Are your media assets secure? For media companies, security is paramount. Few things can more directly impact your company’s bottom line. As the move to store, process and distribute digital media via the cloud continues, it is imperative to examine the relevant security implications of a multi-tenant public cloud environment. This talk is intended to answer questions around securely storing, processing, distributing and archiving digital media assets on the AWS environment. AWS also enables customers to achieve compliance with the MPAA security best practices with minimal effort. Learn how AWS complies with the MPAA security best practices and how media companies can leverage that for their media workloads.
This session walks through approaches for large-scale media processing scenarios. We cover hybrid and cloud-based transcoding, file transfer, media preparation, and media management. We expect attendees to come away with an understanding of best practices for architecting and deploying hybrid and cloud-based systems for media processing.
AWS Cloud Design Patterns (a.k.a. CDP) are generally repeatable solutions to commonly occurring problems in cloud architecting. In this session, we introduce CDP and explain how you can apply CDPs in practical scenarios such as photo sharing, e-commerce, and web site campaigns.
This session walks through approaches for large-scale media processing scenarios. We cover hybrid and cloud-based transcoding, file transfer, media preparation, and media management. We expect attendees to come away with an understanding of best practices for architecting and deploying hybrid and cloud-based systems for media processing.
AWS Cloud Design Patterns (a.k.a. CDP) are generally repeatable solutions to commonly occurring problems in cloud architecting. In this session, we introduce CDP and explain how you can apply CDPs in practical scenarios such as photo sharing, e-commerce, and web site campaigns.
Getting started with Amazon Web Services (AWS) is fast and simple. This complimentary webinar will outline best practice guidance from many customers and the Amazon Web Services team, helping you gain advantage as your implement your projects in AWS.
Amazon Elastic Compute Cloud (Amazon EC2) provides resizable compute capacity in the cloud and is often the starting point for your first week using AWS. This session will introduce these concepts, along with the fundamentals of EC2, by employing an agile approach that is made possible by the cloud. Attendees will experience the reality of what a first week on EC2 looks like from the perspective of someone deploying an actual application on EC2. You will follow them as they progress from deploying their entire application from an EC2 AMI on day 1 to more advanced features and patterns available in EC2 by day 5. Throughout the process we will identify cloud best practices that can be applied to your first week on EC2 and beyond.
This is presentation on AWS that is Amazon Web Services, based on material available on internet and white papers of Amazon Web services. I have included almost all the major services offered by AWS, presently i am working to include more content like benefits , use cases and links to various videos available on youtube. I have used all the authorized symbols for each service, In case of doubt please feel free to contact me on my email randhawa79@gmail.com
The Getting Started on AWS deck serves to introduce Amazon users and prospective customers to the Amazon VPC, EC2 and the concepts and components that are necessary building Fault Tolerant & High Available environments on AWS. It also serves to introduce services like Direct Connect, Router53 (Amazon DNS Service) and one of our new additions, the Amazon
Application Load Balancer (ALB). After perusing this deck, users should have a better understanding of what these services are and their propose benefits.
In this session you will learn how you can run popular enterprise workloads from Microsoft, Oracle and SAP on AWS.
We will discuss how you can choose between installing and configuring your own applications or launching entire software stacks from Oracle, SAP and Microsoft in minutes by choosing from a large selection of pre-configured virtual machines images and templates. In both many cases, customers may be able to use their existing software licenses in the AWS cloud with no additional license fees.
Getting started with Amazon Web Services (AWS) is fast and simple. The webinar based on this presentation outlined best practice guidance from AWS customers and the Amazon Web Services team, helping you launch your projects in AWS Cloud rapidly and ensure your applications are simple to manage, resilient and cost effective. This webinar also explores how to set up accounts, use consolidated billing and how to securely control access through AWS Identity and Access Management (IAM).
Topics covered in this presentation include:
• Understand the best practices for getting started in the AWS Cloud
• Learn to build resilient, reliable, cost effective applications
• Learn more about secure control and access to AWS for your users
• Discover how to structure your AWS accounts
• Hear more about cost management, instance bootstrapping and the use of availability zones
You can see a recording of this webinar on YouTube here: http://youtu.be/T64qFcyTGAU
Developing applications on Amazon Web Services (AWS) or moving your business into the cloud is more straightforward than you think. Whether you are a developer eager to learn new skills, a solutions architect who wants to solve existing technology problems, the IT professional who wants access to cost-effective, on-demand computing resources, this slides may help you.
