This document provides an overview of mastering access control policies in AWS. It discusses goals of understanding how to secure AWS resources and learn the policy language. It then covers key aspects of identity and access management (IAM) including why IAM is important, how it provides granular control, and the anatomy of the policy language. Specific examples are given for policy elements like principal, action, resource, and conditions. It also demonstrates how to use policy variables and provides examples of locking down access to Amazon EC2 instances and DynamoDB tables.
Have you prepared your AWS environment for detecting and managing security-related events? Do you have all the incident response training and tools you need to rapidly respond to, recover from, and determine the root cause of security events in the cloud? Even if you have a team of incident response rock stars with an arsenal of automated data acquisition and computer forensics capabilities, there is likely a thing or two you will learn from several step-by-step demonstrations of wrangling various potential security events within an AWS environment, from detection to response to recovery to investigating root cause. At a minimum, show up to find out who to call and what to expect when you need assistance with applying your existing, already awesome incident response runbook to your AWS environment.
As the number of developers and size of your infrastructure on AWS grows, timely investments in self-service and monitoring can help you scale operations without being the bottleneck. You can standardize infrastructure configurations for commonly used products to enable your customers to self-serve infrastructure needs for their apps. Once these resources are provisioned, you can easily understand how they are connected to administer them effectively, and monitor changes to configurations and evaluate drift. In this session, we will discuss how you can achieve a sophisticated level of standardization, configuration compliance, and monitoring using a combination of AWS Service Catalog, AWS Config, and AWS CloudTrail.
Increasingly, developers are breaking their applications apart into smaller components and distributing them across a pool of compute resources. Docker is fast becoming a core component of these architectures, but going from a single or a small number of containers to a distributed application is not trivial. In this session we will talk about some of the core architectural principles underlying the Amazon EC2 Container (ECS) and how they are designed to help you scale your applications and run them in production. We will talk about how containers can be used as the foundation for new computing primitives and how these are being used by our customers for increased agility and productivity.
SRV403 Deep Dive on Object Storage: Amazon S3 and Amazon GlacierAmazon Web Services
In this session, storage experts will walk you through Amazon S3 and Amazon Glacier, bulk data repositories that can deliver 99.999999999% durability and scale past trillions of objects worldwide – with cost points competitive against tape archives. Learn about the different ways you can accelerate data transfer into S3 and get a close look at new tools to secure and manage your data more efficiently. See how Amazon Athena runs serverless analytics on your data and hear about expedited and bulk retrievals from Amazon Glacier. Learn how AWS customers have built solutions that turn their data from a cost into a strategic asset, and bring your toughest questions straight to our experts.
Have you prepared your AWS environment for detecting and managing security-related events? Do you have all the incident response training and tools you need to rapidly respond to, recover from, and determine the root cause of security events in the cloud? Even if you have a team of incident response rock stars with an arsenal of automated data acquisition and computer forensics capabilities, there is likely a thing or two you will learn from several step-by-step demonstrations of wrangling various potential security events within an AWS environment, from detection to response to recovery to investigating root cause. At a minimum, show up to find out who to call and what to expect when you need assistance with applying your existing, already awesome incident response runbook to your AWS environment.
As the number of developers and size of your infrastructure on AWS grows, timely investments in self-service and monitoring can help you scale operations without being the bottleneck. You can standardize infrastructure configurations for commonly used products to enable your customers to self-serve infrastructure needs for their apps. Once these resources are provisioned, you can easily understand how they are connected to administer them effectively, and monitor changes to configurations and evaluate drift. In this session, we will discuss how you can achieve a sophisticated level of standardization, configuration compliance, and monitoring using a combination of AWS Service Catalog, AWS Config, and AWS CloudTrail.
Increasingly, developers are breaking their applications apart into smaller components and distributing them across a pool of compute resources. Docker is fast becoming a core component of these architectures, but going from a single or a small number of containers to a distributed application is not trivial. In this session we will talk about some of the core architectural principles underlying the Amazon EC2 Container (ECS) and how they are designed to help you scale your applications and run them in production. We will talk about how containers can be used as the foundation for new computing primitives and how these are being used by our customers for increased agility and productivity.
SRV403 Deep Dive on Object Storage: Amazon S3 and Amazon GlacierAmazon Web Services
In this session, storage experts will walk you through Amazon S3 and Amazon Glacier, bulk data repositories that can deliver 99.999999999% durability and scale past trillions of objects worldwide – with cost points competitive against tape archives. Learn about the different ways you can accelerate data transfer into S3 and get a close look at new tools to secure and manage your data more efficiently. See how Amazon Athena runs serverless analytics on your data and hear about expedited and bulk retrievals from Amazon Glacier. Learn how AWS customers have built solutions that turn their data from a cost into a strategic asset, and bring your toughest questions straight to our experts.
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...Amazon Web Services
Enterprises trying to deploy infrastructure to the cloud and independent software companies trying to deliver a service have similar problems to solve. They need to know how to create an environment in AWS that enforces least-privilege access between components while also allowing administration and change management. Amazon Elastic Cloud Compute (EC2) and Identity and Access Management (IAM), coupled with services like AWS Security Token Service (STS), offer the necessary building blocks. In this session, we walk through some of the mechanisms available to control access in an Amazon Virtual Private Cloud (VPC). Next, we focus on using IAM and STS to create a least-privilege access model. Finally, we discuss auditing strategies to catch common mistakes and discuss techniques to audit and maintain your infrastructure.
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsAmazon Web Services
Are you interested in becoming an expert in managing access to your AWS resources? Have you ever wondered how to best scope down permissions for least privilege access? Do you have multiple AWS accounts and need to know how to manage access to resources centrally? In this session, we take an in-depth look at AWS Identity and Access Management (IAM) and AWS Organizations. You will learn how to quickly create IAM policies to manage fine-grained access to your resources. Throughout the session, we will cover common use cases, such as how to grant a user access to an Amazon S3 bucket or permissions to launch an Amazon EC2 instance of a specific type. You will also learn how to create and use Service Control Policies (SCPs) through Organizations to manage AWS service use across all your accounts centrally.
