SlideShare a Scribd company logo

ITB2019 Build Fine-Grained Control of Amazon Web Services in Your CFML App - Brian Klass

Ortus Solutions, Corp
Ortus Solutions, Corp

Code Examples: https://github.com/brianklaas/awsPlaybox CFML has a number of built-in hooks to access Amazon Web Services (AWS). Using AWS effectively, though, requires going beyond the support built into CFML and tapping in to the power both the AWS Java SDK and AWS' powerful authentication and authorization system: IAM. In this session, we'll look at how to use IAM from within your CFML app to set up IAM roles and permissions so that you can start leveraging the real power of AWS, whether it's cloud-based file storage (S3), sending text messages (SNS), or working with a noSQL database (DynamoDB).

Technology
1 of 98
Download to read offline
BUILD FINE-GRAINED CONTROL OF AMAZON WEB SERVICES IN YOUR CFML APP Brian Klaas
 @brian_klaas Beyond “Read All”:
AWS 
 Simple Storage Service WE LOVE S3
WE LOVE S3
WE LOVE S3 cffile( variable="fileData", file="s3://somebucket/ somefile.txt", action="read" ); cfdirectory( directory="s3://somebucket/someDirectory", action="list" );
WE LOVE S3
WHY? “principal”: “*”
Verizon Names, addresses, account details, and account personal identification numbers (PINs) of as many as 14 million US customers. WE LOVE S3? HTTPS://WWW.UPGUARD.COM/BREACHES/VERIZON-CLOUD-LEAK
Dow Jones Sensitive personal and financial details of 2.2 million customers. WE LOVE S3? HTTPS://WWW.UPGUARD.COM/BREACHES/CLOUD-LEAK-DOW-JONES
FedEx Customer passports, driver licenses. WE LOVE S3? HTTPS://ARSTECHNICA.COM/INFORMATION-TECHNOLOGY/2018/02/FEDEX-CUSTOMER-DATA-LEFT-ONLINE- FOR-ANYONE-TO-RIFLE-THROUGH/
Republican National Committee 200 million voter records. WE LOVE S3? HTTPS://WWW.SKYHIGHNETWORKS.COM/CLOUD-SECURITY-BLOG/VERIZON-DATA-BREACH-TWO-EASY- STEPS-TO-PREVENT-AWS-S3-LEAKS/
Macy’s Customer profiles, including address and date of birth. WE LOVE S3? HTTPS://WWW.DOJ.NH.GOV/CONSUMER/SECURITY-BREACHES/DOCUMENTS/MACYS-20180702.PDF
Booz Allen Hamilton Files related to the National Geospatial-Intelligence Agency (NGA), which handles battlefield satellite and drone imagery. WE LOVE S3? HTTPS://BUSINESSINSIGHTS.BITDEFENDER.COM/WORST-AMAZON-BREACHES
National Credit Federation 11GB of credit card numbers, credit reports from the three major reporting agencies, bank account numbers and Social Security numbers. WE LOVE S3? HTTPS://BUSINESSINSIGHTS.BITDEFENDER.COM/WORST-AMAZON-BREACHES
WE LOVE THE CLOUD
WHY? Unsolicited, obvious advice: Consider your authentication + authorization strategy before building.
AWS Identity Access Management IAM
BUILD FINE-GRAINED CONTROL OF AMAZON WEB SERVICES IN YOUR CFML APP Brian Klaas
 @brian_klaas Beyond “Read All”:
WARNING NOT COMPREHENSIVE
AWS Playbox App https://github.com/brianklaas/awsPlaybox ALL THE CODE
AWS Identity Access Management IAM
IAM SCALE *EVERY* CALL TO OR IN AWS
WHAT IS IAM? Policies Roles Groups Users
Policies IAM COMPONENTS
POLICIES Mastering IAM = mastering polices
POLICIES Policies = JSON structures
POLICIES Anatomy of a Policy { "Version": "2012-10-17", "Statement": [ { "Effect": “Allow", "Principal": “*”, "Action": [ “s3:*" ], "Resource": [ “arn:aws:s3:::*", ] } ] } Version of IAM policy language Policy definition block Allow or Deny Specific actions to allow or deny List of action names; * for any match Resources affected by this policy ARNs of specific resources; * for any match after that point Who can do this
POLICIES ARN = Amazon Resource Name
POLICIES Example ARNs S3 Bucket arn:aws:s3:::awsplayboxbucket CloudFormation Stack arn:aws:cloudformation:us-east-1:0123456789:stack/awseb-e-kmjwp8btzp-stack/9e2c9e50- bcef-11e8-87f3-503aca261699 SNS Topic arn:aws:sns:us-east-1:0123456789:AWSPlayboxDemoTopic-2019-02-20-14-48-38 Lambda Function arn:aws:lambda:us-east-1:0123456789:function:confDemoSimpleJSONReturn
POLICIES Anatomy of a Policy { "Version": "2012-10-17", "Statement": [ { "Effect": “Allow", "Principal": “*”, "Action": [ “s3:*" ], "Resource": [ “arn:aws:s3:::*", ] } ] } Never Do This! { "Version": "2012-10-17", "Statement": [ { "Effect": “Allow", "Principal": “*”, "Action": [ “s3:read*" ], "Resource": [ “arn:aws:s3:::mySpecialBucket”, ] } ] } Never Do This!
POLICIES Be specific. Allow the least privilege that makes sense.
POLICIES Basic Read/Write S3 Policy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObjectAcl", "s3:GetObject", "s3:ListBucket", "s3:GetBucketAcl", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::awsplayboxprivatebucket", "arn:aws:s3:::awsplayboxprivatebucket/*" ] } ] } Must specify the bucket and the items in the bucket No principal = Can apply to multiple entities
POLICIES Restrict How a Service Is Called { "Version": "2012-10-17", "Statement": [ { “Sid”: “Allow IAM user to publish to the SNS topic only if the request comes from a specific Lambda function.”, "Effect": "Allow", “Principal": { "AWS": “arn:aws:iam:0123456789:user/billingApp” }, “Action": "sns:publish", “Resource": “arn:aws:sns:us-east-1:0123456789:billsPastDueTopic“, “Condition”: { “ArnEquals”: {“aws:SourceArn”: “arn:aws:lambda:us-east-1:0123456789:function: checkForBillPastDue”} } } ] }
POLICIES Allow Write to DynamoDB During Tax Season { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", “Action": [ “dynamodb:GetItem”, “dynamodb:PutItem”, “dynamodb:UpdateItem" ], “Resource": “arn:aws:dynamodb:us-east-1:0123456789:table/customerIncome“, “Condition”: { “DateGreaterThan”: {“aws:CurrentTime”: “2019-04-01T04:00:00Z” }, “DateLessThan”: {“aws:CurrentTime”: “2019-04-16T04:00:00Z” }, “IpAddress”: {“aws:SourceIp”: [ “192.0.2.0/24”, “203.0.113.86” ] } } } ] }
POLICIES Ensure All S3 Requests Are Over https { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", “Action”: ”s3:*”, “Principal”: ”*”, “Resource”: “arn:aws:s3:::bucketname/*”, “Condition”: { “Bool”: { “aws:SecureTransport”: false } } } ] }
POLICIES Read/Write All S3 Buckets Except One { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObjectAcl", "s3:GetObject", "s3:ListBucket", "s3:GetBucketAcl", "s3:DeleteObject" ], “NotResource": “arn:aws:s3:::security_audit_bucket/*” } ] }
POLICIES Mastering IAM = mastering polices
The IAM Policy Simulator POLICIES https://docs.aws.amazon.com/IAM/latest/ UserGuide/access_policies_testing-policies.html
POLICIES Hello? CFML?
Using the 
 AWS Java SDK Add to cfusion/lib: ■ CF2018: ■ aws-java-sdk-1.11.xxx.jar ■ Other runtimes: the SDK .jar, plus: ■ jackson-annotations-2.6.0.jar ■ jackson-core-2.6.7.jar ■ jackson-databind-2.6.7.1.jar ■ joda-time-2.8.1.jar THE AWS JAVA SDK AND CFML
AWS Playbox App https://github.com/brianklaas/awsPlaybox THE AWS JAVA SDK AND CFML
THE AWS JAVA SDK AND CFML Basic Pattern to Accessing the AWS Java SDK 1 Create a service object 2 Create a request object 3 Populate the attributes of the request object 4 Tell the service object to run a function on the request object 5 Get a result object back
POLICIES Creating an IAM Policy 1 Create the IAM service object 2 Create a createPolicyRequest object 3 Populate the attributes of the createPolicyRequest object 4 Tell the IAM service object to createPolicy(createPolicyRequest) 5 Get a createPolicyResult object back
POLICIES Let’s show some code!
CODE: CREATING A POLICY iam = application.awsServiceFactory.createServiceObject(‘iam’); policyName = 'awsPlayboxDemoPolicy-ReadWriteAWSPlayboxPrivateBucket'; createPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreatePolicyRequest') .withPolicyName(policyName) .withDescription('Allows read/write permission to the awsPlayboxPrivate S3 bucket.'); policyJSON = fileRead(expandPath("./iamPolicies/awsPlayboxPrivateReadWrite.txt")); createPolicyRequest.setPolicyDocument(policyJSON); createPolicyResult = iam.createPolicy(createPolicyRequest); policyDetails = createPolicyResult.getPolicy(); application.awsResources.iam.S3PolicyARN = policyDetails.getARN(); 1 2 3
CODE: CREATING A POLICY { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowAccessToSpecificBucket", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObjectAcl", "s3:GetObject", "s3:ListBucket", "s3:GetBucketAcl", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::awsplayboxprivatebucket", "arn:aws:s3:::awsplayboxprivatebucket/*" ] } ] }
CODE: CREATING A POLICY iam = application.awsServiceFactory.createServiceObject(‘iam’); policyName = 'awsPlayboxDemoPolicy-ReadWriteAWSPlayboxPrivateBucket'; createPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreatePolicyRequest') .withPolicyName(policyName) .withDescription('Allows read/write permission to the awsPlayboxPrivate S3 bucket.'); policyJSON = fileRead(expandPath("./iamPolicies/awsPlayboxPrivateReadWrite.txt")); createPolicyRequest.setPolicyDocument(policyJSON); createPolicyResult = iam.createPolicy(createPolicyRequest); policyDetails = createPolicyResult.getPolicy(); application.awsResources.iam.S3PolicyARN = policyDetails.getARN(); 4 5
POLICIES What if we don’t know the resource name or ARN in advance?
CODE: CREATING A POLICY WITH VARIABLES { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowsPublishToOneTopic", "Effect": "Allow", "Action": "sns:Publish", "Resource": "%CURRENT_TOPIC_ARN%" } ] }
CODE: CREATING A POLICY WITH VARIABLES iam = application.awsServiceFactory.createServiceObject(‘iam’); policyName = 'awsPlayboxDemoPolicy-SendToSNS'; createPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreatePolicyRequest') .withPolicyName(policyName) .withDescription('Allows user to send message to a specific SNS topic'); policyJSON = fileRead(expandPath("./iamPolicies/snsSendMessage.txt")); policyJSON = replace(policyDetails, "%CURRENT_TOPIC_ARN%", application.awsResources.currentSNSTopicARN); createPolicyRequest.setPolicyDocument(policyDetails); createPolicyResult = iam.createPolicy(createPolicyRequest); policyDetails = createPolicyResult.getPolicy(); application.awsResources.iam.SNSPolicyARN = policyDetails.getARN();
