Securing The AWS Cloud, Steve Riley, AWS Events, April 2010

•

7 likes•5,646 views

Steve Riley, AWS Evangelist presents on Securing the AWS Cloud at the Enterprise event - San Francisco and Start-up event - Sunnyvale in April 2010.

Technology

Securing the AWS Cloud Steve Riley [email_address] @steveriley @awscloud http://stvrly.wordpress.com

Amazon S3 Amazon SimpleDB Amazon EBS Amazon RDS Amazon EC2 ++ ++ ++

… … … AWS admins only SSH via bastions Audits reviewed Customer only Inbound flows Default deny Customer only SSH, ID/pw, X.509 Root/admin control Hypervisor layer Physical interfaces AWS firewall Customer 1 security groups Customer 2 security groups Customer n security groups Customer 1 virtual interfaces Customer 2 virtual interfaces Customer n virtual interfaces Customer 1 Customer 2 Customer n

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 / / / / / / / / / / / / / / / /

Web tier Application tier Database tier HTTP/HTTPS from Internet SSH/RDP management from corpnet SSH/RDP management from corpnet, vendor

ec2-authorize WebSG -P tcp -p 80 -s 0.0.0.0/0 ec2-authorize WebSG -P tcp -p 443 -s 0.0.0.0/0 ec2-authorize AppSG -P tcp -p AppPort -o WebSG ec2-authorize AppSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG -P tcp -p DBPort -o AppSG ec2-authorize DBSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG -P tcp -p 22|3389 -s Vendor

Your corporate network Amazon Web Services Cloud Your VPC

[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Your corporate network Amazon Web Services Cloud Your VPC

“ Key” = name of object ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Compliance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Thank you very much! Steve Riley [email_address] @steveriley @awscloud http://stvrly.wordpress.com

This document provides a summary of new and updated services from Amazon Web Services. Some key points include: - AWS IoT now integrates with Elasticsearch Service and CloudWatch via rules engine. - Amazon EMR 4.4.0 was released with new features. - New Amazon S3 lifecycle policies allow for automatic archiving and deletion of objects. - Amazon Inspector is now generally available for assessing applications for vulnerabilities. - Two new low-cost storage options were introduced for Amazon EBS. - Amazon Kinesis Firehose now allows ingesting data into Elasticsearch domains.

Architecting for the Cloud: Best Practices

Amazon Web Services

The document discusses architectural patterns and best practices for building scalable and resilient applications on Amazon Web Services (AWS). It provides examples of how to design for failure, implement loose coupling between components, and build elasticity into applications using AWS services like Auto Scaling, Elastic Load Balancing, and Amazon EC2. The document also outlines three approaches for creating standardized technology stacks and managed development environments on AWS.

Introduction to Amazon Lightsail

Amazon Web Services

This document provides an introduction to Amazon Lightsail, which is described as the easiest way to get started on AWS. It offers virtual private servers with SSD-based storage, networking capabilities, and access to additional AWS services through VPC peering or public endpoints. Lightsail can be used for simple websites, development/test environments, and business applications. It allows users to launch instances with one-click, attach storage, manage access control and security groups, and includes tools like SSH access, DNS management, and snapshots. The document demonstrates how Lightsail can be connected to other AWS services and grown over time to support more advanced use cases and workloads.

Introduction to Amazon EC2

Amazon Web Services

This document provides an overview of Amazon EC2 and related AWS services. It discusses EC2 instance types and how to choose the right one based on factors like CPU, memory, storage and network performance. It also covers VPC networking, load balancing, monitoring with CloudWatch, security controls, and deployment options like Auto Scaling, CodeDeploy and ECS. The presentation aims to help users understand EC2 concepts, instance options, storage choices, basic VPC networking, monitoring tools, security best practices, and deployment strategies.

AWS Partner Presentation - SAP

Amazon Web Services

SAP has been using Amazon Web Services (AWS) infrastructure as a service (IaaS) since 2008. Over 600 SAP employees in more than 16 countries now directly use AWS, provisioning over 10,000 SAP systems on AWS. SAP's initial goals with AWS were to reduce IT costs and speed up prototyping from 4 weeks to deployment. SAP has since established knowledge centers for AWS and cloud adoption, conducting over 100 customer trainings, demos, and workshops on AWS hosting over 1,000 SAP systems. SAP sees external cloud infrastructure like AWS playing a larger role for SAP customers and applications in the future.

