How does a practice become a "best" practice? How does a pattern become an "anti" pattern? As always, experience is the best teacher. As Partner Solution Architects, we receive a lot of partner feedback on how practices and design patterns work—and occasionally fail to work—in the real world. We use this feedback to inform our recommendations and reference architectures. In this session, we explore a representative set of real-life "failures." We look at what these failures have to teach us about design and how to prioritize remediation of known issues.
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
For Vanguard, managing the creation of AWS Identity and Access Management (IAM) objects is key to balancing developer velocity and compliance. In this session, you will learn how Vanguard designs IAM roles to control the blast radius of AWS resources and maintain simplicity for developers. Vanguard will also share best practices to help you manage governance and improve your visibility across your AWS resources.
AWS GovCloud (US) is an isolated AWS Region designed to help US government agencies and highly regulated organizations meet their compliance needs, including the International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP). AWS GovCloud (US) makes it safe and easy to move sensitive data and regulated IT workloads to the cloud, through its adherence to numerous compliance and regulatory requirements. Join us to learn about AWS GovCloud (US) and how AWS can do the heavy lifting for your government agency or regulated enterprise.
Operating a security practice on AWS brings many new challenges that haven't been faced in data center environments. The dynamic nature of infrastructure, the relationship between development team members and their applications, and the architecture paradigms have all changed as a result of building software on top of AWS. In this session, learn how your security team can leverage AWS Lambda as a tool to monitor, audit, and enforce your security policies within an AWS environment.
AWS Identity and Access Management (IAM) is the foundation that all AWS services require to function and perform any action. Mastering IAM is the skill set you need in your arsenal so that you can provide best-in-breed services through your application or services to your customers. This session shows you best practices for IAM, the latest service additions, and advanced automation techniques to become a certified IAM ninja.
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
This talk dives deep on how to build end-to-end security capabilities using AWS. Our goal is orchestrating AWS Security services with other AWS building blocks to deliver enhanced security. We cover working with AWS CloudWatch Events as a queueing mechanism for processing security events, using Amazon DynamoDB to provide a stateful layer to provide tailored response to events and other ancillary functions, using DynamoDB as an attack signature engine, and the use of analytics to derive tailored signatures for detection with AWS Lambda. Log sources include available AWS sources and also more traditional logs, such as syslog. The talk aims to keep slides to a minimum and demo live as much as possible. The demos come together to demonstrate an end-to-end architecture for SecOps. You'll get a toolkit consisting of code and templates so you can hit the ground running.
FSV305-Optimizing Payments Collections with Containers and Machine LearningAmazon Web Services
The Bank of Nova Scotia is using deep learning to improve the way it manages payments collections for its millions of credit card customers. In this session, we will show how the Bank of Nova Scotia leveraged Amazon EC2 Container Service and EC2 Container Registry and Docker to streamline their deployment pipeline. We will also cover how the bank used AWS IAM and Amazon S3 for asset management and security, as well as AWS GPU accelerated instances and TensorFlow to develop a retail risk model. We will conclude the session by examining how the Bank of Nova Scotia was able to dramatically cut costs in comparison to on-premise development.
AWS offers customers multiple solutions for federating identities on the AWS Cloud. In this session, we will embark on a tour of these solutions and the use cases they support. Along the way, we will dive deep with demonstrations and best practices to help you be successful managing identies on the AWS Cloud. We will cover how and when to use Security Assertion Markup Language 2.0 (SAML), OpenID Connect (OIDC), and other AWS native federation mechanisms. You will learn how these solutions enable federated access to the AWS Management Console, APIs, and CLI, AWS Infrastructure and Managed Services, your web and mobile applications running on the AWS Cloud, and much more.
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
For Vanguard, managing the creation of AWS Identity and Access Management (IAM) objects is key to balancing developer velocity and compliance. In this session, you will learn how Vanguard designs IAM roles to control the blast radius of AWS resources and maintain simplicity for developers. Vanguard will also share best practices to help you manage governance and improve your visibility across your AWS resources.