CODE: CREATING A POLICY WITH VARIABLES iam = application.awsServiceFactory.createServiceObject(‘iam’); policyName = 'awsPlayboxDemoPolicy-SendToSNS'; createPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreatePolicyRequest') .withPolicyName(policyName) .withDescription('Allows user to send message to a specific SNS topic'); policyJSON = fileRead(expandPath("./iamPolicies/snsSendMessage.txt")); policyJSON = replace(policyDetails, "%CURRENT_TOPIC_ARN%", application.awsResources.currentSNSTopicARN); createPolicyRequest.setPolicyDocument(policyDetails); createPolicyResult = iam.createPolicy(createPolicyRequest); policyDetails = createPolicyResult.getPolicy(); application.awsResources.iam.SNSPolicyARN = policyDetails.getARN();
CODE: CREATING A POLICY WITH VARIABLES iam = application.awsServiceFactory.createServiceObject(‘iam’); policyName = 'awsPlayboxDemoPolicy-SendToSNS'; createPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreatePolicyRequest') .withPolicyName(policyName) .withDescription('Allows user to send message to a specific SNS topic'); policyJSON = fileRead(expandPath("./iamPolicies/snsSendMessage.txt")); policyJSON = replace(policyDetails, "%CURRENT_TOPIC_ARN%", application.awsResources.currentSNSTopicARN); createPolicyRequest.setPolicyDocument(policyDetails); createPolicyResult = iam.createPolicy(createPolicyRequest); policyDetails = createPolicyResult.getPolicy(); application.awsResources.iam.SNSPolicyARN = policyDetails.getARN();
POLICIES Learning More About Policies AWS Docs https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_examples.html Complete AWS IAM Reference https://iam.cloudonaut.io An Excellent Session from re:Invent https://www.youtube.com/watch?v=YQsK4MtsELU The Best Tutorial I’ve Found https://start.jcolemorrison.com/aws-iam-policies-in-a-nutshell/
IAM COMPONENTS Policies Roles Groups Users
Roles IAM COMPONENTS
ROLES Roles are not associated with a specific user or group. Trusted entities assume roles.
ROLES Roles let you share access without setting up access keys (users).
ROLES sts:AssumeRole
ROLES sts:AssumeRole
USING STS: PSEUDOCODE WARNING: Pseudocode! assumeRoleResult = AssumeRole(ARN of the role you need to assume); tempCredentials = new SessionAWSCredentials( assumeRoleResult.AccessKeyId, assumeRoleResult.SecretAccessKey, assumeRoleResult.SessionToken); s3Client = CreateAmazonS3Client(tempCredentials);
ROLES Roles = JSON structures
IAM COMPONENTS Policies Roles Groups Users
Groups IAM COMPONENTS
GROUPS Creating an IAM Group 1 Create the IAM service object 2 Create a createGroupRequest object 3 Populate the attributes of the createGroupRequest object 4 Tell the IAM service object to createGroup(createGroupRequest) 5 Get a createGroupResult object back
CODE: CREATING A GROUP iam = application.awsServiceFactory.createServiceObject(‘iam'); groupName = 'awsPlayboxDemoGroup'; createGroupRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreateGroupRequest') .withGroupName(groupName); createGroupResult = iam.createGroup(createGroupRequest); groupDetails = createGroupResult.getGroup(); application.awsResources.iam.PlayboxGroupARN = groupDetails.getARN(); 1 2 3 4 5
GROUPS Attach policies to groups, not users!
GROUPS Attaching a Policy to a Group 1 Create the IAM service object 2 Create a attachGroupPolicyRequest object 3 Populate the attributes of the attachGroupPolicyRequest object 4 Tell the IAM service object to attachGroupPolicy(attachGroupPolicyRequest) 5 Get a attachGroupPolicyRequestResult object back
CODE: ATTACHING A POLICY TO A GROUP attachGroupPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.AttachGroupPolicyRequest') .withGroupName(groupName) .withPolicyArn(application.awsResources.iam.S3PolicyARN); attachGroupPolicyRequestResult = iam.attachGroupPolicy(attachGroupPolicyRequest); 
 attachGroupPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.AttachGroupPolicyRequest') .withGroupName(groupName) .withPolicyArn(application.awsResources.iam.SNSPolicyARN); attachGroupPolicyRequestResult = iam.attachGroupPolicy(attachGroupPolicyRequest); 2 3 4 5
IAM COMPONENTS Policies Roles Groups Users
Users IAM COMPONENTS
USERS Console Access? (Username) Access Key Secret Key Username Console Password Access Key Secret Key YesNo
USERS Access Key Secret Key
USERS The User Creation Process 1 Create the user 2 Create the access key for the user 3 Add user to a group which has policies attached
USERS Creating an IAM User 1 Create the IAM service object 2 Create a createUserRequest object 3 Populate the attributes of the createUserRequest object 4 Tell the IAM service object to createUser(createUserRequest) 5 Get a createUserResult object back
CODE: CREATING A USER iam = application.awsServiceFactory.createServiceObject(‘iam'); userName = 'awsPlayboxDemoUser'; createUserRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreateUserRequest') .withUserName(userName); createUserResult = iam.createUser(createUserRequest); userDetails = createUserResult.getUser(); 1 2 3 4 5
Detour: Tags TAGS
TAGS Tags are for finding your stuff in AWS in a human–readable way.
Types of Tags ■ Key–value pairs ■ User–defined ■ Cost Allocation ■ Can create Resource Groups 
 based on tags TAGS Business Technical Security Cost Center 41001 Environment Dev Compliance HIPAA Department Security Version 2.2.1 Data Sensitivity 4 Owner Bill Bridges Application Cart Encrypted Yes
TAGS Tagging Best Practices https://aws.amazon.com/answers/account-management/aws-tagging-strategies/
CODE: ADDING TAGS DURING USER CREATION userTag = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.Tag') .withKey('department') .withValue(‘IT Security’); tagArray = [ userTag ]; createUserRequest.setTags(tagArray);
USERS The User Creation Process 1 Create the user 2 Create the access key for the user 3 Add user to a group which has policies attached
USERS Users have no credentials by default. Users are not part of any group by default.
USERS Creating User Credentials 1 Create the IAM service object 2 Create a createAccessKeyRequest object 3 Populate the username for the createAccessKeyRequest object 4 Tell the IAM service object to 
 createAccessKey(createAccessKeyRequest) 5 Get a createAccessKeyResult object back
CODE: CREATING USER CREDENTIALS createAccessKeyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreateAccessKeyRequest') .withUserName(userName); createAccessKeyResult = iam.createAccessKey(createAccessKeyRequest); accesKeyInfo = createAccessKeyResult.getAccessKey(); userAccessKey = accesKeyInfo.getAccessKeyID(); userSecretKey = accesKeyInfo.getSecretAccessKey(); 2 3 4 5
USERS There is no way to retrieve a secret key after it has been created.!
USERS You are fully responsible for the security of secret keys that you store locally.!
USERS The User Creation Process 1 Create the user 2 Create the access key for the user 3 Add user to a group which has policies attached
USERS Add users to groups instead of attaching policies to users.
USERS Adding a User to a Group 1 Create the IAM service object 2 Create a addUserToGroupRequest object 3 Populate the attributes of the addUserToGroupRequest object 4 Tell the IAM service object to 
 addUserToGroup(addUserToGroupRequest) 5 Get a addUserToGroupResult object back
CODE: ADD USER TO A GROUP addUserToGroupRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.AddUserToGroupRequest') .withGroupName(groupName) .withUserName(userName); addUserToGroupResult = iam.addUserToGroup(addUserToGroupRequest); 2 3 4 5
USERS The User Creation Process 1 Create the user 2 Create the access key for the user 3 Add user to a group which has policies attached
USERS The User Creation Process 1 Create the user 2 Create the access key for the user 3 Add user to a group which has policies attached 4 Rotate access keys every [n] days Use the createdOn property of an access key to determine when to rotate a specific set of keys.
USERS Rotating Access Keys 1 Delete or update the existing access keys 2 If update, set the current keys to “inactive” 3 Make new keys with a createAccessKeyRequest
CODE: ROTATING ACCESS KEYS deleteAccessKeyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.DeleteAccessKeyRequest') .withUserName(userName) .withAccessKeyID(userAccessKeyID); deleteAccessKey = iam.deleteAccessKey(deleteAccessKeyRequest); createAccessKeyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreateAccessKeyRequest') .withUserName(application.awsResources.iam.PlayboxUserName); createAccessKeyResult = iam.createAccessKey(createAccessKeyRequest); accesKeyInfo = createAccessKeyResult.getAccessKey(); userAccessKey = accesKeyInfo.getAccessKeyID(); userSecretKey = accesKeyInfo.getSecretAccessKey(); userKeyCreatedOn = accesKeyInfo.getCreateDate(); 1 3
CONGRATULATIONS! You can now manage users and permissions in AWS from your CFML app.
DOES THIS REALLY WORK? Demo time!
Resources Are Not Limitless ACCOUNTS HTTPS://DOCS.AWS.AMAZON.COM/GENERAL/LATEST/GR/AWS_SERVICE_LIMITS.HTML ■ 1500 policies per account ■ 300 groups per account ■ 10 policies attached to any given user ■ 50 tags per resource
WHAT’S NEXT? Go Do!
WHAT’S NEXT? AWS Playbox https://github.com/brianklaas/awsPlaybox Using the AWS Java SDK in CFML https://brianklaas.net/ brian.klaas@gmail.com @brian_klaas