Intended for the owners of the business side of the equation, this session is about reducing the complexity of managing costs for AWS deployments, ranging from few instances to fleets of hundreds and thousands of instances, so they run efficiently. Attendees will learn about optimization basics, common roadblocks that prevent customers from cost optimizing, tools they can use to efficiently remove those roadblocks, and techniques to monitor their rate of cost optimization when dealing with AWS deployments ranging from few instances to hundreds and thousands of instances. The session will include multiple case studies that will demonstrate how customers implement optimization techniques to reduce their costs.

AWS Elastic Compute Cloud (EC2)

zekeLabs Technologies

Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about features of EC2, EC2 Options, family type, storage, EBS Volumes, EC2 Instance Store, Security Groups, Volumes and Snapshots, Amazon Machine Image (AMI), Elastic load balancer, Classic load balancer, Application load balancer, Network load balancer, AWS CLI and EC2 Metadata ___________________________________________________ zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals. Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com

AWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web Services

Amazon Web Services

Join this foundational session to understand the core concepts of “Cloud Computing” and different attributes such as reliability, fault tolerance, elasticity, scalability and pay-as-you-go pricing. Whether you are a startup who wants to accelerate growth without a big upfront investment in cash or time for technology or an Enterprise looking for IT innovation, agility and resiliency while reducing costs, the AWS Cloud provides a complete set of infrastructure services at zero upfront costs which are available with a few clicks and within minutes. Join this webinar to learn more about the benefits of Cloud Computing.

AWS Concepts - Internship Presentation - week 10

Devang Garach

Architecting for High Availability - Pop-up Loft Tel Aviv

Amazon Web Services

AWS provides a platform that is ideally suited for building highly available systems, enabling you to build reliable, affordable, fault-tolerant systems that operate with a minimal amount of human interaction. This session covers many of the high-availability and fault-tolerance concepts and features of the various services that you can use to build highly reliable and highly available applications in the AWS Cloud: architectures involving multiple Availability Zones, including EC2 best practices and RDS Multi-AZ deployments; loosely coupled and self-healing systems involving SQS and Auto Scaling; networking best practices for high availability, including Elastic IP addresses, load balancing, and DNS; leveraging services that inherently are built with high-availability and fault tolerance in mind, including S3, Elastic Beanstalk and more.

AWS IoT - Introduction - Pop-up Loft

Amazon Web Services

A dive deep into the AWS IoT service that was announced at AWS re:Invent in October. We will cover the components of the AWS IoT platform, demonstrate the AWS IoT Console and command line experience and the client-side SDKs that AWS provides to help developers build rich applications for their devices, whilst removing the heavy lifting associated with creating a scalable, secure and reliable set of cloud services to support these applications.

AWS Webcast - Best Practices in Architecting for the Cloud

Amazon Web Services

Amazon Lightsail

Amazon Web Services

Lightsail is a service that allows users to easily launch and manage simple virtual private servers on AWS. It provides bundled compute, storage, and networking resources at a low, predictable price through an intuitive console interface. Popular use cases for Lightsail include websites, web apps, ecommerce, development/testing environments, and WordPress. Users can choose from preconfigured operating systems and apps, and extend their applications using the Lightsail API or connecting Lightsail instances to other AWS services through VPC peering.

"How to optimize the architecture of your platform" by Julien Simon

TheFamily

You want to launch your online platform and from a technical perspective you are wondering where to start and how to optimize your architecture? Cloud Computing presents several advantages such as scaling whenever you want your app our your Website. The hardest part is to define where to begin! During this 45 minutes workshop, Julien Simon will share with you the best practices to scale your platform from 0 to millions of users. He will present: - How to combine efficiently the tools Amazon Web Services provides, - How to set up the best architecture for your platform - How to scale your infrastructure in the Cloud. Before joining AWS, Julien worked as CTO of Viadeo and Aldebaran Robotics. He also spent more than 3 years as VP Engineering at Criteo. He is particularly interested by architecture, performance, deployment, scalability and data.

