(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environment | AWS re:Invent 2014

•

7 likes•6,967 views

Have you wondered how you can use your corporate directory for accessing AWS? Or how you can build an AWS-powered application accessible to the millions of users from social identity providers like Amazon, Google, or Facebook? If so, this session will give you the tools you need to get started. It will provide a variety of examples to make it easier for you to use other identity pools with AWS, as well as cover open standards like Security Assertion Markup Language (SAML). Anyone who deals with external identities won't want to miss this session.

Technology

Session
Access Key ID
Secret Access Key
Expiration
Session Token

Customer (Identity Provider) AWS Cloud (Relying Party)
AWS
Management
Console
Browser
interface
Corporate
directory
Federation
proxy
1Browse to URL
3
2
Redirect to
Console
10
Generate URL9
4 List RolesRequest
8
Assume Role Response
Temp Credentials
- Access Key ID
- Secret Access Key
- Session Token
7 AssumeRole Request
Create combo
box
6
Federation
proxy
• Uses a set of IAM user credentials to
make AssumeRoleRequest()
• IAM user permissions only need to be
able to call ListRoles & assume role
• Proxy needs to securely store these
credentials
5
List RolesResponse

Customer (Identity Provider) AWS Cloud (Relying Party)
AWS Resources
User
Application
Active
Directory
Federation Proxy
4
Get Federation
Token Request
3
2
Amazon S3
Bucket
with Objects
Amazon
DynamoDB
Amazon
EC2
Request
Session 1
Receive
Session6
5
Get Federation Token
Response
• Access Key
• Secret Key
• Session Token
APP
Federation
Proxy
• Uses a set of IAM user credentials to
make a GetFederationTokenRequest()
• IAM user permissions need to be the
union of all federated user permissions
• Proxy needs to securely store these
privileged credentials
Call AWS APIs7

Enterprise (Identity Provider) AWS (Service Provider)
AWS Sign-in
Browser
interface
Corporate
identity store
Identity provider
1User
browses to
Identity provider
2 Receives
AuthN response
5 Redirect client
AWS Management
Console
3
Post to Sign-In
Passing AuthN Response
4

AWS Cloud
US-EAST-1
EU-WEST-1
AP-SOUTHEAST-1
AWS Services
Amazon
DynamoDB
Amazon S3
Authenticate
User 1
6
7
IAM
EC2
Instances
Token
Verification
4
Web identity
Provider
3
5
Check
Policy
Id Token
2
Mobile App

us-east-1
App
Security Token Service
DynamoDB
OpenID Connect-
compliant
identity provider
2
4
Uses the temporary
credentials to access
AWS services
Redirect for
authentication and
receive an ID token
Exchange ID token for
Cognito token
3
End
User
1
Start using the app
Cognito
Exchange Cognito token
for temporary AWS
credentials
Developer’s AWS Account
5

http://bit.ly/1n1z1QL
http://amzn.to/11AFKtS
http://amzn.to/1vlBZ6N
http://bit.ly/10KUSoC
http://bit.ly/1rNzWCF
http://bit.ly/13vFehT
http://bit.ly/1p2Ip6M

Please give us your feedback on this session.
Complete session evaluations and earn re:Invent swag.
http://bit.ly/awsevals

Amazon Web Services IAM has a cohesive set of features, including authentication, service and resource authorization, and privilege delegation. But how does AWS IAM interact with an organization's external identity management framework? In this session, we will look at the identity disciplines, including authorization, identity governance and administration (IGA), provisioning, authentication and single sign-on-and their associated standards like XACML, SCIM, SAML, OAuth, OpenID Connect, and FIDO. We will specify how these externalized identity functions can be integrated with AWS to deliver a cohesive organizational identity management framework. We will also cover real-world deployments of externalized identity systems with AWS.