Recommended

Amazon S3 Masterclass
Amazon S3 MasterclassAmazon S3 Masterclass
Amazon S3 Masterclass
Amazon Web Services
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive
Amazon Web Services
 
Deep Dive on AWS IoT
Deep Dive on AWS IoTDeep Dive on AWS IoT
Deep Dive on AWS IoT
Amazon Web Services
 
AWS Services Overview - September 2016 Webinar Series
AWS Services Overview - September 2016 Webinar SeriesAWS Services Overview - September 2016 Webinar Series
AWS Services Overview - September 2016 Webinar Series
Amazon Web Services
 
Essential Capabilities of an IoT Cloud Platform - April 2017 AWS Online Tech ...
Essential Capabilities of an IoT Cloud Platform - April 2017 AWS Online Tech ...Essential Capabilities of an IoT Cloud Platform - April 2017 AWS Online Tech ...
Essential Capabilities of an IoT Cloud Platform - April 2017 AWS Online Tech ...
Amazon Web Services
 
Introduction to Amazon Athena
Introduction to Amazon AthenaIntroduction to Amazon Athena
Introduction to Amazon Athena
Sungmin Kim
 
Workshop: We love APIs
Workshop: We love APIsWorkshop: We love APIs
Workshop: We love APIs
Amazon Web Services
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day
Amazon Web Services
 

Recommended

Amazon S3 Masterclass
Amazon S3 MasterclassAmazon S3 Masterclass
Amazon S3 Masterclass
Amazon Web Services
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive
Amazon Web Services
 
Deep Dive on AWS IoT
Deep Dive on AWS IoTDeep Dive on AWS IoT
Deep Dive on AWS IoT
Amazon Web Services
 
AWS Services Overview - September 2016 Webinar Series
AWS Services Overview - September 2016 Webinar SeriesAWS Services Overview - September 2016 Webinar Series
AWS Services Overview - September 2016 Webinar Series
Amazon Web Services
 
Essential Capabilities of an IoT Cloud Platform - April 2017 AWS Online Tech ...
Essential Capabilities of an IoT Cloud Platform - April 2017 AWS Online Tech ...Essential Capabilities of an IoT Cloud Platform - April 2017 AWS Online Tech ...
Essential Capabilities of an IoT Cloud Platform - April 2017 AWS Online Tech ...
Amazon Web Services
 
Introduction to Amazon Athena
Introduction to Amazon AthenaIntroduction to Amazon Athena
Introduction to Amazon Athena
Sungmin Kim
 
Workshop: We love APIs
Workshop: We love APIsWorkshop: We love APIs
Workshop: We love APIs
Amazon Web Services
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day
Amazon Web Services
 
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar SeriesAddressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Amazon Web Services
 
Serverless Geospatial Mobile Apps with AWS
Serverless Geospatial Mobile Apps with AWSServerless Geospatial Mobile Apps with AWS
Serverless Geospatial Mobile Apps with AWS
Amazon Web Services
 
ALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and MemoryALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and Memory
Amazon Web Services
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
Amazon Web Services
 
AWS January 2016 Webinar Series - Getting Started with AWS IoT
AWS January 2016 Webinar Series - Getting Started with AWS IoTAWS January 2016 Webinar Series - Getting Started with AWS IoT
AWS January 2016 Webinar Series - Getting Started with AWS IoT
Amazon Web Services
 
Deep Dive on IoT at AWS
Deep Dive on IoT at AWSDeep Dive on IoT at AWS
Deep Dive on IoT at AWS
Amazon Web Services
 
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Amazon Web Services
 
Serverless in Big Data
Serverless in Big DataServerless in Big Data
Serverless in Big Data
Eric Johnson
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
Amazon Web Services
 
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
Amazon Web Services
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoT
Amazon Web Services
 
Firebase Tech Talk By Atlogys
Firebase Tech Talk By AtlogysFirebase Tech Talk By Atlogys
Firebase Tech Talk By Atlogys
Atlogys Technical Consulting
 
AWS Black Belt Tips - Technical 401
AWS Black Belt Tips - Technical 401AWS Black Belt Tips - Technical 401
AWS Black Belt Tips - Technical 401
Amazon Web Services
 
Build high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWSBuild high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWS
Shiva Narayanaswamy
 
Building a Development Workflow for Serverless Applications - March 2017 AWS ...
Building a Development Workflow for Serverless Applications - March 2017 AWS ...Building a Development Workflow for Serverless Applications - March 2017 AWS ...
Building a Development Workflow for Serverless Applications - March 2017 AWS ...
Amazon Web Services
 