AWS GovCloud (US) is an isolated AWS Region designed to help US government agencies and highly regulated organizations meet their compliance needs, including the International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP). AWS GovCloud (US) makes it safe and easy to move sensitive data and regulated IT workloads to the cloud, through its adherence to numerous compliance and regulatory requirements. Join us to learn about AWS GovCloud (US) and how AWS can do the heavy lifting for your government agency or regulated enterprise.
Operating a security practice on AWS brings many new challenges that haven't been faced in data center environments. The dynamic nature of infrastructure, the relationship between development team members and their applications, and the architecture paradigms have all changed as a result of building software on top of AWS. In this session, learn how your security team can leverage AWS Lambda as a tool to monitor, audit, and enforce your security policies within an AWS environment.
AWS Identity and Access Management (IAM) is the foundation that all AWS services require to function and perform any action. Mastering IAM is the skill set you need in your arsenal so that you can provide best-in-breed services through your application or services to your customers. This session shows you best practices for IAM, the latest service additions, and advanced automation techniques to become a certified IAM ninja.
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
This talk dives deep on how to build end-to-end security capabilities using AWS. Our goal is orchestrating AWS Security services with other AWS building blocks to deliver enhanced security. We cover working with AWS CloudWatch Events as a queueing mechanism for processing security events, using Amazon DynamoDB to provide a stateful layer to provide tailored response to events and other ancillary functions, using DynamoDB as an attack signature engine, and the use of analytics to derive tailored signatures for detection with AWS Lambda. Log sources include available AWS sources and also more traditional logs, such as syslog. The talk aims to keep slides to a minimum and demo live as much as possible. The demos come together to demonstrate an end-to-end architecture for SecOps. You'll get a toolkit consisting of code and templates so you can hit the ground running.
FSV305-Optimizing Payments Collections with Containers and Machine LearningAmazon Web Services
The Bank of Nova Scotia is using deep learning to improve the way it manages payments collections for its millions of credit card customers. In this session, we will show how the Bank of Nova Scotia leveraged Amazon EC2 Container Service and EC2 Container Registry and Docker to streamline their deployment pipeline. We will also cover how the bank used AWS IAM and Amazon S3 for asset management and security, as well as AWS GPU accelerated instances and TensorFlow to develop a retail risk model. We will conclude the session by examining how the Bank of Nova Scotia was able to dramatically cut costs in comparison to on-premise development.
AWS offers customers multiple solutions for federating identities on the AWS Cloud. In this session, we will embark on a tour of these solutions and the use cases they support. Along the way, we will dive deep with demonstrations and best practices to help you be successful managing identies on the AWS Cloud. We will cover how and when to use Security Assertion Markup Language 2.0 (SAML), OpenID Connect (OIDC), and other AWS native federation mechanisms. You will learn how these solutions enable federated access to the AWS Management Console, APIs, and CLI, AWS Infrastructure and Managed Services, your web and mobile applications running on the AWS Cloud, and much more.
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfAmazon Web Services
Join AWS in examining governance and compliance designs aimed at helping organizations meet HIPAA and HITRUST standards. Learn how to better validate and document your compliance, expedite access to AWS compliance accelerators, and discover new ways to use AWS native features to monitor and control your accounts. This session is for a technical audience seeking to dive deep into the AWS service offerings, console, and API.
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...Amazon Web Services
Do you know that customers can seamlessly migrate on-premises applications to VMware Cloud on AWS? Come learn the compute, network, and storage architecture of the VMware Cloud on AWS solution. In this session, we use practical, real-world customer use cases to dive deep on hybrid cloud network connectivity, data protection, and security best practices. Additionally, we highlight how to use native AWS services with VMware Software-Defined Data Center (SDDC) workloads. Expect to walk away with practical guidance and tips on helping customers with their VMware and AWS hybrid cloud journey.
Don’t blink because in this session, we quickly show you thirty different architectural patterns that you can use with AWS Lambda to solve everything from basic infrastructure automation tasks to building chatbots. We cover the services that connect to AWS Lambda and help you create serverless applications that can respond to requests from many AWS services today. We will also discuss how to secure these serverless applications, deploy them, monitor them, and profile them for issues. By the end of this session, expect to have ideas on how serverless architecture can improve your life.