(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014

Amazon Web Services

(SEC308) Navigating PCI Compliance in the Cloud | AWS re:Invent 2014

Amazon Web Services

Navigating Payment Card Industry (PCI) compliance on AWS can be easier than in a traditional data center. This session discusses how PaymentSpring implemented a PCI level-1 certified payment gateway running entirely on AWS. PaymentSpring will talk about how they designed the system to make PCI validation easier, what AWS provided, and what additional tools PaymentSpring added. Along the way, they'll cover some things they did to reduce costs and increase the overall security of the system.

(SEC302) Delegating Access to Your AWS Environment | AWS re:Invent 2014

Amazon Web Services

Federation

Amazon Web Services

Account Separation and Mandatory Access Control

Amazon Web Services

(MBL301) Creating Voice Experiences Using Amazon Alexa

Amazon Web Services

Alexa is the speech and personal assistant technology behind Amazon Echo. Today you can use Alexa to listen to music, play games, check traffic and weather, control your household devices such as Philips Hue and Belkin WeMo, and lots more. Alexa offers a full-featured set of APIs and SDKs that you can use to teach her new skills and add her into devices and applications of your own. In this talk, intended for software and hardware developers interested in voice control, home automation, and personal assistant technology, we will walk through the development of a new Alexa skill and incorporate it into a consumer-facing device.

(SEC315) AWS Directory Service Deep Dive

Amazon Web Services

AWS Directory Service enables you to create a new Active Directory domain in AWS with Simple AD or to connect your existing Active Directory domain with AD Connector. Learn how to use these offerings to domain join and enable single sign-on (SSO) to your Amazon EC2 Windows and Linux instances, set up federated access to the AWS Management Console, and use Amazon WorkSpaces, Amazon WorkDocs, and Amazon WorkMail.

Amazon Cognito now makes it easy to sign up and sign in users to your mobile and web apps. Previously, with Amazon Cognito you can use social identity providers like Facebook, Google, Twitter, and Amazon for user sign-in and federate these identities to allow secure access to AWS resources. Now with User Identity Pools in Amazon Cognito, you get a secure, low-cost, and fully managed user directory that can scale to 100s of millions of users. Join us for an overview of Amazon Cognito and how to get started with User Identity Pools.

Secure Content Delivery with AWS

Amazon Web Services

Monitoring and Alerting

Amazon Web Services

AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption

Amazon Web Services

How do you protect your private information and customer PII in the cloud when you don’t control all the hardware or software components that might access that information? AWS allows you to offload many management and data-handling tasks, but how do you evaluate the risks to your data as it passes through these services? AWS offers many options for using encryption to protect your data in transit and at rest. A variety of features let you determine how much control you want over your encryption keys in order to meet your security goals. This webinar will help you understand which AWS encryption features are available, when to use them, and how to integrate them in your workloads. In this webinar, you will learn: • Learn how to think about using encryption to protect your private information in the cloud • Learn how to evaluate key management architectures to determine whether they meet your needs • Learn how to use AWS encryption features to accomplish your data security goals. Who Should Attend: • Developers, DevOps Engineers, and IT Security Administrators

Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013

Amazon Web Services

With the rapid increase of complexity in managing security for distributed IT and cloud computing, security, and compliance managers can innovate in how to ensure a high level of security is practiced to manage AWS resources. In this session, Chad Woolf, Director of Compliance for AWS will discuss which AWS service features can be leveraged to achieve a high level of security assurance over AWS resources, giving you more control of the security of your data and preparing you for a wide range of audits. Attendees will also learn first-hand what some AWS customers have accomplished by leveraging AWS features to meet specific industry compliance requirements.

Getting Maximum Performance from Amazon Redshift (DAT305) | AWS re:Invent 2013

Amazon Web Services

Get the most out of Amazon Redshift by learning about cutting-edge data warehousing implementations. Desk.com, a Salesforce.com company, discusses how they maintain a large concurrent user base on their customer-facing business intelligence portal powered by Amazon Redshift. HasOffers shares how they load 60 million events per day into Amazon Redshift with a 3-minute end-to-end load latency to support ad performance tracking for thousands of affiliate networks. Finally, Aggregate Knowledge discusses how they perform complex queries at scale with Amazon Redshift to support their media intelligence platform.

