The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, cost optimization and operational excellence when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud. In this session, you'll learn how to use the Well-Architected Framework to follow AWS guidelines and best practices to your architecture on AWS.
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
Cloud adoption requires that fundamental changes are considered across the entire organization, and that stakeholders across all organizational units are engaged in these changes. This session will introduce participants to the AWS Cloud Adoption Framework (AWS CAF) to help organizations take an accelerated path to successful cloud adoption. Participants will be exposed to consideration, guidance, and best practices that can be used to help their organizations develop an efficient and effective plan to realize measurable business benefits from cloud adoption faster and with less risk.
Implementing a Cloud Center of Excellence (CCoE) promotes a seamless transition to the cloud for any organization. Cloud adoption includes communicating a new strategic direction, involving stakeholders from across the organization, identifying skill gaps, identifying key team members, and establishing a realistic roadmap. JHC Technology presents how organizations can manage, evaluate, automate, and continuously spur cloud adoption through repeatability, allowing the organization to deploy innovation today and be ready for whatever comes tomorrow. As part of this discussion we will review the framework necessary to identify AWS Partners that can provide the best value to your organization.
Elizabeth Boudreau, Cloud Executive Advisor, Amazon Web Services
Matt Jordan, Vice President, Corporate Strategy & Development, JHC Technology
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we cover considerations, limitations, and security patterns when building a multi-account strategy. We explore topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. We conclude by presenting an enterprise-ready landing-zone framework and providing the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
The AWS Well-Architected Framework enables customers to make informed decisions about their architecture in a cloud-native way and understand the impact of design decisions that are made. The Framework is composed of 5 pillars (Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization), design principles and questions. It provides strategies & best practices for architecting in the cloud.
The AWS Well-Architected Bootcamp allows you to put the Framework into practice. We will provide an introduction to the Well-Architected Framework, walk through a sample architectural example, and give you a chance to apply the Framework to the sample architecture while using the AWS knowledge of you and your team.
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
Cloud adoption requires that fundamental changes are considered across the entire organization, and that stakeholders across all organizational units are engaged in these changes. This session will introduce participants to the AWS Cloud Adoption Framework (AWS CAF) to help organizations take an accelerated path to successful cloud adoption. Participants will be exposed to consideration, guidance, and best practices that can be used to help their organizations develop an efficient and effective plan to realize measurable business benefits from cloud adoption faster and with less risk.
Implementing a Cloud Center of Excellence (CCoE) promotes a seamless transition to the cloud for any organization. Cloud adoption includes communicating a new strategic direction, involving stakeholders from across the organization, identifying skill gaps, identifying key team members, and establishing a realistic roadmap. JHC Technology presents how organizations can manage, evaluate, automate, and continuously spur cloud adoption through repeatability, allowing the organization to deploy innovation today and be ready for whatever comes tomorrow. As part of this discussion we will review the framework necessary to identify AWS Partners that can provide the best value to your organization.
Elizabeth Boudreau, Cloud Executive Advisor, Amazon Web Services
Matt Jordan, Vice President, Corporate Strategy & Development, JHC Technology
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we cover considerations, limitations, and security patterns when building a multi-account strategy. We explore topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. We conclude by presenting an enterprise-ready landing-zone framework and providing the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
The AWS Well-Architected Framework enables customers to make informed decisions about their architecture in a cloud-native way and understand the impact of design decisions that are made. The Framework is composed of 5 pillars (Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization), design principles and questions. It provides strategies & best practices for architecting in the cloud.
The AWS Well-Architected Bootcamp allows you to put the Framework into practice. We will provide an introduction to the Well-Architected Framework, walk through a sample architectural example, and give you a chance to apply the Framework to the sample architecture while using the AWS knowledge of you and your team.
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, cost optimization and operational excellence when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud.
In this one hour webinar, you'll learn how to use the AWS Well-Architected Framework to follow guidelines and best practices for your architecture on AWS.
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
As you continue to grow your footprint on AWS, centralized tools and features are required to help govern multiple AWS accounts for account management, security and access control, and resource sharing. This session discusses how you can use AWS Organizations to manage and govern multi-account environments on AWS with security and compliance in mind. This session covers AWS Organizations, IAM, AWS Config, AWS Firewall Manager, CloudTrail, CloudWatch Events, Directory Service, License Manager, Resource Access Manager, and Single Sign-On.
Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high-quality software at a fast pace. In this session, we will cover how you can begin your DevOps journey by sharing best practices and tools used by the engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows. We will also cover an introduction to AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, AWS Cloud9, and AWS X-Ray the services inspired by Amazon's internal developer tools and DevOps practice.
Level: 200
Speaker: Nick Brandaleone - Solutions Architect, AWS
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) enables you to have complete control over your AWS virtual networking environment. In this session, we will work through the process and features involved to build an advanced hybrid and connected architecture exploring the new capabilities including VPC Shared Subnets, AWS Transit Gateway, Route 53 Resolver and AWS Global Accelerator. We dive into how they work and how you might use them.
The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make while building systems on AWS. By using the Framework you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. It provides a way for you to consistently measure your architectures against best practices and identify areas for improvement. The process for reviewing an architecture is a constructive conversation about architectural decisions, and is not an audit mechanism. We believe that having well-architected systems greatly increases the likelihood of business success.
https://runfrictionless.com/b2b-white-paper-service/
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. Enabled with a few clicks in the AWS Management Console, Amazon GuardDuty can immediately begin analyzing billions of events across your AWS accounts for signs of risk. It does not require you to deploy and maintain software or security infrastructure, meaning it can be enabled quickly with no risk of negatively impacting existing application workloads.
by Bill Reid, Sr. Manager of Solutions Architecture, AWS
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs.
"Amazon Inspector is a new service from AWS that identifies security issues in your application deployments. Use Inspector with your applications to assess your security posture and identify areas that can be improved. Inspector works with your Amazon EC2 instances to monitor activity in your applications and system.
This session will cover getting started with Inspector, how to automate the process, how to manage and act on findings, and additional ways you can enhance your development and release lifecycle using Inspector."
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
One of the first questions that customers ask during their cloud journeys is how to establish and build AWS environments or landing zones. In this session, we discuss best practices for establishing a scalable approach and necessary landing zone framework. We present an overview of the approach and solutions to help you implement a landing zone. We also introduce the AWS Landing Zone, which is an automated solution for setting up a robust, flexible AWS environment, and we discuss how it reduces the time needed to get started. Finally, we provide a high level overview of AWS Control Tower and how it fits into the overall approach.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016Amazon Web Services
This session provides the attendee with an overview of our AWS CloudFormation service and helps the customer to realize the benefits of "infrastructure as code." A demo is part of this session.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, cost optimization and operational excellence when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud.
In this one hour webinar, you'll learn how to use the AWS Well-Architected Framework to follow guidelines and best practices for your architecture on AWS.
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
As you continue to grow your footprint on AWS, centralized tools and features are required to help govern multiple AWS accounts for account management, security and access control, and resource sharing. This session discusses how you can use AWS Organizations to manage and govern multi-account environments on AWS with security and compliance in mind. This session covers AWS Organizations, IAM, AWS Config, AWS Firewall Manager, CloudTrail, CloudWatch Events, Directory Service, License Manager, Resource Access Manager, and Single Sign-On.
Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high-quality software at a fast pace. In this session, we will cover how you can begin your DevOps journey by sharing best practices and tools used by the engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows. We will also cover an introduction to AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, AWS Cloud9, and AWS X-Ray the services inspired by Amazon's internal developer tools and DevOps practice.
Level: 200
Speaker: Nick Brandaleone - Solutions Architect, AWS
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) enables you to have complete control over your AWS virtual networking environment. In this session, we will work through the process and features involved to build an advanced hybrid and connected architecture exploring the new capabilities including VPC Shared Subnets, AWS Transit Gateway, Route 53 Resolver and AWS Global Accelerator. We dive into how they work and how you might use them.
The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make while building systems on AWS. By using the Framework you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. It provides a way for you to consistently measure your architectures against best practices and identify areas for improvement. The process for reviewing an architecture is a constructive conversation about architectural decisions, and is not an audit mechanism. We believe that having well-architected systems greatly increases the likelihood of business success.
https://runfrictionless.com/b2b-white-paper-service/
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. Enabled with a few clicks in the AWS Management Console, Amazon GuardDuty can immediately begin analyzing billions of events across your AWS accounts for signs of risk. It does not require you to deploy and maintain software or security infrastructure, meaning it can be enabled quickly with no risk of negatively impacting existing application workloads.
by Bill Reid, Sr. Manager of Solutions Architecture, AWS
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs.
"Amazon Inspector is a new service from AWS that identifies security issues in your application deployments. Use Inspector with your applications to assess your security posture and identify areas that can be improved. Inspector works with your Amazon EC2 instances to monitor activity in your applications and system.