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineAmazon Web Services
Learn how media and entertainment companies use Amazon EC2 for Windows Server for fast rendering on film and television projects. In this session, we discuss how to architect a Windows solution using Deadline to allow the freedom to easily access any combination of on-premises or cloud-based compute resources. Also, learn how to set up a hybrid Windows file system and storage for best performance and cost efficiency. With flexible third-party licensing options, customers using AWS resources can purchase software licenses from the Thinkbox marketplace, deploy existing licenses, or leverage a combination of the two.
WIN204-Simplifying Microsoft Architectures with AWS ServicesAmazon Web Services
Learn how to architect fully available and scalable Microsoft solutions and environments in AWS. Find out how Microsoft solutions can leverage various AWS services to achieve more resiliency, replace unnecessary complexity, simplify architecture, provide scalability, and introduce DevOps concepts, such as compliance, governance, automation, and repeatability. Also, plan authentication and authorization, and explore various hybrid scenarios with other cloud environment and on-premise solutions/infrastructure. Learn about common architecture patterns for network design, Active Directory, and business productivity solutions like Dynamics AX, CRM, and SharePoint, also common scenarios for custom .NET, .NET Core with SQL deployments and migrations.
Artificial Intelligence is here this time, to stay. For the Enterprise, AI materializes into solutions that improve customers' experiences by optimizing, automating, and personalizing high-volume tasks while lowering cost and time to market, therefore accelerating innovation. In this session, we cover AWS' AI products and services that enable innovation in the enterprise while maintaining compliance with different regimes such as HIPAA, PCI, and more. Finally, we discuss enterprise architectures on AWS for machine learning and deep learning workloads.
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
Compliance is necessary and a good thing. However, many compliant companies are still getting breached. In this talk, we discuss the importance of using a risk model to figure out the biggest threat to your business and mitigation and monitoring tactics to guard against these high-risk threats. We also dive into a real-world example of achieving Payment Card Industry Data Security Standard (PCI-DSS) compliance in under a year; we share architecture and design patterns; and we discuss what worked and what didn't. Leave this session knowing what the top cloud attack vectors are and how to protect yourself by using AWS services to build a fully automated, highly flexible and secure environment.
This session is part of the re:Invent Developer Community Day, six community-led sessions where AWS enthusiasts share technical insights on trending topics based on first-hand experiences and knowledge shared within local AWS communities.
ALX401-Advanced Alexa Skill Building Conversation and MemoryAmazon Web Services
This session walks you through some of the more advanced features offered in Alexa Skill Builder, like Dialog Management, Entity Resolution, state management, session persistence, and maintaining context. Using Dialog Management, you can engage skill users in a multi-turn dialog to elicit and confirm slots for an intent. Using Entity Resolution, you can greatly simplify slot management by mapping multiple synonyms of your slot to a unique ID. We couple these conversational techniques with the management of session state and persistence to enable memory and personalization.
LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...Amazon Web Services
DREAM Challenges pose fundamental questions about systems biology and translational medicine. Designed and run by a community of researchers from a variety of organizations, the challenges invite participants to propose solutions, fostering collaboration and building communities in the process. The Sage Bionetworks Synapse platform, which powers many research consortiums including the DREAM Challenges, are starting to put into practice model cloud-initiatives that not only provide impactful discoveries in the areas of neuroscience, infectious disease, and cancer, but are also revolutionizing scientific research by enabling an interactive consortium science platform. In this session, you learn how to build a "consortium model" of research in order to connect research organizations with non-profit organizations, technology companies, biotechnology, and pharmaceutical companies. You can also learn about how to leverage machine learning, Amazon ECS, and R for consortium-based science initiatives.
Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017Amazon Web Services
Roven Drabo, head of cloud operations at Kaplan Test Prep, illustrates Kaplan’s complete container automation solution using Amazon ECS along with how his team uses Nginx and HashiCorp Consul to provide an automated approach to service discovery and container provisioning.
GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...Amazon Web Services
Migrating mission-critical SAP workloads to AWS allows enterprises to realize business benefits quickly and securely without a significant upfront investment. Today, customers are turning capital expense into operating expense at a record pace and are accelerating business processes and efficiency for less than the cost of a week at a beach resort. Learn how other SAP customers are removing risk and testing their SAP migrations and upgrades for low cost to jumpstart their SAP projects for low cost.