This webinar will help you understand more about how AWS practices security, the compliance and certification of the AWS platform, how security is shared between AWS and it’s customers, key AWS security features that customers can build into their own solutions; and where to get training, advice and further information on AWS security.
Migrate your Data Warehouse to Amazon Redshift - September Webinar SeriesAmazon Web Services
You can gain substantially more business insights and save costs by migrating your on-premise data warehouse to Amazon Redshift, a fast, petabyte-scale data warehouse that makes it simple and cost-effective to analyze big data for a fraction of the cost of traditional data warehouses. This webinar will cover the key benefits of migrating to Amazon Redshift, migration strategies, and tools and resources that can help you in the process.
Learning Objectives:
• Understand how Amazon Redshift can deliver a richer, faster analytics at much lower costs.
• Learn key factors to consider before migrating and how to put together a migration plan.
• Learn best practices and tools for migrating schema, data, ETL and SQL queries.
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesAmazon Web Services
As your teams and infrastructure grow, it becomes more difficult to track IT resource changes as well as identify who made changes and when. It also becomes harder to enforce standards for your infrastructure resources, resulting in configuration drift and potential security issues. On AWS, you can easily standardize infrastructure configurations for commonly used IT services while also enabling self-service provisioning for your company. Once these resources are provisioned, you can then track how these resources are connected and monitor configuration changes and drift. In this session, we will discuss how you can achieve a sophisticated level of standardization, configuration compliance, and monitoring using a combination of AWS Service Catalog, AWS Config, and AWS CloudTrail.
Learning Objectives:
Understand how to use AWS services to enable governance while providing self-service
Learn to codify your business policies to promote compliance
How to improve security without sacrificing developer productivity
BDA402 Deep Dive: Log analytics with Amazon Elasticsearch ServiceAmazon Web Services
Everything generates logs. Applications, infrastructure, security ... everything. Keeping track of the flood of log data is a big challenge, yet critical to your ability to understand your systems and troubleshoot (or prevent) issues. In this session, we will use both Amazon CloudWatch and application logs to show you how to build an end-to-end log analytics solution. First, we cover how to configure an Amazon Elaticsearch Service domain and ingest data into it using Amazon Kinesis Firehose, demonstrating how easy it is to transform data with Firehose. We look at best practices for choosing instance types, storage options, shard counts, and index rotations based on the throughput of incoming data and configure a secure analytics environment. We demonstrate how to set up a Kibana dashboard and build custom dashboard widgets. Finally, we dive deep into the Elasticsearch query DSL and review approaches for generating custom, ad-hoc reports.
Delivering petabyte-scale computational resources to a large community of users while meeting stringent security and compliance requirements presents a host of technical challenges. Seven Bridges Genomics met and overcame them when building the Cancer Genomics Cloud Pilot (CGC) for the National Cancer Institute. The CGC helps users to solve massive computational problems involving multidimensional data, which include: running diverse analyses in a reproducible manner, collaborating with other researchers, and keeping personal data secure to comply with NIH regulations on controlled data sets. Seven Bridges will highlight the lessons learned along the way, as well as best practices for constructing secure and compliant platform services using Amazon S3, Amazon Glacier, AWS Identity and Access Management (IAM), Amazon VPC, and Amazon Route 53.
SEC303 Automating Security in Cloud Workloads with DevSecOpsAmazon Web Services
This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.
(SEC312) Reliable Design & Deployment of Security & ComplianceAmazon Web Services
"No matter how you use AWS resources, you can design your AWS account to deliver a reliably secure and controlled environment. This session will focus on ""Secure by Design"" principles and show how you can configure the AWS environment to provide the reliable operation of security controls, such as:
Organizational governance
Asset inventory and control
Logical access controls
Operating system configuration
Database security
Applications security configurations
This session will focus on using AWS security features to architect securing and auditing the architecture capabilities of AWS cloud services such as AWS Identity and Access Management (IAM), Amazon Elastic Compute Cloud (EC2), Amazon Elastic Block Storage (EBS), Amazon S3, Amazon Virtual Private Cloud (VPC), Amazon Machine Images (AMIs), and AWS CloudFormation templates. The session will include demonstrations with the governance perspective in mind and discuss how AWS technology can be used to create a secure and auditable environment."
AWS Webcast - Build high-scale applications with Amazon DynamoDBAmazon Web Services
Review this webinar to learn about Amazon DynamoDB. DynamoDB is a highly scalable, fully managed NoSQL database service. Built for consistent single-digit millisecond latency and high availability, DynamoDB is a great fit for gaming, ad-tech, mobile, and many other applications.
Reasons to review:
• Learn the fundamentals of DynamoDB
• Understand how to design for common access patterns
• Discover best practices
• Hear how others uses DynamoDB to build their business
Who should review:
• Software Developers
• Database Administrators
• Solution Architects
• Technical Decision Makers
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyAmazon Web Services
In the event of a disaster, you need to be able to recover lost data quickly to ensure business continuity. For critical applications, keeping your time to recover and data loss to a minimum as well as optimizing your overall capital expense can be challenging. This session presents AWS features and services along with Disaster Recovery architectures that you can leverage when building highly available and disaster resilient applications. We will provide recommendations on how to improve your Disaster Recovery plan and discuss example scenarios showing how to recover from a disaster.
AWS July Webinar Series - Troubleshooting Operational and Security Issues in ...Amazon Web Services
AWS CloudTrail is an essential tool for troubleshooting operational issues and investigating security incidents. CloudTrail provides detailed information about the API activity in your AWS account, including who made an API call, from where, and which resources they acted on.
This webinar will help you understand the features of CloudTrail and how to use them to gain maximum visibility into your AWS resources.
