This document discusses detective controls in AWS environments. It provides an overview of the Cloud Adoption Framework (CAF) and its security perspective. It then discusses why detective controls are important for gaining visibility into activity. It describes what types of activities are important to detect, including billing, API, resource changes, application activity, and network activity. It outlines several AWS services that can be used to implement detective controls, aggregate audit trails, and enforce policies, including AWS CloudTrail, AWS Config, VPC flow logs, CloudWatch Logs, and CloudWatch Events. It also discusses analyzing and alerting on audit data.
Infrastructure Security: Your Minimum Security Baseline.pdfAmazon Web Services
The document discusses security best practices for adopting AWS services based on the Cloud Adoption Framework (CAF). It covers network security tools like VPCs, security groups, and ACLs. It also discusses data security for Amazon S3 and RDS, including access controls, encryption, and cross-region replication. The document recommends using detective controls and layers of access control. It also discusses vulnerability management and compliance.
The document discusses establishing full stack security when using AWS services. It covers turning security into a shared responsibility between AWS and customers by establishing platform, network, operating system, and data protection security. Some key points include setting up identity and access management (IAM) and enabling detective controls like CloudTrail and CloudWatch. It also discusses establishing network security using VPC, security groups, and flow logs and operating system security using EC2 Systems Manager tools. The goal is to provide security from the ground up and give customers fine-grained control over their infrastructure.
This document discusses IAM access control policies for AWS resources. It begins with goals of understanding how to secure AWS resources using policies and learning tips for common policy tasks. The presentation then dives into details of the policy language, including the anatomy of a statement with the principal, action, resource, and condition elements. It provides examples of specifying principals, actions, resources, and conditions. It also covers policy variables and managing policies through the IAM console. The presentation concludes with demonstrations of EC2 and Lambda policies.
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)Amazon Web Services
The document discusses security perspectives of the Cloud Adoption Framework (CAF). It describes how the CAF's Security Perspective provides guidance for comprehensive and rigorous security and compliance processes. It then outlines several AWS security services and features including identity and access management, detective controls, infrastructure security, data protection, and incident response capabilities like AWS CloudWatch Events and Lambda.
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...Amazon Web Services
This document discusses options for protecting data with encryption in AWS. It covers transport security using TLS, data encryption at rest using server-side encryption with AWS KMS or customer-provided keys, client-side encryption, and the AWS Certificate Manager and AWS Key Management Service. It provides details on how various AWS services integrate with KMS for automatic encryption and key management. Alternatives like AWS CloudHSM and partner solutions are also mentioned.
1. The document provides a practical approach for achieving security operations (SecOps) excellence in AWS through controlling, monitoring, and fixing security issues.
2. It discusses establishing guardrails through identity and access management (IAM), infrastructure as code (Code*), and AWS Config as part of the control phase. The monitor phase involves visibility tools like CloudTrail, CloudWatch, and VPC flow logs. The fix phase deals with exceptions through automation with Lambda.
3. A demonstration is provided of an event flow showing how security controls would be enhanced from standard to active monitoring in response to a detected anomaly.
This document discusses DevSecOps and security automation. It defines DevSecOps as integrating security practices into development workflows through automation. It discusses three flavors of DevSecOps: security of the CI/CD pipeline, security in the CI/CD pipeline through automated tests, and security automation for incident response. The document provides examples of using AWS services like CloudFormation, Config, and CloudWatch Events for infrastructure as code and automating security tasks like validation, remediation, and forensics.
This document discusses preparing for and simulating incident response on AWS. It covers automating incident response using tools like AWS CloudTrail and Lambda to detect events and trigger automated responses. Examples are provided of detecting and responding to potentially malicious configuration changes. The document emphasizes building an automated "Lambda responder" system to detect events from CloudTrail and take response actions. It also provides guidance on when to engage AWS Support or Security for incident response simulations.
