SlideShare a Scribd company logo

NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017

Amazon Web Services
Amazon Web Services

PrivateLink provides private connectivity between VPCs, AWS Services and on-premises applications. Built with the same underlying technology that powers NAT Gateway, Network Load Balancer and AWS Service endpoints, PrivateLink is now available for use with your own applications. In the session, we’ll do a deep dive into the underlying network technology that is used by PrivateLink and explore how PrivateLink can be deployed to improve your network topologies and application architectures. We’ll also look at how PrivateLink improves micro-service architectures, allowing for services to be vended between AWS accounts and over DirectConnect connections.

1 of 42
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT AWS PrivateLink Deep Dive C o l m M a c C á r t h a i g h N E T 3 1 0 D e c e m b e r 1 , 2 0 1 7
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS PrivateLink
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink 10.1.0.0/16 10.1.2.3
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink 10.1.0.0/16 10.1.2.3
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for AWS Services • Launched on November 8, 2017 • APIs available as PrivateLink endpoints: Amazon Kinesis, Amazon EC2, Elastic Load Balancing, Amazon EC2 Systems Manager, AWS Service Catalog • Works with Amazon VPC security groups • Works with IAM policies
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for AWS Services • IP connectivity is private—no public IP addresses • Endpoints have regional and zonal names • And again: • Works with Amazon VPC security groups • Works with IAM policies
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for AWS Services
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for AWS Services • If a provider has targets and NLB in each zone, those zones will be available to customers • Best latency by being in as many zones as possible; use at least two for availability • Reminder: zone names vary between accounts! • Cross-region setups come with availability and data-sovereignty risks
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners • Great for vending SaaS services securely • AWS Marketplace integration available for easy discovery and billing • Ideal for compartmentalizing microservices into their own networks and accounts
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners NLB “Provider” VPC“Client” VPC
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Notification of lifecycle events available via Amazon SNS You can automate signups, leave, events Invoke AWS Lambda from Amazon SNS PrivateLink for Customers and Partners
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners • Pro tip: treat endpoint names as you would ELB names; use CNAMEs or Amazon Route 53 alias • Allows the provider to give short and meaningful names to clients • Integrate with wildcard DNS and wildcard SSL certificates
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners • Single-tenant mode: create a PrivateLink NLB for every client/customer • Multi-tenant mode: allow many customers to use the same PrivateLink NLB • How do we tell endpoint traffic from different VPCs apart?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners • Method 1: use traditional accounts/passwords/security tokens at application level • Method 2: use separate NLBs and different listener ports on the targets • Method 3: enable the ProxyProtocolV2 preamble
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS PrivateLink for Snowflake Matthew Glickman V i c e P r e s i d e n t , P r o d u c t M a n a g e m e n t S n o w f l a k e C o m p u t i n g
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS PrivateLink is a BIG DEAL
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake The data warehouse built for the cloud Centralized storage Service Compute Storage
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake Editions before Spring 2017 Standard § Complete SQL Data Warehouse § Business hour support M-F § 1 day of time travel § Always-on enterprise grade encryption in transit and at rest • Customer-dedicated virtual warehouses Premier Standard + § Premier Support 24 x 365 § Faster support response time § SLA with refund for outage Enterprise Premier + § Multi-Cluster warehouse § Up to 90 days of time travel § Federated authentication § Annual rekey of all encrypted data § Audit log § Cross-region replication (2018) ESD Enterprise + § HIPAA Support § PCI Compliance § Data encryption everywhere § Enhanced security policy § Tri-Secret Secure Customer-managed keys
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enterprise Security from First Principles • Encryption at rest and in transit • Ultimate control over keys
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake Deployment Snowflake Multi-Tenant Pod and VPC Customer VPC AWSRegion Cloud Services Virtual Warehouses Metadata Store Amazon S3 Load Balancer Encryption on disk and in transit Customer-Dedicated Virtual Instances ELB AWS Region Secure Traffic Over Internet
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake ESD AWSRegion Cloud Services Virtual Warehouses Metadata Store Load Balancer Encryption on disk and in transit Customer-Dedicated Virtual Instances ELB Tri-Secret Secure customer-managed keys Customer VPC AWS Region Snowflake Multi-Tenant Pod and VPC Secure Traffic Over Internet Amazon S3
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tri-Secret Secure: Customer-Managed Keys Tri-secret secure Split Encryption Keys Amazon has no access to customer data Two-factor logon credential Required for data access Three Secrets Snowflake can’t access data without customer-provided key Customer Key Snowflake Key Logon Credential+ + AWS KMS
