AWS Control Tower is a new AWS service for cloud administrators to set up and govern their secure, compliant, multi-account environments on AWS.
In this session, University of York will discuss their implementation of AWS Landing Zone. We’ll also explain how AWS Control Tower automates AWS Landing Zone creation with best-practice blueprints.
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we cover considerations, limitations, and security patterns when building a multi-account strategy. We explore topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. We conclude by presenting an enterprise-ready landing-zone framework and providing the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
Building a well-engaged and secure AWS account access management - FND207-R ...Amazon Web Services
Building a well-managed and secure AWS account access management for enterprise customers and AWS partners is essential for managing a large number of AWS accounts. In this session, we review new features, best practices, and the risks involved when architecting organizational units. We also cover how to build dynamic access structures.
In this session, AWS will present an overview of the AWS Landing Zone – an automated solution for setting up a robust and flexible AWS environment. Customers can expect to learn how AWS works with customers to accelerate their journey to AWS confidently and securely and how the AWS Landing Zone can be customized to meet each organization’s specific needs.
Presenter: Sadegh Nadimi, Senior Consultant, Global Migrations, AWS
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we cover considerations, limitations, and security patterns when building a multi-account strategy. We explore topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. We conclude by presenting an enterprise-ready landing-zone framework and providing the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
Building a well-engaged and secure AWS account access management - FND207-R ...Amazon Web Services
Building a well-managed and secure AWS account access management for enterprise customers and AWS partners is essential for managing a large number of AWS accounts. In this session, we review new features, best practices, and the risks involved when architecting organizational units. We also cover how to build dynamic access structures.
In this session, AWS will present an overview of the AWS Landing Zone – an automated solution for setting up a robust and flexible AWS environment. Customers can expect to learn how AWS works with customers to accelerate their journey to AWS confidently and securely and how the AWS Landing Zone can be customized to meet each organization’s specific needs.
Presenter: Sadegh Nadimi, Senior Consultant, Global Migrations, AWS
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. Enabled with a few clicks in the AWS Management Console, Amazon GuardDuty can immediately begin analyzing billions of events across your AWS accounts for signs of risk. It does not require you to deploy and maintain software or security infrastructure, meaning it can be enabled quickly with no risk of negatively impacting existing application workloads.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
by Omar Lari, Partner Solutions Architect, AWS
Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a new managed service for running Kubernetes on AWS. This session will provide an overview of Amazon EKS, why we built it, and how it works.
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
As you continue to grow your footprint on AWS, centralized tools and features are required to help govern multiple AWS accounts for account management, security and access control, and resource sharing. This session discusses how you can use AWS Organizations to manage and govern multi-account environments on AWS with security and compliance in mind. This session covers AWS Organizations, IAM, AWS Config, AWS Firewall Manager, CloudTrail, CloudWatch Events, Directory Service, License Manager, Resource Access Manager, and Single Sign-On.
AWS Fargate is a technology for Amazon ECS and EKS* that allows you to run containers without having to manage servers or clusters. Join us to learn more about how Fargate works, why we built it, and how you can get started using it to run containers today.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Organizations offers policy-based management for multiple AWS Accounts. Learn how Organizations helps you more easily manage policies for groups of accounts and automate account creation.
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
One of the first questions that customers ask during their cloud journeys is how to establish and build AWS environments or landing zones. In this session, we discuss best practices for establishing a scalable approach and necessary landing zone framework. We present an overview of the approach and solutions to help you implement a landing zone. We also introduce the AWS Landing Zone, which is an automated solution for setting up a robust, flexible AWS environment, and we discuss how it reduces the time needed to get started. Finally, we provide a high level overview of AWS Control Tower and how it fits into the overall approach.
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
Dean Samuels, Head of Solutions Architecture, Hong Kong & Taiwan, AWS
When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
You may already know that you can use Amazon CloudWatch to view graphs of your AWS resources like Amazon Elastic Compute Cloud instances or Amazon Simple Storage Service. But, did you know that you can monitor your on-premises servers with Amazon CloudWatch Logs? Or, that you can integrate CloudWatch Logs with Elasticsearch for powerful visualization and analysis? This session will offer a tour of the latest monitoring and automation capabilities that we’ve added, how you can get even more done with Amazon CloudWatch.
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
In this workshop, we present best practices for establishing an AWS Landing Zone. We provide a demonstration of the automated AWS Landing Zone solution, and we show you how it builds a multi-account architecture that is enterprise-ready for application deployment and compliant with common operations, security, and procurement processes. You have the opportunity to modify the code for custom deployments. Leave the workshop with an understanding of the mechanism to update the AWS Landing Zone using a CI/CD pipeline, how to create new AWS accounts using the built-in account vending machine, and how the AWS Landing Zone solution components integrate to provide a secure, scalable starting environment for your cloud journey. We encourage you to attend the full AWS Landing Zone track. Search for #awslandingzone in the session catalog.