Security best practices on AWS - Pop-up Loft TLV 2017

Amazon Web Services

(SEC324) NEW! Introducing Amazon Inspector

Amazon Web Services

"Amazon Inspector is a new service from AWS that identifies security issues in your application deployments. Use Inspector with your applications to assess your security posture and identify areas that can be improved. Inspector works with your Amazon EC2 instances to monitor activity in your applications and system. This session will cover getting started with Inspector, how to automate the process, how to manage and act on findings, and additional ways you can enhance your development and release lifecycle using Inspector."

AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...

Amazon Web Services

Customers using AWS resources such as EC2 instances, EC2 Security Groups and RDS instances would like to track changes made to such resources and who made those changes. In this session, customers will learn about gaining visibility into user activity in their account and aggregating logs across multiple accounts into a single bucket. Customers will also learn about how they can use the user activity logs to meet the logging guidelines/requirements of different compliance standards. AWS Advanced Technology Partners Splunk/Sumologic (exact partners TBD) will demonstrate applications for analyzing user activity within an AWS account.

(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014

Amazon Web Services

Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.

(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Ser...

Amazon Web Services

(SEC316) Harden Your Architecture w/ Security Incident Response Simulations

Amazon Web Services

Using Security Incident Response Simulations (SIRS--also commonly called IR Game Days) regularly keeps your first responders in practice and ready to engage in real events. SIRS help you identify and close security gaps in your platform, and application layers then validate your ability to respond. In this session, we will share a straightforward method for conducting SIRS. Then AWS enterprise customers will take the stage to share their experience running joint SIRS with AWS on their AWS architectures. Learn about detection, containment, data preservation, security controls, and more.

(SEC401) Encryption Key Storage with AWS KMS at Okta

Amazon Web Services

One of the biggest challenges in writing code that manages encrypted data is developing a secure model for obtaining keys and rotating them when an administrator leaves. AWS Key Management Service (KMS) changes the equation by offering key management as a service, enabling a number of security improvements over conventional key storage methods. Jon Todd will show how Okta uses the KMS API to secure a multi-region system serving thousands of customers. This talk is oriented toward developers looking to secure their applications and simplify key management.

February 2016 Webinar Series - Introducing VPC Support for AWS Lambda

Amazon Web Services

You can now access resources within a Virtual Private Cloud (VPC) using AWS Lambda. In this webinar, we will show how you can enable your AWS Lambda functions to access resources in a VPC. We will walk through the configuration details on how to set up this functionality, and we will demonstrate two sample scenarios. We will also discuss best practices of how to use AWS Lambda in a VPC and sample application designs. Learning Objectives: Learn how to access resources in a VPC with AWS Lambda Who Should Attend: Developers

Building Serverless Chat Bots - AWS August Webinar Series

Amazon Web Services

Chat bots can help you increase visibility and improve operations or help your customers easily get information through a natural, conversational interface. In this webinar, you will learn how you use a chat bot to manage many aspects of your infrastructure, code, and data all from the comforts of a chat room. You'll learn how AWS Lambda can be used to run your chat bots. We’ll also demonstrate step-by-step how you can use AWS Lambda to easily build and run your first Slack bot – all without the need to provision and manage servers. Join us to: - Understand the basics of chatops - Learn how to use Lambda to create bots - Build a Slack bot running on Lambda Who should attend: Developers

(SEC304) Architecting for HIPAA Compliance on AWS

Amazon Web Services

"This session brings together the interests of engineering, compliance, and security as you align healthcare workloads to the controls in the HIPAA Security Rule. We'll discuss how to architect for HIPAA compliance using AWS, and introduce a number of new services added to the HIPAA program in 2015, such as Amazon Relational Database Service (RDS), Amazon DynamoDB, and Amazon Elastic MapReduce (EMR). You'll hear from customers who process and store Protected Health Information on AWS, and how they satisfied their compliance requirements while maintaining agility. This session helps security and compliance experts see what's technically possible on AWS, and how implementing the Technical Safeguards in the HIPAA Security Rule is simple and familiar. We map the Security Rule's Technical Safeguards to AWS features and design patterns to help developers, operations teams, and engineers speak the language of their security and compliance peers."