Infrastructure Security: Your Minimum Security Baseline.pdfAmazon Web Services
The document discusses security best practices for adopting AWS services based on the Cloud Adoption Framework (CAF). It covers network security tools like VPCs, security groups, and ACLs. It also discusses data security for Amazon S3 and RDS, including access controls, encryption, and cross-region replication. The document recommends using detective controls and layers of access control. It also discusses vulnerability management and compliance.
The document discusses establishing full stack security when using AWS services. It covers turning security into a shared responsibility between AWS and customers by establishing platform, network, operating system, and data protection security. Some key points include setting up identity and access management (IAM) and enabling detective controls like CloudTrail and CloudWatch. It also discusses establishing network security using VPC, security groups, and flow logs and operating system security using EC2 Systems Manager tools. The goal is to provide security from the ground up and give customers fine-grained control over their infrastructure.
This document discusses IAM access control policies for AWS resources. It begins with goals of understanding how to secure AWS resources using policies and learning tips for common policy tasks. The presentation then dives into details of the policy language, including the anatomy of a statement with the principal, action, resource, and condition elements. It provides examples of specifying principals, actions, resources, and conditions. It also covers policy variables and managing policies through the IAM console. The presentation concludes with demonstrations of EC2 and Lambda policies.
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)Amazon Web Services
The document discusses security perspectives of the Cloud Adoption Framework (CAF). It describes how the CAF's Security Perspective provides guidance for comprehensive and rigorous security and compliance processes. It then outlines several AWS security services and features including identity and access management, detective controls, infrastructure security, data protection, and incident response capabilities like AWS CloudWatch Events and Lambda.
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...Amazon Web Services
This document discusses options for protecting data with encryption in AWS. It covers transport security using TLS, data encryption at rest using server-side encryption with AWS KMS or customer-provided keys, client-side encryption, and the AWS Certificate Manager and AWS Key Management Service. It provides details on how various AWS services integrate with KMS for automatic encryption and key management. Alternatives like AWS CloudHSM and partner solutions are also mentioned.
1. The document provides a practical approach for achieving security operations (SecOps) excellence in AWS through controlling, monitoring, and fixing security issues.
2. It discusses establishing guardrails through identity and access management (IAM), infrastructure as code (Code*), and AWS Config as part of the control phase. The monitor phase involves visibility tools like CloudTrail, CloudWatch, and VPC flow logs. The fix phase deals with exceptions through automation with Lambda.
3. A demonstration is provided of an event flow showing how security controls would be enhanced from standard to active monitoring in response to a detected anomaly.
This document discusses DevSecOps and security automation. It defines DevSecOps as integrating security practices into development workflows through automation. It discusses three flavors of DevSecOps: security of the CI/CD pipeline, security in the CI/CD pipeline through automated tests, and security automation for incident response. The document provides examples of using AWS services like CloudFormation, Config, and CloudWatch Events for infrastructure as code and automating security tasks like validation, remediation, and forensics.
This document discusses preparing for and simulating incident response on AWS. It covers automating incident response using tools like AWS CloudTrail and Lambda to detect events and trigger automated responses. Examples are provided of detecting and responding to potentially malicious configuration changes. The document emphasizes building an automated "Lambda responder" system to detect events from CloudTrail and take response actions. It also provides guidance on when to engage AWS Support or Security for incident response simulations.
This document discusses various Amazon Web Services that can be used to implement application resiliency and security. It covers goals like controlling access, implementing fault tolerance, and reducing security risks. Specific AWS services discussed for network security include VPCs, security groups, and CloudFront. The document also discusses using multiple availability zones, separating services across subnets, obfuscating infrastructure details, and implementing layered access controls. Logging and monitoring services like CloudTrail, Config, and VPC flow logs are presented as ways to gain visibility and ensure compliance.