This session will cover getting started with Inspector, how to automate the process, how to manage and act on findings, and additional ways you can enhance your development and release lifecycle using Inspector."
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
One of the first questions that customers ask during their cloud journeys is how to establish and build AWS environments or landing zones. In this session, we discuss best practices for establishing a scalable approach and necessary landing zone framework. We present an overview of the approach and solutions to help you implement a landing zone. We also introduce the AWS Landing Zone, which is an automated solution for setting up a robust, flexible AWS environment, and we discuss how it reduces the time needed to get started. Finally, we provide a high level overview of AWS Control Tower and how it fits into the overall approach.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016Amazon Web Services
This session provides the attendee with an overview of our AWS CloudFormation service and helps the customer to realize the benefits of "infrastructure as code." A demo is part of this session.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneAmazon Web Services
With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and explain features for account structuring, user configuration, provisioning, networking and operation automation. The Migration Landing Zone solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and AWS Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations.
Speaker: Koen Biggelaar, Senior Manager, Solutions Architecture, Amazon Web Services and Mahmoud ElZayet
re:Invent Recap: Security Week at the San Francisco Loft
Join us for a round up of all things re:Invent, the largest global cloud computing conference that will have taken place November 25 to 30 in Las Vegas. We'll share security and compliance related highlights from the keynote sessions, and will summarize launches and features to watch.
Level: 100
Speaker: Bill Reid - Sr. Manager, Solutions Architecture, AWS
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and will cover solutions for account structure, user configuration, provisioning, networking and operation automation. This solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and Amazon Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations. Additionally, Philips will explain their cloud journey and how they have applied their guiding principles when building their landing zone.
Tom Jones, Solution Architect at Amazon Web Services leads a 60-minute tour through everything you need to know to develop, deploy and operate your first secure applications and services on AWS.
The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, and cost optimisation when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud. In this session, you'll learn about the Well-Architected Framework, and the steps you can take to help ensure your solution is Well Architected.
This talk showcases the "best of the best" practices for operating securely at scale on AWS, taken from real customer examples. It introduces the AWS Security Best Practices whitepaper and covers a range of security recommendations for Identity and Access Management, Logging and Monitoring, Infrastructure Security, and Data Protection. It incorporates practical examples found in the Center for Internet Security’s CIS AWS Foundation and CIS AWS Three-Tier Web Architecture benchmarks. Come learn how to "Just Turn It On!"
Speakers:
Phil Rodrigues, Security Solutions Architect, Amazon Web Services
Michael Fuller, Principal Systems Engineer, Atlassian
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesAmazon Web Services
Whether you are running applications that share photos or support critical operations of your business, you need rapid access to flexible and low cost IT resources. The term "cloud computing" refers to the on-demand delivery of IT resources via the Internet with pay-as-you-go pricing. Whether you are a startup who wants to accelerate growth without a big upfront investment in cash or time for technology or an Enterprise looking for IT innovation, agility and resiliency while reducing costs, the AWS Cloud provides a complete set of infrastructure services at zero upfront costs which are available with a few clicks and within minutes. Join this webinar to learn more about the benefits of Cloud Computing.
Reasons to attend:
- Learn the concepts of utility computing and elasticity and why these are important to a cost-effective, scalable and reliable IT architecture.
- Hear about the AWS service portfolio and the global footprint on which it is delivered and the value proposition of the AWS Cloud.
This session showcases best practices for operating securely at scale on AWS. We’ll introduce the AWS Security Best Practices whitepaper that covers a range of security recommendations for identity and access management, logging and monitoring, infrastructure security, and data protection. We’ll also examine practical examples found in the Center for Internet Security’s CIS AWS Foundations and CIS AWS Three-Tier Web Architecture benchmarks. Information and eGovernance Authority (IGA) also steps in to debunk common security myths of cloud adoption and speak on why they entrust the cloud with data.
My slides from the re:Invent Recap Conferences.
The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, and cost optimisation when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud. In this session, you'll learn how to follow AWS guidelines and best practices. By developing a strategy based on Amazon Web Services's Well-Architected Framework, you will be able to significantly increase the frequency of code deployments and reduce deployment times. As a result, you will be able to deliver more scalable, dynamic and resilient applications.
