Netflix Cloud Security Overview

•

2 likes•1,170 views

Amazon Web Services

The document discusses Netflix's strategy for implementing least privilege on AWS accounts using tools they developed called Aardvark and Repokid. It involves giving applications base permissions for common deployment tasks, continuously profiling roles to remove unused permissions, and deleting roles when applications are no longer used. Several considerations are discussed, such as preserving permissions for infrequent tasks, handling errors, and accounting for untracked services. Future work proposed includes tightening base IAM using repo data and using application introspection to dynamically assign minimum required permissions.

RepoingIAMPermissions
OurstrategyforAWSLeastPrivilege
PatrickKelley
TravisMcPeak

Agenda
●Introandcontextsetting
●Approaches
●Aardvark&Repokid
●Futurework

Intro

●GeneralDynamics->eBay->Netflix
●Decenttrampolinejumper
●SecurityMonkey,CloudAux,Aardvark,Repokid
PatrickKelley

●Symantec->HP->IBM->Netflix
●OpenStackSecurity,CloudFoundrySecurity,OWASPBayArea
●Bandit,Recon,Aardvark,Repokid
TravisMcPeak

Netflix
LargeAWSdeployment
●100K+instances
●Thousandsofapplications
●Over50AWSaccounts
Mediumengineering
●~2000inproduct
●~50securityengineers

Netflix
Culturedrivesourdecisions,includingthiswork
●FreedomandResponsibility
●Context,notControl

IAMRecap

LeastPrivilege
Onlygranttherequiredaccess
necessarytoperformlegitimate
functions.
SeemscontrarytoNetflixFreedomand
Responsibilityvalue.
Thetrickistobalance.

FirstCut

Developersrequestspecific
permissionstheyneedtodeployand
runtheirapp.
Soundsreasonable...

●86services*
●2318permissions*
●Hardtoknowbasedonname
●Whataboutdependencies?
●Hardtogetrightonfirst,second,thirdpass...
Developersdon’tknowwhattheyneed
*AccordingtoPolicyUniverse,updated5/31

PossibleApproaches

Profileintest,thendeploytoprod

Startwithnopermissions,add
incrementally

Havedevelopersaddtheirown
permissionswithself-service
model

OurApproach

●Appsgivenpermissionscommonlyusedduringdeployment
○Ifmoreneeded,wehaveaquickconversation
●Profiletherolecontinuously
●Takeawayunusedpermissions
●Deletetherolewhenit’snolongerused
(Mostly)automatedrolelifecycle

●DevelopersuseSpinnaker
●Spinnaker->Lambdawithinformation
abouttheapp
●Lambdacreatesaroleandgives
“base”permissions
○Basepermissionsdependon
typeofappandaccount.
Developerdeploysnewapp

●CurrentlyusingAccessAdvisor
○WilluseCloudTrailsoon
●Findoutwhichpermissionsanappisusing
●Watchdenied/AAforservicesthataren’tallowed
○Eithermisconfigurationorattack
Profilerolecontinuously

●Takeawaypermissionsthathaven’tbeenusedrecently
○Hasthesidebenefitthatunusedappslosepriv
●Storeoldversionofpolicysowecanrollbackifneeded
●Soon:automaticallyrollbackifCloudTrailshowsdenied
Repounusedpermissions

Attack!
●Alreadydemonstratedreal-worldbenefits
○Internaltesting
○Responsibledisclosureprogram
●Somestopped,somenot
○Wecan’trepopermissionstheappactuallyneeds!

●Unusedappswillalreadyhavebeenrepoedto0
●Finalstepistocleanuprolesthatarenolonger
attachedtoapplications
Deletetherolewhennolongerused

Aardvark

●RetrieveandcacheAccessAdvisordatafromthe
console
●Mostlyfeaturecomplete,plantoswitchtoAccess
AdvisorAPIwhenavailablefromAWS
Aardvark(NetflixOSS)

Repokid

●Scanroles,lookforunusedpermissions,takethem
away,makeiteasytorollback
●Chat-opsintegration:what’sbeingrepoed,opt-out,
rollback
●LongtermstrategicforNetflixSecurity
○CloudTrailintegration
○Notificationsandreportstoappowner
Repokid(NetflixOSS)

Considerations/Edge-cases

●Newpermissionsshouldn’tgetrepoedforawhile
○Needtomakeiteasyfordeveloperstogetnewpermissions
Needtoconsider

●Newpermissionsshouldn’tgetrepoedforawhile
○Needtomakeiteasyfordeveloperstogetnewpermissions
●Whatshouldwedotopreserveinfrequentlyusedpermissions?
○Suchasthoseusedindisasterrecovery
Needtoconsider

●Newpermissionsshouldn’tgetrepoedforawhile
○Needtomakeiteasyfordeveloperstogetnewpermissions
●Whatshouldwedotopreserveinfrequentlyusedpermissions?
○Suchasthoseusedindisasterrecovery
●Whatifsomethingbreaks?
Needtoconsider

●Newpermissionsshouldn’tgetrepoedforawhile
○Needtomakeiteasyfordeveloperstogetnewpermissions
●Whatshouldwedotopreserveinfrequentlyusedpermissions?
○Suchasthoseusedindisasterrecovery
●Whatifsomethingbreaks?
●Untrackedservices(Lightsail)
Needtoconsider

●Newpermissionsshouldn’tgetrepoedforawhile
○Needtomakeiteasyfordeveloperstogetnewpermissions
●Whatshouldwedotopreserveinfrequentlyusedpermissions?
○Suchasthoseusedindisasterrecovery
●Whatifsomethingbreaks?
●Untrackedservices(Lightsail)
●NewlyreleasedservicesmightnotbeinCT/AAyet
Needtoconsider

●Newpermissionsshouldn’tgetrepoedforawhile
○Needtomakeiteasyfordeveloperstogetnewpermissions
●Whatshouldwedotopreserveinfrequentlyusedpermissions?
○Suchasthoseusedindisasterrecovery
●Whatifsomethingbreaks?
●Untrackedservices(Lightsail)
●NewlyreleasedservicesmightnotbeinCT/AAyet
●Ifpoliciesuseawildcard,newpermissionsmightbeautomaticallyadded
○rds:create*mightgrowmorepowerfulovertime
Needtoconsider