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Encryption at rest and in transit • Ultimate control over keys • Dedicated instance Enterprise Security from First Principles
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake Editions Standard § Complete SQL Data Warehouse § Business hour support M-F § 1 day of time travel § Always-on enterprise grade encryption in transit and at rest • Customer-dedicated virtual warehouses Premier Standard + § Premier Support 24 x 365 § Faster support response time § SLA with refund for outage Enterprise Premier + § Multi-Cluster warehouse § Up to 90 days of time travel § Federated authentication § Annual rekey of all encrypted data § Audit log § Cross-region replication (2018) ESD Enterprise + § HIPAA Support § PCI Compliance § Data encryption everywhere § Enhanced security policy § Tri-Secret Secure Customer-managed keys Virtual Private Snowflake (VPS) ESD+ • Customer-dedicated virtual servers wherever the encryption key is in memory • Customer-dedicated metadata store • Secure proxy to customer VPC or on- premises data center • Business Critical Support
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake VPS VPS Secure Pod and Dedicated VPC AWSRegion Cloud Services Virtual Warehouses Metadata Store Amazon S3 (Separate Account) Load Balancer Encryption on disk and in transit Customer-Dedicated Virtual Instances Customer VPC AWS Region Tri-Secret Secure customer-managed keys Proxy Secure Traffic Over Internet ELB
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Encryption at rest and in transit • Ultimate control over keys • Dedicated instance • Private network connectivity Enterprise Security from First Principles
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake ESD with AWS PrivateLink Snowflake Multi-Tenant Pod AWSRegion Cloud Services Virtual Warehouses Metadata Store Load Balancer Encryption on disk and in transit Customer-Dedicated Virtual Instances AWS PrivateLink Customer VPC Secure Traffic Within Region Tri-Secret Secure customer-managed keys NLB Amazon S3
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake VPS with AWS PrivateLink VPS Secure Pod and Dedicated VPC AWSRegion Encryption on disk and in transit Customer-Dedicated Virtual Instances AWS PrivateLink Tri-Secret Secure customer-managed keys Secure Traffic Within Region Cloud Services Virtual Warehouses Metadata Store Amazon S3 (Separate Account) Load Balancer Customer VPC NLB
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Direct Connect + PrivateLink + Snowflake VPS VPS Secure Pod and Dedicated VPC AWSRegion On-Premises Customer AWS Direct Connect Secure Traffic Within Region Cloud Services Virtual Warehouses Metadata Store Amazon S3 (Separate Account) Load Balancer Customer VPC NLB
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Encryption at rest and in transit • Ultimate control over keys • Dedicated instance • Private network connectivity For more information: https://bit.ly/privatelink-snowflake Enterprise Security from First Principles
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS HyperPlane
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS HyperPlane • Evolution of the S3 load balancer • First used with Amazon Elastic File System (Amazon EFS) • Also powers NLBs and NAT gateways
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS HyperPlane • Running in EC2, on EC2 • Distributed, transactional, connection-tracking machine • Not a proxy! • Rewrites packets and can even insert new ones
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners NLB “Provider” VPC“Client” VPC
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS PrivateLink at GE Larry Hook P r i n c i p a l I n f r a s t r u c t u r e A r c h i t e c t G E D i g i t a l
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Who is GE? Larry Hook, Cloud Architect - Working on AWS since 2011 GE is the leading multi-national digital industrial company - Multiple lines of business (digital, aviation, power, healthcare, transportation, current) - Operating in 170+ countries worldwide A multi-year cloud journey with 2,000+ applications migrated - Began with 50 apps in 30 days - Multiple migration types (lift & shift, re-architect, cloud-native) - Multiple risk profiles
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Public Cloud Team 4-year journey - Vend environments to internal GE customers - Self-service deployment model (BU opt-in) - BUs only call when support is needed Provide corporate guardrails and services - Multiple designs along the way Additional functions: - Commercial and cloud-native applications - Engineering and manufacturing app optimization - Traditional IT data center cleanup
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink @ GE Current environment - Many accounts connected over Direct Connect - Many accounts peered together - Corporate services reside on-premises PrivateLink benefits - Secure connectivity to corporate services (authentication, security tools, vulnerability tools) - Simplify peering, routing, and firewall designs (reduce/remove NACLs) - DNS as a service registry - Provides incentive to move corporate services to AWS Excellent beta experience—AWS was always responsive and in touch with our team
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS PrivateLink • Easy to get started • Feels like an NLB: metrics, health checks, failover, and more • Same capabilities for customers and partners as for AWS services • Opens up on-premises/intranet applications
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Recommended

NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsNET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
Amazon Web Services
 
GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...
GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...
GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...
Amazon Web Services
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Amazon Web Services
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
Amazon Web Services
 
Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...
Amazon Web Services
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated Workload
Amazon Web Services
 
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and Alexa
Amazon Web Services
 
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Amazon Web Services
 

Recommended

NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsNET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
Amazon Web Services
 
GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...
GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...
GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...
Amazon Web Services
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Amazon Web Services
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
Amazon Web Services
 
Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...
Amazon Web Services
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated Workload
Amazon Web Services
 
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and Alexa
Amazon Web Services
 
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Amazon Web Services
 
ARC304_From One to Many Evolving VPC Design
ARC304_From One to Many Evolving VPC DesignARC304_From One to Many Evolving VPC Design
ARC304_From One to Many Evolving VPC Design
Amazon Web Services
 
STG401_This Is My Architecture
STG401_This Is My ArchitectureSTG401_This Is My Architecture
STG401_This Is My Architecture
Amazon Web Services
 
ENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale MigrationsENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale Migrations
Amazon Web Services
 
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MDEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
Amazon Web Services
 
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Amazon Web Services
 
DEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to MicroservicesDEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to Microservices
Amazon Web Services
 
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsNET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
Amazon Web Services
 
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
Amazon Web Services
 
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Amazon Web Services
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
Amazon Web Services
 
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
Amazon Web Services
 
NEW LAUNCH! Hear how the Pac-12 is using AWS Elemental MediaStore and explore...
NEW LAUNCH! Hear how the Pac-12 is using AWS Elemental MediaStore and explore...NEW LAUNCH! Hear how the Pac-12 is using AWS Elemental MediaStore and explore...
NEW LAUNCH! Hear how the Pac-12 is using AWS Elemental MediaStore and explore...
Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security Team
Amazon Web Services
 
CTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksCTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash Talks
Amazon Web Services
 
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
Amazon Web Services
 
NEW LAUNCH! Introducing AWS IoT Analytics - IOT214 - re:Invent 2017
NEW LAUNCH! Introducing AWS IoT Analytics - IOT214 - re:Invent 2017NEW LAUNCH! Introducing AWS IoT Analytics - IOT214 - re:Invent 2017
NEW LAUNCH! Introducing AWS IoT Analytics - IOT214 - re:Invent 2017
Amazon Web Services
 
ARC201_Scaling Up to Your First 10 Million Users
ARC201_Scaling Up to Your First 10 Million UsersARC201_Scaling Up to Your First 10 Million Users
ARC201_Scaling Up to Your First 10 Million Users
Amazon Web Services
 
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Amazon Web Services
 
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityFSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
Amazon Web Services
 
Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017
Amazon Web Services
 
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Amazon Web Services
 
Intro To AWS for Mobile Developers: Collision 2018
Intro To AWS for Mobile Developers: Collision 2018Intro To AWS for Mobile Developers: Collision 2018
Intro To AWS for Mobile Developers: Collision 2018
Amazon Web Services
 

More Related Content

What's hot

ARC304_From One to Many Evolving VPC Design
ARC304_From One to Many Evolving VPC DesignARC304_From One to Many Evolving VPC Design
ARC304_From One to Many Evolving VPC Design
Amazon Web Services
 