AWS AWSome Day Roadshow Intro
AWS AWSome Day Roadshow IntroAWS AWSome Day Roadshow Intro
AWS AWSome Day Roadshow Intro
Ian Massingham
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
Amazon Web Services
 
Getting Started with Serverless Computing Using AWS Lambda - ENT332 - re:Inve...
Getting Started with Serverless Computing Using AWS Lambda - ENT332 - re:Inve...Getting Started with Serverless Computing Using AWS Lambda - ENT332 - re:Inve...
Getting Started with Serverless Computing Using AWS Lambda - ENT332 - re:Inve...
Amazon Web Services
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
Amazon Web Services
 
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-endGOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
Ian Massingham
 
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Riyadh User Group
 
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
Amazon Web Services
 

More Related Content

What's hot

Addressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar SeriesAddressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Amazon Web Services
 
Serverless Geospatial Mobile Apps with AWS
Serverless Geospatial Mobile Apps with AWSServerless Geospatial Mobile Apps with AWS
Serverless Geospatial Mobile Apps with AWS
Amazon Web Services
 
ALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and MemoryALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and Memory
Amazon Web Services
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
Amazon Web Services
 
AWS January 2016 Webinar Series - Getting Started with AWS IoT
AWS January 2016 Webinar Series - Getting Started with AWS IoTAWS January 2016 Webinar Series - Getting Started with AWS IoT
AWS January 2016 Webinar Series - Getting Started with AWS IoT
Amazon Web Services
 
Deep Dive on IoT at AWS
Deep Dive on IoT at AWSDeep Dive on IoT at AWS
Deep Dive on IoT at AWS
Amazon Web Services
 
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Amazon Web Services
 
Serverless in Big Data
Serverless in Big DataServerless in Big Data
Serverless in Big Data
Eric Johnson
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
Amazon Web Services
 
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
Amazon Web Services
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoT
Amazon Web Services
 
Firebase Tech Talk By Atlogys
Firebase Tech Talk By AtlogysFirebase Tech Talk By Atlogys
Firebase Tech Talk By Atlogys
Atlogys Technical Consulting
 
AWS Black Belt Tips - Technical 401
AWS Black Belt Tips - Technical 401AWS Black Belt Tips - Technical 401
AWS Black Belt Tips - Technical 401
Amazon Web Services
 
Build high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWSBuild high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWS
Shiva Narayanaswamy
 
Building a Development Workflow for Serverless Applications - March 2017 AWS ...
Building a Development Workflow for Serverless Applications - March 2017 AWS ...Building a Development Workflow for Serverless Applications - March 2017 AWS ...
Building a Development Workflow for Serverless Applications - March 2017 AWS ...
Amazon Web Services
 
AWS AWSome Day Roadshow Intro
AWS AWSome Day Roadshow IntroAWS AWSome Day Roadshow Intro
AWS AWSome Day Roadshow Intro
Ian Massingham
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
Amazon Web Services
 
Getting Started with Serverless Computing Using AWS Lambda - ENT332 - re:Inve...
Getting Started with Serverless Computing Using AWS Lambda - ENT332 - re:Inve...Getting Started with Serverless Computing Using AWS Lambda - ENT332 - re:Inve...
Getting Started with Serverless Computing Using AWS Lambda - ENT332 - re:Inve...
Amazon Web Services
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
Amazon Web Services
 
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-endGOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
Ian Massingham
 

What's hot (20)

Addressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar SeriesAddressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
Addressing Amazon Inspector Assessment Findings - September 2016 Webinar Series
 
Serverless Geospatial Mobile Apps with AWS
Serverless Geospatial Mobile Apps with AWSServerless Geospatial Mobile Apps with AWS
Serverless Geospatial Mobile Apps with AWS
 
ALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and MemoryALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and Memory
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
AWS January 2016 Webinar Series - Getting Started with AWS IoT
AWS January 2016 Webinar Series - Getting Started with AWS IoTAWS January 2016 Webinar Series - Getting Started with AWS IoT
AWS January 2016 Webinar Series - Getting Started with AWS IoT
 
Deep Dive on IoT at AWS
Deep Dive on IoT at AWSDeep Dive on IoT at AWS
Deep Dive on IoT at AWS
 
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
 
Serverless in Big Data
Serverless in Big DataServerless in Big Data
Serverless in Big Data
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
 
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoT
 
Firebase Tech Talk By Atlogys
Firebase Tech Talk By AtlogysFirebase Tech Talk By Atlogys
Firebase Tech Talk By Atlogys
 
AWS Black Belt Tips - Technical 401
AWS Black Belt Tips - Technical 401AWS Black Belt Tips - Technical 401
AWS Black Belt Tips - Technical 401
 
Build high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWSBuild high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWS
 
Building a Development Workflow for Serverless Applications - March 2017 AWS ...
Building a Development Workflow for Serverless Applications - March 2017 AWS ...Building a Development Workflow for Serverless Applications - March 2017 AWS ...
Building a Development Workflow for Serverless Applications - March 2017 AWS ...
 
AWS AWSome Day Roadshow Intro
AWS AWSome Day Roadshow IntroAWS AWSome Day Roadshow Intro
AWS AWSome Day Roadshow Intro
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
 
Getting Started with Serverless Computing Using AWS Lambda - ENT332 - re:Inve...
Getting Started with Serverless Computing Using AWS Lambda - ENT332 - re:Inve...Getting Started with Serverless Computing Using AWS Lambda - ENT332 - re:Inve...
Getting Started with Serverless Computing Using AWS Lambda - ENT332 - re:Inve...
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
 
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-endGOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
 

Similar to ITB2019 Build Fine-Grained Control of Amazon Web Services in Your CFML App - Brian Klass

AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Riyadh User Group
 
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
Amazon Web Services
 
CloudFormation techniques from the Dutch trenches (DVC07) - AWS re:Invent 2018
CloudFormation techniques from the Dutch trenches (DVC07) - AWS re:Invent 2018CloudFormation techniques from the Dutch trenches (DVC07) - AWS re:Invent 2018
CloudFormation techniques from the Dutch trenches (DVC07) - AWS re:Invent 2018
Martijn van Dongen
 
Workshop: Building Your First Big Data Application on AWS
Workshop: Building Your First Big Data Application on AWSWorkshop: Building Your First Big Data Application on AWS
Workshop: Building Your First Big Data Application on AWS
Amazon Web Services
 
best aws training in bangalore
best aws training in bangalorebest aws training in bangalore
best aws training in bangalore
rajkamal560066
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep Dive
Amazon Web Services
 
AWS IAM policies in plain english
AWS IAM policies in plain english AWS IAM policies in plain english
AWS IAM policies in plain english
Bogdan Naydenov
 
Building Your First Big Data Application on AWS
Building Your First Big Data Application on AWSBuilding Your First Big Data Application on AWS
Building Your First Big Data Application on AWS
Amazon Web Services
 
A Practitioners Guide to Securing Your Cloud
A Practitioners Guide to Securing Your CloudA Practitioners Guide to Securing Your Cloud
A Practitioners Guide to Securing Your Cloud
Amazon Web Services
 
DevOps Fest 2019. Alex Casalboni. Configuration management and service discov...
DevOps Fest 2019. Alex Casalboni. Configuration management and service discov...DevOps Fest 2019. Alex Casalboni. Configuration management and service discov...
DevOps Fest 2019. Alex Casalboni. Configuration management and service discov...
DevOps_Fest
 
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...
Amazon Web Services
 
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...
Amazon Web Services
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep Dive
Amazon Web Services
 
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS SummitDeep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Amazon Web Services
 
S3 to Lambda:: A flexible pattern at the heart of serverless applications (SV...
S3 to Lambda:: A flexible pattern at the heart of serverless applications (SV...S3 to Lambda:: A flexible pattern at the heart of serverless applications (SV...
S3 to Lambda:: A flexible pattern at the heart of serverless applications (SV...
James Beswick
 
AWSug.nl Meetup @ New10 - SAM
AWSug.nl Meetup @ New10 - SAMAWSug.nl Meetup @ New10 - SAM
AWSug.nl Meetup @ New10 - SAM
Martijn van Dongen
 
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
Amazon Web Services
 
Avoiding Friendly Fire in AWS
Avoiding Friendly Fire in AWSAvoiding Friendly Fire in AWS
Avoiding Friendly Fire in AWS
DebHawk
 
Query in Place with AWS (STG315-R1) - AWS re:Invent 2018
Query in Place with AWS (STG315-R1) - AWS re:Invent 2018Query in Place with AWS (STG315-R1) - AWS re:Invent 2018
Query in Place with AWS (STG315-R1) - AWS re:Invent 2018
Amazon Web Services
 