The document discusses security best practices when using AWS. It recommends establishing governance and compliance models through tools like AWS IAM and organizations. It also recommends implementing preventative controls like virtual private clouds and security groups to protect infrastructure. The document also discusses detective controls and data protection methods in AWS like CloudTrail, encryption, and AWS Certificate Manager.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
IAM enables control over who can access AWS resources and what actions they can perform. It provides centralized security credentials, permissions management, and auditing capabilities. IAM concepts like users, groups, roles, policies and federation allow flexible and secure access for humans and applications.
This document discusses distributed denial of service (DDoS) attack mitigation strategies. It provides an overview of different types of DDoS attacks and threats. It then outlines the evolution of DDoS mitigation approaches, including on-premise mitigation, cloud-routed mitigation, and cloud-native mitigation. The document focuses on Amazon Web Services' (AWS) cloud-native approach using AWS Shield for DDoS protection. It describes AWS Shield Standard Protection and AWS Shield Advanced Protection, as well as how to build a DDoS-resilient architecture on AWS.
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Amazon Web Services
The document provides an overview of setting up and using various AWS services. It discusses how to set up an AWS account, create an IAM user and enable MFA, generate SSH key pairs, define security groups, launch EC2 instances, use S3 storage, configure CloudWatch alarms, and monitor costs. It also demonstrates how to connect to instances, install the AWS CLI and Python SDK, and use various services like EC2, S3, IAM and CloudWatch.
Getting started with Amazon Web Services (AWS) is fast and simple. This webinar outlines the best practice guidance from AWS customers and the Amazon Web Services team, helping you launch your projects in AWS Cloud rapidly and ensure your applications are simple to manage, resilient and cost effective. This webinar also explores how to set up accounts, use consolidated billing and how to securely control access through AWS Identity and Access Management (IAM).
How to Use Positive and Negative Security Models and Virtual Patching Techniq...Amazon Web Services
This document discusses Amazon Web Services Web Application Firewall (AWS WAF). It covers using AWS WAF to implement positive and negative security models. Specific examples shown include whitelisting good users by checking the referrer header, using virtual patching to prevent exploitation of known vulnerabilities, and rate limiting access to login pages to prevent brute force attacks. It also mentions that AWS recently launched a toolkit to help customers configure AWS WAF rules to address the OWASP Top 10 web application vulnerabilities.
1) The document discusses security features of Amazon CloudFront and other edge services like AWS WAF and AWS Shield.
2) It describes how CloudFront provides security through infrastructure security of edge locations, access control, encryption, protocol enforcement and integration with other edge services.
3) Key security components discussed include AWS Certificate Manager for SSL/TLS certificates, Lambda functions to inject custom headers, and protocol optimizations in CloudFront.
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
Once you have built and deployed security infrastructure and automated key aspects of security operations you should validate your work through an Incident Response simulation. In this session we discuss the best way to protect your logs; how and why to develop automated IR capabilities via AWS tooling (e.g. Lambda); the importance of testing existing forensics tools to ensure efficacy in cloud environment; and ways to test your plan early and often.
Stop Wasting Your Time: Focus on Security Practices that Actually MatterAmazon Web Services
This document provides an agenda and overview for an AWS Security Week workshop on focusing security practices that matter. It discusses assessing security, recommendations, and introduces the Threat Stack team leading the workshop. It then covers real-time host monitoring, vulnerability monitoring, threat intelligence correlation and continuous compliance capabilities of the Threat Stack platform. Several slides examine common security issues seen in AWS customers like open SSH ports, lack of MFA, and S3 bucket permissions. Other slides analyze software update frequency, OS uptime, and reasons why long uptimes are concerning. The document discusses traditional security pains versus changes in the cloud, and how Threat Stack provides host-level visibility and detection in AWS.
This document discusses cloud-native DDoS attack mitigation and provides an overview of how AWS services can help. It describes the evolution from on-premise to cloud-routed to cloud-native DDoS mitigation strategies. It also outlines AWS Shield Standard and Advanced protections that provide automatic DDoS protection for AWS resources. The presentation aims to help users prepare resilient architectures, monitor applications for issues, and respond to DDoS events through demonstrations of AWS services like WAF, CloudFront, Route 53, and more.