Learning Objectives:
Learn how to receive email notifications for specific API activity
Learn how to troubleshoot operational and security incidents in your AWS account
Learn how to turn on CloudTrail and receive a history of log files to an S3 bucket you specify
"AWS CloudFormation lets you model, provision, and update a collection of AWS resources with JSON templates. You can manage your Infrastructure as Code and deploy stacks from a single Amazon EC2 instance to multi-tier applications. In this session, we will explore CloudFormation best practices in planning and provisioning your AWS infrastructure. We will cover recent product updates that will help users to make the most of this service and demonstrate new features. This session will benefit both new and experienced users of CloudFormation.
If you are new to AWS CloudFormation, get up to speed for this session by completing the Working with CloudFormation lab in the self-paced Labs Lounge.
"
With AWS, you can choose the right storage service like including Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Block Storage (Amazon EBS) for the right use case. This session shows the range of AWS choices—from object storage to block storage—that are available to you. The sessions will also include specifics about real-world deployments from customers who are using Amazon S3, Amazon EBS, Amazon Glacier, and AWS Storage Gateway.
Deep Dive on Amazon S3 - March 2017 AWS Online Tech TalksAmazon Web Services
Learn about new and existing Amazon S3 features that can help you better protect your data, save on cost, and improve usability, security, and performance. We will cover a wide variety of Amazon S3 features and go into depth on several newer features with configuration and code snippets, so you can apply the learnings on to your object storage workloads.
Learning Objectives:
• Review best practices for to reduce costs, protect against data loss, and increase performance in Amazon S3
• Learn about new S3 storage management features that help you align storage with business needs
• Understand data security capabilities available in S3 that help protect against malicious or accidental deletion or other data loss
Come learn about new and existing Amazon S3 features that can help you better protect your data, save on cost, and improve usability, security, and performance. We will cover a wide variety of Amazon S3 features and go into depth on several newer features with configuration and code snippets, so you can apply the learnings on your object storage workloads.
Breaking down the economics and tco of migrating to aws - TorontoAmazon Web Services
This session is for anyone interested in understanding the financial costs associated with migrating workloads to AWS. By presenting real cases from AWS Professional Services and directly from a customer, we explore how to measure value, improve the economics of a migration project, and manage migration costs and expectations through large-scale IT transformations. We’ll also look at automation tooling that can further assist and accelerate the migration process.
DevOps on AWS: Deep Dive on Infrastructure as Code - TorontoAmazon Web Services
While many organizations have started to automate their software development processes, many still engineer their infrastructure largely by hand. Treating your infrastructure just like any other piece of code creates a “programmable infrastructure” that allows you to take full advantage of the scalability and reliability of the AWS cloud. This session will walk through practical examples of how AWS customers have merged infrastructure configuration with application code to create application-specific infrastructure and a truly unified development lifecycle. You will learn how AWS customers have leveraged tools like CloudFormation, orchestration engines, and source control systems to enable their applications to take full advantage of the scalability and reliability of the AWS cloud, create self-reliant applications, and easily recover when things go seriously wrong with their infrastructure.
Find out how Netflix, one of the largest, most well-known and satisfied AWS customers, develop and run their applications efficiently on AWS. A member of the Netflix Cloud Performance Engineering team outlines the Netflix common-sense approach to effectively managing AWS usage costs while giving the engineers unconstrained operational freedom.
AWS Partner Webcast - Make Decisions Faster with AWS and SAP on HANAAmazon Web Services
Make Decisions Faster with AWS and SAP on HANA Give your business the information it needs to make the right decisions in real time. The AWS Cloud, working with SAP BPC and SAP Business Suite on HANA, can help you dramatically accelerate analytics, business processes, sentiment data processing, and predictive capabilities.
Review this presentation to learn how businesses can utilize the time-to-value and cost benefits of cloud computing.
Webinar topics include:
-Methods to have an effective system in weeks rather than months
-How to migrate SAP BPC on HANA to Amazon Web Services for existing SAP customers
-SAP BPC on HANA “Test Drive” offer
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...Amazon Web Services
Enterprises trying to deploy infrastructure to the cloud and independent software companies trying to deliver a service have similar problems to solve. They need to know how to create an environment in AWS that enforces least-privilege access between components while also allowing administration and change management. Amazon Elastic Cloud Compute (EC2) and Identity and Access Management (IAM), coupled with services like AWS Security Token Service (STS), offer the necessary building blocks. In this session, we walk through some of the mechanisms available to control access in an Amazon Virtual Private Cloud (VPC). Next, we focus on using IAM and STS to create a least-privilege access model. Finally, we discuss auditing strategies to catch common mistakes and discuss techniques to audit and maintain your infrastructure.
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsAmazon Web Services
Are you interested in becoming an expert in managing access to your AWS resources? Have you ever wondered how to best scope down permissions for least privilege access? Do you have multiple AWS accounts and need to know how to manage access to resources centrally? In this session, we take an in-depth look at AWS Identity and Access Management (IAM) and AWS Organizations. You will learn how to quickly create IAM policies to manage fine-grained access to your resources. Throughout the session, we will cover common use cases, such as how to grant a user access to an Amazon S3 bucket or permissions to launch an Amazon EC2 instance of a specific type. You will also learn how to create and use Service Control Policies (SCPs) through Organizations to manage AWS service use across all your accounts centrally.
This webinar will help you understand more about how AWS practices security, the compliance and certification of the AWS platform, how security is shared between AWS and it’s customers, key AWS security features that customers can build into their own solutions; and where to get training, advice and further information on AWS security.
Migrate your Data Warehouse to Amazon Redshift - September Webinar SeriesAmazon Web Services
You can gain substantially more business insights and save costs by migrating your on-premise data warehouse to Amazon Redshift, a fast, petabyte-scale data warehouse that makes it simple and cost-effective to analyze big data for a fraction of the cost of traditional data warehouses. This webinar will cover the key benefits of migrating to Amazon Redshift, migration strategies, and tools and resources that can help you in the process.
Learning Objectives:
• Understand how Amazon Redshift can deliver a richer, faster analytics at much lower costs.
• Learn key factors to consider before migrating and how to put together a migration plan.
