This presentation will include a deep dive into the code behind multiple security automation and remediation functions. This session will consider potential use cases, as well as feature a demonstration of a proposed script, and then walk through the code set to explain the various challenges and solutions of the intended script. All examples of code will be previously unreleased and will feature integration with services such as Trusted Advisor and Macie. All code will be released as OSS after re:Invent.
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
This talk dives deep on how to build end-to-end security capabilities using AWS. Our goal is orchestrating AWS Security services with other AWS building blocks to deliver enhanced security. We cover working with AWS CloudWatch Events as a queueing mechanism for processing security events, using Amazon DynamoDB to provide a stateful layer to provide tailored response to events and other ancillary functions, using DynamoDB as an attack signature engine, and the use of analytics to derive tailored signatures for detection with AWS Lambda. Log sources include available AWS sources and also more traditional logs, such as syslog. The talk aims to keep slides to a minimum and demo live as much as possible. The demos come together to demonstrate an end-to-end architecture for SecOps. You'll get a toolkit consisting of code and templates so you can hit the ground running.
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
As attacks and attempts to exploit vulnerabilities in web applications become more sophisticated, having an effective web request filtering solution becomes key to keeping your users’ data safe. In this workshop, discover how the OWASP Top 10 list of application security risks can help you secure your web applications. Learn how to use AWS services, such as AWS WAF, to mitigate vulnerabilities. This session includes hands-on labs to help you build a solution. Key learning goals include understanding the breadth and complexity of vulnerabilities customers need to protect from, understanding the AWS tools and capabilities that can help mitigate vulnerabilities, and learning how to configure effective HTTP request filtering rules using AWS WAF.
This document discusses using AWS Lambda for security operations like auditing, monitoring, and remediation. It provides examples of how AWS Lambda functions can be triggered by events from services like AWS CloudTrail, CloudWatch Logs, and VPC Flow Logs to filter logs and alerts. Lambda functions can also use AWS APIs to perform automated remediation steps. The document includes demos of architectures that apply these patterns.
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017Amazon Web Services
JavaScript based applications across mobile and web can be challenging to integrate with AWS services for teams that aren’t familiar with infrastructure operations. AWS Mobile has just launched a comprehensive open-source library, AWS Amplify, and tooling to help frontend and mobile developer quickly add features to their applications using a declarative programming style organized by categories of Authentication, Storage, APIs and Analytics. You’ll see how Serverless infrastructure for mobile and web applications can not only be launched in a couple of commands, but you can use the new tooling to iteratively add features and code to applications that under the covers interface with Amazon Cognito, Amazon S3, Amazon API Gateway, AWS Lambda, Amazon DynamoDB and Amazon Pinpoint. You’ll also see some framework specific techniques such as leveraging Higher Order Components (HOCs) in a React or React Native application as well as other best practices and utilities that AWS Mobile has released.
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWSAmazon Web Services
Security practitioners face new and evolving threats every day. BrightEdge needed to take a more proactive and efficient stance to monitor, investigate and triage threats, and maintain their security posture on the AWS Cloud. Splunk’s analytics-driven security solution made it easy for BrightEdge to gain visibility across their entire cloud environment to secure critical customer data and ensure compliance.
In this webinar, you’ll hear how BrightEdge gained the end-to-end visibility required to respond quickly and effectively to security threats using Splunk.
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
When you use the cloud to enable speed and agility, how do you know if you did it right? We are on a mission to help builders follow industry best practices within security guide rails by creating the largest compliance-as-code repo, available to all. Compliance-as-code is the idea to translate those best practices, guide rails, policies, or standards into codified unit testing. Apply this to your AWS environment to provide insights on what can/must be improved. Learn why compliance-as-code matters to gain speed (by getting developers, architects, and security pros on the same page), how it is currently used (demo), and how to start to use it or be part of building it.
Cloud-Native App Protection: Web Application Security at Pearson and other cu...Amazon Web Services
In this session, you learn how to adapt application defenses and operational responses based on your unique requirements. You also hear directly from customers about how they architected their applications on AWS to protect their applications. There are many ways to build secure, high-availability applications in the cloud. Services such as API Gateway, Amazon VPC, ALB, ELB, and Amazon EC2 are the basic building blocks that enable you to address a wide range of use cases. Best practices for defending your applications against Distributed Denial of Service (DDoS) attacks, exploitation attempts, and bad bots can vary with your choices in architecture.
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
This talk dives deep on how to build end-to-end security capabilities using AWS. Our goal is orchestrating AWS Security services with other AWS building blocks to deliver enhanced security. We cover working with AWS CloudWatch Events as a queueing mechanism for processing security events, using Amazon DynamoDB to provide a stateful layer to provide tailored response to events and other ancillary functions, using DynamoDB as an attack signature engine, and the use of analytics to derive tailored signatures for detection with AWS Lambda. Log sources include available AWS sources and also more traditional logs, such as syslog. The talk aims to keep slides to a minimum and demo live as much as possible. The demos come together to demonstrate an end-to-end architecture for SecOps. You'll get a toolkit consisting of code and templates so you can hit the ground running.