STG401_This Is My Architecture
STG401_This Is My ArchitectureSTG401_This Is My Architecture
STG401_This Is My Architecture
Amazon Web Services
 
ENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale MigrationsENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale Migrations
Amazon Web Services
 
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MDEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
Amazon Web Services
 
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Amazon Web Services
 
DEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to MicroservicesDEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to Microservices
Amazon Web Services
 
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsNET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
Amazon Web Services
 
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
Amazon Web Services
 
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Amazon Web Services
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
Amazon Web Services
 
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
Amazon Web Services
 
NEW LAUNCH! Hear how the Pac-12 is using AWS Elemental MediaStore and explore...
NEW LAUNCH! Hear how the Pac-12 is using AWS Elemental MediaStore and explore...NEW LAUNCH! Hear how the Pac-12 is using AWS Elemental MediaStore and explore...
NEW LAUNCH! Hear how the Pac-12 is using AWS Elemental MediaStore and explore...
Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security Team
Amazon Web Services
 
CTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksCTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash Talks
Amazon Web Services
 
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
Amazon Web Services
 
NEW LAUNCH! Introducing AWS IoT Analytics - IOT214 - re:Invent 2017
NEW LAUNCH! Introducing AWS IoT Analytics - IOT214 - re:Invent 2017NEW LAUNCH! Introducing AWS IoT Analytics - IOT214 - re:Invent 2017
NEW LAUNCH! Introducing AWS IoT Analytics - IOT214 - re:Invent 2017
Amazon Web Services
 
ARC201_Scaling Up to Your First 10 Million Users
ARC201_Scaling Up to Your First 10 Million UsersARC201_Scaling Up to Your First 10 Million Users
ARC201_Scaling Up to Your First 10 Million Users
Amazon Web Services
 
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Amazon Web Services
 
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityFSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
Amazon Web Services
 
Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017
Amazon Web Services
 

What's hot (20)

ARC304_From One to Many Evolving VPC Design
ARC304_From One to Many Evolving VPC DesignARC304_From One to Many Evolving VPC Design
ARC304_From One to Many Evolving VPC Design
 
STG401_This Is My Architecture
STG401_This Is My ArchitectureSTG401_This Is My Architecture
STG401_This Is My Architecture
 
ENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale MigrationsENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale Migrations
 
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MDEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
 
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
 
DEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to MicroservicesDEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to Microservices
 
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsNET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
 
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
 
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
Deep Dive on Amazon Glacier - STG303 - re:Invent 2017
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
 
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
MBL209_Learn How MicroStrategy on AWS is Helping Vivint Solar Deliver Clean E...
 
NEW LAUNCH! Hear how the Pac-12 is using AWS Elemental MediaStore and explore...
NEW LAUNCH! Hear how the Pac-12 is using AWS Elemental MediaStore and explore...NEW LAUNCH! Hear how the Pac-12 is using AWS Elemental MediaStore and explore...
NEW LAUNCH! Hear how the Pac-12 is using AWS Elemental MediaStore and explore...
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security Team
 
CTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash TalksCTD301_Amazon CloudFront Flash Talks
CTD301_Amazon CloudFront Flash Talks
 
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
 
NEW LAUNCH! Introducing AWS IoT Analytics - IOT214 - re:Invent 2017
NEW LAUNCH! Introducing AWS IoT Analytics - IOT214 - re:Invent 2017NEW LAUNCH! Introducing AWS IoT Analytics - IOT214 - re:Invent 2017
NEW LAUNCH! Introducing AWS IoT Analytics - IOT214 - re:Invent 2017
 
ARC201_Scaling Up to Your First 10 Million Users
ARC201_Scaling Up to Your First 10 Million UsersARC201_Scaling Up to Your First 10 Million Users
ARC201_Scaling Up to Your First 10 Million Users
 
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
 
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityFSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
 
Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017
 

Similar to NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017

Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Amazon Web Services
 
Intro To AWS for Mobile Developers: Collision 2018
Intro To AWS for Mobile Developers: Collision 2018Intro To AWS for Mobile Developers: Collision 2018
Intro To AWS for Mobile Developers: Collision 2018
Amazon Web Services
 