●Newpermissionsshouldn’tgetrepoedforawhile
○Needtomakeiteasyfordeveloperstogetnewpermissions
●Whatshouldwedotopreserveinfrequentlyusedpermissions?
○Suchasthoseusedindisasterrecovery
●Whatifsomethingbreaks?
●Untrackedservices(Lightsail)
●NewlyreleasedservicesmightnotbeinCT/AAyet
●Ifpoliciesuseawildcard,newpermissionsmightbeautomaticallyadded
○rds:create*mightgrowmorepowerfulovertime
●CloudTraildoesn’tmap1:1withpermissions
Needtoconsider

FutureWork

UserepodatatotightenbaseIAM
FrequentlyrepoedservicesshouldnotbeincludedinbaseIAMinthefirstplace.
-Wecantolerateasmallpercentageofdevelopersrequestingadditionalaccess

Introspection
Examineapplicationsastheyarebeingdeployedandgivethempermissionsbasedon
whattheyneed.
Example:canseethat:
-AspecificDynamotableisused
-Theapplicationreadsfromaspecificqueue

Thankyou.

Recommended

Using Active Directory in AWS

Using Active Directory in AWS

Using Active Directory in AWS

Reducing the Total Cost of IT Infrastructure with AWS Cloud Economics

Reducing the Total Cost of IT Infrastructure with AWS Cloud Economics

Reducing the Total Cost of IT Infrastructure with AWS Cloud Economics

Amazon Web Services

AWS offers you a pay-as-you-go approach for pricing for over 70 cloud services. With AWS you pay only for the individual services you need, for as long as you use them, and without requiring long-term contracts or complex licensing. This webinar will cover a deep-dive into the above stated AWS Pricing Principles and how you can estimate your AWS bill by using the AWS Simple Monthly Calculator. Furthermore, it will highlight the best practices that are at your disposal to help you lower your AWS costs. We will cover: Understand how the TCO calculator matches your current infrastructure to the most cost-effective AWS offering. Learn how volume based discounts and realize important savings as your usage increases. Discover how services such as S3 and data transfer OUT from EC2, pricing is tiered, meaning the more you use, the less you pay per GB. In addition, data transfer IN is always free of charge. As a result, as your AWS usage needs increase, you benefit from the economies of scale that allow you to increase adoption and keep costs under control.

Running Active Directory in the AWS Cloud

Running Active Directory in the AWS Cloud

Running Active Directory in the AWS Cloud

Amazon Web Services

Serverless data and analytics on AWS for operations

Serverless data and analytics on AWS for operations

Serverless data and analytics on AWS for operations

AWS Certified Cloud Practitioner Course S11-S17

AWS Certified Cloud Practitioner Course S11-S17

AWS Certified Cloud Practitioner Course S11-S17

This deck contains the slides from our AWS Certified Cloud Practitioner video course. It covers: Section 11 Databases and Analytics Section 12 Management and Governance Section 13 AWS Cloud Security and Identity Section 14 Architecting for the Cloud Section 15 Accounts, Billing and Support Section 16 Migration, Machine Learning and More Section 17 Exam Preparation and Tips Full course can be found here: https://digitalcloud.training/courses/aws-certified-cloud-practitioner-video-course/

The eBay-Way Meetup IL - CI/CD with Microservices

The eBay-Way Meetup IL - CI/CD with Microservices

The eBay-Way Meetup IL - CI/CD with Microservices

다양한 솔루션으로 만들어가는 AWS 네트워크 보안::이경수::AWS Summit Seoul 2018

다양한 솔루션으로 만들어가는 AWS 네트워크 보안::이경수::AWS Summit Seoul 2018

다양한 솔루션으로 만들어가는 AWS 네트워크 보안::이경수::AWS Summit Seoul 2018Amazon Web Services Korea

Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...

Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...

Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...

Amazon Web Services

In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPCs, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition to different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how you can connect VPCs with your offices and current data center footprint.

Recommended

Using Active Directory in AWS

Using Active Directory in AWS

Using Active Directory in AWS

Reducing the Total Cost of IT Infrastructure with AWS Cloud Economics

Reducing the Total Cost of IT Infrastructure with AWS Cloud Economics

Reducing the Total Cost of IT Infrastructure with AWS Cloud Economics

Amazon Web Services

AWS offers you a pay-as-you-go approach for pricing for over 70 cloud services. With AWS you pay only for the individual services you need, for as long as you use them, and without requiring long-term contracts or complex licensing. This webinar will cover a deep-dive into the above stated AWS Pricing Principles and how you can estimate your AWS bill by using the AWS Simple Monthly Calculator. Furthermore, it will highlight the best practices that are at your disposal to help you lower your AWS costs. We will cover: Understand how the TCO calculator matches your current infrastructure to the most cost-effective AWS offering. Learn how volume based discounts and realize important savings as your usage increases. Discover how services such as S3 and data transfer OUT from EC2, pricing is tiered, meaning the more you use, the less you pay per GB. In addition, data transfer IN is always free of charge. As a result, as your AWS usage needs increase, you benefit from the economies of scale that allow you to increase adoption and keep costs under control.

Running Active Directory in the AWS Cloud

Running Active Directory in the AWS Cloud

Running Active Directory in the AWS Cloud

Amazon Web Services

Serverless data and analytics on AWS for operations

Serverless data and analytics on AWS for operations

Serverless data and analytics on AWS for operations

AWS Certified Cloud Practitioner Course S11-S17

AWS Certified Cloud Practitioner Course S11-S17

AWS Certified Cloud Practitioner Course S11-S17

This deck contains the slides from our AWS Certified Cloud Practitioner video course. It covers: Section 11 Databases and Analytics Section 12 Management and Governance Section 13 AWS Cloud Security and Identity Section 14 Architecting for the Cloud Section 15 Accounts, Billing and Support Section 16 Migration, Machine Learning and More Section 17 Exam Preparation and Tips Full course can be found here: https://digitalcloud.training/courses/aws-certified-cloud-practitioner-video-course/

The eBay-Way Meetup IL - CI/CD with Microservices

The eBay-Way Meetup IL - CI/CD with Microservices

The eBay-Way Meetup IL - CI/CD with Microservices

다양한 솔루션으로 만들어가는 AWS 네트워크 보안::이경수::AWS Summit Seoul 2018

다양한 솔루션으로 만들어가는 AWS 네트워크 보안::이경수::AWS Summit Seoul 2018

다양한 솔루션으로 만들어가는 AWS 네트워크 보안::이경수::AWS Summit Seoul 2018Amazon Web Services Korea

Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...

Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...

Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...

Amazon Web Services

In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPCs, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition to different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how you can connect VPCs with your offices and current data center footprint.

A Case Study on Insider Threat Detection

A Case Study on Insider Threat Detection

A Case Study on Insider Threat Detection

Amazon Web Services

CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka

CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka

CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka

YouTube: https://youtu.be/h0p4dxuwv1s ** AWS Certification Training: https://www.edureka.co/aws-certified-devops-training ** This Edureka "CodeBuild CodePipeline CodeDeploy CodeCommit in AWS” PPT will give you a thorough and insightful overview of all the concepts related to CI/CD services in AWS. Following are the offerings of this PPT: What Is AWS And DevOps? What Is CI/CD? What Is CodePipeline? CodeBuild CodeDeploy & CodeCommit CI/CD on AWS Check out our Playlists: https://goo.gl/Xpx77b Blog Series: https://goo.gl/8S5WFJ Follow us to never miss an update in the future. YouTube: https://www.youtube.com/user/edurekaIN Instagram: https://www.instagram.com/edureka_learning/ Facebook: https://www.facebook.com/edurekaIN/ Twitter: https://twitter.com/edurekain LinkedIn: https://www.linkedin.com/company/edureka

What i-wish-i-knew-about-aws-certification

What i-wish-i-knew-about-aws-certification

What i-wish-i-knew-about-aws-certification

AWS Well Architected Framework - Walk Through

AWS Well Architected Framework - Walk Through

AWS Well Architected Framework - Walk Through

Kaushik Mohanraj

Amazon Container 환경의 보안 – 최인영, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집

Amazon Container 환경의 보안 – 최인영, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집

Amazon Container 환경의 보안 – 최인영, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집

Amazon Web Services Korea

Introduction to Cloud Computing with Amazon Web Services

Introduction to Cloud Computing with Amazon Web Services

Introduction to Cloud Computing with Amazon Web Services

Amazon Web Services

Join this foundational session to understand the core concepts of “Cloud Computing” and different attributes such as reliability, fault tolerance, elasticity, scalability and pay-as-you-go pricing. Whether you are a startup who wants to accelerate growth without a big upfront investment in cash or time for technology or an Enterprise looking for IT innovation, agility and resiliency while reducing costs, the AWS Cloud provides a complete set of infrastructure services at zero upfront costs which are available with a few clicks and within minutes. Join this webinar to learn more about the benefits of Cloud Computing.

AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS

AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS

AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS

Amazon Web Services

AWS reInvent 2022 reCap AI/ML and Data

AWS reInvent 2022 reCap AI/ML and Data

AWS reInvent 2022 reCap AI/ML and Data

Introduction to AWS Enterprise Support

Introduction to AWS Enterprise Support

Introduction to AWS Enterprise Support

Amazon Web Services

Cloud comparison - AWS vs Azure vs Google

Cloud comparison - AWS vs Azure vs Google

Cloud comparison - AWS vs Azure vs Google

Patrick Pierson

Introduction to AWS (Amazon Web Services)

Introduction to AWS (Amazon Web Services)

Introduction to AWS (Amazon Web Services)

Albert Suwandhi

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

Amazon Web Services

AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard. AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.

AWS solution Architect Associate study material

AWS solution Architect Associate study material

AWS solution Architect Associate study material

Nagesh Ramamoorthy

The Benefits of Cloud Computing

The Benefits of Cloud Computing

The Benefits of Cloud Computing

Amazon Web Services

Amazon Connect를 이용한 장애 대응도구 개발기 - 현창훈 (HBSmith) :: AWS Community Day 2020

Amazon Connect를 이용한 장애 대응도구 개발기 - 현창훈 (HBSmith) :: AWS Community Day 2020

Amazon Connect를 이용한 장애 대응도구 개발기 - 현창훈 (HBSmith) :: AWS Community Day 2020

AWSKRUG - AWS한국사용자모임

Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...

Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...

Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...

Amazon Web Services

Companies are moving existing on-premises applications to the cloud as fast as possible to become more agile and lower costs. However, certain workloads must remain on-premises due to low latency or local data-processing requirements. AWS Outposts brings fully managed, native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility. In this tech talk, we provide an introduction to AWS Outposts and how it works, as well as present customer use cases. We also explore ways to use AWS-cloud native APIs to support workloads that must remain on-premises for a truly consistent hybrid experience.

Architecting for the Cloud using NetflixOSS - Codemash Workshop

Architecting for the Cloud using NetflixOSS - Codemash Workshop

Architecting for the Cloud using NetflixOSS - Codemash Workshop

Cloud development is inherently different than data center development. Understanding those differences, and architecting for them is critical to successful cloud solutions. In this workshop, we will both describe Netflix OSS platform components and show you how you can piece them together to build your own fault-tolerant REST services. These include: Hystrix, Ribbon, Eureka, and Archaius. In this hands-on lab, you will both learn the benefits of each of these services and use them in a sample application (in a test account). If you want to get things running in your own account, you may want to attend the afternoon session (Setting up your environment for the AWS cloud).

AWS Well-Architected Workshop

AWS Well-Architected Workshop

AWS Well-Architected Workshop

Amazon Web Services

By Ballu Singh, Solutions Architect AWS The AWS Well-Architected framework was developed to help cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible for their applications. Composed of 5 pillars – operational excellence, security, reliability, performance efficiency, and cost optimization – this framework provides a consistent approach to evaluate architectures, and provides guidance to help implement designs that will scale with your application needs over time. This workshop teaches you how to put that framework into practice. You’ll learn strategies for building stable and efficient systems. Then you’ll apply that knowledge through a series of team exercises, comparing a sample architecture against our best practices, and assessing how Well-Architected it is against each pillar.