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
As attacks and attempts to exploit vulnerabilities in web applications become more sophisticated, having an effective web request filtering solution becomes key to keeping your users’ data safe. In this workshop, discover how the OWASP Top 10 list of application security risks can help you secure your web applications. Learn how to use AWS services, such as AWS WAF, to mitigate vulnerabilities. This session includes hands-on labs to help you build a solution. Key learning goals include understanding the breadth and complexity of vulnerabilities customers need to protect from, understanding the AWS tools and capabilities that can help mitigate vulnerabilities, and learning how to configure effective HTTP request filtering rules using AWS WAF.
This document discusses using AWS Lambda for security operations like auditing, monitoring, and remediation. It provides examples of how AWS Lambda functions can be triggered by events from services like AWS CloudTrail, CloudWatch Logs, and VPC Flow Logs to filter logs and alerts. Lambda functions can also use AWS APIs to perform automated remediation steps. The document includes demos of architectures that apply these patterns.
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017Amazon Web Services
JavaScript based applications across mobile and web can be challenging to integrate with AWS services for teams that aren’t familiar with infrastructure operations. AWS Mobile has just launched a comprehensive open-source library, AWS Amplify, and tooling to help frontend and mobile developer quickly add features to their applications using a declarative programming style organized by categories of Authentication, Storage, APIs and Analytics. You’ll see how Serverless infrastructure for mobile and web applications can not only be launched in a couple of commands, but you can use the new tooling to iteratively add features and code to applications that under the covers interface with Amazon Cognito, Amazon S3, Amazon API Gateway, AWS Lambda, Amazon DynamoDB and Amazon Pinpoint. You’ll also see some framework specific techniques such as leveraging Higher Order Components (HOCs) in a React or React Native application as well as other best practices and utilities that AWS Mobile has released.
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWSAmazon Web Services
Security practitioners face new and evolving threats every day. BrightEdge needed to take a more proactive and efficient stance to monitor, investigate and triage threats, and maintain their security posture on the AWS Cloud. Splunk’s analytics-driven security solution made it easy for BrightEdge to gain visibility across their entire cloud environment to secure critical customer data and ensure compliance.
In this webinar, you’ll hear how BrightEdge gained the end-to-end visibility required to respond quickly and effectively to security threats using Splunk.
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
When you use the cloud to enable speed and agility, how do you know if you did it right? We are on a mission to help builders follow industry best practices within security guide rails by creating the largest compliance-as-code repo, available to all. Compliance-as-code is the idea to translate those best practices, guide rails, policies, or standards into codified unit testing. Apply this to your AWS environment to provide insights on what can/must be improved. Learn why compliance-as-code matters to gain speed (by getting developers, architects, and security pros on the same page), how it is currently used (demo), and how to start to use it or be part of building it.
Cloud-Native App Protection: Web Application Security at Pearson and other cu...Amazon Web Services
In this session, you learn how to adapt application defenses and operational responses based on your unique requirements. You also hear directly from customers about how they architected their applications on AWS to protect their applications. There are many ways to build secure, high-availability applications in the cloud. Services such as API Gateway, Amazon VPC, ALB, ELB, and Amazon EC2 are the basic building blocks that enable you to address a wide range of use cases. Best practices for defending your applications against Distributed Denial of Service (DDoS) attacks, exploitation attempts, and bad bots can vary with your choices in architecture.
Building CI/CD Pipelines for Serverless Applications - SRV302 - re:Invent 2017Amazon Web Services
Building and deploying serverless applications introduces new challenges for developers whose development workflows are optimized for traditional VM-based applications. In this session, we discuss a method for automating the deployment of serverless applications running on AWS Lambda. We first cover how you can model and express serverless applications using the open-source AWS Serverless Application Model (AWS SAM). Then, we discuss how you can use CI/CD tooling from AWS CodePipeline and AWS CodeBuild, and how to bootstrap the entire toolset using AWS CodeStar. We will also cover best practices to embed in your deployment workflow specific to serverless applications.
You will also hear from iRobot about its approach to serverless deployment. iRobot will share how it achieves coordinated deployments of microservices, maintains long-lived and/or separately-managed resources (like databases), and red/black deployments.
AWS distinguished engineer Eric Brandwine speaks with hundreds of customers each year, and noticed one question coming up more than any other, "How does AWS operationalize its own security?" In this session, Eric details both strategic and tactical considerations, along with an insider's look at AWS tooling and processes.
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Amazon Web Services
If left unmitigated, Distributed Denial of Service (DDoS) attacks have the potential to harm application availability or impair application performance. DDoS attacks can also act as a smoke screen for intrusion attempts or as a harbinger for attacks against non-cloud infrastructure. Accordingly, it's crucial that developers architect for DDoS resiliency and maintain robust operational capabilities that allow for rapid detection and engagement during high-severity events. In this session, you learn how to build a DDoS-resilient application and how to use services like AWS Shield and Amazon CloudWatch to defend against DDoS attacks and automate response to attacks in progress.