Many serverless applications need a way to manage end user identities and support sign-ups and sign-ins. Join this session to learn real-world design patterns for implementing authentication and authorization for your serverless application—such as how to integrate with social identity providers (such as Google and Facebook) and existing corporate directories. We cover how to use Amazon Cognito identity pools and user pools with API Gateway, Lambda, and IAM.
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDSAmazon Web Services
You can significantly reduce database licensing and operational costs by migrating from commercial database engines to Amazon RDS. In addition, you can gain flexibility and operational efficiency by avoiding the frustrating usage constraints that accompany commercial database licenses. Amazon RDS is a fully managed database service, so you no longer need to worry about complex database management tasks. Launch a single database instance or thousands of them in just a few minutes, and pay only for what you use. Learn how AWS Database Migration Service and AWS Schema Conversion Tool help you migrate commercial databases like Oracle and Microsoft SQL Server to Amazon RDS and Aurora easily and securely with minimal downtime.
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
You know you want client-side encryption for your service but you don’t know exactly where to start. Join us for a hands-on workshop where we review some of your client-side encryption options and explore implementing client-side encryption using the AWS Encryption SDK. In this session, we cover the basics of client-side encryption, perform encrypt and decrypt operations using AWS KMS and the AWS Encryption SDK, and discuss security and performance considerations when implementing client-side encryption in your service.
Data exfiltration—also called data extrusion, data exportation, or data theft—is the unauthorized transfer of data. It is a very serious challenge to business because attackers go after business critical or highly confidential data. Data exfiltration can be done manually by a person, or automated using scripts. Attack sophistication increases by the day. Signature-based techniques to defend against attacks are limited and cannot protect against zero-day attacks. To counter this, we use machine learning (ML) techniques. ML is effective at solving many problems in computer vision, robotics, etc., and is increasingly used in security. Learn an ML technique called anomaly detection, and other state-of-the-art techniques to identify data exfiltration attempts.
ARC210_Building Scalable Multi-Tenant Email Sending ProgramsAmazon Web Services
Many companies use Amazon Simple Email Service (Amazon SES) to build applications that enable their users to send millions of emails every day. In this session, you learn how to build applications using the scalable, reliable Amazon SES infrastructure. You also learn how to monitor email sending and enforce compliance rules on individual accounts without impacting other accounts. Zendesk discusses the architecture of its multitenant email sending platform, the historical challenges it faced, its phased approach to platform migration, and the ways Amazon SES helped them meet their goals.
This session covers the current state of the union for mobile application development on AWS, providing an overview of the services available to mobile developers from AWS. We discuss the entire lifecycle of the mobile application process from building, testing, deploying, and production, to growing your user base and business with ongoing engagement and campaigns.
Security is paramount for media storage and workloads and can directly impact a studio's bottom line. As core media workloads move to the cloud, it’s imperative to examine the security implications of a multi-tenant public cloud environment in light of various asset classifications, content production, and delivery scenarios, as well as content handling during production workloads. In this session, we address questions and concerns about security in the cloud in the context of tier-1 (pre-released) studio content, as well as the MPAA. We highlight a studio's journey to meet Marvel’s security requirements and run a tier-1 content workflow in the cloud and discuss what it took to approve the environment on AWS.
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...Amazon Web Services
The AWS Cloud Adoption Framework (AWS CAF) incorporates best practices and guidance learned through hundreds of customer engagements, into a comprehensive framework for implementing cloud computing across your organization. In this workshop, we break down the complicated process of launching your cloud adoption journey into manageable areas of focus that cover both technical and business stakeholders. Within each focus area, you learn to define work streams spanning multiple disciplines and teams, including how to create an action plan that can guide your organization's change management during your journey to the cloud. Attendees can prepare by reading theAWS Cloud Adoption Framework Introduction Whitepaper . Technical and nontechnical leaders and managers are encouraged to attend.
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
The Security Perspective of the AWS Cloud Adoption Framework provides a framework for maturation via a structured program that incorporates best practices and processes for define, build and optimize how you operate security controls in the AWS platform. The Security perspective of the CAF provides a set of 5 core foundational theme designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection and Incident response. During this session, we address how to put the Security Perspective of the CAF into practice and follow with an afternoon agenda that will dive deep in each of the individual core topics.