Similar to Following Well Architected Frameworks - Lunch and Learn.pdf (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
5. Why would I want to apply the AWS Well-Architected Framework?
Build and
deploy faster
Lower or
mitigate risks
Make informed
decisions
Learn AWS
best practices
8. General Design Principles
Stop guessing your capacity needs
Test systems at production scale
Automate to make architectural experimentation easier
Allow for evolutionary architectures
Build data-driven architectures
Improve through game days
10. AWS Reference Serverless Micro Service Architectures
aws.amazon.com/serverless/
AWS Serverless Multi-Tier
Architectures
Using Amazon API Gateway and AWS Lambda
November 2015
11. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure
Regions
Availability Zones
Edge Locations
Client-side Data Encryption
Server-side Data
Encryption
Network Traffic Protection
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer content
Customers
Shared Responsibility between AWS and our customers
Customers are
responsible for their
security IN the Cloud
AWS is responsible
for the security OF
the Cloud
15. Specialized Reviews by Architecture Type
• Web Application Hosting
• Content Streaming and Media Serving
• COTS Enterprise Workloads (e.g. SAP, Microsoft, Oracle)
• Fault Tolerance and High Availability
• Large Scale Processing and Huge Data Sets
• Ad Serving
• Serverless
• Gaming
17. Design Principles for Security
Apply security at all layers
Enable traceability
Implement a principle of least privilege
Focus on securing your system
Automate security best practices
21. Upload: FTP
• Work through the questions
• Use the questions as a prompt
• CURRENT STATE – what is being done now?
• TARGET STATE – what do you think they should be doing?
• Not an absolute right or wrong – use case specific
• It’s a guide
How to Document Your System
22. Key Services for Security AWS IAM
Areas Key Services
Identity and Access
Management
Detective Controls
Infrastructure Protection
Data Protection
Incident Response
Elastic Load
Balancing
Amazon EBS Amazon S3 Amazon RDS
AWS Key
Management Service
MFA Token
Amazon VPC
AWS CloudTrail AWS Config Amazon CloudWatch
AWS IAM
AWS IAM AWS CloudFormation
AWS Organizations
23. AWS Organizations
Control AWS service
use across accounts
Policy-based management for multiple AWS accounts.
Consolidate billingAutomate AWS
account creation
AWS
Organizations
24. AWS Identity & Access Management
IAM Users IAM Groups IAM Roles IAM Policies
• Granular access control for least privileges
• Manage hierarchies of AWS Accounts with
AWS Organizations
• Federate with your existing directory services
• Role-based access and segregation of duties
• Achieve just-in-time access using automation
• Create rich mobile applications without giving
end-users long-term access keys
IAM
25. You are making
API calls...
API Executed AWS CloudTrail
is continuously
recording API
calls…
And delivering
log files to you
AWS CLOUDTRAIL AWS
CloudTrail
28. Private Subnet (Web Tier)
Private Subnet (App Tier)
VPC Defense in Depth
Public Subnet
SG-Web
SG-App
SG-Web SG-Web
SG-App SG-App
10.0.2.0/24
10.0.1.0/24
10.0.3.0/24
SG-ALB
Allow CloudFront
IP ranges only
Allow SG-ALB
only
Allow SG-Web
only
29. VPC Flow Logs
• Agentless
• Enable per ENI, per subnet, or per VPC
• Logged to AWS CloudWatch Logs
• Create CloudWatch metrics from log data
• Alarm on those metrics
AWS
account
Source IP
Destination IP
Source port
Destination port
Interface Protocol Packets
Bytes Start/end time
Accept
or reject
32. Mitigate OWASP Application Threats
Good users
Bad guys
Web server
Database
Exploit
code
SQL injectionXSS
AWS WAF
filtering rule
33. SSL/TLS
Deep integration with AWS Services
Automated Certificate Renewal
CloudTrail
No extra cost
… or you can always use your own
AWS
Certificate
Manager
34. Cryptographic Services
Deep integration with AWS Services
CloudTrail
AWS SDK for application encryption
AWS
KMS
Hardware Security Module
Integrate with on-premises HSMs
Hybrid Architectures
Amazon
CloudHSM
… or you can always use your own
35. AWS CloudFormation – Infrastructure as Code
AWS CloudFormation
Orchestrate changes across AWS Services
Use as foundation to Service Catalog
products
Use with source code repositories to
manage infrastructure changes
JSON & YAML text file
describing infrastructure
Resources created from a template
Can be updated
Updates can be restricted
Template Stack
37. Design Principles for Reliability
Test recovery procedures
Automatically recover from failure
Scale horizontally to increase aggregate system availability
Stop guessing capacity
Manage change in automation
38. Key Services for Reliability
Areas Key Services
Foundations
Change management
Failure management
AWS IAM Amazon VPC
AWS CloudTrail AWS Config
AWS CloudFormation
Amazon CloudWatch
39. Foundations | Limit Management
How do you manage AWS service limits for your
accounts?