• Learn best practices and tools for migrating schema, data, ETL and SQL queries.
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesAmazon Web Services
As your teams and infrastructure grow, it becomes more difficult to track IT resource changes as well as identify who made changes and when. It also becomes harder to enforce standards for your infrastructure resources, resulting in configuration drift and potential security issues. On AWS, you can easily standardize infrastructure configurations for commonly used IT services while also enabling self-service provisioning for your company. Once these resources are provisioned, you can then track how these resources are connected and monitor configuration changes and drift. In this session, we will discuss how you can achieve a sophisticated level of standardization, configuration compliance, and monitoring using a combination of AWS Service Catalog, AWS Config, and AWS CloudTrail.
Learning Objectives:
Understand how to use AWS services to enable governance while providing self-service
Learn to codify your business policies to promote compliance
How to improve security without sacrificing developer productivity
BDA402 Deep Dive: Log analytics with Amazon Elasticsearch ServiceAmazon Web Services
Everything generates logs. Applications, infrastructure, security ... everything. Keeping track of the flood of log data is a big challenge, yet critical to your ability to understand your systems and troubleshoot (or prevent) issues. In this session, we will use both Amazon CloudWatch and application logs to show you how to build an end-to-end log analytics solution. First, we cover how to configure an Amazon Elaticsearch Service domain and ingest data into it using Amazon Kinesis Firehose, demonstrating how easy it is to transform data with Firehose. We look at best practices for choosing instance types, storage options, shard counts, and index rotations based on the throughput of incoming data and configure a secure analytics environment. We demonstrate how to set up a Kibana dashboard and build custom dashboard widgets. Finally, we dive deep into the Elasticsearch query DSL and review approaches for generating custom, ad-hoc reports.
Delivering petabyte-scale computational resources to a large community of users while meeting stringent security and compliance requirements presents a host of technical challenges. Seven Bridges Genomics met and overcame them when building the Cancer Genomics Cloud Pilot (CGC) for the National Cancer Institute. The CGC helps users to solve massive computational problems involving multidimensional data, which include: running diverse analyses in a reproducible manner, collaborating with other researchers, and keeping personal data secure to comply with NIH regulations on controlled data sets. Seven Bridges will highlight the lessons learned along the way, as well as best practices for constructing secure and compliant platform services using Amazon S3, Amazon Glacier, AWS Identity and Access Management (IAM), Amazon VPC, and Amazon Route 53.
SEC303 Automating Security in Cloud Workloads with DevSecOpsAmazon Web Services
This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.
(SEC312) Reliable Design & Deployment of Security & ComplianceAmazon Web Services
"No matter how you use AWS resources, you can design your AWS account to deliver a reliably secure and controlled environment. This session will focus on ""Secure by Design"" principles and show how you can configure the AWS environment to provide the reliable operation of security controls, such as:
Organizational governance
Asset inventory and control
Logical access controls
Operating system configuration
Database security
Applications security configurations
This session will focus on using AWS security features to architect securing and auditing the architecture capabilities of AWS cloud services such as AWS Identity and Access Management (IAM), Amazon Elastic Compute Cloud (EC2), Amazon Elastic Block Storage (EBS), Amazon S3, Amazon Virtual Private Cloud (VPC), Amazon Machine Images (AMIs), and AWS CloudFormation templates. The session will include demonstrations with the governance perspective in mind and discuss how AWS technology can be used to create a secure and auditable environment."
AWS Webcast - Build high-scale applications with Amazon DynamoDBAmazon Web Services
Review this webinar to learn about Amazon DynamoDB. DynamoDB is a highly scalable, fully managed NoSQL database service. Built for consistent single-digit millisecond latency and high availability, DynamoDB is a great fit for gaming, ad-tech, mobile, and many other applications.
Reasons to review:
• Learn the fundamentals of DynamoDB
• Understand how to design for common access patterns
• Discover best practices
• Hear how others uses DynamoDB to build their business
Who should review:
• Software Developers
• Database Administrators
• Solution Architects
• Technical Decision Makers
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyAmazon Web Services
In the event of a disaster, you need to be able to recover lost data quickly to ensure business continuity. For critical applications, keeping your time to recover and data loss to a minimum as well as optimizing your overall capital expense can be challenging. This session presents AWS features and services along with Disaster Recovery architectures that you can leverage when building highly available and disaster resilient applications. We will provide recommendations on how to improve your Disaster Recovery plan and discuss example scenarios showing how to recover from a disaster.
AWS July Webinar Series - Troubleshooting Operational and Security Issues in ...Amazon Web Services
AWS CloudTrail is an essential tool for troubleshooting operational issues and investigating security incidents. CloudTrail provides detailed information about the API activity in your AWS account, including who made an API call, from where, and which resources they acted on.
This webinar will help you understand the features of CloudTrail and how to use them to gain maximum visibility into your AWS resources.
Learning Objectives:
Learn how to receive email notifications for specific API activity
Learn how to troubleshoot operational and security incidents in your AWS account
Learn how to turn on CloudTrail and receive a history of log files to an S3 bucket you specify
"AWS CloudFormation lets you model, provision, and update a collection of AWS resources with JSON templates. You can manage your Infrastructure as Code and deploy stacks from a single Amazon EC2 instance to multi-tier applications. In this session, we will explore CloudFormation best practices in planning and provisioning your AWS infrastructure. We will cover recent product updates that will help users to make the most of this service and demonstrate new features. This session will benefit both new and experienced users of CloudFormation.
If you are new to AWS CloudFormation, get up to speed for this session by completing the Working with CloudFormation lab in the self-paced Labs Lounge.
"
With AWS, you can choose the right storage service like including Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Block Storage (Amazon EBS) for the right use case. This session shows the range of AWS choices—from object storage to block storage—that are available to you. The sessions will also include specifics about real-world deployments from customers who are using Amazon S3, Amazon EBS, Amazon Glacier, and AWS Storage Gateway.