(STG304) Deploying a Disaster Recovery Site on AWS

Amazon Web Services

In the event of a disaster, you need to be able to recover lost data quickly to ensure business continuity. For critical applications, keeping your time to recover and data loss to a minimum as well as optimizing your overall capital expense can be challenging. This session presents AWS features and services along with Disaster Recovery architectures that you can leverage when building highly available and disaster resilient applications. We will provide recommendations on how to improve your Disaster Recovery plan and discuss example scenarios showing how to recover from a disaster.

(APP202) Deploy, Manage, Scale Apps w/ AWS OpsWorks & AWS Elastic Beanstalk |...

Amazon Web Services

AWS offers a number of services that help you easily deploy and run applications in the cloud. Come to this session to learn how to choose among these options. Through interactive demonstrations, this session shows you how to get an application running using AWS OpsWorks and AWS Elastic Beanstalk application management services. You also learn how to use AWS CloudFormation templates to document, version control, and share your application configuration. This session covers application updates, customization, and working with resources such as load balancers and databases.

What's hot

Securing Your Data in AWS

Amazon Web Services

Federation

Amazon Web Services

Managing your identities in the cloud with AWS and Microsoft Active Directory...

Amazon Web Services

(SEC403) Building AWS Partner Applications Using IAM Roles | AWS re:Invent 2014

Amazon Web Services

Announcements for Mobile Developers

Amazon Web Services

Secure Content Delivery with AWS

Amazon Web Services

Monitoring and Alerting

Amazon Web Services

AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption

Amazon Web Services

Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013

Amazon Web Services

Getting Maximum Performance from Amazon Redshift (DAT305) | AWS re:Invent 2013

Amazon Web Services

Security best practices on AWS - Pop-up Loft TLV 2017

Amazon Web Services

(SEC324) NEW! Introducing Amazon Inspector

Amazon Web Services

AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...

Amazon Web Services

(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014

Amazon Web Services

(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Ser...

Amazon Web Services

(SEC316) Harden Your Architecture w/ Security Incident Response Simulations

Amazon Web Services

(SEC401) Encryption Key Storage with AWS KMS at Okta

Amazon Web Services

February 2016 Webinar Series - Introducing VPC Support for AWS Lambda

Amazon Web Services

Building Serverless Chat Bots - AWS August Webinar Series

Amazon Web Services

(SEC304) Architecting for HIPAA Compliance on AWS

Amazon Web Services

What's hot (20)

Securing Your Data in AWS

Federation

Managing your identities in the cloud with AWS and Microsoft Active Directory...

(SEC403) Building AWS Partner Applications Using IAM Roles | AWS re:Invent 2014

Announcements for Mobile Developers

Secure Content Delivery with AWS

Monitoring and Alerting

AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption

Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013

Getting Maximum Performance from Amazon Redshift (DAT305) | AWS re:Invent 2013

Security best practices on AWS - Pop-up Loft TLV 2017

(SEC324) NEW! Introducing Amazon Inspector

AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...

(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014

(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Ser...

(SEC316) Harden Your Architecture w/ Security Incident Response Simulations

(SEC401) Encryption Key Storage with AWS KMS at Okta

February 2016 Webinar Series - Introducing VPC Support for AWS Lambda

Building Serverless Chat Bots - AWS August Webinar Series

(SEC304) Architecting for HIPAA Compliance on AWS

Viewers also liked

(STG304) Deploying a Disaster Recovery Site on AWS

Amazon Web Services

(APP202) Deploy, Manage, Scale Apps w/ AWS OpsWorks & AWS Elastic Beanstalk |...

