshop, we discuss those differences and share best practices for auditing in the cloud. We provide a cloud- and customer-agnostic foundation for cloud security auditing. In addition to covering necessary building blocks of cloud security, we cover cloud-specific considerations and guidelines that auditors should keep in mind when verifying security controls. Join us, and learn the cloud considerations for auditing from the experts.
Senior Principal Security Engineer Don "Beetle" Bailey and Corey Quinn from the highly acclaimed "Last Week in AWS" newsletter present best practices, features, and security updates you may have missed in the AWS Cloud. With more than 1,000 service updates per year being released, having expert distillation of what's relevant to your environment can accelerate your adoption of the cloud. As techniques for operationalizing cloud security, compliance, and identity remain a critical business need, this leadership session considers a strategic path forward for all levels of enterprises and users, from beginner to advanced.
Privacy, ethics, and engineering in emerging technology - SEP204 - AWS re:Inf...Amazon Web Services
In this session, both customer and AWS speakers discuss how organizations incorporate privacy protections into the design of their products and services (i.e., privacy by design). It also covers how they use privacy-enhancing technologies to protect their customers’ personal data. Learn about the impact that the regulatory environment and ethics considerations have on engineering and emerging technology development and adoption.
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
As you continually evolve your use of the AWS platform, it’s important to consider ways to improve your security posture and take advantage of new security services and features. In this advanced session, we share architectural patterns for meeting common challenges, service limits and tips, tricks, and ways to continually evaluate your architecture against best practices. Automation and tools are featured throughout, and there will be code giveaways! Be prepared for a technically deep session on AWS security.
AWS event engineering at scale - SEP329 - AWS re:Inforce 2019 Amazon Web Services
"Are you interested in how AWS provides network infrastructure and IT security at global events? In this session, learn about the network and security challenges encountered when running events for 2,000 to 60,000 attendees. We describe the architecture used to deliver high-quality connectivity, considerations for large-scale attendee Wi-Fi, integration with other AWS services using AWS Direct Connect, and examples of incidents and events that we’ve managed over the years. Join the AWS event engineering team to see what it takes to deploy a huge temporary network for one week, provide secure and reliable service, and then remove it, leaving no trace!
The evolution of automated reasoning technology at AWS - SEP201 - AWS re:Info...Amazon Web Services
The Automated Reasoning Group strengthened the foundations of AWS and provided customers with tools to verify their own security posture. In this session, we'll discuss the evolution of automated reasoning technology at AWS and how it works in the services in which it is embedded, including Amazon S3, AWS Config, and Amazon Macie. Attendees also learn what's ahead for automated reasoning at AWS and the customer problems it continues to solve in the security and broader cloud space.
AWS identity services - Enabling & securing your cloud journey - SEC202 - San...Amazon Web Services
Throughout your journey to the AWS Cloud, you will encounter and rely on a number of AWS identity services. In this session, we provide an overview of AWS identity services within the context of a typical cloud journey. Learn about each service, the capabilities it provides, and how the services fit and work together to provide you with a robust foundation and enable you to advance your journey with confidence and speed. Finally, we take a deeper look at a number of identity-based use cases, where the power and programmability of the cloud is radically simplifying implementation and strengthening security.
Simplify compliance & improve operational efficiency with AWS - SVC302 - Sant...Amazon Web Services
In this session, learn how AWS helps customers effectively manage and govern their infrastructure and resources, simplifying compliance and improving efficiency when completing operational tasks. Come hear Anik Mazumder, principal infrastructure architect at Intuit, speak about his company’s experience. We also share some of the latest innovation from AWS Config in this space, and we cover recent releases in AWS management and governance services.
Join us for this hands-on workshop where we walk through some real-world threat scenarios and show you the AWS services involved with threat detection and remediation. Learn about the threat detection capabilities of Amazon GuardDuty, Amazon Macie, AWS Config, and the available remediation options. For each hands-on scenario, we review methods to remediate the threat using the following services: AWS CloudFormation, Amazon S3, AWS CloudTrail, VPC Flow Logs, Amazon CloudWatch Events, Amazon SNS, Macie, DNS logs, AWS Lambda, AWS Config, Amazon Inspector, and of course, GuardDuty.