Aws primer Amazon Web Services
Aws primer Amazon Web ServicesAws primer Amazon Web Services
Aws primer Amazon Web Services
Mamun Rashid, CCDH
 

Similar to ITB2019 Build Fine-Grained Control of Amazon Web Services in Your CFML App - Brian Klass (20)

AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
 
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
 
CloudFormation techniques from the Dutch trenches (DVC07) - AWS re:Invent 2018
CloudFormation techniques from the Dutch trenches (DVC07) - AWS re:Invent 2018CloudFormation techniques from the Dutch trenches (DVC07) - AWS re:Invent 2018
CloudFormation techniques from the Dutch trenches (DVC07) - AWS re:Invent 2018
 
Workshop: Building Your First Big Data Application on AWS
Workshop: Building Your First Big Data Application on AWSWorkshop: Building Your First Big Data Application on AWS
Workshop: Building Your First Big Data Application on AWS
 
best aws training in bangalore
best aws training in bangalorebest aws training in bangalore
best aws training in bangalore
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep Dive
 
AWS IAM policies in plain english
AWS IAM policies in plain english AWS IAM policies in plain english
AWS IAM policies in plain english
 
Building Your First Big Data Application on AWS
Building Your First Big Data Application on AWSBuilding Your First Big Data Application on AWS
Building Your First Big Data Application on AWS
 
A Practitioners Guide to Securing Your Cloud
A Practitioners Guide to Securing Your CloudA Practitioners Guide to Securing Your Cloud
A Practitioners Guide to Securing Your Cloud
 
DevOps Fest 2019. Alex Casalboni. Configuration management and service discov...
DevOps Fest 2019. Alex Casalboni. Configuration management and service discov...DevOps Fest 2019. Alex Casalboni. Configuration management and service discov...
DevOps Fest 2019. Alex Casalboni. Configuration management and service discov...
 
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...
 
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep Dive
 
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS SummitDeep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
 
S3 to Lambda:: A flexible pattern at the heart of serverless applications (SV...
S3 to Lambda:: A flexible pattern at the heart of serverless applications (SV...S3 to Lambda:: A flexible pattern at the heart of serverless applications (SV...
S3 to Lambda:: A flexible pattern at the heart of serverless applications (SV...
 
AWSug.nl Meetup @ New10 - SAM
AWSug.nl Meetup @ New10 - SAMAWSug.nl Meetup @ New10 - SAM
AWSug.nl Meetup @ New10 - SAM
 
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
 
Avoiding Friendly Fire in AWS
Avoiding Friendly Fire in AWSAvoiding Friendly Fire in AWS
Avoiding Friendly Fire in AWS
 
Query in Place with AWS (STG315-R1) - AWS re:Invent 2018
Query in Place with AWS (STG315-R1) - AWS re:Invent 2018Query in Place with AWS (STG315-R1) - AWS re:Invent 2018
Query in Place with AWS (STG315-R1) - AWS re:Invent 2018
 
Aws primer Amazon Web Services
Aws primer Amazon Web ServicesAws primer Amazon Web Services
Aws primer Amazon Web Services
 

More from Ortus Solutions, Corp

BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
ITB2024 - Keynote Day 1 - Ortus Solutions.pdf
ITB2024 - Keynote Day 1 - Ortus Solutions.pdfITB2024 - Keynote Day 1 - Ortus Solutions.pdf
ITB2024 - Keynote Day 1 - Ortus Solutions.pdf
Ortus Solutions, Corp
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
Ortus Solutions, Corp
 
Ortus Government.pdf
Ortus Government.pdfOrtus Government.pdf
Ortus Government.pdf
Ortus Solutions, Corp
 
Luis Majano The Battlefield ORM
Luis Majano The Battlefield ORMLuis Majano The Battlefield ORM
Luis Majano The Battlefield ORM
Ortus Solutions, Corp
 
Brad Wood - CommandBox CLI
Brad Wood - CommandBox CLI Brad Wood - CommandBox CLI
Brad Wood - CommandBox CLI
Ortus Solutions, Corp
 
Secure your Secrets and Settings in ColdFusion
Secure your Secrets and Settings in ColdFusionSecure your Secrets and Settings in ColdFusion
Secure your Secrets and Settings in ColdFusion
Ortus Solutions, Corp
 
Daniel Garcia ContentBox: CFSummit 2023
Daniel Garcia ContentBox: CFSummit 2023Daniel Garcia ContentBox: CFSummit 2023
Daniel Garcia ContentBox: CFSummit 2023
Ortus Solutions, Corp
 
ITB_2023_Human-Friendly_Scheduled_Tasks_Giancarlo_Gomez.pdf
ITB_2023_Human-Friendly_Scheduled_Tasks_Giancarlo_Gomez.pdfITB_2023_Human-Friendly_Scheduled_Tasks_Giancarlo_Gomez.pdf
ITB_2023_Human-Friendly_Scheduled_Tasks_Giancarlo_Gomez.pdf
Ortus Solutions, Corp
 
ITB_2023_CommandBox_Multi-Server_-_Brad_Wood.pdf
ITB_2023_CommandBox_Multi-Server_-_Brad_Wood.pdfITB_2023_CommandBox_Multi-Server_-_Brad_Wood.pdf
ITB_2023_CommandBox_Multi-Server_-_Brad_Wood.pdf
Ortus Solutions, Corp
 
ITB_2023_The_Many_Layers_of_OAuth_Keith_Casey_.pdf
ITB_2023_The_Many_Layers_of_OAuth_Keith_Casey_.pdfITB_2023_The_Many_Layers_of_OAuth_Keith_Casey_.pdf
ITB_2023_The_Many_Layers_of_OAuth_Keith_Casey_.pdf
Ortus Solutions, Corp
 
ITB_2023_Relationships_are_Hard_Data_modeling_with_NoSQL_Curt_Gratz.pdf
ITB_2023_Relationships_are_Hard_Data_modeling_with_NoSQL_Curt_Gratz.pdfITB_2023_Relationships_are_Hard_Data_modeling_with_NoSQL_Curt_Gratz.pdf
ITB_2023_Relationships_are_Hard_Data_modeling_with_NoSQL_Curt_Gratz.pdf
Ortus Solutions, Corp
 
ITB_2023_Extend_your_contentbox_apps_with_custom_modules_Javier_Quintero.pdf
ITB_2023_Extend_your_contentbox_apps_with_custom_modules_Javier_Quintero.pdfITB_2023_Extend_your_contentbox_apps_with_custom_modules_Javier_Quintero.pdf
ITB_2023_Extend_your_contentbox_apps_with_custom_modules_Javier_Quintero.pdf
Ortus Solutions, Corp
 
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdf
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdfITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdf
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdf
Ortus Solutions, Corp
 
ITB_2023_CBWire_v3_Grant_Copley.pdf
ITB_2023_CBWire_v3_Grant_Copley.pdfITB_2023_CBWire_v3_Grant_Copley.pdf
ITB_2023_CBWire_v3_Grant_Copley.pdf
Ortus Solutions, Corp
 
ITB_2023_Practical_AI_with_OpenAI_-_Grant_Copley_.pdf
ITB_2023_Practical_AI_with_OpenAI_-_Grant_Copley_.pdfITB_2023_Practical_AI_with_OpenAI_-_Grant_Copley_.pdf
ITB_2023_Practical_AI_with_OpenAI_-_Grant_Copley_.pdf
Ortus Solutions, Corp
 
ITB_2023_When_Your_Applications_Work_As_a_Team_Nathaniel_Francis.pdf
ITB_2023_When_Your_Applications_Work_As_a_Team_Nathaniel_Francis.pdfITB_2023_When_Your_Applications_Work_As_a_Team_Nathaniel_Francis.pdf
ITB_2023_When_Your_Applications_Work_As_a_Team_Nathaniel_Francis.pdf
Ortus Solutions, Corp
 
ITB_2023_Faster_Apps_That_Wont_Get_Crushed_Brian_Klaas.pdf
ITB_2023_Faster_Apps_That_Wont_Get_Crushed_Brian_Klaas.pdfITB_2023_Faster_Apps_That_Wont_Get_Crushed_Brian_Klaas.pdf
ITB_2023_Faster_Apps_That_Wont_Get_Crushed_Brian_Klaas.pdf
Ortus Solutions, Corp
 