41. Foundations | Limit Management
Easy wins:
Default service limits
AWS Trusted Advisor limit checks.
Increasing soft limits if needed.
Things to consider:
Limit monitoring (possible automation)
The difference between hard and soft limits
Plan for more than you need.
Consider your limits across accounts.
Fixed Limit - 125 peering connections per VPC
Fixed Limit - 100 routes across Direct Connect
49. Foundations | Network Topology
Easy wins:
Redundant networking built in to AWS regions.
Highly available load balancing, DNS.
Choose correct CIDR masks.
Things to consider:
Default VPC quick and resilient, but plan your own.
Redundant connectivity to office/datacentre?
VPN or Direct Connect?
IP subnet address ranges overlap for VPC peering.
53. Change Management | Monitoring
Easy wins:
Amazon CloudWatch deep integration with AWS services.
Built-in CloudWatch metrics.
Highly durable CloudWatch logs.
Things to consider:
Integrate existing log solutions like Greylog or Splunk.
Automate responses to alerts.
Use Amazon EMR to gain insights.
Long term event trigger refinement.
56. Change Management | Change Execution
Easy wins:
Infrastructure as code for simple services.
Version control infrastructure for change and rollback.
Environments kept consistent.
Things to consider:
CI/CD pipeline is a long term strategy.
Continuous Delivery is different to Deployment.
Identify automation candidates.
Shift approvals to the left.
59. Failure Management | Data Durability
Easy wins:
S3 designed for 99.99999999999% durability.
Frequent snapshots of EBS volumes.
RDS takes regular incremental snapshots.
Things to consider:
Durability requirements, ease of snapshots, speed, cost.
Encryption of your data and management of keys.
Periodic recovery testing to meet RPO and RTO.
62. Failure Management | Recovery Planning
Easy wins:
Automated infrastructure for flexible testing.
Chaos Monkey and the Simian Army for failure injection.
Scheduling game days to break your system.
Things to consider:
Make sure your build servers are reliable as well.
Do your playbooks sufficiently cover recovery pathways?
Learn from your failures with Root Cause Analysis.
63. Failure Management | Recovery Planning
How are you planning for disaster recovery?
65. Failure Management | Recovery Planning
Easy wins:
Automated system recovery using infrastructure as code.
Versioning in S3 with object lifecycle policies easy to turn on.
Use another region or account to test failover.
Knowledge base for capturing incident responses.
Things to consider:
RPOs and RTOs need to be defined first.
Manage data access policies with IAM.
Be aware of Configuration drift.
Consider continuous availability.
66. Three Key Takeaways
1. Don’t forget the foundations.
2. Continually monitor your environment for events and
analysis.
3. Automate, test and iterate.
68. Design Principles for Performance Efficiency
Democratize advanced technologies
Go global in minutes
Use serverless architectures
Experiment more often
Mechanical sympathy
74. Selection | Database
Amazon
DynamoDB
Amazon
ElastiCache
Amazon
RDS
Amazon
Redshift
Fully Managed No-SQL
- Fast and Predictable
- Seamless Scalability
- Secondary Indexing
- Managed Table
Partitioning
In-Memory Cache
- Memcached/Redis
- High Performance
- Supports Sharding,
Clustering, Read
Replicas
Managed Relational DB
- Industry standard
relational databases
- Options for Read
Replicas, Provisioned
IOPs, Indexes
Data Warehouse
- Fully Managed
- Petabyte-scale
- Columnar Storage
- Specify sort keys,
distribution keys,
column encoding
75. Selection | Network
Location (Regions and Availability Zones)
- Where your users are located
- Where your data is located
- Other constraints (e.g. Security, compliance)
Considerations:
- Placement Groups
- Edge Locations
- DNS - Route53 edge location
77. Design Principles for Cost Optimization
Adopt a consumption model
Benefit from economies of scale
Stop spending money on data center operations
Analyze and attribute expenditure
Use managed services to reduce cost of ownership
78. Key Services for Cost Optimization
Areas Key Services
Cost-effective resources
Matched supply and demand
Expenditure awareness
Optimizing over time
Amazon CloudWatch
Auto Scaling
Amazon SNS
Reserved Instances AWS Trusted Advisor
AWS Blog & What’s New
Cost Allocation Tags
79. How do you visualize and allocate costs for chargeback
Cost explorer in the “billing and management” console
80. Tagging resources – add your own metadata
(Almost) everything in AWS can be tagged
Each tag is a key and an optional value
Up to 10 tags per resource
Project = natasha
Stack = Development
DevTribe = Tribe3
ticket = 78912
EC2 instance name
i-4a1c2f5d
RDS instance name
d-6x3r2f7h
Owner = DBAdmin
Stack = Production
Department =
Accounts
CostCenter = 8899
Project = BAU
Key ValueKey Value
Project = natasha
Owner = DBAdmin
Department =
Accounts
Stack = Production
S3 bucket name
s378236
Key Value
ticket = 78912
CostCenter = 8899
81. Tagging resources – Now you have metadata you can pivot
E.G. Accurately measure
What resources (name) did project = natasha use?