With a minimum security baseline in place, you’re now ready to host data—which means Data Protection is required. Here we will discuss defining encryption strategy and selecting native AWS (KMS, CloudHSM) or third party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
by Eric Rose, Sr. Security Consultant, AWS
After you have built and deployed a security infrastructure and automated key aspects of security operations, you should validate your work through an incident response simulation. In this session, you will learn about the best way to protect your logs; how and why to develop automated incident response capabilities via AWS tooling such as AWS Lambda; the importance of testing existing forensics tools to ensure efficacy in the cloud environment; and ways to test your plan early and often.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Identity and Access Management (IAM) is first in the Security Perspective of the AWS Cloud Adoption Framework CAF because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multifactor authentication mechanisms; and operate IAM at scale.
The Future of Securing Access Controls in Information SecurityAmazon Web Services
by Tim Kropp and Greg Frascadore from Bridgewater Associates
Identity Access and Management is a critical information security control used by companies of all shapes and sizes. Tim Kropp and Greg Frascadore from Bridgewater Associates worked with the Automated Reasoning Group (ARG) within AWS to drive innovation in automating, scaling, and future-proofing access controls. Join us to hear how Bridgewater Associates and AWS are leading the future of securing policies through a mathematics based methodology called formal reasoning.
Identify and Access Management: The First Step in AWS SecurityAmazon Web Services
IAM is first in the Security CAF because in the cloud first you grant access and only then can you provision infrastructure (the opposite of on-prem). In this session we’ll cover how to define fine grained access to AWS resources via users, roles and groups; designing privileged user & multi-factor authentication mechanisms and how to operate IAM at scale.
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
The Security Perspective of the AWS Cloud Adoption Framework provides a framework for maturation via a structured program that incorporates best practices and processes for define, build and optimize how you operate security controls in the AWS platform. The Security perspective of the CAF provides a set of 5 core foundational theme designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection and Incident response. During this session, we address how to put the Security Perspective of the CAF into practice and follow with an afternoon agenda that will dive deep in each of the individual core topics.
by Fritz Kunstler, Sr. Security Consultant, AWS
Put detective controls in place to have visibility into your deployments. In this session, you will learn about deployment visibility at the AWS platform, application, operating system, and network levels, as well as how to build monitoring solutions at scale to leverage AWS services that turn logging data into security insight.
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
by Steve Laino, GRC Consultant, AWS
The Security Perspective of the AWS Cloud Adoption Framework (CAF) provides a framework for maturation via a structured program that incorporates best practices and processes to define, build, and optimize how you operate security controls in the AWS Cloud. The Security Perspective of the CAF provides a set of five core foundational themes designed to help you structure your selection and implementation of controls that are right for your business: AWS Identity and Access Management, detective controls, infrastructure security, data protection, and incident response. During this session, you will learn how to put the Security Perspective of the CAF into practice.
After IAM you want to have Detective Controls in place to have visibility your deployments. In this session we’ll cover visibility at the AWS platform level, the application, Operating System and network levels and how to build monitoring solutions at scale leverage AWS services that turn logging data into security insight.
Look at the various services and the features that you can employee, such as AWS Inspector, AWS Trusted Advisor, AWS Config and Config Rules and CloudTrail).
The document discusses automating operations workloads using AWS services. It describes the workload of an IT infrastructure team, challenges they face, and best practices for designing and configuring automated workflows. Examples of automated disk space management and backup management workflows are provided, and a demo of disk space monitoring is given. The presenters seek questions and suggestions for additional automated workflows.
This document discusses various Amazon Web Services that can be used to implement application resiliency and security. It covers goals like controlling access, implementing fault tolerance, and reducing security risks. Specific AWS services discussed for network security include VPCs, security groups, and CloudFront. The document also discusses using multiple availability zones, separating services across subnets, obfuscating infrastructure details, and implementing layered access controls. Logging and monitoring services like CloudTrail, Config, and VPC flow logs are presented as ways to gain visibility and ensure compliance.