ITB_2023_Chatgpt_Box_Scott_Steinbeck.pdf
ITB_2023_Chatgpt_Box_Scott_Steinbeck.pdfITB_2023_Chatgpt_Box_Scott_Steinbeck.pdf
ITB_2023_Chatgpt_Box_Scott_Steinbeck.pdf
Ortus Solutions, Corp
 

More from Ortus Solutions, Corp (20)

BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
ITB2024 - Keynote Day 1 - Ortus Solutions.pdf
ITB2024 - Keynote Day 1 - Ortus Solutions.pdfITB2024 - Keynote Day 1 - Ortus Solutions.pdf
ITB2024 - Keynote Day 1 - Ortus Solutions.pdf
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Ortus Government.pdf
Ortus Government.pdfOrtus Government.pdf
Ortus Government.pdf
 
Luis Majano The Battlefield ORM
Luis Majano The Battlefield ORMLuis Majano The Battlefield ORM
Luis Majano The Battlefield ORM
 
Brad Wood - CommandBox CLI
Brad Wood - CommandBox CLI Brad Wood - CommandBox CLI
Brad Wood - CommandBox CLI
 
Secure your Secrets and Settings in ColdFusion
Secure your Secrets and Settings in ColdFusionSecure your Secrets and Settings in ColdFusion
Secure your Secrets and Settings in ColdFusion
 
Daniel Garcia ContentBox: CFSummit 2023
Daniel Garcia ContentBox: CFSummit 2023Daniel Garcia ContentBox: CFSummit 2023
Daniel Garcia ContentBox: CFSummit 2023
 
ITB_2023_Human-Friendly_Scheduled_Tasks_Giancarlo_Gomez.pdf
ITB_2023_Human-Friendly_Scheduled_Tasks_Giancarlo_Gomez.pdfITB_2023_Human-Friendly_Scheduled_Tasks_Giancarlo_Gomez.pdf
ITB_2023_Human-Friendly_Scheduled_Tasks_Giancarlo_Gomez.pdf
 
ITB_2023_CommandBox_Multi-Server_-_Brad_Wood.pdf
ITB_2023_CommandBox_Multi-Server_-_Brad_Wood.pdfITB_2023_CommandBox_Multi-Server_-_Brad_Wood.pdf
ITB_2023_CommandBox_Multi-Server_-_Brad_Wood.pdf
 
ITB_2023_The_Many_Layers_of_OAuth_Keith_Casey_.pdf
ITB_2023_The_Many_Layers_of_OAuth_Keith_Casey_.pdfITB_2023_The_Many_Layers_of_OAuth_Keith_Casey_.pdf
ITB_2023_The_Many_Layers_of_OAuth_Keith_Casey_.pdf
 
ITB_2023_Relationships_are_Hard_Data_modeling_with_NoSQL_Curt_Gratz.pdf
ITB_2023_Relationships_are_Hard_Data_modeling_with_NoSQL_Curt_Gratz.pdfITB_2023_Relationships_are_Hard_Data_modeling_with_NoSQL_Curt_Gratz.pdf
ITB_2023_Relationships_are_Hard_Data_modeling_with_NoSQL_Curt_Gratz.pdf
 
ITB_2023_Extend_your_contentbox_apps_with_custom_modules_Javier_Quintero.pdf
ITB_2023_Extend_your_contentbox_apps_with_custom_modules_Javier_Quintero.pdfITB_2023_Extend_your_contentbox_apps_with_custom_modules_Javier_Quintero.pdf
ITB_2023_Extend_your_contentbox_apps_with_custom_modules_Javier_Quintero.pdf
 
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdf
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdfITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdf
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdf
 
ITB_2023_CBWire_v3_Grant_Copley.pdf
ITB_2023_CBWire_v3_Grant_Copley.pdfITB_2023_CBWire_v3_Grant_Copley.pdf
ITB_2023_CBWire_v3_Grant_Copley.pdf
 
ITB_2023_Practical_AI_with_OpenAI_-_Grant_Copley_.pdf
ITB_2023_Practical_AI_with_OpenAI_-_Grant_Copley_.pdfITB_2023_Practical_AI_with_OpenAI_-_Grant_Copley_.pdf
ITB_2023_Practical_AI_with_OpenAI_-_Grant_Copley_.pdf
 
ITB_2023_When_Your_Applications_Work_As_a_Team_Nathaniel_Francis.pdf
ITB_2023_When_Your_Applications_Work_As_a_Team_Nathaniel_Francis.pdfITB_2023_When_Your_Applications_Work_As_a_Team_Nathaniel_Francis.pdf
ITB_2023_When_Your_Applications_Work_As_a_Team_Nathaniel_Francis.pdf
 
ITB_2023_Faster_Apps_That_Wont_Get_Crushed_Brian_Klaas.pdf
ITB_2023_Faster_Apps_That_Wont_Get_Crushed_Brian_Klaas.pdfITB_2023_Faster_Apps_That_Wont_Get_Crushed_Brian_Klaas.pdf
ITB_2023_Faster_Apps_That_Wont_Get_Crushed_Brian_Klaas.pdf
 
ITB_2023_Chatgpt_Box_Scott_Steinbeck.pdf
ITB_2023_Chatgpt_Box_Scott_Steinbeck.pdfITB_2023_Chatgpt_Box_Scott_Steinbeck.pdf
ITB_2023_Chatgpt_Box_Scott_Steinbeck.pdf
 

Recently uploaded

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 

Recently uploaded (20)

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 

ITB2019 Build Fine-Grained Control of Amazon Web Services in Your CFML App - Brian Klass