Security and governance with AWS Control Tower and AWS Organizations - SEC204...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, learn about the considerations, limitations, and security patterns of building a multi-account strategy. Get insight into topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. Finally, see an enterprise-ready landing zone framework and the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
Opinionated implementation of AWS Landing Zone - Best practices for automating AWS multi-account environment in your organization based on my past experience.
Is anyone interested in live webinar ?
Please write down in comments.
PS. I still have to add few more slides.
#hybridcloud #aws #cloud #devops #automation #cloudcomputing #vmware #kubernetes #teambuilding #bestpractices #cloudsecurity #automating #terraform #cloudformation #cloudnative
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- Learn about the AWS best practice recommendations for setting up your environment
- Learn how the automated AWS Landing Zone solution can set up a baseline environment in just a few hours
- Learn how you can extend the AWS Landing Zone to meet your organization's requirements
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
The AWS Landing Zone solution provides a consolidated collection of AWS best practices, prescriptive guidance, and templates for automatically configuring and securing AWS multi-accounts, networks, and core services. In this workshop, you will learn the Landing Zone solution design. With your laptop, you will go through demonstrations of AWS Landing Zone deployment, automated new account creation using the built-in account vending machine, and Landing Zone customization for additional services. You will leave the workshop with an understanding of the AWS Landing Zone solution mechanisms, CI/CD deployment pipeline, and Landing Zone extension methods. This workshop is intended for architects, IT administrators, and engineers of consulting and technology partners as well as customers who will design, deploy, extend, or operate AWS Landing Zones. We encourage you to attend the full AWS Landing Zone track including SEC303; search for #awslandingzone in the session catalog.
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. Enabled with a few clicks in the AWS Management Console, Amazon GuardDuty can immediately begin analyzing billions of events across your AWS accounts for signs of risk. It does not require you to deploy and maintain software or security infrastructure, meaning it can be enabled quickly with no risk of negatively impacting existing application workloads.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
by Omar Lari, Partner Solutions Architect, AWS
Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a new managed service for running Kubernetes on AWS. This session will provide an overview of Amazon EKS, why we built it, and how it works.
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
As you continue to grow your footprint on AWS, centralized tools and features are required to help govern multiple AWS accounts for account management, security and access control, and resource sharing. This session discusses how you can use AWS Organizations to manage and govern multi-account environments on AWS with security and compliance in mind. This session covers AWS Organizations, IAM, AWS Config, AWS Firewall Manager, CloudTrail, CloudWatch Events, Directory Service, License Manager, Resource Access Manager, and Single Sign-On.
AWS Fargate is a technology for Amazon ECS and EKS* that allows you to run containers without having to manage servers or clusters. Join us to learn more about how Fargate works, why we built it, and how you can get started using it to run containers today.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Organizations offers policy-based management for multiple AWS Accounts. Learn how Organizations helps you more easily manage policies for groups of accounts and automate account creation.
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
One of the first questions that customers ask during their cloud journeys is how to establish and build AWS environments or landing zones. In this session, we discuss best practices for establishing a scalable approach and necessary landing zone framework. We present an overview of the approach and solutions to help you implement a landing zone. We also introduce the AWS Landing Zone, which is an automated solution for setting up a robust, flexible AWS environment, and we discuss how it reduces the time needed to get started. Finally, we provide a high level overview of AWS Control Tower and how it fits into the overall approach.
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
Dean Samuels, Head of Solutions Architecture, Hong Kong & Taiwan, AWS
When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
You may already know that you can use Amazon CloudWatch to view graphs of your AWS resources like Amazon Elastic Compute Cloud instances or Amazon Simple Storage Service. But, did you know that you can monitor your on-premises servers with Amazon CloudWatch Logs? Or, that you can integrate CloudWatch Logs with Elasticsearch for powerful visualization and analysis? This session will offer a tour of the latest monitoring and automation capabilities that we’ve added, how you can get even more done with Amazon CloudWatch.
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
In this workshop, we present best practices for establishing an AWS Landing Zone. We provide a demonstration of the automated AWS Landing Zone solution, and we show you how it builds a multi-account architecture that is enterprise-ready for application deployment and compliant with common operations, security, and procurement processes. You have the opportunity to modify the code for custom deployments. Leave the workshop with an understanding of the mechanism to update the AWS Landing Zone using a CI/CD pipeline, how to create new AWS accounts using the built-in account vending machine, and how the AWS Landing Zone solution components integrate to provide a secure, scalable starting environment for your cloud journey. We encourage you to attend the full AWS Landing Zone track. Search for #awslandingzone in the session catalog.