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Amazon Web Services
In cloud migrations, the cloud's elastic nature is often touted as a critical capability in delivering on key business initiatives. However, you must account for it in your security and compliance plans or face some real challenges. Always counting on a virtual host to be running, for example, causes issues when that host is rebooted or retired. Managing security and compliance in the cloud is continuous, requiring forethought and automation. Learn how a leading, next generation managed cloud provider uses automation and cloud expertise to manage security and compliance at scale in an ever-changing environment. Through code examples and live demos, we show tools and automation to provide continuous compliance of your cloud infrastructure.
Session sponsored by 2nd Watch
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
This document summarizes a session from AWS re:Invent on how Vanguard implemented identity and access management (IAM) across their AWS accounts. It discusses how Vanguard established multiple AWS accounts for isolation, used IAM roles to implement least privilege and separation of duties, and federated access to IAM using their corporate LDAP. It also describes how Vanguard addressed challenges of managing access at scale through role rationalization, comparing job roles to API usage and creating new granular roles. The session highlights how Vanguard established an ongoing process to continuously review and refine roles and permissions.
This document summarizes an AWS re:Invent session on incident response in the cloud. The session covered basics of incident response, best practices for incident response in the cloud, and a case study of information spillage incident response from Johns Hopkins Applied Physics Laboratory (JHUAPL). It discussed the difference between events and incidents, and components of an effective incident response process including preparation, identification, containment, investigation, eradication, recovery, and follow up. It provided advice on leveraging AWS services and capabilities to enhance incident response. The JHUAPL case study discussed their approach to incident response and how they apply it in AWS, including use of encryption, log aggregation, and isolation techniques during containment and eradication
AWS GovCloud (US) is an isolated AWS Region designed to help US government agencies and highly regulated organizations meet their compliance needs, including the International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP). AWS GovCloud (US) makes it safe and easy to move sensitive data and regulated IT workloads to the cloud, through its adherence to numerous compliance and regulatory requirements. Join us to learn about AWS GovCloud (US) and how AWS can do the heavy lifting for your government agency or regulated enterprise.
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
You know you want client-side encryption for your service but you don’t know exactly where to start. Join us for a hands-on workshop where we review some of your client-side encryption options and explore implementing client-side encryption using the AWS Encryption SDK. In this session, we cover the basics of client-side encryption, perform encrypt and decrypt operations using AWS KMS and the AWS Encryption SDK, and discuss security and performance considerations when implementing client-side encryption in your service.
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
A surprising trend is starting to emerge among organizations who are progressing through the cloud maturity lifecycle: major improvements in revenue growth, customer satisfaction, and mission success are being directly attributed to improvements in security and compliance. At one time thought of as speed bumps in the path to deployment, security and compliance are now seen as critical ingredients that help organizations differentiate their offerings in the market, win more deals, and achieve mission-critical goals faster. This session explores how organizations like Jive Software and the National Geospatial Agency use the Evident Security Platform, AWS, and AWS Quick Starts to automate security and compliance processes in their organization to accomplish more, do it faster, and deliver better results.
Session sponsored by Evident.io
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...Amazon Web Services
In this session, we will provide an overview of Amazon Neptune, AWS’s newest database service. Amazon Neptune is a fast, reliable graph database that makes it easy to build applications over highly connected data. We will then explore how Siemens is building a knowledge using Amazon Neptune.
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017Amazon Web Services
As Chick-fil-A became a cloud-first organization, their security team didn't want to become the bottleneck for agility. But the security team also wanted to raise the bar for their security posture on AWS. Robert Davis, security architect at Chick-fil-A, provides an overview about how he and his team recognized that writing code was the best way for their security policies to scale across the many AWS accounts that Chick-fil-A operates. The use of DevSecOps within Chick-fil-A led to the creation of a set of account bootstrapping tools, auditing capabilities, and event-based policy enforcement. This session goes over these tools and how they were built on AWS.
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017Amazon Web Services
Managed Rules for AWS WAF is a new feature that allows you to purchase Managed Rules from security sellers in the AWS Marketplace. Managed Rules are proactively updated by security sellers as new threats emerge and enable you to easily protect your web applications and APIs from a wide range of Internet threats.
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
Infrastructure-as-Code (IaC) has emerged as an essential element of organizational DevOps practices. Tools such as AWS CloudFormation and Terraform allow software-defined infrastructure to be deployed quickly and repeatably to AWS. But the agility of CI/CD pipelines also creates new challenges in infrastructure security hardening. How do you ensure that your CloudFormation templates meet your organization's security, compliance, and governance needs before you deploy them? How do you deploy infrastructure securely to production environments, and monitor the security posture on a continuous basis? And how do you do this repeatedly without hitting a speed bump? This session provides a foundation for how to bring proven software hardening practices into the world of infrastructure deployment. We discuss how to build security and compliance tests for infrastructure analogous to unit tests for application code, and showcase how security, compliance and governance testing fit in a modern CI/CD pipeline.