Amazon Web Services

Connect2016 Shipping Domino

Factor-y S.r.l.

Slide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ Anh

Luong Trung Thanh

(SEC303) Mastering Access Control Policies | AWS re:Invent 2014

Amazon Web Services

If you have ever wondered how best to scope down permissions in your account, this in-depth look at the AWS Access Control Policy language is for you. We start with the basics of the policy language and how to create policies for users and groups. We look at how to use policy variables to simplify policy management. Finally, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket, allowing an IAM user to manage their own credentials and passwords, and more.

SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012

Amazon Web Services

At times you may have a need to provide external entities access to resources within your AWS account. You may have users within your enterprise that want to access AWS resources without having to remember a new username and password. Alternatively, you may be creating a cloud-backed application that is used by millions of mobile users. Or you have multiple AWS accounts that you want to share resources across. Regardless of the scenario, AWS Identity and Access Management (IAM) provides a number of ways you can securely and flexibly provide delegated access to your AWS resources. Come learn how to best take advantage of these options in your AWS environment.

(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014

Amazon Web Services

Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.

amazon-cognito-auth-in-minutesVladimir Budilov

(SPOT301) AWS Innovation at Scale | AWS re:Invent 2014

Amazon Web Services

This session, led by James Hamilton, VP and Distinguished Engineer, gives an insider view of some the innovations that help make the AWS cloud unique. He will show examples of AWS networking innovations from the interregional network backbone, through custom routers and networking protocol stack, all the way down to individual servers. He will show examples from AWS server hardware, storage, and power distribution and then, up the stack, in high scale streaming data processing. James will also dive into fundamental database work AWS is delivering to open up scaling and performance limits, reduce costs, and eliminate much of the administrative burden of managing databases. Join this session and walk away with a deeper understanding of the underlying innovations powering the cloud.

AWS Identity and Access Management and Consolidated BillingAmazon Web Services

(SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014

Amazon Web Services

SEC303 Top 10 AWS Identity and Access Management Best Practices - AWS re:Inve...Amazon Web Services

Cloud Native Cost Optimization

Adrian Cockcroft

A guide on Aws Security Token Service

Blazeclan Technologies Private Limited

(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014

Amazon Web Services

Do you need to get beyond the basics of VPC and networking in the cloud? Do terms like virtual addresses, integrated networks and network monitoring get you motivated? Come discuss black-belt networking topics including floating IPs, overlapping network management, network automation, network monitoring, and more. This expert-level networking discussion is ideally suited for network administrators, security architects, or cloud ninjas who are eager to take their AWS networking skills to the next level.

Understanding AWS Storage Options

Amazon Web Services

With AWS, you can choose the right storage service like including Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Block Storage (Amazon EBS) for the right use case. This session shows the range of AWS choices—from object storage to block storage—that are available to you. The sessions will also include specifics about real-world deployments from customers who are using Amazon S3, Amazon EBS, Amazon Glacier, and AWS Storage Gateway. Reasons to attend: Learn how to select which storage options to use, based your requirements for cost, access pattern and use case. Understand why AWS is a perfect platform for the storage of digital assets, data, media and backups. Discover how Glacier can revolutionize your long term archive management by removing the need for costly and fragile media types. Hear about customer use cases and a rich partner ecosystem of services built on AWS storage services.

Understanding AWS Identity and Access Management | AWS Public Sector Summit 2016

Amazon Web Services

The AWS cloud provides a rich set of options around identity and access management. On the identity side, AWS has built-in identities that you can directly manage or synchronize, rich federation support with corporate or web identity systems, and also integration with AWS Directory Service. On the access management side, all AWS services share a powerful access control model and policy language, and some provide resource-based policies as well. In this session, we survey these rich capabilities and show how they integrate with existing identity systems.

Deploy, Manage, and Scale your Apps with AWS Elastic Beanstalk

Amazon Web Services

AWS Elastic Beanstalk is the fastest and simplest way to deploy your application on AWS. It is ideal for developers that are new to the platform but is also used by large organizations that want to manage and scale production workloads with minimum operational overhead. This session shows you how to deploy your code to AWS Elastic Beanstalk, easily manage multiple environments (e.g. Test & Production) and perform zero-downtime deployments through interactive demos and code samples.