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfAmazon Web Services
Join AWS in examining governance and compliance designs aimed at helping organizations meet HIPAA and HITRUST standards. Learn how to better validate and document your compliance, expedite access to AWS compliance accelerators, and discover new ways to use AWS native features to monitor and control your accounts. This session is for a technical audience seeking to dive deep into the AWS service offerings, console, and API.
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...Amazon Web Services
Do you know that customers can seamlessly migrate on-premises applications to VMware Cloud on AWS? Come learn the compute, network, and storage architecture of the VMware Cloud on AWS solution. In this session, we use practical, real-world customer use cases to dive deep on hybrid cloud network connectivity, data protection, and security best practices. Additionally, we highlight how to use native AWS services with VMware Software-Defined Data Center (SDDC) workloads. Expect to walk away with practical guidance and tips on helping customers with their VMware and AWS hybrid cloud journey.
Don’t blink because in this session, we quickly show you thirty different architectural patterns that you can use with AWS Lambda to solve everything from basic infrastructure automation tasks to building chatbots. We cover the services that connect to AWS Lambda and help you create serverless applications that can respond to requests from many AWS services today. We will also discuss how to secure these serverless applications, deploy them, monitor them, and profile them for issues. By the end of this session, expect to have ideas on how serverless architecture can improve your life.
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineAmazon Web Services
Learn how media and entertainment companies use Amazon EC2 for Windows Server for fast rendering on film and television projects. In this session, we discuss how to architect a Windows solution using Deadline to allow the freedom to easily access any combination of on-premises or cloud-based compute resources. Also, learn how to set up a hybrid Windows file system and storage for best performance and cost efficiency. With flexible third-party licensing options, customers using AWS resources can purchase software licenses from the Thinkbox marketplace, deploy existing licenses, or leverage a combination of the two.
WIN204-Simplifying Microsoft Architectures with AWS ServicesAmazon Web Services
Learn how to architect fully available and scalable Microsoft solutions and environments in AWS. Find out how Microsoft solutions can leverage various AWS services to achieve more resiliency, replace unnecessary complexity, simplify architecture, provide scalability, and introduce DevOps concepts, such as compliance, governance, automation, and repeatability. Also, plan authentication and authorization, and explore various hybrid scenarios with other cloud environment and on-premise solutions/infrastructure. Learn about common architecture patterns for network design, Active Directory, and business productivity solutions like Dynamics AX, CRM, and SharePoint, also common scenarios for custom .NET, .NET Core with SQL deployments and migrations.
Artificial Intelligence is here this time, to stay. For the Enterprise, AI materializes into solutions that improve customers' experiences by optimizing, automating, and personalizing high-volume tasks while lowering cost and time to market, therefore accelerating innovation. In this session, we cover AWS' AI products and services that enable innovation in the enterprise while maintaining compliance with different regimes such as HIPAA, PCI, and more. Finally, we discuss enterprise architectures on AWS for machine learning and deep learning workloads.
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
Compliance is necessary and a good thing. However, many compliant companies are still getting breached. In this talk, we discuss the importance of using a risk model to figure out the biggest threat to your business and mitigation and monitoring tactics to guard against these high-risk threats. We also dive into a real-world example of achieving Payment Card Industry Data Security Standard (PCI-DSS) compliance in under a year; we share architecture and design patterns; and we discuss what worked and what didn't. Leave this session knowing what the top cloud attack vectors are and how to protect yourself by using AWS services to build a fully automated, highly flexible and secure environment.
This session is part of the re:Invent Developer Community Day, six community-led sessions where AWS enthusiasts share technical insights on trending topics based on first-hand experiences and knowledge shared within local AWS communities.
ALX401-Advanced Alexa Skill Building Conversation and MemoryAmazon Web Services
This session walks you through some of the more advanced features offered in Alexa Skill Builder, like Dialog Management, Entity Resolution, state management, session persistence, and maintaining context. Using Dialog Management, you can engage skill users in a multi-turn dialog to elicit and confirm slots for an intent. Using Entity Resolution, you can greatly simplify slot management by mapping multiple synonyms of your slot to a unique ID. We couple these conversational techniques with the management of session state and persistence to enable memory and personalization.
LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...Amazon Web Services
DREAM Challenges pose fundamental questions about systems biology and translational medicine. Designed and run by a community of researchers from a variety of organizations, the challenges invite participants to propose solutions, fostering collaboration and building communities in the process. The Sage Bionetworks Synapse platform, which powers many research consortiums including the DREAM Challenges, are starting to put into practice model cloud-initiatives that not only provide impactful discoveries in the areas of neuroscience, infectious disease, and cancer, but are also revolutionizing scientific research by enabling an interactive consortium science platform. In this session, you learn how to build a "consortium model" of research in order to connect research organizations with non-profit organizations, technology companies, biotechnology, and pharmaceutical companies. You can also learn about how to leverage machine learning, Amazon ECS, and R for consortium-based science initiatives.
Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017Amazon Web Services
Roven Drabo, head of cloud operations at Kaplan Test Prep, illustrates Kaplan’s complete container automation solution using Amazon ECS along with how his team uses Nginx and HashiCorp Consul to provide an automated approach to service discovery and container provisioning.
GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...Amazon Web Services
Migrating mission-critical SAP workloads to AWS allows enterprises to realize business benefits quickly and securely without a significant upfront investment. Today, customers are turning capital expense into operating expense at a record pace and are accelerating business processes and efficiency for less than the cost of a week at a beach resort. Learn how other SAP customers are removing risk and testing their SAP migrations and upgrades for low cost to jumpstart their SAP projects for low cost.
Many serverless applications need a way to manage end user identities and support sign-ups and sign-ins. Join this session to learn real-world design patterns for implementing authentication and authorization for your serverless application—such as how to integrate with social identity providers (such as Google and Facebook) and existing corporate directories. We cover how to use Amazon Cognito identity pools and user pools with API Gateway, Lambda, and IAM.
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDSAmazon Web Services
You can significantly reduce database licensing and operational costs by migrating from commercial database engines to Amazon RDS. In addition, you can gain flexibility and operational efficiency by avoiding the frustrating usage constraints that accompany commercial database licenses. Amazon RDS is a fully managed database service, so you no longer need to worry about complex database management tasks. Launch a single database instance or thousands of them in just a few minutes, and pay only for what you use. Learn how AWS Database Migration Service and AWS Schema Conversion Tool help you migrate commercial databases like Oracle and Microsoft SQL Server to Amazon RDS and Aurora easily and securely with minimal downtime.
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
You know you want client-side encryption for your service but you don’t know exactly where to start. Join us for a hands-on workshop where we review some of your client-side encryption options and explore implementing client-side encryption using the AWS Encryption SDK. In this session, we cover the basics of client-side encryption, perform encrypt and decrypt operations using AWS KMS and the AWS Encryption SDK, and discuss security and performance considerations when implementing client-side encryption in your service.
Data exfiltration—also called data extrusion, data exportation, or data theft—is the unauthorized transfer of data. It is a very serious challenge to business because attackers go after business critical or highly confidential data. Data exfiltration can be done manually by a person, or automated using scripts. Attack sophistication increases by the day. Signature-based techniques to defend against attacks are limited and cannot protect against zero-day attacks. To counter this, we use machine learning (ML) techniques. ML is effective at solving many problems in computer vision, robotics, etc., and is increasingly used in security. Learn an ML technique called anomaly detection, and other state-of-the-art techniques to identify data exfiltration attempts.
ARC210_Building Scalable Multi-Tenant Email Sending ProgramsAmazon Web Services
Many companies use Amazon Simple Email Service (Amazon SES) to build applications that enable their users to send millions of emails every day. In this session, you learn how to build applications using the scalable, reliable Amazon SES infrastructure. You also learn how to monitor email sending and enforce compliance rules on individual accounts without impacting other accounts. Zendesk discusses the architecture of its multitenant email sending platform, the historical challenges it faced, its phased approach to platform migration, and the ways Amazon SES helped them meet their goals.
This session covers the current state of the union for mobile application development on AWS, providing an overview of the services available to mobile developers from AWS. We discuss the entire lifecycle of the mobile application process from building, testing, deploying, and production, to growing your user base and business with ongoing engagement and campaigns.