Introduction to Cloud Computing - (Eng Session)

Introduction to Cloud Computing - (Eng Session)

Introduction to Cloud Computing - (Eng Session)

Amazon Web Services

Amazon Virtual Private Cloud VPC Architecture AWS Web Services

Amazon Virtual Private Cloud VPC Architecture AWS Web Services

Amazon Virtual Private Cloud VPC Architecture AWS Web ServicesRobert Wilson

Netflix Cloud Security Overview

Netflix Cloud Security Overview

Netflix Cloud Security Overview

Amazon Web Services

Developing Applications with the IoT Button - AWS Online Tech Talks

Developing Applications with the IoT Button - AWS Online Tech Talks

Developing Applications with the IoT Button - AWS Online Tech Talks

Amazon Web Services

Develop and program the AWS IoT button to create a one-click experience for users to access applications in the cloud. This webinar will show you how you can configure your AWS IoT Button using the AWS IoT Button mobile app. The mobile app simplifies the process of registering, configuring, and programming the button. Using preconfigured AWS Lambda blueprints, the app lets you quickly program the button to send an SMS or email when clicked. Or, you can write your own Lambda code for the functionality of your choice. In this webinar, we will also demo an end to end application using an AWS IoT button.

More Related Content

What's hot

A Case Study on Insider Threat Detection

A Case Study on Insider Threat Detection

A Case Study on Insider Threat Detection

Amazon Web Services

CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka

CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka

CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka

YouTube: https://youtu.be/h0p4dxuwv1s ** AWS Certification Training: https://www.edureka.co/aws-certified-devops-training ** This Edureka "CodeBuild CodePipeline CodeDeploy CodeCommit in AWS” PPT will give you a thorough and insightful overview of all the concepts related to CI/CD services in AWS. Following are the offerings of this PPT: What Is AWS And DevOps? What Is CI/CD? What Is CodePipeline? CodeBuild CodeDeploy & CodeCommit CI/CD on AWS Check out our Playlists: https://goo.gl/Xpx77b Blog Series: https://goo.gl/8S5WFJ Follow us to never miss an update in the future. YouTube: https://www.youtube.com/user/edurekaIN Instagram: https://www.instagram.com/edureka_learning/ Facebook: https://www.facebook.com/edurekaIN/ Twitter: https://twitter.com/edurekain LinkedIn: https://www.linkedin.com/company/edureka

What i-wish-i-knew-about-aws-certification

What i-wish-i-knew-about-aws-certification

What i-wish-i-knew-about-aws-certification

AWS Well Architected Framework - Walk Through

AWS Well Architected Framework - Walk Through

AWS Well Architected Framework - Walk Through

Kaushik Mohanraj

Amazon Container 환경의 보안 – 최인영, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집

Amazon Container 환경의 보안 – 최인영, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집

Amazon Container 환경의 보안 – 최인영, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집

Amazon Web Services Korea

Introduction to Cloud Computing with Amazon Web Services

Introduction to Cloud Computing with Amazon Web Services

Introduction to Cloud Computing with Amazon Web Services

Amazon Web Services

Join this foundational session to understand the core concepts of “Cloud Computing” and different attributes such as reliability, fault tolerance, elasticity, scalability and pay-as-you-go pricing. Whether you are a startup who wants to accelerate growth without a big upfront investment in cash or time for technology or an Enterprise looking for IT innovation, agility and resiliency while reducing costs, the AWS Cloud provides a complete set of infrastructure services at zero upfront costs which are available with a few clicks and within minutes. Join this webinar to learn more about the benefits of Cloud Computing.

AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS

AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS

AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS

Amazon Web Services

AWS reInvent 2022 reCap AI/ML and Data

AWS reInvent 2022 reCap AI/ML and Data

AWS reInvent 2022 reCap AI/ML and Data

Introduction to AWS Enterprise Support

Introduction to AWS Enterprise Support

Introduction to AWS Enterprise Support

Amazon Web Services

Cloud comparison - AWS vs Azure vs Google

Cloud comparison - AWS vs Azure vs Google

Cloud comparison - AWS vs Azure vs Google

Patrick Pierson

Introduction to AWS (Amazon Web Services)

Introduction to AWS (Amazon Web Services)

Introduction to AWS (Amazon Web Services)

Albert Suwandhi

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

Amazon Web Services

AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard. AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.

AWS solution Architect Associate study material

AWS solution Architect Associate study material

AWS solution Architect Associate study material

Nagesh Ramamoorthy

The Benefits of Cloud Computing

The Benefits of Cloud Computing

The Benefits of Cloud Computing

Amazon Web Services

Amazon Connect를 이용한 장애 대응도구 개발기 - 현창훈 (HBSmith) :: AWS Community Day 2020

Amazon Connect를 이용한 장애 대응도구 개발기 - 현창훈 (HBSmith) :: AWS Community Day 2020

Amazon Connect를 이용한 장애 대응도구 개발기 - 현창훈 (HBSmith) :: AWS Community Day 2020

AWSKRUG - AWS한국사용자모임

Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...

Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...

Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...

Amazon Web Services

Companies are moving existing on-premises applications to the cloud as fast as possible to become more agile and lower costs. However, certain workloads must remain on-premises due to low latency or local data-processing requirements. AWS Outposts brings fully managed, native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility. In this tech talk, we provide an introduction to AWS Outposts and how it works, as well as present customer use cases. We also explore ways to use AWS-cloud native APIs to support workloads that must remain on-premises for a truly consistent hybrid experience.

Architecting for the Cloud using NetflixOSS - Codemash Workshop

Architecting for the Cloud using NetflixOSS - Codemash Workshop

Architecting for the Cloud using NetflixOSS - Codemash Workshop

Cloud development is inherently different than data center development. Understanding those differences, and architecting for them is critical to successful cloud solutions. In this workshop, we will both describe Netflix OSS platform components and show you how you can piece them together to build your own fault-tolerant REST services. These include: Hystrix, Ribbon, Eureka, and Archaius. In this hands-on lab, you will both learn the benefits of each of these services and use them in a sample application (in a test account). If you want to get things running in your own account, you may want to attend the afternoon session (Setting up your environment for the AWS cloud).

AWS Well-Architected Workshop

AWS Well-Architected Workshop

AWS Well-Architected Workshop

Amazon Web Services

By Ballu Singh, Solutions Architect AWS The AWS Well-Architected framework was developed to help cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible for their applications. Composed of 5 pillars – operational excellence, security, reliability, performance efficiency, and cost optimization – this framework provides a consistent approach to evaluate architectures, and provides guidance to help implement designs that will scale with your application needs over time. This workshop teaches you how to put that framework into practice. You’ll learn strategies for building stable and efficient systems. Then you’ll apply that knowledge through a series of team exercises, comparing a sample architecture against our best practices, and assessing how Well-Architected it is against each pillar.