Amazon API Gateway

Amazon Web Services

Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. With a few clicks in the AWS Management Console, you can create an API that acts as a “front door” for applications to access data, business logic, or functionality from your back-end services, such as workloads running on Amazon Elastic Compute Cloud (Amazon EC2), code running on AWS Lambda, or any Web application. Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. Presented by: Danilo Poccia, Technical Evangelist, Amazon Web Services

Deep Dive on Amazon Elastic Block Store

Amazon Web Services

Amazon Elastic Block Store (Amazon EBS) provides flexible, persistent storage volumes for use with Amazon EC2 instances. In this technical session, we conduct a detailed analysis of all types of Amazon EBS block storage including General Purpose SSD (gp2) and Provisioned IOPS SSD (io1). Along the way, we will share Amazon EBS best practices for optimizing performance, managing snapshots and securing data.

Viewers also liked (20)

(STG304) Deploying a Disaster Recovery Site on AWS

(APP202) Deploy, Manage, Scale Apps w/ AWS OpsWorks & AWS Elastic Beanstalk |...

Connect2016 Shipping Domino

Slide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ Anh

(SEC303) Mastering Access Control Policies | AWS re:Invent 2014

SEC302 Delegating Access to Your AWS Environment - AWS re: Invent 2012

(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014

amazon-cognito-auth-in-minutes

(SPOT301) AWS Innovation at Scale | AWS re:Invent 2014

AWS Identity and Access Management and Consolidated Billing

(SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014

SEC303 Top 10 AWS Identity and Access Management Best Practices - AWS re:Inve...

Cloud Native Cost Optimization

A guide on Aws Security Token Service

(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014

Understanding AWS Storage Options

Understanding AWS Identity and Access Management | AWS Public Sector Summit 2016

Deploy, Manage, and Scale your Apps with AWS Elastic Beanstalk

Amazon API Gateway

Deep Dive on Amazon Elastic Block Store

Similar to (SEC304) Bring Your Own Identities – Federating Access to Your AWS Environment | AWS re:Invent 2014

Federation

Amazon Web Services

Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...

Amazon Web Services

Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013

Amazon Web Services

(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs

Amazon Web Services

Amazon API Gateway is a fully managed service that makes it easy for developers to create, deploy, secure, and monitor APIs at any scale. In this presentation, you’ll find out how to quickly declare an API interface and connect it with code running on AWS Lambda. Amazon API Gateway handles all of the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. We will demonstrate how to build an API that uses AWS Identity and Access Management (IAM) for authorization and Amazon Cognito to retrieve temporary credentials for your API calls. We will write the AWS Lambda function code in Java and build an iOS sample application in Objective C.

Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On

Saloni Shah

Software acquisitions, partnerships, or integrations are fairly common place in the software industry. Enterprises often find themselves in situations where they have multiple systems, each with their own user management system that need to integrate with each other. That’s where single sign on and identity federation come into the picture - almost always the first step to integrating multiple divergent systems. In this talk, I’ll delve into the concepts of SSO and identity federation, their nuances, and will talk about various ways to achieve common authentication across multiple systems, ensuring that security of all systems involved is not adversely affected. I’ll cover the concepts of OpenID, SAML, and OAuth, amongst other standards, specifically addressing questions such as what these various strategies are all about and when to use a particular one.