Security is paramount for media storage and workloads and can directly impact a studio's bottom line. As core media workloads move to the cloud, it’s imperative to examine the security implications of a multi-tenant public cloud environment in light of various asset classifications, content production, and delivery scenarios, as well as content handling during production workloads. In this session, we address questions and concerns about security in the cloud in the context of tier-1 (pre-released) studio content, as well as the MPAA. We highlight a studio's journey to meet Marvel’s security requirements and run a tier-1 content workflow in the cloud and discuss what it took to approve the environment on AWS.
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...Amazon Web Services
The AWS Cloud Adoption Framework (AWS CAF) incorporates best practices and guidance learned through hundreds of customer engagements, into a comprehensive framework for implementing cloud computing across your organization. In this workshop, we break down the complicated process of launching your cloud adoption journey into manageable areas of focus that cover both technical and business stakeholders. Within each focus area, you learn to define work streams spanning multiple disciplines and teams, including how to create an action plan that can guide your organization's change management during your journey to the cloud. Attendees can prepare by reading theAWS Cloud Adoption Framework Introduction Whitepaper . Technical and nontechnical leaders and managers are encouraged to attend.
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
The Security Perspective of the AWS Cloud Adoption Framework provides a framework for maturation via a structured program that incorporates best practices and processes for define, build and optimize how you operate security controls in the AWS platform. The Security perspective of the CAF provides a set of 5 core foundational theme designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection and Incident response. During this session, we address how to put the Security Perspective of the CAF into practice and follow with an afternoon agenda that will dive deep in each of the individual core topics.
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
How can you ensure your environment is Secure? How can you implement an effective governance model in your organization? The AWS Cloud Adoption Framework (CAF) and its Security Perspective provide a structured approach to make risk based decisions, build security guardrails and meet your compliance goals as you migrate to AWS. The Security perspective of the CAF provides a set of 5 core themes designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection and Incident response. In this session you will learn what it takes to lead a Secure Cloud Journey for your organization and make key strategic decisions.
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
This presentation will include a deep dive into the code behind multiple security automation and remediation functions. This session will consider potential use cases, as well as feature a demonstration of a proposed script, and then walk through the code set to explain the various challenges and solutions of the intended script. All examples of code will be previously unreleased and will feature integration with services such as Trusted Advisor and Macie. All code will be released as OSS after re:Invent.
AWS Security State of the Union - SID326 - re:Invent 2017Amazon Web Services
Steve Schmidt, chief information security officer of AWS, addresses the current state of security in the cloud, with a particular focus on feature updates, the AWS internal "secret sauce," and what's on horizon in terms of security, identity, and compliance tooling.
Use Amazon Rekognition to Build a Facial Recognition SystemAmazon Web Services
Amazon Rekognition makes it easy to extract meaningful metadata from visual content. In this workshop, you will work in teams to build a simple system to help track missing persons. You’ll develop a solution that leverages Amazon Rekognition and other AWS services to analyze images from various sources (e.g., social media) and provide authorities with timely reports and alerts on new leads for missing individuals. The solution will entail a repeatable and automated process that follows best practices for architecting in the cloud, such as designing for high availability and scalability.
Use Amazon Rekognition to Build a Facial Recognition SystemAmazon Web Services
Amazon Rekognition makes it easy to extract meaningful metadata from visual content. In this workshop, you will work in teams to build a simple system to help track missing persons. You’ll develop a solution that leverages Amazon Rekognition and other AWS services to analyze images from various sources (e.g., social media) and provide authorities with timely reports and alerts on new leads for missing individuals. The solution will entail a repeatable and automated process that follows best practices for architecting in the cloud, such as designing for high availability and scalability.
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
It can be challenging to optimize AWS resources across cost, performance, security, and fault tolerance, much less do it automatically. AWS Trusted Advisor, an online resource, provides real-time guidance to help you provision your resources following AWS best practices. AWS Health provides ongoing visibility into the state of your AWS resources and remediation guidance for resource performance or availability issues that may affect your applications. Learn how to safely automate these best practices using Amazon CloudWatch Events and AWS Lambda, with samples for you to use. We also introduce you to AWS Health tools, a community-based source of tools to automate remediation actions and customize health alerts. See how to automate AWS best practices from Trusted Advisor and implement remediation from the AWS Health API on your AWS resources. Attendees should bring their own laptops.