  • 1. BUILD FINE-GRAINED CONTROL OF AMAZON WEB SERVICES IN YOUR CFML APP Brian Klaas
 @brian_klaas Beyond “Read All”:
  • 2. AWS 
 Simple Storage Service WE LOVE S3
  • 4. WE LOVE S3 cffile( variable="fileData", file="s3://somebucket/ somefile.txt", action="read" ); cfdirectory( directory="s3://somebucket/someDirectory", action="list" );
  • 7. Verizon Names, addresses, account details, and account personal identification numbers (PINs) of as many as 14 million US customers. WE LOVE S3? HTTPS://WWW.UPGUARD.COM/BREACHES/VERIZON-CLOUD-LEAK
  • 8. Dow Jones Sensitive personal and financial details of 2.2 million customers. WE LOVE S3? HTTPS://WWW.UPGUARD.COM/BREACHES/CLOUD-LEAK-DOW-JONES
  • 9. FedEx Customer passports, driver licenses. WE LOVE S3? HTTPS://ARSTECHNICA.COM/INFORMATION-TECHNOLOGY/2018/02/FEDEX-CUSTOMER-DATA-LEFT-ONLINE- FOR-ANYONE-TO-RIFLE-THROUGH/
  • 10. Republican National Committee 200 million voter records. WE LOVE S3? HTTPS://WWW.SKYHIGHNETWORKS.COM/CLOUD-SECURITY-BLOG/VERIZON-DATA-BREACH-TWO-EASY- STEPS-TO-PREVENT-AWS-S3-LEAKS/
  • 11. Macy’s Customer profiles, including address and date of birth. WE LOVE S3? HTTPS://WWW.DOJ.NH.GOV/CONSUMER/SECURITY-BREACHES/DOCUMENTS/MACYS-20180702.PDF
  • 12. Booz Allen Hamilton Files related to the National Geospatial-Intelligence Agency (NGA), which handles battlefield satellite and drone imagery. WE LOVE S3? HTTPS://BUSINESSINSIGHTS.BITDEFENDER.COM/WORST-AMAZON-BREACHES
  • 13. National Credit Federation 11GB of credit card numbers, credit reports from the three major reporting agencies, bank account numbers and Social Security numbers. WE LOVE S3? HTTPS://BUSINESSINSIGHTS.BITDEFENDER.COM/WORST-AMAZON-BREACHES
  • 14. WE LOVE THE CLOUD
  • 15. WHY? Unsolicited, obvious advice: Consider your authentication + authorization strategy before building.
  • 17. BUILD FINE-GRAINED CONTROL OF AMAZON WEB SERVICES IN YOUR CFML APP Brian Klaas
 @brian_klaas Beyond “Read All”:
  • 19. AWS Playbox App https://github.com/brianklaas/awsPlaybox ALL THE CODE
  • 21. IAM SCALE *EVERY* CALL TO OR IN AWS
  • 24. POLICIES Mastering IAM = mastering polices
  • 26. POLICIES Anatomy of a Policy { "Version": "2012-10-17", "Statement": [ { "Effect": “Allow", "Principal": “*”, "Action": [ “s3:*" ], "Resource": [ “arn:aws:s3:::*", ] } ] } Version of IAM policy language Policy definition block Allow or Deny Specific actions to allow or deny List of action names; * for any match Resources affected by this policy ARNs of specific resources; * for any match after that point Who can do this
  • 27. POLICIES ARN = Amazon Resource Name
  • 28. POLICIES Example ARNs S3 Bucket arn:aws:s3:::awsplayboxbucket CloudFormation Stack arn:aws:cloudformation:us-east-1:0123456789:stack/awseb-e-kmjwp8btzp-stack/9e2c9e50- bcef-11e8-87f3-503aca261699 SNS Topic arn:aws:sns:us-east-1:0123456789:AWSPlayboxDemoTopic-2019-02-20-14-48-38 Lambda Function arn:aws:lambda:us-east-1:0123456789:function:confDemoSimpleJSONReturn
  • 29. POLICIES Anatomy of a Policy { "Version": "2012-10-17", "Statement": [ { "Effect": “Allow", "Principal": “*”, "Action": [ “s3:*" ], "Resource": [ “arn:aws:s3:::*", ] } ] } Never Do This! { "Version": "2012-10-17", "Statement": [ { "Effect": “Allow", "Principal": “*”, "Action": [ “s3:read*" ], "Resource": [ “arn:aws:s3:::mySpecialBucket”, ] } ] } Never Do This!
  • 30. POLICIES Be specific. Allow the least privilege that makes sense.
  • 31. POLICIES Basic Read/Write S3 Policy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObjectAcl", "s3:GetObject", "s3:ListBucket", "s3:GetBucketAcl", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::awsplayboxprivatebucket", "arn:aws:s3:::awsplayboxprivatebucket/*" ] } ] } Must specify the bucket and the items in the bucket No principal = Can apply to multiple entities
  • 32. POLICIES Restrict How a Service Is Called { "Version": "2012-10-17", "Statement": [ { “Sid”: “Allow IAM user to publish to the SNS topic only if the request comes from a specific Lambda function.”, "Effect": "Allow", “Principal": { "AWS": “arn:aws:iam:0123456789:user/billingApp” }, “Action": "sns:publish", “Resource": “arn:aws:sns:us-east-1:0123456789:billsPastDueTopic“, “Condition”: { “ArnEquals”: {“aws:SourceArn”: “arn:aws:lambda:us-east-1:0123456789:function: checkForBillPastDue”} } } ] }
  • 33. POLICIES Allow Write to DynamoDB During Tax Season { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", “Action": [ “dynamodb:GetItem”, “dynamodb:PutItem”, “dynamodb:UpdateItem" ], “Resource": “arn:aws:dynamodb:us-east-1:0123456789:table/customerIncome“, “Condition”: { “DateGreaterThan”: {“aws:CurrentTime”: “2019-04-01T04:00:00Z” }, “DateLessThan”: {“aws:CurrentTime”: “2019-04-16T04:00:00Z” }, “IpAddress”: {“aws:SourceIp”: [ “192.0.2.0/24”, “203.0.113.86” ] } } } ] }
  • 34. POLICIES Ensure All S3 Requests Are Over https { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", “Action”: ”s3:*”, “Principal”: ”*”, “Resource”: “arn:aws:s3:::bucketname/*”, “Condition”: { “Bool”: { “aws:SecureTransport”: false } } } ] }
  • 35. POLICIES Read/Write All S3 Buckets Except One { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObjectAcl", "s3:GetObject", "s3:ListBucket", "s3:GetBucketAcl", "s3:DeleteObject" ], “NotResource": “arn:aws:s3:::security_audit_bucket/*” } ] }
  • 36. POLICIES Mastering IAM = mastering polices
  • 39. Using the 
 AWS Java SDK Add to cfusion/lib: ■ CF2018: ■ aws-java-sdk-1.11.xxx.jar ■ Other runtimes: the SDK .jar, plus: ■ jackson-annotations-2.6.0.jar ■ jackson-core-2.6.7.jar ■ jackson-databind-2.6.7.1.jar ■ joda-time-2.8.1.jar THE AWS JAVA SDK AND CFML
  • 40. AWS Playbox App https://github.com/brianklaas/awsPlaybox THE AWS JAVA SDK AND CFML
  • 41. THE AWS JAVA SDK AND CFML Basic Pattern to Accessing the AWS Java SDK 1 Create a service object 2 Create a request object 3 Populate the attributes of the request object 4 Tell the service object to run a function on the request object 5 Get a result object back
  • 42. POLICIES Creating an IAM Policy 1 Create the IAM service object 2 Create a createPolicyRequest object 3 Populate the attributes of the createPolicyRequest object 4 Tell the IAM service object to createPolicy(createPolicyRequest) 5 Get a createPolicyResult object back
  • 44. CODE: CREATING A POLICY iam = application.awsServiceFactory.createServiceObject(‘iam’); policyName = 'awsPlayboxDemoPolicy-ReadWriteAWSPlayboxPrivateBucket'; createPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreatePolicyRequest') .withPolicyName(policyName) .withDescription('Allows read/write permission to the awsPlayboxPrivate S3 bucket.'); policyJSON = fileRead(expandPath("./iamPolicies/awsPlayboxPrivateReadWrite.txt")); createPolicyRequest.setPolicyDocument(policyJSON); createPolicyResult = iam.createPolicy(createPolicyRequest); policyDetails = createPolicyResult.getPolicy(); application.awsResources.iam.S3PolicyARN = policyDetails.getARN(); 1 2 3
  • 45. CODE: CREATING A POLICY { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowAccessToSpecificBucket", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObjectAcl", "s3:GetObject", "s3:ListBucket", "s3:GetBucketAcl", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::awsplayboxprivatebucket", "arn:aws:s3:::awsplayboxprivatebucket/*" ] } ] }
  • 46. CODE: CREATING A POLICY iam = application.awsServiceFactory.createServiceObject(‘iam’); policyName = 'awsPlayboxDemoPolicy-ReadWriteAWSPlayboxPrivateBucket'; createPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreatePolicyRequest') .withPolicyName(policyName) .withDescription('Allows read/write permission to the awsPlayboxPrivate S3 bucket.'); policyJSON = fileRead(expandPath("./iamPolicies/awsPlayboxPrivateReadWrite.txt")); createPolicyRequest.setPolicyDocument(policyJSON); createPolicyResult = iam.createPolicy(createPolicyRequest); policyDetails = createPolicyResult.getPolicy(); application.awsResources.iam.S3PolicyARN = policyDetails.getARN(); 4 5
  • 47. POLICIES What if we don’t know the resource name or ARN in advance?
  • 48. CODE: CREATING A POLICY WITH VARIABLES { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowsPublishToOneTopic", "Effect": "Allow", "Action": "sns:Publish", "Resource": "%CURRENT_TOPIC_ARN%" } ] }
  • 49. CODE: CREATING A POLICY WITH VARIABLES iam = application.awsServiceFactory.createServiceObject(‘iam’); policyName = 'awsPlayboxDemoPolicy-SendToSNS'; createPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreatePolicyRequest') .withPolicyName(policyName) .withDescription('Allows user to send message to a specific SNS topic'); policyJSON = fileRead(expandPath("./iamPolicies/snsSendMessage.txt")); policyJSON = replace(policyDetails, "%CURRENT_TOPIC_ARN%", application.awsResources.currentSNSTopicARN); createPolicyRequest.setPolicyDocument(policyDetails); createPolicyResult = iam.createPolicy(createPolicyRequest); policyDetails = createPolicyResult.getPolicy(); application.awsResources.iam.SNSPolicyARN = policyDetails.getARN();