Session Sponsored by: Dome9
This document outlines an agenda for an Amazon GuardDuty lab. The lab includes two parts that will demonstrate how GuardDuty can detect security threats and allow for automated remediation. Part one will generate findings when an EC2 instance connects to an IP address on a threat list, and demonstrate isolating the compromised instance using security groups and Lambda. Part two focuses on detecting and remediating compromised IAM credentials. Both parts include setup, simulated attacks, remediation steps, and opportunities for enhancement. The document encourages enabling GuardDuty to monitor for threats during the free trial period.
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017Amazon Web Services
PrivateLink provides private connectivity between VPCs, AWS Services and on-premises applications. Built with the same underlying technology that powers NAT Gateway, Network Load Balancer and AWS Service endpoints, PrivateLink is now available for use with your own applications. In the session, we’ll do a deep dive into the underlying network technology that is used by PrivateLink and explore how PrivateLink can be deployed to improve your network topologies and application architectures. We’ll also look at how PrivateLink improves micro-service architectures, allowing for services to be vended between AWS accounts and over DirectConnect connections.
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MAmazon Web Services
There is a constant tension between empowering teams to be agile through autonomy and enforcing governance policies to maintain regulatory compliance. Hear from Nathan Scott, Senior Consultant at AWS and James Martin, Automation Engineering Manager at 3M on how they have achieved both autonomy and governance through self-service automation tools on AWS. Learn how to avoid pitfalls with building the CI/CD team, right sizing and how to address. This session will also feature a demo from Casey Lee, Chief Architect at Stelligent on the tools used to accomplish this for 3M, including AWS Service Catalog, AWS CloudFormation, AWS CodePipeline and Cloud Custodian, an open source tool for managing AWS accounts.
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Amazon Web Services
In this session, you learn pragmatic steps to integrate security controls into DevOps processes in your AWS environment at scale. Cyber security expert and founder of Alert Logic Misha Govshteyn shares insights from high performing teams who are embracing the reality that an agile security program can enable faster and more secure workload deployments. Joining Misha is Joey Peloquin, Director of Cloud Security Operations at Citrix, who discusses Citrix’s DevOps experiences and how they manage their cyber security posture within the AWS Cloud.
Session sponsored by Alert Logic
How does a practice become a "best" practice? How does a pattern become an "anti" pattern? As always, experience is the best teacher. As Partner Solution Architects, we receive a lot of partner feedback on how practices and design patterns work—and occasionally fail to work—in the real world. We use this feedback to inform our recommendations and reference architectures. In this session, we explore a representative set of real-life "failures." We look at what these failures have to teach us about design and how to prioritize remediation of known issues.
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Amazon Web Services
What do you do when leadership embraces what was called "shadow IT" as the new path forward? How do you onboard new accounts while simultaneously pushing policy to secure all existing accounts? This session walks through Cisco’s journey consolidating over 700 existing accounts in the Cisco organization, while building and applying Cisco’s new cloud policies. Learn valuable tips and hear about mechanisms used to automate the process. Gain insight into how Cisco integrates AWS’s security and monitoring with Cisco’s enterprise tools, Cisco SSO integration and continuous security auditability on Cisco’s AWS account, and Cisco’s CI/CD pipelines with AWS to ensure secure development.
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we discuss considerations, limitations, and security patterns when building out a multi-account strategy. We explore topics such as identity federation, cross-account roles, consolidated logging, and account governance. Thomson Reuters shared their journey and their approach to a multi-account strategy. At the end of the session, we present an enterprise-ready, multi-account architecture that you can start leveraging today.
We encourage you attend the full multi-account track:
SID331: Architecting Security and Governance Across a Multi-Account Strategy (Session)
SID335: Implementing Security and Governance Across a Multi-Account Strategy (Chalk Talk)
ENT324: Automating and Auditing Cloud Governance and Compliance in Multi-Account Environments (Session)
SID311: Designing Security and Governance Across a Multi-Account Strategy (Workshop)
SID308: Multi-Account Strategies (Chalk Talk)"
SID302_Force Multiply Your Security Team with Automation and AlexaAmazon Web Services
Adversaries automate. Who says the good guys can't as well? By combining AWS offerings like AWS CloudTrail, Amazon Cloudwatch, AWS Config, and AWS Lambda with the power of Amazon Alexa, you can do more security tasks faster, with fewer resources. Force multiplying your security team is all about automation! Last year, we showed off penetration testing at the push of an (AWS IoT) button, and surprise-previewed how to ask Alexa to run Inspector as-needed. Want to see other ways to ask Alexa to be your cloud security sidekick? We have crazy new demos at the ready to show security geeks how to sling security automation solutions for their AWS environments (and impress and help your boss, too).