Introduction to Cloud Computing - (Eng Session)

Introduction to Cloud Computing - (Eng Session)

Introduction to Cloud Computing - (Eng Session)

Amazon Web Services

Amazon Virtual Private Cloud VPC Architecture AWS Web Services

Amazon Virtual Private Cloud VPC Architecture AWS Web Services

Amazon Virtual Private Cloud VPC Architecture AWS Web ServicesRobert Wilson

What's hot (20)

A Case Study on Insider Threat Detection

A Case Study on Insider Threat Detection

A Case Study on Insider Threat Detection

CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka

CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka

CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka

What i-wish-i-knew-about-aws-certification

What i-wish-i-knew-about-aws-certification

What i-wish-i-knew-about-aws-certification

AWS Well Architected Framework - Walk Through

AWS Well Architected Framework - Walk Through

AWS Well Architected Framework - Walk Through

Amazon Container 환경의 보안 – 최인영, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집

Amazon Container 환경의 보안 – 최인영, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집

Amazon Container 환경의 보안 – 최인영, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집

Introduction to Cloud Computing with Amazon Web Services

Introduction to Cloud Computing with Amazon Web Services

Introduction to Cloud Computing with Amazon Web Services

AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS

AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS

AWSome Day 2016 - Module 4: Databases: Amazon DynamoDB and Amazon RDS

AWS reInvent 2022 reCap AI/ML and Data

AWS reInvent 2022 reCap AI/ML and Data

AWS reInvent 2022 reCap AI/ML and Data

Introduction to AWS Enterprise Support

Introduction to AWS Enterprise Support

Introduction to AWS Enterprise Support

Cloud comparison - AWS vs Azure vs Google

Cloud comparison - AWS vs Azure vs Google

Cloud comparison - AWS vs Azure vs Google

Introduction to AWS (Amazon Web Services)

Introduction to AWS (Amazon Web Services)

Introduction to AWS (Amazon Web Services)

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

AWS solution Architect Associate study material

AWS solution Architect Associate study material

AWS solution Architect Associate study material

The Benefits of Cloud Computing

The Benefits of Cloud Computing

The Benefits of Cloud Computing

Amazon Connect를 이용한 장애 대응도구 개발기 - 현창훈 (HBSmith) :: AWS Community Day 2020

Amazon Connect를 이용한 장애 대응도구 개발기 - 현창훈 (HBSmith) :: AWS Community Day 2020

Amazon Connect를 이용한 장애 대응도구 개발기 - 현창훈 (HBSmith) :: AWS Community Day 2020

Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...

Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...

Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...

Architecting for the Cloud using NetflixOSS - Codemash Workshop

Architecting for the Cloud using NetflixOSS - Codemash Workshop

Architecting for the Cloud using NetflixOSS - Codemash Workshop

AWS Well-Architected Workshop

AWS Well-Architected Workshop

AWS Well-Architected Workshop

Introduction to Cloud Computing - (Eng Session)

Introduction to Cloud Computing - (Eng Session)

Introduction to Cloud Computing - (Eng Session)

Amazon Virtual Private Cloud VPC Architecture AWS Web Services

Amazon Virtual Private Cloud VPC Architecture AWS Web Services

Amazon Virtual Private Cloud VPC Architecture AWS Web Services

Viewers also liked

Netflix Cloud Security Overview

Netflix Cloud Security Overview

Netflix Cloud Security Overview

Amazon Web Services

Developing Applications with the IoT Button - AWS Online Tech Talks

Developing Applications with the IoT Button - AWS Online Tech Talks

Developing Applications with the IoT Button - AWS Online Tech Talks

Amazon Web Services

Develop and program the AWS IoT button to create a one-click experience for users to access applications in the cloud. This webinar will show you how you can configure your AWS IoT Button using the AWS IoT Button mobile app. The mobile app simplifies the process of registering, configuring, and programming the button. Using preconfigured AWS Lambda blueprints, the app lets you quickly program the button to send an SMS or email when clicked. Or, you can write your own Lambda code for the functionality of your choice. In this webinar, we will also demo an end to end application using an AWS IoT button.

A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution

A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution

A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution

Amazon Web Services

Serverless for Developers

Serverless for Developers

Serverless for Developers

Amazon Web Services

Digital Transformation with smart products - EVRYTHNG

Digital Transformation with smart products - EVRYTHNG

Digital Transformation with smart products - EVRYTHNG

Amazon Web Services

In this presentation Andy considers what was learnt building the EVRYTHNG IoT platform which helps billions of things get smart since 2011. In particular he'll be talking about patterns and anti-patterns, tools and common architectures. Finally, we'll have a glimpse at the future of IoT which will truly transform our businesses: from smart labels to LPWAN and blockchains. Speaker: Andy Hobsbawm, CTO & Co-Founder @ EVRYTHNG

Hands-on Lab: Amazon ElastiCache

Hands-on Lab: Amazon ElastiCache

Hands-on Lab: Amazon ElastiCache

Amazon Web Services

Viewers also liked (6)

Netflix Cloud Security Overview

Netflix Cloud Security Overview

Netflix Cloud Security Overview

Developing Applications with the IoT Button - AWS Online Tech Talks

Developing Applications with the IoT Button - AWS Online Tech Talks

Developing Applications with the IoT Button - AWS Online Tech Talks

A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution

A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution

A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution

Serverless for Developers

Serverless for Developers

Serverless for Developers

Digital Transformation with smart products - EVRYTHNG

Digital Transformation with smart products - EVRYTHNG

Digital Transformation with smart products - EVRYTHNG

Hands-on Lab: Amazon ElastiCache

Hands-on Lab: Amazon ElastiCache

Hands-on Lab: Amazon ElastiCache

Similar to Netflix Cloud Security Overview

Instrument Rack to visualize  Rails requests processing

Instrument Rack to visualize  Rails requests processing

Instrument Rack to visualize  Rails requests processing

DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way

DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way

DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way

Pipeline as code for your infrastructure as Code

Pipeline as code for your infrastructure as Code

Pipeline as code for your infrastructure as Code

Hardening Kubernetes Cluster

Hardening Kubernetes Cluster

Hardening Kubernetes Cluster

Containers deployments in Kubernetes clusters create both familiar and new security challenges. Given the ephemeral nature of containers, the speed and agility goals of microservices architecture, a preliminary detection of potential risks, and early discovery of viable threats yield the best security outcomes. Successfully addressing the Kubernetes security challenges requires integrating security into each phase of the container lifecycle: build, deploy, and run. This webinar will throw light on how to: * Stay on top of ongoing Kubernetes hygiene by hardening your nodes, employing best practices * Implement role-based access control of users * Manage Kubernetes Secrets * Thwart an attack, with a live demo

Introducing CQ 5.1

Introducing CQ 5.1

Introducing CQ 5.1

David Nuescheler

Containing Chaos with Kubernetes - Terrence Ryan, Google - DevOpsDays Tel Avi...