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we discuss considerations, limitations, and security patterns when building out a multi-account strategy. We explore topics such as identity federation, cross-account roles, consolidated logging, and account governance. Thomson Reuters shared their journey and their approach to a multi-account strategy. At the end of the session, we present an enterprise-ready, multi-account architecture that you can start leveraging today.
We encourage you attend the full multi-account track:
SID331: Architecting Security and Governance Across a Multi-Account Strategy (Session)
SID335: Implementing Security and Governance Across a Multi-Account Strategy (Chalk Talk)
ENT324: Automating and Auditing Cloud Governance and Compliance in Multi-Account Environments (Session)
SID311: Designing Security and Governance Across a Multi-Account Strategy (Workshop)
SID308: Multi-Account Strategies (Chalk Talk)"
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in source repositories, discuss SSH access and necessary SDKs, and more.
Security at the speed of cloud: How to think about it & how you can do it now...Amazon Web Services
In this session, we explain how customers can enable business agility by evolving their governance approach to run at the speed of cloud. Learn how to think about security in the AWS Cloud, and receive prescriptive guidance on implementing technology to support your business. Hear about what good looks like, and learn how you can apply this approach in your organization today.
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...Amazon Web Services
New to AWS? Given the number of AWS services there are, you may think that it’s going to take a lot of work to get your security house in order in the cloud. In fact, across AWS, there are only a few simple patterns you need to know to be effective at security in the cloud. In this session, we’ll focus on the permissions controls offered by Identity and Access Management (IAM) and the network security controls offered by Virtual Private Cloud (VPC). You’ll walk away having seen concrete examples that illustrate the patterns that enable you to properly secure any workload in AWS.
At AWS, security is job zero and we have architected our infrastructure for the most data-sensitive organizations in the world. In this session, we will cover our Shared Responsibility Model in relation to Security and our Compliance Program, and what that means for our customers when using our suite of storage services.
Today, small software teams have the ability to disrupt big markets as more and more businesses start to deliver their products as-a-service. The ability for teams to respond to customers and innovate quickly is their key differentiator. In this session, we will cover how you can begin your DevOps journey by sharing best practices used by the "two pizza" engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows using AWS Developer tools including AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline and AWS CodeDeploy. Finally, we will demonstrate how to build an end-to-end CICD pipeline with CodeStar in minutes.
by Brigid Johnson, Product Management Manager, AWS
How to Use IAM Roles to Grant Access to AWS: Customers use IAM roles to delegate access to services, applications, accounts, and federated users using temporary credentials. We will start by defining use cases for IAM roles, tools to use IAM roles in your account, and techniques to manage role permissions. We will cover how customers can use roles to grant access to AWS. Using demonstrations, we will learn how to monitor roles across accounts, grant cross account access, and scope down permissions for a particular entity. This session will cover how to use roles for developers building applications on AWS and for administrators controlling and monitoring access. Level 300
by Ron Cully, Product Management Manager, AWS
Active Directory (AD) is essential for Windows workloads in the cloud. AWS offers customers multiple ways to integrate AD with cloud workloads like EC2, RDS, and AWS Enterprise Applications: AWS Directory Service for Microsoft Active Directory (Enterprise Edition) as a managed service and Active Directory running on AWS EC2 Windows instances. Which option is right for you? This session will discuss the key deployment considerations for each option to help you identify which best meets your project goals, and the effort involved. The session will cover options for integrating with your on-premises directory, port and security considerations, application considerations, and best practices. Level 200
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We'll take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and how you can inherit controls from the rich compliance and accreditation programs maintained by AWS.
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsAmazon Web Services
In this hands-on lab, learn how to get started on AWS Marketplace to build solutions that help to accelerate production-ready workloads. We dive into how to use it in your development and production environments, and review how to consume software in your AWS accounts. We go through what you can do to operate securely with your AWS Marketplace software, and we show you how to reduce the risk in your projects.
Similar to GPSTEC302_Anti-Patterns- Learning through Failure (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.