What if security became the reason to move an application to the cloud? Historically, security has been a necessary afterthought. Today, with AWS, security is moving from obligation to advantage. Here, you'll get a glimpse of tools and techniques that enterprise customers are using today to secure their AWS environments at scale.
Building CI/CD Pipelines for Serverless Applications - SRV302 - re:Invent 2017Amazon Web Services
Building and deploying serverless applications introduces new challenges for developers whose development workflows are optimized for traditional VM-based applications. In this session, we discuss a method for automating the deployment of serverless applications running on AWS Lambda. We first cover how you can model and express serverless applications using the open-source AWS Serverless Application Model (AWS SAM). Then, we discuss how you can use CI/CD tooling from AWS CodePipeline and AWS CodeBuild, and how to bootstrap the entire toolset using AWS CodeStar. We will also cover best practices to embed in your deployment workflow specific to serverless applications.
You will also hear from iRobot about its approach to serverless deployment. iRobot will share how it achieves coordinated deployments of microservices, maintains long-lived and/or separately-managed resources (like databases), and red/black deployments.
AWS distinguished engineer Eric Brandwine speaks with hundreds of customers each year, and noticed one question coming up more than any other, "How does AWS operationalize its own security?" In this session, Eric details both strategic and tactical considerations, along with an insider's look at AWS tooling and processes.
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Amazon Web Services
If left unmitigated, Distributed Denial of Service (DDoS) attacks have the potential to harm application availability or impair application performance. DDoS attacks can also act as a smoke screen for intrusion attempts or as a harbinger for attacks against non-cloud infrastructure. Accordingly, it's crucial that developers architect for DDoS resiliency and maintain robust operational capabilities that allow for rapid detection and engagement during high-severity events. In this session, you learn how to build a DDoS-resilient application and how to use services like AWS Shield and Amazon CloudWatch to defend against DDoS attacks and automate response to attacks in progress.
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Amazon Web Services
In cloud migrations, the cloud's elastic nature is often touted as a critical capability in delivering on key business initiatives. However, you must account for it in your security and compliance plans or face some real challenges. Always counting on a virtual host to be running, for example, causes issues when that host is rebooted or retired. Managing security and compliance in the cloud is continuous, requiring forethought and automation. Learn how a leading, next generation managed cloud provider uses automation and cloud expertise to manage security and compliance at scale in an ever-changing environment. Through code examples and live demos, we show tools and automation to provide continuous compliance of your cloud infrastructure.
Session sponsored by 2nd Watch
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
This document summarizes a session from AWS re:Invent on how Vanguard implemented identity and access management (IAM) across their AWS accounts. It discusses how Vanguard established multiple AWS accounts for isolation, used IAM roles to implement least privilege and separation of duties, and federated access to IAM using their corporate LDAP. It also describes how Vanguard addressed challenges of managing access at scale through role rationalization, comparing job roles to API usage and creating new granular roles. The session highlights how Vanguard established an ongoing process to continuously review and refine roles and permissions.
This document summarizes an AWS re:Invent session on incident response in the cloud. The session covered basics of incident response, best practices for incident response in the cloud, and a case study of information spillage incident response from Johns Hopkins Applied Physics Laboratory (JHUAPL). It discussed the difference between events and incidents, and components of an effective incident response process including preparation, identification, containment, investigation, eradication, recovery, and follow up. It provided advice on leveraging AWS services and capabilities to enhance incident response. The JHUAPL case study discussed their approach to incident response and how they apply it in AWS, including use of encryption, log aggregation, and isolation techniques during containment and eradication
AWS GovCloud (US) is an isolated AWS Region designed to help US government agencies and highly regulated organizations meet their compliance needs, including the International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP). AWS GovCloud (US) makes it safe and easy to move sensitive data and regulated IT workloads to the cloud, through its adherence to numerous compliance and regulatory requirements. Join us to learn about AWS GovCloud (US) and how AWS can do the heavy lifting for your government agency or regulated enterprise.
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
You know you want client-side encryption for your service but you don’t know exactly where to start. Join us for a hands-on workshop where we review some of your client-side encryption options and explore implementing client-side encryption using the AWS Encryption SDK. In this session, we cover the basics of client-side encryption, perform encrypt and decrypt operations using AWS KMS and the AWS Encryption SDK, and discuss security and performance considerations when implementing client-side encryption in your service.
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
A surprising trend is starting to emerge among organizations who are progressing through the cloud maturity lifecycle: major improvements in revenue growth, customer satisfaction, and mission success are being directly attributed to improvements in security and compliance. At one time thought of as speed bumps in the path to deployment, security and compliance are now seen as critical ingredients that help organizations differentiate their offerings in the market, win more deals, and achieve mission-critical goals faster. This session explores how organizations like Jive Software and the National Geospatial Agency use the Evident Security Platform, AWS, and AWS Quick Starts to automate security and compliance processes in their organization to accomplish more, do it faster, and deliver better results.