Containing Chaos with Kubernetes - Terrence Ryan, Google - DevOpsDays Tel Avi...

Containing Chaos with Kubernetes - Terrence Ryan, Google - DevOpsDays Tel Avi...

DevOpsDays Tel Aviv

Creating pools of Virtual Machines - ApacheCon NA 2013

Creating pools of Virtual Machines - ApacheCon NA 2013

Creating pools of Virtual Machines - ApacheCon NA 2013

Live traffic capture and replay in cassandra 4.0

Live traffic capture and replay in cassandra 4.0

Live traffic capture and replay in cassandra 4.0

Vinay Kumar Chella

Capturing live traffic in a typical micro-services setup is one of the industry standard strategies for various needs including testing, canary, and dark launches, but when it comes to databases, capturing and replaying live traffic is quite challenging but equally critical. Cassandra is one of the few databases which supports a live traffic capture and replay feature out of the box starting with 4.0. As part of this talk, Vinay Chella will dive deeper into the query logging framework that is introduced in Cassandra 4.0, and the features built on top of this framework, including full query logging, audit logging, and traffic replay. At end of this talk, you will learn how to use audit logging, live traffic capture and replay features in the upcoming release of Cassandra.

Infrastructure Is Code with the AWS Cloud Development Kit (DEV372) - AWS re:I...

Infrastructure Is Code with the AWS Cloud Development Kit (DEV372) - AWS re:I...

Infrastructure Is Code with the AWS Cloud Development Kit (DEV372) - AWS re:I...

Amazon Web Services

The AWS Cloud Development Kit (AWS CDK) is a new open-source framework from AWS that enables developers to harness the full power of modern programming languages to define reusable cloud components and applications and provision them through AWS CloudFormation. The AWS CDK is shipped with a rich class library that encapsulates the details-defining infrastructure on AWS and enables you to focus on your application. In this session, we discuss why we decided to build the AWS CDK; we describe some of the high-level concepts; and we write some code on stage to demonstrate why we think the AWS CDK is going to be your best friend.

Devops with Python by Yaniv Cohen DevopShift

Devops with Python by Yaniv Cohen DevopShift

Devops with Python by Yaniv Cohen DevopShift

Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative

Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative

Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative

In this talk, we will leverage all cloud native stacks and tools to build Camel Quarkus routes natively using GraalVM native-image on Tekton pipeline and deploy these routes to Kubernetes cluster with Knative installed. We will dive into the following topics in the talk: - Introduction to Camel - Introduction to Camel Quarkus - Introduction to GraalVM Native Image - Introduction to Tekon - Introduction to Knative - Demo shows how to deploy end to end a Camel Quarkus route which include the following steps: - Look at whole deployment pipeline for Cloud Native Camel Quarkus routes - Build Camel Quarkus routes with GraalVM native-image on Tekton pipeline. - Deploy Camel Quarkus routes to Kubernetes cluster with Knative Targeted Audience: Users with basic Camel knowledge

Introducing TiDB - Percona Live Frankfurt

Introducing TiDB - Percona Live Frankfurt

Introducing TiDB - Percona Live Frankfurt

Win Spinnaker with Winnaker - Open Source North Conf 2017

Win Spinnaker with Winnaker - Open Source North Conf 2017

Win Spinnaker with Winnaker - Open Source North Conf 2017

Medya Ghazizadeh

DevOps Workflow: A Tutorial on Linux Containers

DevOps Workflow: A Tutorial on Linux Containers

DevOps Workflow: A Tutorial on Linux Containers

inside-BigData.com

In this deck from the Stanford HPC Conference, Christian Kniep from Docker, Inc. gives a tutorial on linux containers. "This tutorial provides a detailed overview of the components needed to run containerized applications and explores how distributed HPC applications can be tackled. We’ll explain the concept of Linux Containers and describe the bits and pieces participants will explore following step-by-step examples. The workshop will introduce the predominant forms of orchestration in the industry; what problems they solve and how to approach the problem. Attendees will explore the benefits and drawbacks of orchestrators first hand with their own small exemplary stack deployments. Finally the workshop will introduce how HPC and Big Data workloads can be tackled on-top of these service-oriented clusters." Watch the video: https://youtu.be/LJinZpCTyk0 Learn more: http://www.docker.com/ and http://hpcadvisorycouncil.com Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter

Neighborly nagios

Neighborly nagios

Neighborly nagios

David Josephsen

SouJava May 2020: Apache Camel 3 - the next generation of enterprise integration

SouJava May 2020: Apache Camel 3 - the next generation of enterprise integration

SouJava May 2020: Apache Camel 3 - the next generation of enterprise integration

In this session, we'll discuss: - What’s Apache Camel: An overview of Camel and what you use it for and why you should care. - Camel 3: Demos of how Camel 3, Camel K and Camel Quarkus all work together, and will provide insights into Camel’s role in the next major release of Red Hat Integration products. - Camel K: This serverless integration platform provides low-code/no-code capabilities, where integrations can be snapped together quickly using the powers from integration patterns and Camel’s extensive set of connectors. - Camel Quarkus: Using Knative (the fast runtime of Quarkus) and Camel K brings awesome serverless features, such as auto-scaling, scaling to zero, and event-based communication, with great integration capabilities from Apache Camel. You will also hear about the latest Camel sub-project Camel Kafka Connectors which makes it possible to use all the Camel components as Kafka Connect connectors. Finally we bring details of the roadmap for what is coming up in the Camel projects. And after the presentation we have about 30 minutes of QA answering all the questions from the audience.