Case Study: The internals of Amazon.com's architecture that allows it to secu...
Case Study: The internals of Amazon.com's architecture that allows it to secu...Case Study: The internals of Amazon.com's architecture that allows it to secu...
Case Study: The internals of Amazon.com's architecture that allows it to secu...
Amazon Web Services
 
How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)
How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)
How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)
Amazon Web Services
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
Amazon Web Services
 
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
Amazon Web Services
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
Kristana Kane
 
Introduction to AWS for Mobile Developers
Introduction to AWS for Mobile DevelopersIntroduction to AWS for Mobile Developers
Introduction to AWS for Mobile Developers
Amazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
Systems Operations for Windows Workloads
Systems Operations for Windows WorkloadsSystems Operations for Windows Workloads
Systems Operations for Windows Workloads
Amazon Web Services
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 
Introduction to Serverless Computing and AWS Lambda - AWS IL Meetup
Introduction to Serverless Computing and AWS Lambda - AWS IL MeetupIntroduction to Serverless Computing and AWS Lambda - AWS IL Meetup
Introduction to Serverless Computing and AWS Lambda - AWS IL Meetup
Boaz Ziniman
 
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Amazon Web Services
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
Amazon Web Services
 
AWS Edge Media Services
AWS Edge Media ServicesAWS Edge Media Services
AWS Edge Media Services
M5sime
 
Migrating Millions of Video Content Files to The Cloud Using AWS Snowball - S...
Migrating Millions of Video Content Files to The Cloud Using AWS Snowball - S...Migrating Millions of Video Content Files to The Cloud Using AWS Snowball - S...
Migrating Millions of Video Content Files to The Cloud Using AWS Snowball - S...
Amazon Web Services
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Amazon Web Services
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on aws
Bela Sojina MBA, PMP
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
Amazon Web Services
 
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
Amazon Web Services
 

Similar to NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017 (20)

Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
Staying Armed with AWS Cloud HSM and AWS WAF - AWS Public Sector Summit Singa...
 
Intro To AWS for Mobile Developers: Collision 2018
Intro To AWS for Mobile Developers: Collision 2018Intro To AWS for Mobile Developers: Collision 2018
Intro To AWS for Mobile Developers: Collision 2018
 
Case Study: The internals of Amazon.com's architecture that allows it to secu...
Case Study: The internals of Amazon.com's architecture that allows it to secu...Case Study: The internals of Amazon.com's architecture that allows it to secu...
Case Study: The internals of Amazon.com's architecture that allows it to secu...
 
How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)
How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)
How to Handle PCI and HIPAA Compliance with Serverless Architecture( SRV214)
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
 
Introduction to AWS for Mobile Developers
Introduction to AWS for Mobile DevelopersIntroduction to AWS for Mobile Developers
Introduction to AWS for Mobile Developers
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 
Systems Operations for Windows Workloads
Systems Operations for Windows WorkloadsSystems Operations for Windows Workloads
Systems Operations for Windows Workloads
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Introduction to Serverless Computing and AWS Lambda - AWS IL Meetup
Introduction to Serverless Computing and AWS Lambda - AWS IL MeetupIntroduction to Serverless Computing and AWS Lambda - AWS IL Meetup
Introduction to Serverless Computing and AWS Lambda - AWS IL Meetup
 
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
 
AWS Edge Media Services
AWS Edge Media ServicesAWS Edge Media Services
AWS Edge Media Services
 
Migrating Millions of Video Content Files to The Cloud Using AWS Snowball - S...
Migrating Millions of Video Content Files to The Cloud Using AWS Snowball - S...Migrating Millions of Video Content Files to The Cloud Using AWS Snowball - S...
Migrating Millions of Video Content Files to The Cloud Using AWS Snowball - S...
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on aws
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