Security and governance with AWS Control Tower and AWS Organizations - SEC204...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, learn about the considerations, limitations, and security patterns of building a multi-account strategy. Get insight into topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. Finally, see an enterprise-ready landing zone framework and the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
Opinionated implementation of AWS Landing Zone - Best practices for automating AWS multi-account environment in your organization based on my past experience.
Is anyone interested in live webinar ?
Please write down in comments.
PS. I still have to add few more slides.
#hybridcloud #aws #cloud #devops #automation #cloudcomputing #vmware #kubernetes #teambuilding #bestpractices #cloudsecurity #automating #terraform #cloudformation #cloudnative
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- Learn about the AWS best practice recommendations for setting up your environment
- Learn how the automated AWS Landing Zone solution can set up a baseline environment in just a few hours
- Learn how you can extend the AWS Landing Zone to meet your organization's requirements
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
The AWS Landing Zone solution provides a consolidated collection of AWS best practices, prescriptive guidance, and templates for automatically configuring and securing AWS multi-accounts, networks, and core services. In this workshop, you will learn the Landing Zone solution design. With your laptop, you will go through demonstrations of AWS Landing Zone deployment, automated new account creation using the built-in account vending machine, and Landing Zone customization for additional services. You will leave the workshop with an understanding of the AWS Landing Zone solution mechanisms, CI/CD deployment pipeline, and Landing Zone extension methods. This workshop is intended for architects, IT administrators, and engineers of consulting and technology partners as well as customers who will design, deploy, extend, or operate AWS Landing Zones. We encourage you to attend the full AWS Landing Zone track including SEC303; search for #awslandingzone in the session catalog.
Cloud Governance and Provisioning Management using AWS Management Tools and S...Amazon Web Services
As customers migrate to the cloud, IT needs to maintain structured compliance and governance while providing developers with the flexibility to manage cloud resources at scale. AWS provides a set of management tools that enables you to programmatically provision, monitor, and automate the components of your cloud environment. In this session, learn how you can use these tools to maintain consistent controls without restricting development velocity.
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneAmazon Web Services
With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and explain features for account structuring, user configuration, provisioning, networking and operation automation. The Migration Landing Zone solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and AWS Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations.
Speaker: Koen Biggelaar, Senior Manager, Solutions Architecture, Amazon Web Services and Mahmoud ElZayet
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...Amazon Web Services
In this session, we provide an overview of AWS identity services within the context of a typical cloud journey. Learn about each service, the high-level capabilities they provide, and how the services fit and work together to provide you a robust identity foundation. Learn how to better advance your own journey with confidence and speed. Finally, we take a deeper look at several identity-based use cases where the cloud’s power and programmability are radically simplifying implementation and strengthening security.
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...Amazon Web Services
In this workshop, we present best practices for establishing an AWS Landing Zone. You will see a demonstration of the automated AWS Landing Zone solution and how it builds a multi-account architecture that is enterprise-ready for application deployment and compliant with common operations, security, and procurement processes, as well as experience how to modify the code for custom deployments. You will leave the workshop with an understanding of the mechanism to update the Landing Zone using a CI/CD pipeline, how to create new AWS accounts using the built-in account vending machine, and how the AWS Landing Zone solution components integrate to provide a secure, scalable starting environment for your cloud journey. We encourage you to attend the full AWS Landing Zone track. Search for #awslandingzone in the session catalog.
La sicurezza nel cloud, per AWS, è una priorità. I clienti che scelgono di utilizzare i servizi AWS traggono vantaggio da un'architettura di data center e di rete progettata per soddisfare i requisiti delle organizzazioni più esigenti a livello di sicurezza.Durante questa sessione vedremo quali sono gli strumenti che AWS mette a disposizione dei propri clienti per rendere le proprie applicazioni e i propri dati sicuri.
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summits
Speaker: Alejandra Artiguez, FSI Compliance Program Manager, APAC, AWS Customer Speaker: Clara Lee Hui Theng, Head Technology & Operations, RHB Bank Berhad (Singapore)
Security and Compliance is a shared responsibility between AWS and the customer. In this session we will examine the AWS Shared responsibility model, and AWS compliance programs customers can use to gain assurance of security controls in the cloud. We will dive-deep into a number of cloud native security services that customers can use to protect their critical systems when migrating to AWS. Finally we will review a next-generation approach to audit and continuous compliance leveraging automation to identify mis-configurations and perform automatic remediatation to protect your AWS workloads.
Discover how the Well-Architected Framework can help you build secure, resilient, and efficient infrastructures for your applications.
Gain the skills you need to evaluate the AWS platform and leave the day with knowledge on how to implement your AWS footprint and guidance on best practice design.