Amazon EC2 Demo - YouTube Recording: http://www.youtube.com/watch?v=kMExnVKhmYc&feature=youtu.be
An insight into how publishers use Amazon Web Services and the benefits that our services bring to their business.
Phil Fitzsimons, Solution Architect, AWS
Getting started with Amazon Web Services (AWS) is fast and simple. This complimentary webinar will outline best practice guidance from many customers and the Amazon Web Services team, helping you gain advantage as your implement your projects in AWS.
Amazon Elastic Compute Cloud (Amazon EC2) provides resizable compute capacity in the cloud and is often the starting point for your first week using AWS. This session will introduce these concepts, along with the fundamentals of EC2, by employing an agile approach that is made possible by the cloud. Attendees will experience the reality of what a first week on EC2 looks like from the perspective of someone deploying an actual application on EC2. You will follow them as they progress from deploying their entire application from an EC2 AMI on day 1 to more advanced features and patterns available in EC2 by day 5. Throughout the process we will identify cloud best practices that can be applied to your first week on EC2 and beyond.
This is presentation on AWS that is Amazon Web Services, based on material available on internet and white papers of Amazon Web services. I have included almost all the major services offered by AWS, presently i am working to include more content like benefits , use cases and links to various videos available on youtube. I have used all the authorized symbols for each service, In case of doubt please feel free to contact me on my email randhawa79@gmail.com
The Getting Started on AWS deck serves to introduce Amazon users and prospective customers to the Amazon VPC, EC2 and the concepts and components that are necessary building Fault Tolerant & High Available environments on AWS. It also serves to introduce services like Direct Connect, Router53 (Amazon DNS Service) and one of our new additions, the Amazon
Application Load Balancer (ALB). After perusing this deck, users should have a better understanding of what these services are and their propose benefits.
In this session you will learn how you can run popular enterprise workloads from Microsoft, Oracle and SAP on AWS.
We will discuss how you can choose between installing and configuring your own applications or launching entire software stacks from Oracle, SAP and Microsoft in minutes by choosing from a large selection of pre-configured virtual machines images and templates. In both many cases, customers may be able to use their existing software licenses in the AWS cloud with no additional license fees.
Getting started with Amazon Web Services (AWS) is fast and simple. The webinar based on this presentation outlined best practice guidance from AWS customers and the Amazon Web Services team, helping you launch your projects in AWS Cloud rapidly and ensure your applications are simple to manage, resilient and cost effective. This webinar also explores how to set up accounts, use consolidated billing and how to securely control access through AWS Identity and Access Management (IAM).
Topics covered in this presentation include:
• Understand the best practices for getting started in the AWS Cloud
• Learn to build resilient, reliable, cost effective applications
• Learn more about secure control and access to AWS for your users
• Discover how to structure your AWS accounts
• Hear more about cost management, instance bootstrapping and the use of availability zones
You can see a recording of this webinar on YouTube here: http://youtu.be/T64qFcyTGAU
Developing applications on Amazon Web Services (AWS) or moving your business into the cloud is more straightforward than you think. Whether you are a developer eager to learn new skills, a solutions architect who wants to solve existing technology problems, the IT professional who wants access to cost-effective, on-demand computing resources, this slides may help you.
Amazon EC2 Demo - YouTube Recording: http://www.youtube.com/watch?v=kMExnVKhmYc&feature=youtu.be
An insight into how publishers use Amazon Web Services and the benefits that our services bring to their business.
Phil Fitzsimons, Solution Architect, AWS
AWS provides multiple storage options to meet your varying needs. This presentation provides an overview of how AWS Cloud storage services can be used to support application development and delivery, backup, archive, disaster recovery, and virtualized compute.
With the introduction of AWS OpsWorks, you can now build and manage your application stacks with the finesse and control of Chef recipes. OpsWorks compliments the AWS management frameworks and in this session we'll dive deep on how to use OpsWorks and how to get the best from the framework.