NEW LAUNCH! AWS PrivateLink Deep Dive - NET310 - re:Invent 2017

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT AWS PrivateLink Deep Dive C o l m M a c C á r t h a i g h N E T 3 1 0 D e c e m b e r 1 , 2 0 1 7
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS PrivateLink
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink 10.1.0.0/16 10.1.2.3
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink 10.1.0.0/16 10.1.2.3
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for AWS Services • Launched on November 8, 2017 • APIs available as PrivateLink endpoints: Amazon Kinesis, Amazon EC2, Elastic Load Balancing, Amazon EC2 Systems Manager, AWS Service Catalog • Works with Amazon VPC security groups • Works with IAM policies
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for AWS Services • IP connectivity is private—no public IP addresses • Endpoints have regional and zonal names • And again: • Works with Amazon VPC security groups • Works with IAM policies
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for AWS Services
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for AWS Services • If a provider has targets and NLB in each zone, those zones will be available to customers • Best latency by being in as many zones as possible; use at least two for availability • Reminder: zone names vary between accounts! • Cross-region setups come with availability and data-sovereignty risks
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners • Great for vending SaaS services securely • AWS Marketplace integration available for easy discovery and billing • Ideal for compartmentalizing microservices into their own networks and accounts
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners NLB “Provider” VPC“Client” VPC
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Notification of lifecycle events available via Amazon SNS You can automate signups, leave, events Invoke AWS Lambda from Amazon SNS PrivateLink for Customers and Partners
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners • Pro tip: treat endpoint names as you would ELB names; use CNAMEs or Amazon Route 53 alias • Allows the provider to give short and meaningful names to clients • Integrate with wildcard DNS and wildcard SSL certificates
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners • Single-tenant mode: create a PrivateLink NLB for every client/customer • Multi-tenant mode: allow many customers to use the same PrivateLink NLB • How do we tell endpoint traffic from different VPCs apart?
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners • Method 1: use traditional accounts/passwords/security tokens at application level • Method 2: use separate NLBs and different listener ports on the targets • Method 3: enable the ProxyProtocolV2 preamble
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS PrivateLink for Snowflake Matthew Glickman V i c e P r e s i d e n t , P r o d u c t M a n a g e m e n t S n o w f l a k e C o m p u t i n g
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS PrivateLink is a BIG DEAL
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake The data warehouse built for the cloud Centralized storage Service Compute Storage
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake Editions before Spring 2017 Standard § Complete SQL Data Warehouse § Business hour support M-F § 1 day of time travel § Always-on enterprise grade encryption in transit and at rest • Customer-dedicated virtual warehouses Premier Standard + § Premier Support 24 x 365 § Faster support response time § SLA with refund for outage Enterprise Premier + § Multi-Cluster warehouse § Up to 90 days of time travel § Federated authentication § Annual rekey of all encrypted data § Audit log § Cross-region replication (2018) ESD Enterprise + § HIPAA Support § PCI Compliance § Data encryption everywhere § Enhanced security policy § Tri-Secret Secure Customer-managed keys
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enterprise Security from First Principles • Encryption at rest and in transit • Ultimate control over keys
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake Deployment Snowflake Multi-Tenant Pod and VPC Customer VPC AWSRegion Cloud Services Virtual Warehouses Metadata Store Amazon S3 Load Balancer Encryption on disk and in transit Customer-Dedicated Virtual Instances ELB AWS Region Secure Traffic Over Internet
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake ESD AWSRegion Cloud Services Virtual Warehouses Metadata Store Load Balancer Encryption on disk and in transit Customer-Dedicated Virtual Instances ELB Tri-Secret Secure customer-managed keys Customer VPC AWS Region Snowflake Multi-Tenant Pod and VPC Secure Traffic Over Internet Amazon S3
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tri-Secret Secure: Customer-Managed Keys Tri-secret secure Split Encryption Keys Amazon has no access to customer data Two-factor logon credential Required for data access Three Secrets Snowflake can’t access data without customer-provided key Customer Key Snowflake Key Logon Credential+ + AWS KMS
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Encryption at rest and in transit • Ultimate control over keys • Dedicated instance Enterprise Security from First Principles