Wido den Hollander - building highly available cloud with Ceph and CloudStack

Wido den Hollander - building highly available cloud with Ceph and CloudStack

Wido den Hollander - building highly available cloud with Ceph and CloudStack

Optimising Productivity with AWS Developer Tools

Optimising Productivity with AWS Developer Tools

Optimising Productivity with AWS Developer ToolsAmazon Web Services

Barak Merimovich (GIgaSpaces) & Gal Moav (Ravello) - Devstack on Demand, Open...

Barak Merimovich (GIgaSpaces) & Gal Moav (Ravello) - Devstack on Demand, Open...

Barak Merimovich (GIgaSpaces) & Gal Moav (Ravello) - Devstack on Demand, Open...

Cloud Native Day Tel Aviv

Build a Deep Learning App with Tensorflow & Redis by Jayesh Ahire and Sherin ...

Build a Deep Learning App with Tensorflow & Redis by Jayesh Ahire and Sherin ...

Build a Deep Learning App with Tensorflow & Redis by Jayesh Ahire and Sherin ...

Similar to Netflix Cloud Security Overview (20)

Instrument Rack to visualize  Rails requests processing

Instrument Rack to visualize  Rails requests processing

Instrument Rack to visualize  Rails requests processing

DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way

DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way

DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way

Pipeline as code for your infrastructure as Code

Pipeline as code for your infrastructure as Code

Pipeline as code for your infrastructure as Code

Hardening Kubernetes Cluster

Hardening Kubernetes Cluster

Hardening Kubernetes Cluster

Introducing CQ 5.1

Introducing CQ 5.1

Introducing CQ 5.1

Containing Chaos with Kubernetes - Terrence Ryan, Google - DevOpsDays Tel Avi...

Containing Chaos with Kubernetes - Terrence Ryan, Google - DevOpsDays Tel Avi...

Containing Chaos with Kubernetes - Terrence Ryan, Google - DevOpsDays Tel Avi...

Creating pools of Virtual Machines - ApacheCon NA 2013

Creating pools of Virtual Machines - ApacheCon NA 2013

Creating pools of Virtual Machines - ApacheCon NA 2013

Live traffic capture and replay in cassandra 4.0

Live traffic capture and replay in cassandra 4.0

Live traffic capture and replay in cassandra 4.0

Infrastructure Is Code with the AWS Cloud Development Kit (DEV372) - AWS re:I...

Infrastructure Is Code with the AWS Cloud Development Kit (DEV372) - AWS re:I...

Infrastructure Is Code with the AWS Cloud Development Kit (DEV372) - AWS re:I...

Devops with Python by Yaniv Cohen DevopShift

Devops with Python by Yaniv Cohen DevopShift

Devops with Python by Yaniv Cohen DevopShift

Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative

Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative

Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative

Introducing TiDB - Percona Live Frankfurt

Introducing TiDB - Percona Live Frankfurt

Introducing TiDB - Percona Live Frankfurt

Win Spinnaker with Winnaker - Open Source North Conf 2017

Win Spinnaker with Winnaker - Open Source North Conf 2017

Win Spinnaker with Winnaker - Open Source North Conf 2017

DevOps Workflow: A Tutorial on Linux Containers

DevOps Workflow: A Tutorial on Linux Containers

DevOps Workflow: A Tutorial on Linux Containers

Neighborly nagios

Neighborly nagios

Neighborly nagios

SouJava May 2020: Apache Camel 3 - the next generation of enterprise integration

SouJava May 2020: Apache Camel 3 - the next generation of enterprise integration

SouJava May 2020: Apache Camel 3 - the next generation of enterprise integration

Wido den Hollander - building highly available cloud with Ceph and CloudStack

Wido den Hollander - building highly available cloud with Ceph and CloudStack

Wido den Hollander - building highly available cloud with Ceph and CloudStack

Optimising Productivity with AWS Developer Tools

Optimising Productivity with AWS Developer Tools

Optimising Productivity with AWS Developer Tools

Barak Merimovich (GIgaSpaces) & Gal Moav (Ravello) - Devstack on Demand, Open...

Barak Merimovich (GIgaSpaces) & Gal Moav (Ravello) - Devstack on Demand, Open...

Barak Merimovich (GIgaSpaces) & Gal Moav (Ravello) - Devstack on Demand, Open...

Build a Deep Learning App with Tensorflow & Redis by Jayesh Ahire and Sherin ...

Build a Deep Learning App with Tensorflow & Redis by Jayesh Ahire and Sherin ...

Build a Deep Learning App with Tensorflow & Redis by Jayesh Ahire and Sherin ...

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Esegui pod serverless con Amazon EKS e AWS Fargate

Esegui pod serverless con Amazon EKS e AWS Fargate

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Costruire Applicazioni Moderne con AWS

Costruire Applicazioni Moderne con AWS

Costruire Applicazioni Moderne con AWS

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Come spendere fino al 90% in meno con i container e le istanze spot

Come spendere fino al 90% in meno con i container e le istanze spot

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Open banking as a service

Open banking as a service

Open banking as a service

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Computer Vision con AWS

Computer Vision con AWS

Computer Vision con AWS

Amazon Web Services

Database Oracle e VMware Cloud on AWS i miti da sfatare

Database Oracle e VMware Cloud on AWS i miti da sfatare

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

API moderne real-time per applicazioni mobili e web

API moderne real-time per applicazioni mobili e web

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Tools for building your MVP on AWS

Tools for building your MVP on AWS

Tools for building your MVP on AWSAmazon Web Services

How to Build a Winning Pitch Deck

How to Build a Winning Pitch Deck

How to Build a Winning Pitch DeckAmazon Web Services

Building a web application without servers

Building a web application without servers

Building a web application without serversAmazon Web Services

Fundraising Essentials

Fundraising Essentials

Fundraising EssentialsAmazon Web Services

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services

Introduzione a Amazon Elastic Container Service

Introduzione a Amazon Elastic Container Service

Introduzione a Amazon Elastic Container Service

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Esegui pod serverless con Amazon EKS e AWS Fargate

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Costruire Applicazioni Moderne con AWS

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Come spendere fino al 90% in meno con i container e le istanze spot

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Open banking as a service

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Computer Vision con AWS

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Database Oracle e VMware Cloud on AWS i miti da sfatare