Set Up Compliance Automation Using AWS Management Tools (SEC317) - AWS re:Inv...Amazon Web Services
In this workshop, learn how to detect common resource misconfigurations using AWS Config, AWS CloudTrail and Amazon CloudWatch. Learn how to author custom AWS Config rules using our Rule Development Kit, and learn how to automatically remediate compliance violations when they are detected.
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Amazon Web Services
As customers migrate to the cloud, IT needs to maintain structured compliance and governance while providing developers with the flexibility to manage cloud resources at scale. In this session, learn how AWS management tools provide a set of services to track changes to resources, audit actions, manage change, and gain insights. We also show how you can use built-in safety controls to automatically perform actions and remediation across multiple regions and accounts. This session is beneficial to IT and system administrators who are interested in using native AWS tools to operate secure and compliant infrastructure on AWS.
Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...Amazon Web Services
There are many ways to improve your security controls in AWS accounts. In this session, we'll cover how to leverage guidelines from the Center of Internet Security (CIS), how to augment security checks, and how to build and secure AWS resources with additional tools. Armed with the information in this session, you will be able to harden new AWS accounts and implement security best practices from Day One.
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...Amazon Web Services
Come learn how Elastic Beanstalk can help you go from code to running application in a matter of minutes, without the need to provision or manage any of the underlying Amazon Web Services (AWS) resources. Hear how Qualcomm is able to migrate application to AWS faster than before through Forge, an internally built application platform that leverages Elastic Beanstalk to simplify the development and deployment of applications to AWS with security and organizational best practices out of the box.
Adding elasticity to our applications in AWS
Introduction to AWS load balancer services
Introduction to autoscaling groups and launch configurations
Demo - Add autoscaling to our demo application
Next steps: Taking it to the next stage – Sara?
Serverless architecture with Lambda, API Gateway, DynamoDB & more
Wrap up - User Groups, Blogs & further training
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss best practices and approaches for managing your Microsoft Windows-based infrastructure on AWS. We describe the AWS services that can help you manage Windows servers at scale and realize the maximum benefit of the cloud. In addition, we show you how to build simple and effective solutions to manage logging, configuration drift, inventory, licensing, and more. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
In order to ensure security best practices in your AWS accounts, you must establish a security baseline and then enforce it across all of these accounts. In this session, you will learn how to use AWS CloudFormation and AWS Organizations to execute security best practices (AWS CloudTrail, AWS Config, Flow Logs, S3 Access logs, etc...) in scenarios where you are managing many AWS accounts across an organization. You will see how to leverage Service Catalog across multiple accounts. Learn how to store all of these logs in a centralized logging system such as Amazon ElasticSearch Service, set up alerts, and drift detection on anomalous or high-risk activity.
Learning Objectives:
- Learn about requirements for AWS Firewall Manager, like AWS Organizations
- Learn how to keep new Web applications in compliance across the org from day one
- Learn how Firewall Manager supports your custom WAF rules as well as Managed Rules for AWS WAF
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional data-center. However, customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session, we will review how to use automation, tools, and techniques to harden and audit your AWS account and also how to leverage AWS Organizations to ensure compliance in your enterprise.
How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...Amazon Web Services
AWS Systems Manager gives you visibility and control of your infrastructure on AWS. AWS Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. In this session you will learn how enterprises have embraced AWS Systems Manager to address many of the common operational challenges that have emerged on their journey to the cloud.
Introduction to AWS Cloud concepts and AWS core services for compute, storage, database, and networking. Public sector key features and use cases, best practices, and technical demos.
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Amazon Web Services
Whether you are part of a large organization moving your applications to the cloud, or a new application owner just getting started, you always need a baseline security for your web applications. In addition, large organizations with common security requirements frequently need to standardize their security posture across many applications. With compliance initiatives, such as PCI, OFAC, and GDPR, there is a need to effectively manage this posture with minimal error. In this session, learn how to use services like AWS WAF, AWS Shield, and AWS Firewall Manager to deploy and manage rules and protections uniformly across many accounts and resources. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...Amazon Web Services
In this session, we provide an overview of AWS identity services within the context of a typical cloud journey. Learn about each service, the high-level capabilities they provide, and how the services fit and work together to provide you a robust identity foundation. Learn how to better advance your own journey with confidence and speed. Finally, we take a deeper look at several identity-based use cases where the cloud’s power and programmability are radically simplifying implementation and strengthening security.
Similar to Compliance automation: Set it up fast, then code it your way - GRC330-R - AWS re:Inforce 2019 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.