DDD Melbourne 2014 security in ASP.Net Web API 2

Pratik Khasnabis

SoftLayer API 12032015

Nacho Daza

(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014

Amazon Web Services

Most enterprises have come to rely upon Active Directory for authentication and authorization-for users, workstations, servers, and business applications. Among your first considerations when planning a major implementation initiative will be how best to architect Active Directory-and take advantage of the benefits of the AWS cloud. This session will focus on best practice implementation patterns including AD Backup and Recovery in AWS, Region and Availability Zone design considerations for AD replication, and Security. To finish, we selected the three most common design patterns to discuss: Single Forest, Federate and Disconnected. We will talk about when each is appropriate to use, how it is designed and the practical implications of that choice. While each AD implementation is unique, these three patterns represent the fundamental building blocks upon which you will design your own Directory. You will leave the session knowing how to best to architect AWS to support the Active Directory your enterprise relies upon.

IAM Best Practices

Amazon Web Services

AWS Identity and Access Management (IAM) enables you to manage who can do what in your AWS environment. In this session you will learn how to leverage IAM to control access to your AWS environment. We will cover best practices on how to create access policies, manage security credentials (i.e., access keys, password, Multi Factor Authentication devices, etc.), how to set up least privilege, minimizing the use of your root account, and more.

O auth with facebook and google using .net

Sathyaish Chakravarthy

This is a slide deck I created and used to explain what OAuth is and how to use it with the .NET framework to write clients for Facebook and Google. My slides usually do not have a lot of text on them so it might be difficult to get the ideas I am trying to convey in each individual slide. They're only relevant with the commentary I present during a talk. I use slides as a secondary tool, the primary one being my narration. Within May 2015, I will edit and upload the video of my talk on YouTube, and provide a link to the YouTube video here. That may make these slides more useful.

Building Scalable Services with Amazon API Gateway - Technical 201

Amazon Web Services

RBAC in Azure Kubernetes Service AKS

Emad Alashi

Workshop: We love APIs

Amazon Web Services

Fine Uploader S3

Ray Nicholus

Introduction to sitecore identity

Gopikrishna Gujjula

IAM Federation - Pop-up Loft TLV 2017

Amazon Web Services

When working in a multi-account AWS environment, or when external or internal security and compliance requirements necessitate the constraining of user identity information to a geography where there isn’t an AWS Region or the use of MFA tokens based on standards other than RFC6238, it is recommended to federate user identity details to a customer-maintained identity provider (IdP). We demonstrate the integration of a customer-based IdP with AWS IAM using a SAML trust relationship at Group level, and discuss multi-account access stretegy and how federation fits into it.

Session 3c The SF SaaS FrameworkCode Mastery

.NET Core, ASP.NET Core Course, Session 19

aminmesbahi

Using Windows Azure for Solving Identity Management Challenges (Visual Studio...

Michael Collier

Identity management for cloud deployed applications can be a challenge. Often users will want to leverage an existing social network or corporate identity. Now we have to worry about dealing with multiple APIs, any updates to those APIs, or the addition of new identity providers. Windows Azure Access Control Services offers a better way! ACS allows for federated user authentication via popular social networks and Active Directory. In this session we’ll provide a crash course in claims as they relate to identity management. We’ll discuss why claims are important and how to add additional claims beyond what is provided by the identity providers. We'll also take a look at Windows Azure Active Directory and see how to manage corporate identities in the cloud.

AWS Users Authenticationchandrasen Reddy

Similar to (SEC304) Bring Your Own Identities – Federating Access to Your AWS Environment | AWS re:Invent 2014 (20)

Federation

Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...

Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013

(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs

Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On

DDD Melbourne 2014 security in ASP.Net Web API 2

SoftLayer API 12032015

(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014

IAM Best Practices

O auth with facebook and google using .net

Building Scalable Services with Amazon API Gateway - Technical 201

RBAC in Azure Kubernetes Service AKS

Workshop: We love APIs

Fine Uploader S3

Introduction to sitecore identity

IAM Federation - Pop-up Loft TLV 2017

Session 3c The SF SaaS Framework

.NET Core, ASP.NET Core Course, Session 19

Using Windows Azure for Solving Identity Management Challenges (Visual Studio...