Thomas Metschke, Technical Program Manager, AWS
Rik Heywood, Technical Director, Workfu
AWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPCAmazon Web Services
As more organisations seek to leverage the power and benefits of the cloud, they also need to combine new systems with existing on-premise systems. Services such as Amazon Virtual Private Cloud (VPC) and AWS Direct Connect enable AWS customers to combine on-premise and cloud-based resources easily and effectively. This session will walk customers through the 4 main patterns of connectivity and will include a "real time" demonstration of how easy it is to setup your own VPC and start working in your own private section of the AWS Cloud.
AWS Canberra WWPS Summit 2013 - Extending your Datacentre with Amazon VPCAmazon Web Services
As more organisations seek to leverage the power and benefits of the cloud, they also need to combine new systems with existing on-premise systems. Services such as Amazon Virtual Private Cloud (VPC) and AWS Direct Connect enable AWS customers to combine on-premise and cloud-based resources easily and effectively. This session will walk customers through the 4 main patterns of connectivity and will include a "real time" demonstration of how easy it is to setup your own VPC and start working in your own private section of the AWS Cloud.
Developing applications on Amazon Web Services (AWS) or moving your business into the cloud is more straightforward than you think. Whether you are a developer eager to learn new skills, a solutions architect who wants to solve existing technology problems, the IT professional who wants access to cost-effective, on-demand computing resources, this workshop is for you.
These slides feature some of the most popular Amazon Web Services: Amazon Elastic Compute Service (EC2), Amazon Simple Storage Service (S3), Amazon CloudFront, Amazon Elastic Block Storage (EBS) and Amazon Relational Database Service (RDS).
Amazon EC2 Demo: http://youtu.be/kMExnVKhmYc
AWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPCAmazon Web Services
As more organizations seek to leverage the power and benefits of the cloud, they also need to combine new systems with exiting on-premises systems. Services such as Virtual Private Cloud, VPN and DirectConnect enable AWS customers to combine on-premises and cloud-based resources easily and effectively. This session will walk customers through the 4 main patterns of connectivity and will include a ""real time"" demonstration of how easy it is to setup your own VPC and start working in your own private section of the AWS Cloud.
Viaggio attraverso il cloud come costruire architetture web scalabili e rob...Amazon Web Services
In questa presentazione spiegheremo come disegnare architetture elastiche e affidabili su AWS, usando le architetture web come punto di riferimento. Verranno anche coperti aspetti di scalabilità, sicurezza, gestione delle applicazioni e copertura globale.
SVC103 The Whys and Hows of Integrating Amazon Simple Email Service into your...Amazon Web Services
If you're already building your website our application on AWS, using Amazon SES is a quick and cost-effective way to send your email. This session will talk about what Amazon SES is and why you would want to use it. Then we will dig into the most common ways our customers use Amazon SES with their current systems and give you the tools you need to do the same.
Bootstrapping - Session 1 - Your First Week with Amazon EC2Amazon Web Services
Amazon Elastic Compute Cloud (Amazon EC2) provides resizable compute capacity in the cloud and is often the starting point for your first week using AWS. This presentation will introduce some essential getting started tips and walk through the journey into AWS, the basic technologies you need to understand and why you should use them. You'll hear real a customer's first year journey and benefit from what they would tell you to do in your first week as they impart the lessons learned, challenges faced and opportunities presented.
Ryan Shuttleworth, Technical Evangelist, AWS
Andrew Dunn, CTO and Nick Hills, Ops Manager, Compliant Phones
AWS Summit 2013 | India - How Start-Ups Benefit from AWS, Rajas KarandikarAmazon Web Services
Gain insight into how Indian Start-Ups have innovated & scaled on the AWS platform. Alongside the presentation, you will hear from actual customers about their deployments using AWS services & how they leveraged the benefits.
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS Amazon Web Services
This webinar is on high availability features for Microsoft Windows Server and SQL Server running on the AWS Cloud. Windows Server Failover Clustering (WSFC) and SQL AlwaysOn Availability Groups are part of the underpinnings for many enterprise-class solutions, including Microsoft SharePoint and .NET applications.