Session sponsored by Evident.io
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...Amazon Web Services
In this session, we will provide an overview of Amazon Neptune, AWS’s newest database service. Amazon Neptune is a fast, reliable graph database that makes it easy to build applications over highly connected data. We will then explore how Siemens is building a knowledge using Amazon Neptune.
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017Amazon Web Services
As Chick-fil-A became a cloud-first organization, their security team didn't want to become the bottleneck for agility. But the security team also wanted to raise the bar for their security posture on AWS. Robert Davis, security architect at Chick-fil-A, provides an overview about how he and his team recognized that writing code was the best way for their security policies to scale across the many AWS accounts that Chick-fil-A operates. The use of DevSecOps within Chick-fil-A led to the creation of a set of account bootstrapping tools, auditing capabilities, and event-based policy enforcement. This session goes over these tools and how they were built on AWS.
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017Amazon Web Services
Managed Rules for AWS WAF is a new feature that allows you to purchase Managed Rules from security sellers in the AWS Marketplace. Managed Rules are proactively updated by security sellers as new threats emerge and enable you to easily protect your web applications and APIs from a wide range of Internet threats.
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
Infrastructure-as-Code (IaC) has emerged as an essential element of organizational DevOps practices. Tools such as AWS CloudFormation and Terraform allow software-defined infrastructure to be deployed quickly and repeatably to AWS. But the agility of CI/CD pipelines also creates new challenges in infrastructure security hardening. How do you ensure that your CloudFormation templates meet your organization's security, compliance, and governance needs before you deploy them? How do you deploy infrastructure securely to production environments, and monitor the security posture on a continuous basis? And how do you do this repeatedly without hitting a speed bump? This session provides a foundation for how to bring proven software hardening practices into the world of infrastructure deployment. We discuss how to build security and compliance tests for infrastructure analogous to unit tests for application code, and showcase how security, compliance and governance testing fit in a modern CI/CD pipeline.
Session Sponsored by: Dome9
This document outlines an agenda for an Amazon GuardDuty lab. The lab includes two parts that will demonstrate how GuardDuty can detect security threats and allow for automated remediation. Part one will generate findings when an EC2 instance connects to an IP address on a threat list, and demonstrate isolating the compromised instance using security groups and Lambda. Part two focuses on detecting and remediating compromised IAM credentials. Both parts include setup, simulated attacks, remediation steps, and opportunities for enhancement. The document encourages enabling GuardDuty to monitor for threats during the free trial period.
NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017Amazon Web Services
PrivateLink provides private connectivity between VPCs, AWS Services and on-premises applications. Built with the same underlying technology that powers NAT Gateway, Network Load Balancer and AWS Service endpoints, PrivateLink is now available for use with your own applications. In the session, we’ll do a deep dive into the underlying network technology that is used by PrivateLink and explore how PrivateLink can be deployed to improve your network topologies and application architectures. We’ll also look at how PrivateLink improves micro-service architectures, allowing for services to be vended between AWS accounts and over DirectConnect connections.
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MAmazon Web Services
There is a constant tension between empowering teams to be agile through autonomy and enforcing governance policies to maintain regulatory compliance. Hear from Nathan Scott, Senior Consultant at AWS and James Martin, Automation Engineering Manager at 3M on how they have achieved both autonomy and governance through self-service automation tools on AWS. Learn how to avoid pitfalls with building the CI/CD team, right sizing and how to address. This session will also feature a demo from Casey Lee, Chief Architect at Stelligent on the tools used to accomplish this for 3M, including AWS Service Catalog, AWS CloudFormation, AWS CodePipeline and Cloud Custodian, an open source tool for managing AWS accounts.
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Amazon Web Services
In this session, you learn pragmatic steps to integrate security controls into DevOps processes in your AWS environment at scale. Cyber security expert and founder of Alert Logic Misha Govshteyn shares insights from high performing teams who are embracing the reality that an agile security program can enable faster and more secure workload deployments. Joining Misha is Joey Peloquin, Director of Cloud Security Operations at Citrix, who discusses Citrix’s DevOps experiences and how they manage their cyber security posture within the AWS Cloud.
Session sponsored by Alert Logic
How does a practice become a "best" practice? How does a pattern become an "anti" pattern? As always, experience is the best teacher. As Partner Solution Architects, we receive a lot of partner feedback on how practices and design patterns work—and occasionally fail to work—in the real world. We use this feedback to inform our recommendations and reference architectures. In this session, we explore a representative set of real-life "failures." We look at what these failures have to teach us about design and how to prioritize remediation of known issues.
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Amazon Web Services
What do you do when leadership embraces what was called "shadow IT" as the new path forward? How do you onboard new accounts while simultaneously pushing policy to secure all existing accounts? This session walks through Cisco’s journey consolidating over 700 existing accounts in the Cisco organization, while building and applying Cisco’s new cloud policies. Learn valuable tips and hear about mechanisms used to automate the process. Gain insight into how Cisco integrates AWS’s security and monitoring with Cisco’s enterprise tools, Cisco SSO integration and continuous security auditability on Cisco’s AWS account, and Cisco’s CI/CD pipelines with AWS to ensure secure development.