AWS Users Authentication

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Costruire Applicazioni Moderne con AWS

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Open banking as a service

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Computer Vision con AWS

Amazon Web Services

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Tools for building your MVP on AWSAmazon Web Services

How to Build a Winning Pitch DeckAmazon Web Services

Building a web application without serversAmazon Web Services

Fundraising EssentialsAmazon Web Services

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services

Introduzione a Amazon Elastic Container Service

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

Recently uploaded

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

DevOps and Testing slides at DASA Connect

Kari Kakkonen

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

Recently uploaded (20)

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Designing Great Products: The Power of Design and Leadership by Chief Designe...

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

When stars align: studies in data quality, knowledge graphs, and machine lear...

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

PCI PIN Basics Webinar from the Controlcase Team

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Essentials of Automations: Optimizing FME Workflows with Parameters

Connector Corner: Automate dynamic content and events by pushing a button

UiPath Test Automation using UiPath Test Suite series, part 3

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

DevOps and Testing slides at DASA Connect

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Elevating Tactical DDD Patterns Through Object Calisthenics

(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environment | AWS re:Invent 2014

9. Session Access Key ID Secret Access Key Expiration Session Token

10.

11.

12.

13. Customer (Identity Provider) AWS Cloud (Relying Party) AWS Management Console Browser interface Corporate directory Federation proxy 1Browse to URL 3 2 Redirect to Console 10 Generate URL9 4 List RolesRequest 8 Assume Role Response Temp Credentials - Access Key ID - Secret Access Key - Session Token 7 AssumeRole Request Create combo box 6 Federation proxy • Uses a set of IAM user credentials to make AssumeRoleRequest() • IAM user permissions only need to be able to call ListRoles & assume role • Proxy needs to securely store these credentials 5 List RolesResponse

14.

15.

16. Customer (Identity Provider) AWS Cloud (Relying Party) AWS Resources User Application Active Directory Federation Proxy 4 Get Federation Token Request 3 2 Amazon S3 Bucket with Objects Amazon DynamoDB Amazon EC2 Request Session 1 Receive Session6 5 Get Federation Token Response • Access Key • Secret Key • Session Token APP Federation Proxy • Uses a set of IAM user credentials to make a GetFederationTokenRequest() • IAM user permissions need to be the union of all federated user permissions • Proxy needs to securely store these privileged credentials Call AWS APIs7

17.

18.

19.

20. Enterprise (Identity Provider) AWS (Service Provider) AWS Sign-in Browser interface Corporate identity store Identity provider 1User browses to Identity provider 2 Receives AuthN response 5 Redirect client AWS Management Console 3 Post to Sign-In Passing AuthN Response 4

21.

22.

23.

24.

25.

26. AWS Cloud US-EAST-1 EU-WEST-1 AP-SOUTHEAST-1 AWS Services Amazon DynamoDB Amazon S3 Authenticate User 1 6 7 IAM EC2 Instances Token Verification 4 Web identity Provider 3 5 Check Policy Id Token 2 Mobile App

27.

28.

29. us-east-1 App Security Token Service DynamoDB OpenID Connect- compliant identity provider 2 4 Uses the temporary credentials to access AWS services Redirect for authentication and receive an ID token Exchange ID token for Cognito token 3 End User 1 Start using the app Cognito Exchange Cognito token for temporary AWS credentials Developer’s AWS Account 5

30.

31.

32.

33.

34. http://bit.ly/1n1z1QL http://amzn.to/11AFKtS http://amzn.to/1vlBZ6N http://bit.ly/10KUSoC http://bit.ly/1rNzWCF http://bit.ly/13vFehT http://bit.ly/1p2Ip6M

35. Please give us your feedback on this session. Complete session evaluations and earn re:Invent swag. http://bit.ly/awsevals

(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environment | AWS re:Invent 2014

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to (SEC304) Bring Your Own Identities – Federating Access to Your AWS Environment | AWS re:Invent 2014

Similar to (SEC304) Bring Your Own Identities – Federating Access to Your AWS Environment | AWS re:Invent 2014 (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Recently uploaded

Recently uploaded (20)

(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environment | AWS re:Invent 2014