Running Microsoft SharePoint On AWS - Smartronix and AWS - WebinarAmazon Web Services
Miles Ward, Solution Architect, AWS
Robert Groat, Chief Technology Officer, Smartronix
discuss how you can run microsoft Enterprise Applications like SharePoint on AWS Cloud, Architecture. Recovery.gov
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
Presentation from AWS Worldwide Public Sector team's conference Building and Securing Applications in the Cloud (http://aws.amazon.com/campaigns/building-securing-applications-cloud/).
In this presentation, Jeff Barr introduces AWS, with a focus on EC2, and then shows how to use AWS Elastic Beanstalk with Git-based deployment of a PHP application.
Techniques for securely storing your digital content and running media workloads. Efficient uses of Access Control, Approval Flows, Encryption, Log Analysis and Virtual Private Clouds.
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Amazon Web Services
"Are your media assets secure? For media companies, security is paramount. Few things can more directly impact your company's bottom line. As the move to store, process, and distribute digital media via the cloud continues, it is imperative to examine the relevant security implications of a multitenant public cloud environment. This talk is intended to answer questions around securely storing, processing, distributing, and archiving digital media assets in the AWS environment. The talk also covers the security controls, features, and services that AWS provides its customers. Learn how AWS aligns with the MPAA security best practices and how media companies can leverage that for their media workloads.
This session also includes a representative from Sony Media Cloud Sevices discussing the path to MPAA alignment of their application Ci on AWS based on these best practices."
O'Reilly Webcast: Architecting Applications For The CloudO'Reilly Media
This presentation analyzes aspects of the Amazon EC2 IaaS cloud environment that differ from a traditional data center and introduces general best practices for ensuring data privacy, storage persistence, and reliable DBMS backup. Presented by Jorge Noa, CTO of Hyperstratus
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
11. Facilities
✔
Physical Security
Physical Infrastructure
Network Infrastructure
Virtualization Infrastructure
Operating System A few nifty AWS features
Application
Security Groups IAM (Identity & Access Management)
OS Firewalls EC2 Security features
Network Configuration VPC (Virtual Private Cloud)
Account Management S3 Security features
CloudFront Security features
12. Unique security credentials
• Access keys, Login/Password, MFA device
• Federated Authentication (Secure Token Service STS)
Policies control access to AWS APIs
• API calls must be signed by either: X.509 certificate or secret key
Deep integration into some services
• S3: policies on objects and buckets
• Simple DB: domains
Not for Operating Systems or Applications
(use LDAP, Active Directory/ADFS, etc..)
13.
14. Amazon S3
(Media Storage) Content
Ingest EC2 Instances
Amazon Simple
Queue Service (SQS)
AWS Cloud Corporate Data Center
15. S3 Client Side Encryption with AWS SDK for Java
Look for AmazonS3EncryptionClient class (subclass of AmazonS3Client)
Content
Envelope Key
Encrypted Content
Encrypted Envelope Key
Master Key
AWS SDK for Java
Corporate Data Center
16.
17. AWS Direct Connect
SSL endpoints
• All AWS APIs provide SSL endpoints AWS Import/Export Service for very large datasets
AWS Import/Export
Amazon S3
AWS Direct
(Media Storage)
Connect
Co-Lo Content
Ingest EC2 Instances
Amazon Simple
Queue Service (SQS)
AWS Cloud
Corporate Data Center
18.
19. • Bucket and Object level permissions
• Owner only access (by default)
• Signed URLs/Query String Authentication
• IAM Policies
• Versioning (MFA Delete)
• Detailed Access Logging
✔Access Logs
20. • Encryption Amazon S3
Master S3 Key
• Decryption
• Key Management
(Encrypted by S3 Master key)
(Stored Separately from your data)
• 256-bit AES encryption
Envelop Key
Encrypted Stored Data Encrypted Stored Key
Content to be Uploaded
(encryption enabled in the
HTTP Header)
21.