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...Amazon Web Services
In this session, we provide an overview of AWS identity services within the context of a typical cloud journey. We learn about each service, the high-level capabilities each provides, and how they all fit and work together to provide you with a robust identity foundation. We also learn how to better advance your own identity-services cloud journey with confidence and speed. Finally, we look more closely at several identity-based use cases where the power and programmability of the cloud is radically simplifying implementation and strengthening security.
Best practices for choosing identity solutions for applications + workloads -...Amazon Web Services
Identity requirements for consumer-facing applications differ significantly from those for workforce applications and cloud resources. Learn the best practices for choosing the right identity platform on AWS for your consumer-facing applications and for centrally managing access to all your business applications and AWS resources. Come learn about the proper use cases for implementing single sign-on (SSO) and Amazon Cognito, security best practices, and configuration guidance.
Iolaire Mckinnon, Senior Consultant, Security, Risk & Compliance, AWS
A Deep Dive into the best practice guidelines for securing your workloads in AWS cloud.
In order to ensure security best practices in your AWS accounts, you must establish a security baseline and then enforce it across all of these accounts. In this session, you will learn how to use AWS CloudFormation and AWS Organizations to execute security best practices (AWS CloudTrail, AWS Config, Flow Logs, S3 Access logs, etc...) in scenarios where you are managing many AWS accounts across an organization. You will see how to leverage Service Catalog across multiple accounts. Learn how to store all of these logs in a centralized logging system such as Amazon ElasticSearch Service, set up alerts, and drift detection on anomalous or high-risk activity.
AWS identity services - Enabling & securing your cloud journey - SEC202 - San...Amazon Web Services
Throughout your journey to the AWS Cloud, you will encounter and rely on a number of AWS identity services. In this session, we provide an overview of AWS identity services within the context of a typical cloud journey. Learn about each service, the capabilities it provides, and how the services fit and work together to provide you with a robust foundation and enable you to advance your journey with confidence and speed. Finally, we take a deeper look at a number of identity-based use cases, where the power and programmability of the cloud is radically simplifying implementation and strengthening security.
Similar to Deploy and Govern at Scale with AWS Control Tower (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
39. Who we are…
• University of York
• Campus in North Yorkshire, United Kingdom
• Research intensive University
• Over 30 academic departments
• Over 18,000 students from 140+ countries
• Over 3,000 staff members
40. Key points to note
• BitBucket and BitBucket Pipelines are used to store & deploy code
• CloudFormation written in YAML for core infrastructure
• SAM (& CloudFormation) / CDK for application infrastructure
• Hybrid approach with some data still stored on campus servers*
* for now
42. Why this didn’t work for us…
• A single development account is a hindrance
• A desire to centralise our AWS offering within IT Services
• Creating new accounts didn’t scale well
• Blast radius was too wide
43. Landing Zone Benefits
• Quick and easy way to create multiple accounts
• Achieve a desired state for each account upon provision
• Easy management of accounts through Organizational Units
• Configuration flexibility for ops teams
• Security and auditing baseline
45. Sandbox Infrastructure
• Allows a user access to their own isolated environment
• Promotes experimentation, adoption and upskill
• Fully automated provisioning process (<5 minutes)
• Prevents using other accounts for testing
• Centralised billing & cost monitoring
46. Authentication Infrastructure
• Shibboleth Single Sign-On
• Allows existing University credentials to be used
• Duo Multi-Factor Authentication (2FA)
• SAML based authentication
• Configured via Identity Providers under IAM
• Entirely automated provisioning as a baseline
48. Provisioning Infrastructure
• Service Catalog to create accounts
• Leverage extensive AWS APIs to streamline the process
• Call back to internal authentication APIs to make the account known
• Sends account welcome emails through Simple Email Service
49. • Account Type
• Region
• Username
• Shibboleth Authentication Stack
• VPC Type
• Workorder (for internal billing)
Provisioning Infrastructure
50. Campus Connectivity
• Uses the AWS Transit Gateway service
• Direct AWS VPN connectivity to a “shared services” account
• Allows us to share a single VPN Gateway to multiple accounts
• Reduces cost and allows easier traffic monitoring
51. • GuardRails to monitor compliance in the environment
• AWS Config
• Old pricing model was too costly with multiple accounts
• “Pay as you go” AWS Config pricing reduces costs
• Cloud Custodian
• Free, open source & uses AWS APIs
Compliance
52. Internal Tooling
• Serverless Ruby application
• Lambda, DynamoDB, ElastiCache, ACM, Cognito & ELB
• Background lambdas for task processing
• Not designed to replace AWS functionality, but assist
60. The future for York
• Continue innovating with serverless architecture
• Further expand our AWS offering within the University
• Lessen the hybrid restrictions we currently have
• Increase automation around accounts & deployments