The document discusses security best practices when using AWS. It recommends establishing governance and compliance models through tools like AWS IAM and organizations. It also recommends implementing preventative controls like virtual private clouds and security groups to protect infrastructure. The document also discusses detective controls and data protection methods in AWS like CloudTrail, encryption, and AWS Certificate Manager.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
IAM enables control over who can access AWS resources and what actions they can perform. It provides centralized security credentials, permissions management, and auditing capabilities. IAM concepts like users, groups, roles, policies and federation allow flexible and secure access for humans and applications.
This document discusses distributed denial of service (DDoS) attack mitigation strategies. It provides an overview of different types of DDoS attacks and threats. It then outlines the evolution of DDoS mitigation approaches, including on-premise mitigation, cloud-routed mitigation, and cloud-native mitigation. The document focuses on Amazon Web Services' (AWS) cloud-native approach using AWS Shield for DDoS protection. It describes AWS Shield Standard Protection and AWS Shield Advanced Protection, as well as how to build a DDoS-resilient architecture on AWS.
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Amazon Web Services
The document provides an overview of setting up and using various AWS services. It discusses how to set up an AWS account, create an IAM user and enable MFA, generate SSH key pairs, define security groups, launch EC2 instances, use S3 storage, configure CloudWatch alarms, and monitor costs. It also demonstrates how to connect to instances, install the AWS CLI and Python SDK, and use various services like EC2, S3, IAM and CloudWatch.
Getting started with Amazon Web Services (AWS) is fast and simple. This webinar outlines the best practice guidance from AWS customers and the Amazon Web Services team, helping you launch your projects in AWS Cloud rapidly and ensure your applications are simple to manage, resilient and cost effective. This webinar also explores how to set up accounts, use consolidated billing and how to securely control access through AWS Identity and Access Management (IAM).
How to Use Positive and Negative Security Models and Virtual Patching Techniq...Amazon Web Services
This document discusses Amazon Web Services Web Application Firewall (AWS WAF). It covers using AWS WAF to implement positive and negative security models. Specific examples shown include whitelisting good users by checking the referrer header, using virtual patching to prevent exploitation of known vulnerabilities, and rate limiting access to login pages to prevent brute force attacks. It also mentions that AWS recently launched a toolkit to help customers configure AWS WAF rules to address the OWASP Top 10 web application vulnerabilities.
1) The document discusses security features of Amazon CloudFront and other edge services like AWS WAF and AWS Shield.
2) It describes how CloudFront provides security through infrastructure security of edge locations, access control, encryption, protocol enforcement and integration with other edge services.
3) Key security components discussed include AWS Certificate Manager for SSL/TLS certificates, Lambda functions to inject custom headers, and protocol optimizations in CloudFront.
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
Once you have built and deployed security infrastructure and automated key aspects of security operations you should validate your work through an Incident Response simulation. In this session we discuss the best way to protect your logs; how and why to develop automated IR capabilities via AWS tooling (e.g. Lambda); the importance of testing existing forensics tools to ensure efficacy in cloud environment; and ways to test your plan early and often.
Stop Wasting Your Time: Focus on Security Practices that Actually MatterAmazon Web Services
This document provides an agenda and overview for an AWS Security Week workshop on focusing security practices that matter. It discusses assessing security, recommendations, and introduces the Threat Stack team leading the workshop. It then covers real-time host monitoring, vulnerability monitoring, threat intelligence correlation and continuous compliance capabilities of the Threat Stack platform. Several slides examine common security issues seen in AWS customers like open SSH ports, lack of MFA, and S3 bucket permissions. Other slides analyze software update frequency, OS uptime, and reasons why long uptimes are concerning. The document discusses traditional security pains versus changes in the cloud, and how Threat Stack provides host-level visibility and detection in AWS.