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

API moderne real-time per applicazioni mobili e web

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

Tools for building your MVP on AWS

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

How to Build a Winning Pitch Deck

How to Build a Winning Pitch Deck

Building a web application without servers

Building a web application without servers

Building a web application without servers

Fundraising Essentials

Fundraising Essentials

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

Introduzione a Amazon Elastic Container Service

Introduzione a Amazon Elastic Container Service

Netflix Cloud Security Overview

1. RepoingIAMPermissions OurstrategyforAWSLeastPrivilege PatrickKelley TravisMcPeak

2. Agenda ●Introandcontextsetting ●Approaches ●Aardvark&Repokid ●Futurework

4. ●GeneralDynamics->eBay->Netflix ●Decenttrampolinejumper ●SecurityMonkey,CloudAux,Aardvark,Repokid PatrickKelley

5. ●Symantec->HP->IBM->Netflix ●OpenStackSecurity,CloudFoundrySecurity,OWASPBayArea ●Bandit,Recon,Aardvark,Repokid TravisMcPeak

6. Netflix LargeAWSdeployment ●100K+instances ●Thousandsofapplications ●Over50AWSaccounts Mediumengineering ●~2000inproduct ●~50securityengineers

7. Netflix Culturedrivesourdecisions,includingthiswork ●FreedomandResponsibility ●Context,notControl

9. LeastPrivilege Onlygranttherequiredaccess necessarytoperformlegitimate functions. SeemscontrarytoNetflixFreedomand Responsibilityvalue. Thetrickistobalance.

11. Developersrequestspecific permissionstheyneedtodeployand runtheirapp. Soundsreasonable...

12. ●86services* ●2318permissions* ●Hardtoknowbasedonname ●Whataboutdependencies? ●Hardtogetrightonfirst,second,thirdpass... Developersdon’tknowwhattheyneed *AccordingtoPolicyUniverse,updated5/31

13. PossibleApproaches

14. Profileintest,thendeploytoprod

15. Startwithnopermissions,add incrementally

16. Havedevelopersaddtheirown permissionswithself-service model

17. OurApproach

18. ●Appsgivenpermissionscommonlyusedduringdeployment ○Ifmoreneeded,wehaveaquickconversation ●Profiletherolecontinuously ●Takeawayunusedpermissions ●Deletetherolewhenit’snolongerused (Mostly)automatedrolelifecycle

19. ●DevelopersuseSpinnaker ●Spinnaker->Lambdawithinformation abouttheapp ●Lambdacreatesaroleandgives “base”permissions ○Basepermissionsdependon typeofappandaccount. Developerdeploysnewapp

20. ●CurrentlyusingAccessAdvisor ○WilluseCloudTrailsoon ●Findoutwhichpermissionsanappisusing ●Watchdenied/AAforservicesthataren’tallowed ○Eithermisconfigurationorattack Profilerolecontinuously

21. ●Takeawaypermissionsthathaven’tbeenusedrecently ○Hasthesidebenefitthatunusedappslosepriv ●Storeoldversionofpolicysowecanrollbackifneeded ●Soon:automaticallyrollbackifCloudTrailshowsdenied Repounusedpermissions

22. Attack! ●Alreadydemonstratedreal-worldbenefits ○Internaltesting ○Responsibledisclosureprogram ●Somestopped,somenot ○Wecan’trepopermissionstheappactuallyneeds!

23. ●Unusedappswillalreadyhavebeenrepoedto0 ●Finalstepistocleanuprolesthatarenolonger attachedtoapplications Deletetherolewhennolongerused

25. ●RetrieveandcacheAccessAdvisordatafromthe console ●Mostlyfeaturecomplete,plantoswitchtoAccess AdvisorAPIwhenavailablefromAWS Aardvark(NetflixOSS)

26.

28. ●Scanroles,lookforunusedpermissions,takethem away,makeiteasytorollback ●Chat-opsintegration:what’sbeingrepoed,opt-out, rollback ●LongtermstrategicforNetflixSecurity ○CloudTrailintegration ○Notificationsandreportstoappowner Repokid(NetflixOSS)

29.

30. Considerations/Edge-cases

31. ●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions Needtoconsider

32. ●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions ●Whatshouldwedotopreserveinfrequentlyusedpermissions? ○Suchasthoseusedindisasterrecovery Needtoconsider

33. ●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions ●Whatshouldwedotopreserveinfrequentlyusedpermissions? ○Suchasthoseusedindisasterrecovery ●Whatifsomethingbreaks? Needtoconsider

34. ●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions ●Whatshouldwedotopreserveinfrequentlyusedpermissions? ○Suchasthoseusedindisasterrecovery ●Whatifsomethingbreaks? ●Untrackedservices(Lightsail) Needtoconsider

35. ●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions ●Whatshouldwedotopreserveinfrequentlyusedpermissions? ○Suchasthoseusedindisasterrecovery ●Whatifsomethingbreaks? ●Untrackedservices(Lightsail) ●NewlyreleasedservicesmightnotbeinCT/AAyet Needtoconsider

36. ●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions ●Whatshouldwedotopreserveinfrequentlyusedpermissions? ○Suchasthoseusedindisasterrecovery ●Whatifsomethingbreaks? ●Untrackedservices(Lightsail) ●NewlyreleasedservicesmightnotbeinCT/AAyet ●Ifpoliciesuseawildcard,newpermissionsmightbeautomaticallyadded ○rds:create*mightgrowmorepowerfulovertime Needtoconsider

37. ●Newpermissionsshouldn’tgetrepoedforawhile ○Needtomakeiteasyfordeveloperstogetnewpermissions ●Whatshouldwedotopreserveinfrequentlyusedpermissions? ○Suchasthoseusedindisasterrecovery ●Whatifsomethingbreaks? ●Untrackedservices(Lightsail) ●NewlyreleasedservicesmightnotbeinCT/AAyet ●Ifpoliciesuseawildcard,newpermissionsmightbeautomaticallyadded ○rds:create*mightgrowmorepowerfulovertime ●CloudTraildoesn’tmap1:1withpermissions Needtoconsider

39. UserepodatatotightenbaseIAM FrequentlyrepoedservicesshouldnotbeincludedinbaseIAMinthefirstplace. -Wecantolerateasmallpercentageofdevelopersrequestingadditionalaccess

40. Introspection Examineapplicationsastheyarebeingdeployedandgivethempermissionsbasedon whattheyneed. Example:canseethat: -AspecificDynamotableisused -Theapplicationreadsfromaspecificqueue