Deep Dive on Amazon S3 - March 2017 AWS Online Tech TalksAmazon Web Services
Learn about new and existing Amazon S3 features that can help you better protect your data, save on cost, and improve usability, security, and performance. We will cover a wide variety of Amazon S3 features and go into depth on several newer features with configuration and code snippets, so you can apply the learnings on to your object storage workloads.
Learning Objectives:
• Review best practices for to reduce costs, protect against data loss, and increase performance in Amazon S3
• Learn about new S3 storage management features that help you align storage with business needs
• Understand data security capabilities available in S3 that help protect against malicious or accidental deletion or other data loss
Come learn about new and existing Amazon S3 features that can help you better protect your data, save on cost, and improve usability, security, and performance. We will cover a wide variety of Amazon S3 features and go into depth on several newer features with configuration and code snippets, so you can apply the learnings on your object storage workloads.
Breaking down the economics and tco of migrating to aws - TorontoAmazon Web Services
This session is for anyone interested in understanding the financial costs associated with migrating workloads to AWS. By presenting real cases from AWS Professional Services and directly from a customer, we explore how to measure value, improve the economics of a migration project, and manage migration costs and expectations through large-scale IT transformations. We’ll also look at automation tooling that can further assist and accelerate the migration process.
DevOps on AWS: Deep Dive on Infrastructure as Code - TorontoAmazon Web Services
While many organizations have started to automate their software development processes, many still engineer their infrastructure largely by hand. Treating your infrastructure just like any other piece of code creates a “programmable infrastructure” that allows you to take full advantage of the scalability and reliability of the AWS cloud. This session will walk through practical examples of how AWS customers have merged infrastructure configuration with application code to create application-specific infrastructure and a truly unified development lifecycle. You will learn how AWS customers have leveraged tools like CloudFormation, orchestration engines, and source control systems to enable their applications to take full advantage of the scalability and reliability of the AWS cloud, create self-reliant applications, and easily recover when things go seriously wrong with their infrastructure.
Find out how Netflix, one of the largest, most well-known and satisfied AWS customers, develop and run their applications efficiently on AWS. A member of the Netflix Cloud Performance Engineering team outlines the Netflix common-sense approach to effectively managing AWS usage costs while giving the engineers unconstrained operational freedom.
AWS Partner Webcast - Make Decisions Faster with AWS and SAP on HANAAmazon Web Services
Make Decisions Faster with AWS and SAP on HANA Give your business the information it needs to make the right decisions in real time. The AWS Cloud, working with SAP BPC and SAP Business Suite on HANA, can help you dramatically accelerate analytics, business processes, sentiment data processing, and predictive capabilities.
Review this presentation to learn how businesses can utilize the time-to-value and cost benefits of cloud computing.
Webinar topics include:
-Methods to have an effective system in weeks rather than months
-How to migrate SAP BPC on HANA to Amazon Web Services for existing SAP customers
-SAP BPC on HANA “Test Drive” offer
AWS Webcast - Launch & Learn: Amazon EC2 for Microsoft Windows ServerAmazon Web Services
This "hands-on" webinar and free lab will allow participants to launch and configure a Windows virtual machine (instance) in the Amazon cloud.
Learning Objectives: • Securing network access to Amazon EC2 Instances with Security Groups • Selecting Amazon Machine Images (AMI) with Windows • Launch and configure a Windows virtual machine • Bootstrapping using Powershell • Creating Key Pairs for authentication • Attaching Elastic IPs to Amazon EC2 Instances
Who Should Attend: IT professionals who want to take advantage of the benefits of cloud computing to run: • Development and test workloads • Microsoft SQL Server databases • Web hosting services • Traditional workloads such as Microsoft Exchange, Lynch, SharePoint and Dynamics
February 2016 Webinar Series Migrate Your Apps from Parse to AWSAmazon Web Services
Parse recently announced that they are retiring their mobile app development service, and current customers will have until January 28, 2017 to move their apps to alternative services. To help you get through the transition, AWS is working together with Parse to provide a migration path to AWS. AWS provides a variety of services for building, testing and monitoring mobile apps.
In this webinar, we will introduce you to the full range of AWS mobile services, and take you through the steps required to migrate your mobile apps from Parse to AWS.
Learning Objectives:
Get an overview of AWS Mobile Services
Learn how to migrate your apps from Parse to AWS
Who Should Attend:
Developers, product managers, and anyone interested in migrating mobile apps from Parse to AWS
Join AWS at this session to understand how to architect an infrastructure to handle going from zero to millions of users. From leveraging highly scalable AWS services to making smart decisions on building out your application, you'll learn a number of best practices for scaling your infrastructure in the cloud.
Speakers:
Andreas Chatzakis, AWS Solutions Architect
Pete Mounce, Senior Developer, JustEat
Dole Food's Global Collaboration Platform and Web Presence on AWS (ENT209) | ...Amazon Web Services
Dole Food needed a global SharePoint infrastructure that met tough goals for availability, performance, scalability, and price. Dole also needed a highly scalable and resilient hosting infrastructure for its public web presence. By deploying both on AWS, Dole Food met its goals while avoiding capital expenditures and operational costs. We trace the project’s timeline, discussing how those goals were met and sharing lessons learned. We also talk about how we extended Dole Food’s corporate Active Directory into the AWS cloud.
Après-midi - Track 2 - S1 - Un backend pour tous vos objets connectés
Cette session vous a plû ? Si c'est le cas, n'hésitez pas à vous inscrire à notre Summit !
This presentation provides practical guidance using external agent-based measurements and real user monitoring techniques. We review common content delivery network (CDN) architectures and how they relate to performance measurement. Finally, we walk through real-world CDN performance monitoring implementations used by MapBox, Amazon.com, and Amazon CloudFront.
You don’t need to be a security expert to protect your organizations data in the cloud. You don’t need to be a security expert to protect your workloads on AWS. You just need to be informed of the many security tools available in AWS, and learn how to use them.
Taking a highly automated approach to security, you can use key features of the AWS Cloud to transform security in your organization. As with infrastructure as an API, security as an API allows you to move rapidly & stay secure. From AWS security groups, to virtual private networks, to security tools, you need to learn how to automate and accelerate.