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we discuss considerations, limitations, and security patterns when building out a multi-account strategy. We explore topics such as identity federation, cross-account roles, consolidated logging, and account governance. Thomson Reuters shared their journey and their approach to a multi-account strategy. At the end of the session, we present an enterprise-ready, multi-account architecture that you can start leveraging today.
We encourage you attend the full multi-account track:
SID331: Architecting Security and Governance Across a Multi-Account Strategy (Session)
SID335: Implementing Security and Governance Across a Multi-Account Strategy (Chalk Talk)
ENT324: Automating and Auditing Cloud Governance and Compliance in Multi-Account Environments (Session)
SID311: Designing Security and Governance Across a Multi-Account Strategy (Workshop)
SID308: Multi-Account Strategies (Chalk Talk)"
SID302_Force Multiply Your Security Team with Automation and AlexaAmazon Web Services
Adversaries automate. Who says the good guys can't as well? By combining AWS offerings like AWS CloudTrail, Amazon Cloudwatch, AWS Config, and AWS Lambda with the power of Amazon Alexa, you can do more security tasks faster, with fewer resources. Force multiplying your security team is all about automation! Last year, we showed off penetration testing at the push of an (AWS IoT) button, and surprise-previewed how to ask Alexa to run Inspector as-needed. Want to see other ways to ask Alexa to be your cloud security sidekick? We have crazy new demos at the ready to show security geeks how to sling security automation solutions for their AWS environments (and impress and help your boss, too).
What if security became the reason to move an application to the cloud? Historically, security has been a necessary afterthought. Today, with AWS, security is moving from obligation to advantage. Here, you'll get a glimpse of tools and techniques that enterprise customers are using today to secure their AWS environments at scale.
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
The Security Perspective of the AWS Cloud Adoption Framework provides a framework for maturation via a structured program that incorporates best practices and processes for define, build and optimize how you operate security controls in the AWS platform. The Security perspective of the CAF provides a set of 5 core foundational theme designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection and Incident response. During this session, we address how to put the Security Perspective of the CAF into practice and follow with an afternoon agenda that will dive deep in each of the individual core topics.
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
It can be challenging to optimize AWS resources across cost, performance, security, and fault tolerance, much less do it automatically. AWS Trusted Advisor, an online resource, provides real-time guidance to help you provision your resources following AWS best practices. AWS Health provides ongoing visibility into the state of your AWS resources and remediation guidance for resource performance or availability issues that may affect your applications. Learn how to safely automate these best practices using Amazon CloudWatch Events and AWS Lambda, with samples for you to use. We also introduce you to AWS Health tools, a community-based source of tools to automate remediation actions and customize health alerts. See how to automate AWS best practices from Trusted Advisor and implement remediation from the AWS Health API on your AWS resources. Attendees should bring their own laptops.
AWS Security State of the Union - SID326 - re:Invent 2017Amazon Web Services
Steve Schmidt, chief information security officer of AWS, addresses the current state of security in the cloud, with a particular focus on feature updates, the AWS internal "secret sauce," and what's on horizon in terms of security, identity, and compliance tooling.
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Amazon Web Services
Managing AWS and hybrid environments securely and safely while having actionable insights is an operational priority and business driver for all customers. Using SSH or RDP sessions could lead to unintended or malicious outcomes with no traceability. Learn to use Amazon EC2 Systems Manager to improve your security posture, automate at scale, and minimize application downtime for both Windows and Linux workloads. Easily author configurations to automate your infrastructure without SSH access, and control the blast radius of configuration changes. Get a cross-account and cross-region view of what’s installed and running on your servers or instances. Learn to use Systems Manager to securely store, manage, and retrieve secrets. You can also run patch compliance checks on the fleet to react to malware and vulnerabilities within minutes, while still providing granular control to users with different privilege levels and full auditability. You will hear from FINRA, the Financial Industry Regulatory Authority, on how they use Systems Manager to safely manage their Enterprise environment.
Use Amazon Rekognition to Build a Facial Recognition SystemAmazon Web Services
This document provides an overview of a workshop on using Amazon Rekognition to build a facial recognition system. It describes the services that will be used, including Amazon Rekognition, Amazon EC2, Amazon Kinesis Data Firehose, AWS Lambda, Amazon DynamoDB, and Amazon S3. It outlines a scenario where these services will be used to build an application to find missing persons by scanning social media images with Amazon Rekognition facial recognition. The workshop will provide steps to set up a Twitter application, launch an AWS CloudFormation stack, and validate and start the application.