22. Internet
Corporate
data center
10.0.0.0/16
S3
Glacier Internet Gateway VPN Gateway
SQS
Router
10.0.0.0/24 10.0.1.0/24
EC2 API endpoint
Instances Instances
NAT Instance
VPC Public Subnet VPC Private Subnet
23. EC2 (Guest) operating System
• Controlled by YOU
• YOU have admin/root
•
Instance
AWS has NO visibility Security Group
• YOU generate the key-pairs
Availability Zone A
Security Groups (Stateful Filters) AWS Cloud
• YOU control the mandatory inbound firewall
Security Group Adobe_FMS
• Default Deny All Configuration
• +Egress in the case of VPC Protocol Port Range Source
TCP 80 0.0.0.0/0
TCP 1111 0.0.0.0/0
Signed API calls TCP 1935 0.0.0.0/0
UDP 1935 0.0.0.0/0
SSH 22 192.168.0.41/10
24. EC2 Security Controls
• Security Groups (default deny all)
Internet Gateway Virtual Private Cloud (VPC)
• Isolated environment
• Ingress and Egress filters
S3 (Media Storage)
• Network ACLs
Instances
NAT Instance
• Routing rules
Security Group
EC2
VPC Private Subnet
VPC Public Amazon Simple OS Level Firewalls
Subnet Queue Service (SQS)
• IP Tables
Virtual Private Cloud
Patch Management
AWS Cloud
25. • Windows
• Windows Encrypting File System (EFS)
• TruCrypt – Works well with NTFS
• Linux
• EncFS
• Loop-AES
• Dm-Crypt
• TruCrypt
28. CloudFront’s Private Content Feature Amazon S3
(Logs Storage)
Amazon CloudFront
Only deliver content to securely signed requests
Signed Request
• HTTPS ONLY requests/delivery HTTP
• CloudFront Origin Access Identity End User
• Signed URL Verification
Policy based on a timed URL or a CIDR block of the requestor
• HTTPS ONLY origin fetches
• Trusted Signers
• Access Logs
Delivery EC2 Instances
Amazon S3
(Media Storage)
Security Group
30. Live Streaming:
• Secure the instance
• Security Groups (source and port)
• Streaming server in a VPC
• Securing the content chunks and manifest
• Use Signed URLs provided by CloudFront
On-Demand Streaming:
• S3 content bucket security
• CloudFront private content features
31. Amazon CloudFront
Setup CloudFront for private content
A web application that:
• Send the IP address of the requestor to a
geo-location service (Digital Element, Max Mind)
• Evaluate the IP address
Geo-Location Service
• Generate a URL for CloudFront or return a EC2 WebServer Instances
not-allowed page
32. Amazon CloudFront
HTTPS
HTTPS
Amazon
Route 53 End User
Delivery EC2 Instances
Security Group
S3 (Media Storage)
AWS Direct
Connect
Content
Amazon Simple
Queue Service (SQS)
Processing EC2 Instances
Security Group Ingest EC2 Instances
Virtual Private Cloud AWS Cloud Security Group
Corporate Data Center
33.
34. Set up application level logging on the EC2 instances
Several third-party products for logging along with EMR (Elastic Map Reduce)
If you are investigating a security event and need logs and forensics:
TALK TO US !
35. Facilities
✔
Physical Security
Physical Infrastructure
Network Infrastructure
Virtualization Infrastructure
Operating System
Application A few nifty AWS features
Security Groups
IAM (Identity & Access Management)
OS Firewalls
EC2 Security features
Network Configuration
VPC (Virtual Private Cloud)
Account Management
S3 Security features
CloudFront Security features
37. Pre-Production Production Production Wrap Post-Production Distribution
Digital Services Digital Services
Visual Effects Effects
Visual
Post Production Post Production
Creative Advertising
Creative Advertising
Distribution
Distribution
KODE Compliance Inc. | Accelerating Compliance
38. Pre-Production Production Production Wrap Post-Production Distribution
KODE Compliance Inc. | Accelerating Compliance
39. Amazon CloudFront
HTTPS
HTTPS
End User
Amazon
Delivery EC2 Instances Route 53
Security Group
S3 (Media Storage)
AWS Direct
Connect
Content
Amazon Simple
Queue Service (SQS)
Processing EC2 Instances
Security Group Ingest EC2 Instances
Virtual Private Cloud AWS Cloud Security Group
Corporate Data Center
41. • Experts in the MPAA standard
• Eliminate the guessing game
• Committed to getting you compliant
KODE Compliance Inc. | Accelerating Compliance
42. Heavy lifting for infrastructure security
OS and application level security
43.
44. We are sincerely eager to tweet #reinvent
hear your feedback on this
presentation and on re:Invent.
Please fill out an evaluation
form when you have a
chance.