In this talk, you’ll see how various AWS features and cloud-aware security controls can work together to protect your deployments. Using real-world examples, you’ll come away with an understanding of steps you can take to ensure that you maximize the security of your deployment while minimizing the work it takes to keep it secure.
You will learn a logical approach to modern security that you can immediately apply to your own AWS deployments. You will learn how to use security tools and techniques to help you build with confidence.
by Joy Chatterjee, Sr. Technical Product Manager, AWS
We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket or to launch an Amazon EC2 instance of a specific type. Level 300
We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket or to launch an Amazon EC2 instance of a specific type.
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or LessAmazon Web Services
Are you interested in learning how to control access to your AWS resources? Have you ever wondered how to best scope down permissions to achieve least privilege permissions access control? If your answer to these questions is "yes," this session is for you. We will take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We will start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we will explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we will cover some common use cases, such as granting a user secure access to an Amazon S3 bucket or locking down access to Amazon EC2 instances. The demonstrations will use tools such as the policy editor and policy simulator to debug policies.
Are you interested in learning how to control access to your AWS resources? Have you wondered how to best scope permissions to achieve least-privilege permissions access control? If your answer is "yes", this session is for you. We look at the AWS Identity and Access Management (IAM) policy language, starting with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. We explore policy variables, conditions, and tools to help you author least privilege policies. We cover common use cases, such as granting a user secure access to an Amazon S3 bucket or to launch an Amazon EC2 instance of a specific type.
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsAmazon Web Services
Are you interested in becoming an expert in managing access to your AWS resources? Have you ever wondered how to best scope down permissions for least privilege access? Do you have multiple AWS accounts and need to know how to manage access to resources centrally? In this session, we take an in-depth look at AWS Identity and Access Management (IAM) and AWS Organizations. You will learn how to quickly create IAM policies to manage fine-grained access to your resources. Throughout the session, we will cover common use cases, such as how to grant a user access to an Amazon S3 bucket or permissions to launch an Amazon EC2 instance of a specific type. You will also learn how to create and use Service Control Policies (SCPs) through Organizations to manage AWS service use across all your accounts centrally.
We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket or to launch an Amazon EC2 instance of a specific type.
As organisations’ cloud environments continue to scale and grow, how do you ensure that access to resources are being managed securely? How do you scope permissions to achieve least-privilege access control across your AWS environment? This webinar answers these questions, delving into the AWS Identity and Access Management (IAM) web service and looking at how it can help you securely control access to AWS resources.
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014Amazon Web Services
If you have ever wondered how best to scope down permissions in your account, this in-depth look at the AWS Access Control Policy language is for you. We start with the basics of the policy language and how to create policies for users and groups. We look at how to use policy variables to simplify policy management. Finally, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket, allowing an IAM user to manage their own credentials and passwords, and more.
TIB Academy Offers best AWS training in bangalore. this tutorial contains the following aspects,
security mind map
identity and access management
IAM policies
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)Amazon Web Services
This session covers AWS Identity and Access Management (IAM) best practices that can help improve your security posture. We cover how to manage users and their security credentials. We also explain why you should delete your root access keys—or at the very least, rotate them regularly. Using common use cases, we demonstrate when to choose between using IAM users and IAM roles. Finally, we explore how to set permissions to grant least privilege access control in one or more of your AWS accounts.
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...Amazon Web Services
Are you interested in learning how to control access to your AWS resources? Have you ever wondered how to best scope down permissions to achieve least privilege permissions access control? If your answer to these questions is "yes," this session is for you. We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket or to launch an Amazon EC2 instance of a specific type.
Identify and Access Management: The First Step in AWS SecurityAmazon Web Services
IAM is first in the Security CAF because in the cloud first you grant access and only then can you provision infrastructure (the opposite of on-prem). In this session we’ll cover how to define fine grained access to AWS resources via users, roles and groups; designing privileged user & multi-factor authentication mechanisms and how to operate IAM at scale.
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014Amazon Web Services
If your business runs entirely on AWS, your AWS account is one of your most critical assets. Just as you might run an intrusion detection system in your on-premises network, you should monitor activity in your AWS account to detect abnormal behavior. This session walks you through leveraging unique capabilities in AWS that you can use to detect and respond to changes in your environment.
This session will cover AWS Identity and Access Management (IAM) best practices that help improve your security posture. We will cover how to manage users and their security credentials. We’ll also explain why you should delete your root access keys—or at the very least, rotate them regularly. Using common use cases, we will demonstrate when to choose between using IAM users and IAM roles. Finally, we will explore how to set permissions to grant least privilege access control in one or more of your AWS accounts.
After IAM you want to have Detective Controls in place to have visibility into your deployments. In this session we’ll cover visibility at the AWS platform level, the application, Operating System and network levels and how to build monitoring solutions at scale leverage AWS services that turn logging data into security insight.
Similar to Mastering Access Control Policies (SEC302) | AWS re:Invent 2013 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
2. Goals
• Know more about securing your AWS resources
• Get a deeper understanding of the policy language
• Learn some tips and tricks for most frequently asked
tasks
• Keep this a lively session via demos
–
–
–
–
Amazon S3
AWS IAM
Amazon EC2
Amazon DynamoDB
3. Before getting too deep… Let’s level set on
Identity and Access Management
4. Why IAM?
• One of customers’ biggest concerns when moving to
the cloud
CONTROL
• What do I do if…
–
–
–
–
I want to control “Who can do what”?
I want to implement security best practices?
I want to be at least as secure as on premises?
One of my employees leaves the company?