Use Amazon Rekognition to Build a Facial Recognition SystemAmazon Web Services
This document provides an overview of a workshop on using Amazon Rekognition to build a facial recognition system. It describes the services that will be used, including Amazon Rekognition, Amazon EC2, Amazon Kinesis Data Firehose, AWS Lambda, Amazon DynamoDB, and Amazon S3. It outlines a scenario where these services will be used to build an application to find missing persons by scanning social media images with Amazon Rekognition facial recognition. The workshop will provide steps to set up a Twitter application, launch an AWS CloudFormation stack, and validate and start the application.
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
by Eric Rose, Sr. Security Consultant, AWS
After you have built and deployed a security infrastructure and automated key aspects of security operations, you should validate your work through an incident response simulation. In this session, you will learn about the best way to protect your logs; how and why to develop automated incident response capabilities via AWS tooling such as AWS Lambda; the importance of testing existing forensics tools to ensure efficacy in the cloud environment; and ways to test your plan early and often.
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
Once you have built and deployed security infrastructure and automated key aspects of security operations you should validate your work through an Incident Response simulation. In this session we discuss the best way to protect your logs; how and why to develop automated IR capabilities via AWS tooling (e.g. Lambda); the importance of testing existing forensics tools to ensure efficacy in cloud environment; and ways to test your plan early and often.
The document provides an overview of serverless architectural patterns on AWS. It covers serverless key concepts, event processing architecture using AWS Lambda and event sources like S3, Kinesis, etc. It also discusses operation automation architecture using Lambda, CloudWatch Events, and other services. The document reviews web application architecture with API Gateway, Lambda, DynamoDB and data processing architecture using services like Kinesis, S3, Redshift for streaming and batch data.
This document summarizes a presentation about security at scale on AWS. It discusses AWS security controls that customers don't need to manage themselves. It also outlines the AWS Cloud Adoption Framework for adapting security practices to the cloud. Finally, it provides examples of how to implement security capabilities like identity and access management, detective controls, infrastructure security, data protection, and incident response on AWS.
Devoxx: Building AI-powered applications on AWSAdrian Hornsby
Slides from my talk at devoxx2018
The video: https://www.youtube.com/watch?v=-izfBVlHkSc
https://cfp.devoxx.be/2017/talk/XEO-9942/Building_Serverless_AI-powered_Applications_on_AWS
This document outlines an agenda for a workshop on threat detection and remediation. It includes:
- Running a CloudFormation template to set up the initial environment.
- A presentation on threat detection and remediation that discusses why it is difficult, the importance of removing humans from data analysis and detection, and AWS security services that can help.
- A walkthrough of the workshop where participants will simulate attacks and threats in their environment and use AWS security tools like GuardDuty, Lambda, and CloudWatch Events for detection and remediation.
ABD317_Building Your First Big Data Application on AWS - ABD317Amazon Web Services
This document provides instructions for building a big data application on AWS that collects and analyzes web server logs. It discusses using Amazon Kinesis to collect logs with a Firehose delivery stream into an S3 bucket. It then covers using Kinesis Analytics to process the logs in real-time by writing SQL queries that compute metrics and detect anomalies. Finally, it discusses loading the processed logs into Amazon Redshift for interactive querying and visualizing insights with Amazon QuickSight.
This document discusses preparing for and simulating incident response on AWS. It covers automating incident response using tools like AWS CloudTrail and Lambda to detect events and trigger automated responses. Examples are provided of detecting and responding to potentially malicious configuration changes. The document emphasizes building an automated "Lambda responder" system to detect events from CloudTrail and take response actions. It also provides guidance on when to engage AWS Support or Security for incident response simulations.
AWS Security Week: CAF Detective Controls - Gain Visibility & Record ChangeAmazon Web Services
AWS Security Week at the San Francisco Loft: CAF Detective Controls - Gain Visibility & Record Change
Presenter: Reef D’Souza - Security Consultant, AWS Professional Services
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We'll take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and how you can inherit controls from the rich compliance and accreditation programs maintained by AWS.
by Michael St. Onge, Global Cloud Security Architect, AWS
Events are precursor to incidents, but how do you decide if an event is harmful? Tuning the signal to noise means that every event needs to be inspected and its impact calculated in as short amount of time as possible to stop bad things from happening. In this session, we will dive deep into a few event types to do advanced analysis in pursuit of deciding if it is a security incident, and how to resolve it by the time the alert hits your inbox.
CMP316_Hedge Your Own Funds Run Monte Carlo Simulations on EC2 Spot FleetAmazon Web Services
Monte Carlo simulation is a method of generating thousands of series representing potential outcomes of possible returns. This includes drawdowns, Sharpe ratios, standard deviations, and other statistics of a specific investment or portfolio. In this session, learn how to run Monte Carlo simulations using Amazon EC2 Spot fleets to predict investment returns, all while saving up to 90 percent over On-Demand!
Similar to Five New Security Automation Improvements You Can Make by Using Amazon CloudWatch Events and AWS Config Rules - SID405 - re:Invent 2017 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.