This document discusses cloud-native DDoS attack mitigation and provides an overview of how AWS services can help. It describes the evolution from on-premise to cloud-routed to cloud-native DDoS mitigation strategies. It also outlines AWS Shield Standard and Advanced protections that provide automatic DDoS protection for AWS resources. The presentation aims to help users prepare resilient architectures, monitor applications for issues, and respond to DDoS events through demonstrations of AWS services like WAF, CloudFront, Route 53, and more.
With a minimum security baseline in place, you’re now ready to host data—which means Data Protection is required. Here we will discuss defining encryption strategy and selecting native AWS (KMS, CloudHSM) or third party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
by Eric Rose, Sr. Security Consultant, AWS
After you have built and deployed a security infrastructure and automated key aspects of security operations, you should validate your work through an incident response simulation. In this session, you will learn about the best way to protect your logs; how and why to develop automated incident response capabilities via AWS tooling such as AWS Lambda; the importance of testing existing forensics tools to ensure efficacy in the cloud environment; and ways to test your plan early and often.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Identity and Access Management (IAM) is first in the Security Perspective of the AWS Cloud Adoption Framework CAF because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multifactor authentication mechanisms; and operate IAM at scale.
The Future of Securing Access Controls in Information SecurityAmazon Web Services
by Tim Kropp and Greg Frascadore from Bridgewater Associates
Identity Access and Management is a critical information security control used by companies of all shapes and sizes. Tim Kropp and Greg Frascadore from Bridgewater Associates worked with the Automated Reasoning Group (ARG) within AWS to drive innovation in automating, scaling, and future-proofing access controls. Join us to hear how Bridgewater Associates and AWS are leading the future of securing policies through a mathematics based methodology called formal reasoning.
Identify and Access Management: The First Step in AWS SecurityAmazon Web Services
IAM is first in the Security CAF because in the cloud first you grant access and only then can you provision infrastructure (the opposite of on-prem). In this session we’ll cover how to define fine grained access to AWS resources via users, roles and groups; designing privileged user & multi-factor authentication mechanisms and how to operate IAM at scale.
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
The Security Perspective of the AWS Cloud Adoption Framework provides a framework for maturation via a structured program that incorporates best practices and processes for define, build and optimize how you operate security controls in the AWS platform. The Security perspective of the CAF provides a set of 5 core foundational theme designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection and Incident response. During this session, we address how to put the Security Perspective of the CAF into practice and follow with an afternoon agenda that will dive deep in each of the individual core topics.
by Fritz Kunstler, Sr. Security Consultant, AWS
Put detective controls in place to have visibility into your deployments. In this session, you will learn about deployment visibility at the AWS platform, application, operating system, and network levels, as well as how to build monitoring solutions at scale to leverage AWS services that turn logging data into security insight.
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
by Steve Laino, GRC Consultant, AWS
The Security Perspective of the AWS Cloud Adoption Framework (CAF) provides a framework for maturation via a structured program that incorporates best practices and processes to define, build, and optimize how you operate security controls in the AWS Cloud. The Security Perspective of the CAF provides a set of five core foundational themes designed to help you structure your selection and implementation of controls that are right for your business: AWS Identity and Access Management, detective controls, infrastructure security, data protection, and incident response. During this session, you will learn how to put the Security Perspective of the CAF into practice.
After IAM you want to have Detective Controls in place to have visibility your deployments. In this session we’ll cover visibility at the AWS platform level, the application, Operating System and network levels and how to build monitoring solutions at scale leverage AWS services that turn logging data into security insight.
Look at the various services and the features that you can employee, such as AWS Inspector, AWS Trusted Advisor, AWS Config and Config Rules and CloudTrail).
The document discusses automating operations workloads using AWS services. It describes the workload of an IT infrastructure team, challenges they face, and best practices for designing and configuring automated workflows. Examples of automated disk space management and backup management workflows are provided, and a demo of disk space monitoring is given. The presenters seek questions and suggestions for additional automated workflows.