5. IAM Provides Granular Control to your AWS Account
You can grant or deny access by defining:
• Who can access your resources
• What actions they can take
• Which resources they can access
• How will they access your resources
This is described using a policy language
9. Policies
• JSON-formatted documents
• Contain statements (permissions)
which specify:
S3 Read-Only Access
{
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:Get*", "s3:List*"],
"Resource": "*"
}
]
– What actions a principal can perform
– Which resources can be accessed
}
Example of an IAM user/group/role access policy
11. Principal - Examples
• An entity that is allowed or denied access to a resource
• Principal element required for resource-based policies
<!-- Everyone (anonymous users) -->
"Principal":"AWS":"*.*"
<!-- Specific account or accounts -->
"Principal":{"AWS":"arn:aws:iam::account-number-without-hyphens:root" }
"Principal":{"AWS":"account-number-without-hyphens"}
<!-- Individual IAM user -->
"Principal":"AWS":"arn:aws:iam::account-number-without-hyphens:user/username"
<!-- Federated user (using web identity federation) -->
"Principal":{"Federated":"www.amazon.com"}
"Principal":{"Federated":"graph.facebook.com"}
"Principal":{"Federated":"accounts.google.com"}
<!-- Specific role -->
"Principal":{"AWS":["arn:aws:iam::account-number-without-hyphens:role/rolename"]}
<!-- Specific service -->
"Principal":{"Service":["ec2.amazonaws.com"]}
12. Action - Examples
• Describes the type of access that should be allowed or denied
• Statements must include either an Action or NotAction element
<!-- EC2 action -->
"Action":"ec2:StartInstances"
<!-- IAM action -->
"Action":"iam:ChangePassword"
<!-- S3 action -->
"Action":"s3:GetObject“
<!-- Specify multiple values for the Action element-->
"Action":["sqs:SendMessage","sqs:ReceiveMessage"]
<--Use wildcards (* or ?) as part of the action name.
"Action":"iam:*AccessKey*"
This would cover Create/Delete/List/Update-->
13. Understanding NotAction
•
•
•
Lets you specify an exception to a list of actions
Can sometimes result in shorter policies than using Action and denying many actions
Example: Let’s say you want to allow everything but IAM APIs
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "iam:*",
"Resource": "*"
}
]
{
"Version": "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"NotAction": "iam:*",
"Resource": "*"
}
]
Notice the
or
difference?
}
}
This is not a Deny. A user could still have a
separate policy that grants IAM:*
If you want to prevent the user from ever being
able to call IAM APIs use an explicit deny
14. Resource - Examples
• The object or objects that are being requested
• Statements must include either a Resource or a NotResource element
<-- S3 Bucket -->
"Resource":"arn:aws:s3:::my_corporate_bucket/*“
<-- SQS queue-->
"Resource":"arn:aws:sqs:us-west-2:account-number-without-hyphens:queue1"
<-- IAM user -->
"Resource":"arn:aws:iam::account-number-without-hyphens:user/Bob"
<-- Multiple DynamoDB tables -->
"Resource":["arn:aws:dynamodb:us-west-2:account-number-without-hyphens:table/books_table",
"arn:aws:dynamodb:us-west-2:account-number-without-hyphens:table/magazines_table"]
<-- All EC2 instances for an account in a region -->
"Resource": "arn:aws:ec2:us-east-1:account-number-without-hyphens:instance/*"
15. Resource-Based Policies vs. IAM Policies
• IAM policies live with
– IAM Users
– IAM Groups
– IAM Roles
{
Principal required here
"Statement":
{
"Sid":"Queue1_SendMessage",
"Effect": "Allow",
"Principal": {"AWS": "111122223333"},
"Action": "sqs:SendMessage",
"Resource":
"arn:aws:sqs:us-east-1:444455556666:queue1"
}
• Some services allow storing
policy with resources
– S3 (bucket policy)
– SNS (topic policy)
– SQS (queue policy)
}
16. Conditions
•
•
•
•
•
Conditions are optional
Condition element can contain multiple Condition Element
conditions
Condition 1:
Condition keys can contains multiple
Key1: Value1A OR Value1BOR Value 1C
values
AND
If a single condition includes multiple
Key2: Value2A OR Value2B
values for one key, the condition is
evaluated using logical OR
AND
multiple conditions (or multiple keys in
Condition 2:
a single condition) the conditions are
evaluated using logical AND
Key3: Value3A
17. Condition Example
AND
"Condition" : {
"DateGreaterThan" : {"aws:CurrentTime" : "2013-08-16T12:00:00Z"},
"DateLessThan": {"aws:CurrentTime" : "2013-08-16T15:00:00Z"},
"IpAddress" : {"aws:SourceIp" : ["192.0.2.0/24", "203.0.113.0/24"]}
}
OR
Allows a user to access a resource under the following conditions:
• The time is after 12:00 p.m. on 8/16/2013
• The time is before 3:00 p.m. on 8/16/2013
• The request comes from an IP address in the 192.0.2.0 /24 or 203.0.113.0 /24 range
19. Policy Variables
• Example use cases
– Allows users to self-manage their own credentials
– Easily set up user access to “home folder” in S3
– Manage EC2 resources using tags
• Benefits
– Reduces the need for user specific policies
– Simplifies overall management
• Variables based on request context
– Existing keys (aws:SourceIP, DateTime, etc.)