  • 50. CODE: CREATING A POLICY WITH VARIABLES iam = application.awsServiceFactory.createServiceObject(‘iam’); policyName = 'awsPlayboxDemoPolicy-SendToSNS'; createPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreatePolicyRequest') .withPolicyName(policyName) .withDescription('Allows user to send message to a specific SNS topic'); policyJSON = fileRead(expandPath("./iamPolicies/snsSendMessage.txt")); policyJSON = replace(policyDetails, "%CURRENT_TOPIC_ARN%", application.awsResources.currentSNSTopicARN); createPolicyRequest.setPolicyDocument(policyDetails); createPolicyResult = iam.createPolicy(createPolicyRequest); policyDetails = createPolicyResult.getPolicy(); application.awsResources.iam.SNSPolicyARN = policyDetails.getARN();
  • 51. CODE: CREATING A POLICY WITH VARIABLES iam = application.awsServiceFactory.createServiceObject(‘iam’); policyName = 'awsPlayboxDemoPolicy-SendToSNS'; createPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreatePolicyRequest') .withPolicyName(policyName) .withDescription('Allows user to send message to a specific SNS topic'); policyJSON = fileRead(expandPath("./iamPolicies/snsSendMessage.txt")); policyJSON = replace(policyDetails, "%CURRENT_TOPIC_ARN%", application.awsResources.currentSNSTopicARN); createPolicyRequest.setPolicyDocument(policyDetails); createPolicyResult = iam.createPolicy(createPolicyRequest); policyDetails = createPolicyResult.getPolicy(); application.awsResources.iam.SNSPolicyARN = policyDetails.getARN();
  • 52. POLICIES Learning More About Policies AWS Docs https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_examples.html Complete AWS IAM Reference https://iam.cloudonaut.io An Excellent Session from re:Invent https://www.youtube.com/watch?v=YQsK4MtsELU The Best Tutorial I’ve Found https://start.jcolemorrison.com/aws-iam-policies-in-a-nutshell/
  • 55. ROLES Roles are not associated with a specific user or group. Trusted entities assume roles.
  • 56. ROLES Roles let you share access without setting up access keys (users).
  • 59. USING STS: PSEUDOCODE WARNING: Pseudocode! assumeRoleResult = AssumeRole(ARN of the role you need to assume); tempCredentials = new SessionAWSCredentials( assumeRoleResult.AccessKeyId, assumeRoleResult.SecretAccessKey, assumeRoleResult.SessionToken); s3Client = CreateAmazonS3Client(tempCredentials);
  • 60. ROLES Roles = JSON structures
  • 63. GROUPS Creating an IAM Group 1 Create the IAM service object 2 Create a createGroupRequest object 3 Populate the attributes of the createGroupRequest object 4 Tell the IAM service object to createGroup(createGroupRequest) 5 Get a createGroupResult object back
  • 64. CODE: CREATING A GROUP iam = application.awsServiceFactory.createServiceObject(‘iam'); groupName = 'awsPlayboxDemoGroup'; createGroupRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreateGroupRequest') .withGroupName(groupName); createGroupResult = iam.createGroup(createGroupRequest); groupDetails = createGroupResult.getGroup(); application.awsResources.iam.PlayboxGroupARN = groupDetails.getARN(); 1 2 3 4 5
  • 65. GROUPS Attach policies to groups, not users!
  • 66. GROUPS Attaching a Policy to a Group 1 Create the IAM service object 2 Create a attachGroupPolicyRequest object 3 Populate the attributes of the attachGroupPolicyRequest object 4 Tell the IAM service object to attachGroupPolicy(attachGroupPolicyRequest) 5 Get a attachGroupPolicyRequestResult object back
  • 67. CODE: ATTACHING A POLICY TO A GROUP attachGroupPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.AttachGroupPolicyRequest') .withGroupName(groupName) .withPolicyArn(application.awsResources.iam.S3PolicyARN); attachGroupPolicyRequestResult = iam.attachGroupPolicy(attachGroupPolicyRequest); 
 attachGroupPolicyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.AttachGroupPolicyRequest') .withGroupName(groupName) .withPolicyArn(application.awsResources.iam.SNSPolicyARN); attachGroupPolicyRequestResult = iam.attachGroupPolicy(attachGroupPolicyRequest); 2 3 4 5
  • 70. USERS Console Access? (Username) Access Key Secret Key Username Console Password Access Key Secret Key YesNo
  • 72. USERS The User Creation Process 1 Create the user 2 Create the access key for the user 3 Add user to a group which has policies attached
  • 73. USERS Creating an IAM User 1 Create the IAM service object 2 Create a createUserRequest object 3 Populate the attributes of the createUserRequest object 4 Tell the IAM service object to createUser(createUserRequest) 5 Get a createUserResult object back
  • 74. CODE: CREATING A USER iam = application.awsServiceFactory.createServiceObject(‘iam'); userName = 'awsPlayboxDemoUser'; createUserRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreateUserRequest') .withUserName(userName); createUserResult = iam.createUser(createUserRequest); userDetails = createUserResult.getUser(); 1 2 3 4 5
  • 76. TAGS Tags are for finding your stuff in AWS in a human–readable way.
  • 77. Types of Tags ■ Key–value pairs ■ User–defined ■ Cost Allocation ■ Can create Resource Groups 
 based on tags TAGS Business Technical Security Cost Center 41001 Environment Dev Compliance HIPAA Department Security Version 2.2.1 Data Sensitivity 4 Owner Bill Bridges Application Cart Encrypted Yes
  • 79. CODE: ADDING TAGS DURING USER CREATION userTag = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.Tag') .withKey('department') .withValue(‘IT Security’); tagArray = [ userTag ]; createUserRequest.setTags(tagArray);
  • 80. USERS The User Creation Process 1 Create the user 2 Create the access key for the user 3 Add user to a group which has policies attached
  • 81. USERS Users have no credentials by default. Users are not part of any group by default.
  • 82. USERS Creating User Credentials 1 Create the IAM service object 2 Create a createAccessKeyRequest object 3 Populate the username for the createAccessKeyRequest object 4 Tell the IAM service object to 
 createAccessKey(createAccessKeyRequest) 5 Get a createAccessKeyResult object back
  • 83. CODE: CREATING USER CREDENTIALS createAccessKeyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreateAccessKeyRequest') .withUserName(userName); createAccessKeyResult = iam.createAccessKey(createAccessKeyRequest); accesKeyInfo = createAccessKeyResult.getAccessKey(); userAccessKey = accesKeyInfo.getAccessKeyID(); userSecretKey = accesKeyInfo.getSecretAccessKey(); 2 3 4 5
  • 84. USERS There is no way to retrieve a secret key after it has been created.!
  • 85. USERS You are fully responsible for the security of secret keys that you store locally.!
  • 86. USERS The User Creation Process 1 Create the user 2 Create the access key for the user 3 Add user to a group which has policies attached
  • 87. USERS Add users to groups instead of attaching policies to users.
  • 88. USERS Adding a User to a Group 1 Create the IAM service object 2 Create a addUserToGroupRequest object 3 Populate the attributes of the addUserToGroupRequest object 4 Tell the IAM service object to 
 addUserToGroup(addUserToGroupRequest) 5 Get a addUserToGroupResult object back
  • 89. CODE: ADD USER TO A GROUP addUserToGroupRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.AddUserToGroupRequest') .withGroupName(groupName) .withUserName(userName); addUserToGroupResult = iam.addUserToGroup(addUserToGroupRequest); 2 3 4 5
  • 90. USERS The User Creation Process 1 Create the user 2 Create the access key for the user 3 Add user to a group which has policies attached
  • 91. USERS The User Creation Process 1 Create the user 2 Create the access key for the user 3 Add user to a group which has policies attached 4 Rotate access keys every [n] days Use the createdOn property of an access key to determine when to rotate a specific set of keys.
  • 92. USERS Rotating Access Keys 1 Delete or update the existing access keys 2 If update, set the current keys to “inactive” 3 Make new keys with a createAccessKeyRequest
  • 93. CODE: ROTATING ACCESS KEYS deleteAccessKeyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.DeleteAccessKeyRequest') .withUserName(userName) .withAccessKeyID(userAccessKeyID); deleteAccessKey = iam.deleteAccessKey(deleteAccessKeyRequest); createAccessKeyRequest = CreateObject('java', 'com.amazonaws.services.identitymanagement.model.CreateAccessKeyRequest') .withUserName(application.awsResources.iam.PlayboxUserName); createAccessKeyResult = iam.createAccessKey(createAccessKeyRequest); accesKeyInfo = createAccessKeyResult.getAccessKey(); userAccessKey = accesKeyInfo.getAccessKeyID(); userSecretKey = accesKeyInfo.getSecretAccessKey(); userKeyCreatedOn = accesKeyInfo.getCreateDate(); 1 3
  • 94. CONGRATULATIONS! You can now manage users and permissions in AWS from your CFML app.
  • 95. DOES THIS REALLY WORK? Demo time!
  • 96. Resources Are Not Limitless ACCOUNTS HTTPS://DOCS.AWS.AMAZON.COM/GENERAL/LATEST/GR/AWS_SERVICE_LIMITS.HTML ■ 1500 policies per account ■ 300 groups per account ■ 10 policies attached to any given user ■ 50 tags per resource
  • 98. WHAT’S NEXT? AWS Playbox https://github.com/brianklaas/awsPlaybox Using the AWS Java SDK in CFML https://brianklaas.net/ brian.klaas@gmail.com @brian_klaas