A Tale of Two Pizzas: Accelerating Software Delivery with AWS Developer ToolsAmazon Web Services
This document discusses DevOps and AWS developer tools to help accelerate software delivery. It provides an overview of DevOps concepts and practices like continuous integration, delivery, and deployment. It then details Amazon's own transformation to DevOps between 2001-2009 where they moved from monolithic applications to microservices and implemented automated pipelines. The document also describes AWS code services like CodeCommit, CodeBuild, CodeDeploy, CodePipeline and CodeStar that can help implement continuous delivery of code changes. It includes examples of using CodeBuild for automated builds and deployments.
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017Amazon Web Services
Amazon.com enables all of its developers to be productive on AWS by operating across tens-of-thousands of team-owned AWS accounts, all while raising the bar on security, visibility and operational control. Amazon has been able to achieve these seemingly conflicting ideals by automating setup and management of these accounts at scale using AWS Management Tools such as CloudFormation, Config, CloudTrail, CloudWatch and EC2 Systems Manager. In this session, discover more about how Amazon.com built ASAP using AWS Management tools, and understand some of the decisions they made as their usage of AWS evolved over time. You will learn about the design, architecture and implementation that Amazon.com went through as part of this effort.
The AWS Shared Responsibility Model in PracticeAlert Logic
The document discusses the AWS shared responsibility model. It outlines the security controls that AWS manages, such as identity and access management, encryption, and infrastructure security. It also discusses security controls that customers are responsible for, like access management within their own applications and data protection. The document provides examples of security services like AWS Config Rules, CloudTrail, and Certificate Manager that help customers meet their security responsibilities.
The document discusses serverless computing using AWS Lambda. It provides an overview of AWS Lambda and how it can be used with other AWS services like API Gateway, S3, DynamoDB, Kinesis and more to build serverless applications. Examples of common use cases for serverless architectures like real-time analytics, mobile backends and chatbots are also presented. The document concludes with approaches for developing Lambda functions locally like the AWS Serverless Application Model (SAM), Serverless framework, Chalice and emulators.
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Amazon Web Services
In this session, learn how you can enable governance, compliance, and operational and risk auditing of your AWS account through a combination of continuous monitoring, auditing, and evaluation of your AWS resources. With AWS management tools, you can see a history of AWS API calls for your account, review changes in configurations and relationships among AWS resources, and dive into detailed resource configuration histories. You can determine your overall compliance with the configurations specified in your internal guidelines, and you can give developers and systems administrators a secure and compliant means to create and manage AWS resources.
Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...Amazon Web Services
AWS customers benefit from more than 1,800 security and compliance controls. Learn how these features offer visibility, agility, and control, raising the bar on cloud security over legacy environments. AWS Config can help you achieve compliance in real-time. You will have the opportunity to see how AWS Config empowers users to achieve continuous compliance through its AWS Config rules, and when used alongside AWS Lambda.
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
by Michael Wasielewski, CISSP, CCSP, AWS
The Security Perspective of the AWS Cloud Adoption Framework (CAF) provides a framework for maturation via a structured program that incorporates best practices and processes to define, build, and optimize how you operate security controls in the AWS platform. The Security perspective of the CAF provides a set of 5 core foundational theme designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection, and Incident response. During this session, we address how to put the Security Perspective of the CAF into practice.
This document contains slides from a presentation on AWS IoT. The presentation covers an overview of AWS IoT, how to connect devices, the IoT rules engine for processing and routing data, device shadows for offline operations and command/control, and integrating AWS IoT with other AWS services like Elasticsearch. The slides provide explanations and examples of building applications with AWS IoT.
AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. As an IoT developer, you will want to interact with AWS services like Kinesis, Lambda, and Amazon Machine Learning to get the most from your IoT application. In this session, we will do a deep dive on how to define rules in the Rules Engine, or retrieve the last known and desired state of device using Device Shadows, learn about the use cases and benefits of AWS Greengrass, and routing data from devices to AWS services to leverage the entire cloud for your Internet of Things application.
AWSome Day 2016 - Module 5: AWS Elasticity and Management ToolsAmazon Web Services
The document discusses several AWS services for improving elasticity and management of cloud resources. It describes Elastic Load Balancing and how it distributes traffic across multiple EC2 instances for high availability. It also explains Auto Scaling, which allows automatic scaling of EC2 capacity based on demand by using CloudWatch metrics and alarms. Auto Scaling manages groups of EC2 instances and uses launch configurations and scaling policies to dynamically add or remove instances.
Introduction to the Security Perspective of the Cloud Adoption FrameworkAmazon Web Services
by Bill Reid, Sr Mgr, Solutions Architecture AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
The document discusses AWS's shared security model and how it provides security controls that customers don't need to worry about. It outlines AWS services for identity and access management, infrastructure security, data protection, incident response, and how customers can scale to over 1 million users. The document promotes how AWS security benefits include integrated security and compliance, global resilience and control, maintaining privacy and data ownership, security automation for agility, innovation at scale, and broad security partner solutions.
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Amazon Web Services
Customers must regularly attest to the security and compliance of AWS services in order to confidently operate within the cloud. To support customers with this task, AWS provides a number of resources to define our 13 control domains, differentiate between customer and AWS responsibilities, and demonstrate the mapping of an organization’s attestation needs to an AWS audit framework. During this session, customers familiarize themselves with our compliance reports (e.g., FedRAMP, SOC, ISO, PCI, etc.), dive deep on AWS compliance tools, and discuss mechanisms for leveraging the knowledge of AWS security subject matter experts.
Using AWS Management Tools to Enable Governance, Compliance, Operational, and...Amazon Web Services
This document discusses using AWS management tools to enable governance, compliance, operational, and risk auditing. It provides an overview of key AWS services for defining and provisioning resources, continuously discovering resources and changes, monitoring resources for compliance, and managing, reporting on, and responding to changes. These services include AWS CloudFormation, AWS Service Catalog, Amazon EC2 Systems Manager Parameter Store, AWS CloudTrail, AWS Config, Amazon EC2 Systems Manager State Manager and Inventory, EC2 Systems Manager Maintenance Window, Patch Manager, and Run Command. The document demonstrates how to use these services to deploy resources, monitor for unauthorized changes, and manage compliance of AWS environments.
This document summarizes a presentation on cloud migration best practices. It discusses common drivers for cloud migration like cost reduction. It outlines a three phase approach to migration - readiness assessment, readiness and planning, and migration and operations. It provides guidance on assessing migration readiness in areas like people, security, and visibility. It also discusses tools that can help with migration and best practices around methodology, governance, and staffing commitment.
AWS re:Invent 2016: Identifying Your Migration Options: the 6 Rs (ENT311)Amazon Web Services
The document discusses the 6 Rs migration strategy for identifying migration options to AWS: Retain, Retire, Rehost, Replatform, Refactor, and Rearchitect (Replace). It provides descriptions and considerations for each option. It also discusses Scholastic's use of various migration strategies like Retain, Rehost/Replatform, Rearchitect, and Refactor for different applications. The document emphasizes using an assessment-based approach and mapping business drivers to the appropriate migration strategy.
Analyzing and debugging production distributed applications built using a service-oriented or microservices architecture is a challenging task. In this session, we will introduce AWS X-Ray, a new service designed for modern apps to isolate performance issues impacting your applications and users. We will showcase how to identify performance bottlenecks and errors, visualize a request call graph and service call graph, detect latency distribution, pinpoint issues to specific service(s), and identify the impact of issues on users of your application. This session will benefit both new and experienced users of AWS X-Ray.
Similar to Detective Controls: Gain Visibility and Record Change (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.