– New keys (aws:username, aws:userid, aws:principaltype, others)
– Provider-specific keys (graph.facebook.com:id, www.amazon.com:user_id)
20. The Anatomy of a Policy with Variables
New Version is required
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::myBucket"],
"Condition":
{"StringLike":
{"s3:prefix":["home/${aws:userid}/*"]}
}
},
{
"Effect":"Allow",
"Action":["s3:*"],
"Resource": ["arn:aws:s3:::myBucket/home/${aws:userid}",
"arn:aws:s3:::myBucket/home/${aws:userid}/*"]
}
]
}
Grants a user a home directory in S3 that can be accessed programmatically
Variable in conditions
Variable in resource ARNs
24. Grant a User Access to the IAM Console
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "ViewListOfAllUsers",
"Action": ["iam:ListUsers"],
"Effect": "Allow",
"Resource": ["arn:aws:iam::123456789012:user/*"]
},
{
"Sid": "AllowUserToSeeListOfOwnStuff",
"Action": ["iam:GetUser","iam:GetLoginProfile",
"iam:ListGroupsForUser","iam:ListAccessKeys"],
"Effect": "Allow",
"Resource": ["arn:aws:iam::123456789012:user/${aws:username}"]
}
]
}
• Underneath the covers the IAM
console calls these APIs
• Keep in mind the user will be able to
view limited details about all users
• The IAM user will not be able to
modify the other IAM users settings
• Alternatively, use the CLI
25. Allow IAM User to “Self-manage” from Console
{
"Version": "2012-10-17",
"Statement": [
{
"Action": ["iam:*AccessKey*","iam:*SigningCertificate*"],
"Effect": "Allow",
"Resource": ["arn:aws:iam::123456789012:user/${aws:username}"]
}
]
}
Edit these actions if you
want to modify user
permissions
29. What Changes with EC2 Permissions
• Previously policies applied to all EC2 resources
• Permissions can now be set per-resource
• Ex: assign which users can stop, start, or terminate
a particular instance
38. Locking Down Access to EC2 Instances
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "THISALLOWSEC2READACCESS",
"Effect": "Allow",
"Action": ["ec2:Describe*","elasticloadbalancing:Describe*",
"cloudwatch:ListMetrics","cloudwatch:GetMetricStatistics",
"cloudwatch:Describe*","autoscaling:Describe*"],
"Resource": "*"
},
{
"Sid": "THISLIMITSACCESSTOOWNINSTANCES",
"Effect": "Allow",
"Action": ["ec2:RebootInstances","ec2:StartInstances",
"ec2:StopInstances","ec2:TerminateInstances"],
"Resource":"arn:aws:ec2:us-east-1:123456789012:instance/*",
"Condition": {"StringEquals":
{"ec2:ResourceTag/Owner": "${aws:username}"}}
}
]
}
New Version is required here
because we’re using variables
Allows seeing everything from
the EC2 console.
Allowed only if this tag
condition is true
Use variables for the owner
tag
40. Enables Sub-table and Per-action Access Control
GetItem
BatchGetItem
Query
GetItem
BatchGetItem
Query
PutItem
UpdateItem
BatchWriteItem
Horizontal or vertical access control
Read-only or read-write access
41. DynamoDB Fine-Grained Access Control
• Grant or deny access to individual items by hiding tables or
index information
– Horizontally by matching primary key values
– Vertically by controlling which attributes are visible
• Use policy conditions to define level of access
– dynamodb:LeadingKeys – access items where the hash key value matches a
unique identifier (ex: aws:userid policy variable)
– dynamodb:Attributes – allows access to only a subset of attributes
– StringEqualsIfExists clause – ensures the app must always provide a list
of attributes to act opon
• You must include all primary and index key attributes if you use
dynamodb:Attributes
43. Example: Restricting Access to a Table
{
"Version": "2012-10-17",
New
"Statement": [{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem", "dynamodb:BatchGetItem","dynamodb:Query",
"dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem",
"dynamodb:BatchWriteItem"],
"Resource": ["arn:aws:dynamodb:us-west-2:123456789012:table/GameScores"],
"Condition": {
"ForAllValues:StringEquals": {
"dynamodb:LeadingKeys": ["${www.amazon.com:user_id}"],
"dynamodb:Attributes": [
"UserId","GameTitle","Wins","Losses",
"TopScore","TopScoreDateTime"]
},
"StringEqualsIfExists": {"dynamodb:Select": "SPECIFIC_ATTRIBUTES"}
}
}
]
}
Version is required
Hash key value must match the
user’s ID. Results will be
horizontally filtered.
Only return these attributes.
Results will be vertically filtered.
App must specify attributes.
Cannot request all.
Note that Scan is not included, because Scan would provide access to all of the leading keys
45. Policy Enforcement
• Remember policies can come from multiple places
– IAM users, roles, and groups
– AWS resources (S3, SQS, & SNS)
– Passed through federated users
• Well-defined evaluation logic
–
–
–
–
A request can be allowed or denied
“Deny” trumps “Allow”
If not allowed, request is denied by default
Permissions are union of all policies
46. Determining if a Request is Allowed or Denied
1
Decision
starts at Deny
2
3
Evaluate all
Applicable
policies
• AWS retrieves all policies
associated with the user and
resource
• Only policies that match the action
& conditions are evaluated
Is there an
explicit
deny?
Yes
4
No
Is there an
Allow?
No
Yes
Final decision =“deny”
(explicit deny)
Final decision =“allow”
• If a policy statement
has a deny, it trumps
all other policies
• Access is granted
if there is an
explicit allow and
no deny
5
Final decision =“deny”
(default deny)
• By default, a
implicit (default)
deny is returned
48. Summary
• IAM provides access control for your AWS account
• Use the policy language to allow or deny granular access to AWS
resources
– Users are denied access by default
– Denys trump allow
• All policies (user, group, resource-based) are evaluated for
authorization
• Use policy variables - they make life better!
– Simplifies policy management
– Reduces the need for individual user policies
• We're continuously enabling more granular control
– EC2 / RDS Resource-level permissions
– DynamoDB fine-grained access control
50. All IAM-Related Sessions at re:Invent
ID
Title
Time, Room
CPN205
Securing Your Amazon EC2 Environment with AWS IAM
Roles and Resource-Based Permissions
Wed 11/13 11am, Delfino 4003
SEC201
Access Control for the Cloud: AWS Identity and Access
Management (IAM)
Wed 11/13 1.30pm, Marcello 4406
SEC301
TOP 10 IAM Best Practices
Wed 11/13 3pm, Marcello 4503
SEC302
Mastering Access Control Policies
Wed 11/13 4.15pm, Venetian A
SEC303
Delegating Access to Your AWS Environment
Thu 11/14 11am, Venetian A
Come talk security with AWS
Thu 11/14 4pm, Toscana 3605
51. Please give us your feedback on this
presentation
SEC302
As a thank you, we will select prize
winners daily for completed surveys!