E.G. Chargeback
how much (monthly $) did department = accounts spend?
what proportion (monthly $) of ticket = 78921 should be charged to stack =
production?
Project
Natasha
Natasha
BAU
Stack
t
Developmen
t
Production
Production
Devtribe
Tribe3
Ticket
78921
78912
Owner
DBAdmin
DBAdmin
Depart
Accounts
Accounts
Cost center
8899
8899
EC2
S3
RDS
$680
$700
$45
Monthly $Name
82. Auto scaling: variable workloads
CloudWatch for usage
start more instances when usage is
high
stop instances when usage is low
Time Based : For development and scheduled workloads
720 hours in a month
160 business hours in a month
80% saving if you switch them off
Strategies to make sure your capacity matches, but does not
substantially exceed what you need
83. Example – using CloudWatch metrics to control Auto-Scaling
Single large instance
= wasted capacity
Autoscaling with
cloudwatch
= less wasted capacity
Autoscaling with
cloudwatch and
appropriate instance size
= Cost optimized
Time
Utilization
Time
Utilization
Time
Utilization
84. EC2 instance types – consider RAM usage
Monitor RAM with a CloudWatch custom metric
http://docs.aws.amazon.com/AmazonCloudWatc
h/latest/DeveloperGuide/mon-scripts.html
EBS
Provisioned
IOPS
EBS
General
Purpose
S3
Standard
S3
Reduced
redundancy
Glacier
EC2 c3.8xlarge
32 x vCPU, 60GB
RAM
EC2 r3.8xlarge
32 x vCPU,
244GB RAM
Greatest Savings
Greatest PerformanceGreatest Performance
EBS
Magnetic
Storage Types – choose the right storage class for your workload
Selecting appropriate EC2 instance types and storage types meet cost
targets
50% saving
85. Cost optimizing EC2 instances – same technology – optimized
commercials
EC2 “On Demand” – scale up and down for dynamic workloads
EC2 “Reserved instances” - reduce costs for steady state workloads
EC2 “Spot instances” – Lowest possible price for time insensitive
workloads
The technology is the same BUT You can pick a commercial model that
meets your business need
Serverless Compute – event based computing model with step change in
price
Or Managed services with consumption based pricing models
87. Design Principles for Operational Excellence
Perform Operations with Code
Align Operations Processes to Business Objectives
Make Regular, Small, Incremental Changes
Test for Responses to Unexpected Events
Learn from Operational Events and Failures
Keep Operations Procedures Current
88. Topics explored in Operations Excellence Pillar
• What best practices for cloud operations are you using?
• How are you doing configuration management for your workload?
• How are you evolving your workload while minimizing the impact of
change?
• How do you monitor your workload to ensure it is operating as expected?
• How do you respond to unplanned operational events?
• How is escalation managed when responding to unplanned operational
events?
93. Use CloudWatch Events and Lambda
https://aws.amazon.com/blogs/security/how-to-detect-and-automatically-remediate-unintended-permissions-in-amazon-s3-object-acls-with-
cloudwatch-events/
94. Benefits of Well-Architected
Think Cloud-Natively
Consistent Approach to
Reviewing Architecture
Understand
Potential Impact
Visibility of Risks
95. Preparing for Well Architected Review
• Complete the Online Training
• Perform Customer Self Assessment
• Evaluate Automated Assessment Tools
• Certified APN Partner Led Assessment
• AWS Account Team Engagement & Review
• Work with AWS SA on any Remediation Plans