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake Editions Standard § Complete SQL Data Warehouse § Business hour support M-F § 1 day of time travel § Always-on enterprise grade encryption in transit and at rest • Customer-dedicated virtual warehouses Premier Standard + § Premier Support 24 x 365 § Faster support response time § SLA with refund for outage Enterprise Premier + § Multi-Cluster warehouse § Up to 90 days of time travel § Federated authentication § Annual rekey of all encrypted data § Audit log § Cross-region replication (2018) ESD Enterprise + § HIPAA Support § PCI Compliance § Data encryption everywhere § Enhanced security policy § Tri-Secret Secure Customer-managed keys Virtual Private Snowflake (VPS) ESD+ • Customer-dedicated virtual servers wherever the encryption key is in memory • Customer-dedicated metadata store • Secure proxy to customer VPC or on- premises data center • Business Critical Support
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake VPS VPS Secure Pod and Dedicated VPC AWSRegion Cloud Services Virtual Warehouses Metadata Store Amazon S3 (Separate Account) Load Balancer Encryption on disk and in transit Customer-Dedicated Virtual Instances Customer VPC AWS Region Tri-Secret Secure customer-managed keys Proxy Secure Traffic Over Internet ELB
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Encryption at rest and in transit • Ultimate control over keys • Dedicated instance • Private network connectivity Enterprise Security from First Principles
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake ESD with AWS PrivateLink Snowflake Multi-Tenant Pod AWSRegion Cloud Services Virtual Warehouses Metadata Store Load Balancer Encryption on disk and in transit Customer-Dedicated Virtual Instances AWS PrivateLink Customer VPC Secure Traffic Within Region Tri-Secret Secure customer-managed keys NLB Amazon S3
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowflake VPS with AWS PrivateLink VPS Secure Pod and Dedicated VPC AWSRegion Encryption on disk and in transit Customer-Dedicated Virtual Instances AWS PrivateLink Tri-Secret Secure customer-managed keys Secure Traffic Within Region Cloud Services Virtual Warehouses Metadata Store Amazon S3 (Separate Account) Load Balancer Customer VPC NLB
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Direct Connect + PrivateLink + Snowflake VPS VPS Secure Pod and Dedicated VPC AWSRegion On-Premises Customer AWS Direct Connect Secure Traffic Within Region Cloud Services Virtual Warehouses Metadata Store Amazon S3 (Separate Account) Load Balancer Customer VPC NLB
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Encryption at rest and in transit • Ultimate control over keys • Dedicated instance • Private network connectivity For more information: https://bit.ly/privatelink-snowflake Enterprise Security from First Principles
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS HyperPlane
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS HyperPlane • Evolution of the S3 load balancer • First used with Amazon Elastic File System (Amazon EFS) • Also powers NLBs and NAT gateways
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS HyperPlane • Running in EC2, on EC2 • Distributed, transactional, connection-tracking machine • Not a proxy! • Rewrites packets and can even insert new ones
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink for Customers and Partners NLB “Provider” VPC“Client” VPC
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS PrivateLink at GE Larry Hook P r i n c i p a l I n f r a s t r u c t u r e A r c h i t e c t G E D i g i t a l
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Who is GE? Larry Hook, Cloud Architect - Working on AWS since 2011 GE is the leading multi-national digital industrial company - Multiple lines of business (digital, aviation, power, healthcare, transportation, current) - Operating in 170+ countries worldwide A multi-year cloud journey with 2,000+ applications migrated - Began with 50 apps in 30 days - Multiple migration types (lift & shift, re-architect, cloud-native) - Multiple risk profiles
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Public Cloud Team 4-year journey - Vend environments to internal GE customers - Self-service deployment model (BU opt-in) - BUs only call when support is needed Provide corporate guardrails and services - Multiple designs along the way Additional functions: - Commercial and cloud-native applications - Engineering and manufacturing app optimization - Traditional IT data center cleanup
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink @ GE Current environment - Many accounts connected over Direct Connect - Many accounts peered together - Corporate services reside on-premises PrivateLink benefits - Secure connectivity to corporate services (authentication, security tools, vulnerability tools) - Simplify peering, routing, and firewall designs (reduce/remove NACLs) - DNS as a service registry - Provides incentive to move corporate services to AWS Excellent beta experience—AWS was always responsive and in touch with our team
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS PrivateLink • Easy to get started • Feels like an NLB: metrics, health checks, failover, and more • Same capabilities for customers and partners as for AWS services • Opens up on-premises/intranet applications
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!