PHP Office Hours

Amazon Web Services

This document summarizes an AWS Office Hours session about programming AWS with PHP. It introduces Jeff Barr and Ryan Parman who lead a demonstration of building scalable infrastructure and processing pipelines using the AWS SDK for PHP. They show how to dynamically instantiate EC2 instances and EBS volumes, and build an asynchronous scalable image processing pipeline using SQS queues to connect separate stages of fetching a webpage, parsing images, rendering composites. The session provided an overview of the PHP SDK and examples of common tasks like creating and interacting with queues to develop distributed applications on AWS.

Amazon Lightsail: Jumpstart Your Cloud Project for a Low, Predictable Price.

Amazon Web Services

This document discusses Amazon Lightsail, a service that allows users to launch virtual private servers with predefined configurations starting at $5 per month. Lightsail provides bundled compute, storage, networking and other resources to easily deploy and manage websites, web applications, databases, and development/testing environments. It offers a simple monthly pricing model and intuitive console for managing servers without the complexity of other AWS services. The document outlines Lightsail's plans and pricing, popular use cases it supports, and how users can connect their Lightsail instances to other AWS services.

Deploying Java Applications in the AWS Cloud

Amazon Web Services

Aws cli

Anh Vu Pham

This document provides information about using the AWS Command Line Interface (CLI). It begins with an overview of the AWS CLI and then provides sections on getting started, common commands, and examples. Key points covered include: - The AWS CLI allows managing multiple AWS services from the command line and automating tasks through scripts. - Common services supported include S3, EC2, IAM, CloudTrail. - Setup involves installing the CLI, configuring credentials and a default region, and optionally creating profiles for different accounts. - Examples demonstrate listing S3 buckets, describing EC2 instances, managing IAM users and groups, and using CloudTrail for auditing. - Additional chapters provide details on

Leveraging AWS Systems Manager for your hybrid Microsoft Workloads - Pop-up L...

Amazon Web Services

Automating your AWS Security Operations

Amazon Web Services

You automated your deployment, elasticized your workloads, and dynamically provisioned your fleet. What do you do next? Tackle automating your security needs using the latest capabilities in the cloud! There’s no single path to building an automated and continuous security architecture that works for every organization, but certain key principles and techniques are used by the early adopter cloud elite that give them distinct advantages. It's time to re-think your organization’s processes and behaviors to demonstrate the latest efficiencies in your security operations. In this webinar, learn how Intuit implements cloud security automation with Evident.io and other innovative cloud technologies. Join us to learn: • How security will be integrated into the overall processes of development and deployment. • How to tie security acceptance tests, a subset of your key security controls, right into the end of your functional testing process to promote builds with confidence at greater speed. • How to be successful with API-enabled, continuous security tools in the cloud. • How to operationalize security alarms, enabling world-class incident response and remediation capabilities.

Infographic: AWS vs Azure vs GCP: What's the best cloud platform for enterprise?

Veritis Group, Inc

Gaining Operational Insights out of Your Logs

Amazon Web Services

The document discusses gaining operational insights from logs by loading streaming log data into Amazon Elasticsearch Service. It describes common log sources on AWS including CloudFront access logs, S3 server access logs, ELB access logs, CloudTrail, and VPC flow logs. It then explains how to load streaming data from these sources into Amazon ES using AWS Lambda from Amazon S3, CloudWatch Logs, Kinesis Firehose, or Logstash. The presentation concludes with a demo of a real world scenario.

Workshop; Deploy a Deep Learning Framework on Amazon ECS and Spot Instances

Amazon Web Services

This document provides an overview of a workshop on deploying a deep learning framework on Amazon ECS and Spot Instances. The workshop will introduce MXNet, containers, Amazon ECS, Amazon ECR, AWS CloudFormation, Amazon EC2 Spot Fleet and Spot Instances. It will include hands-on labs to build an MXNet Docker image, deploy an MXNet container with ECS, and run an image classification demo using a Spot Fleet on ECS. The overall goal is to learn how to cost-effectively run deep learning workloads on AWS.

AWS Innovate 2016 : Opening Keynote - Glenn Gore

Amazon Web Services Korea

This document contains the agenda for the AWS Innovate conference. The keynote will be delivered by Glenn Gore from Amazon Web Services. There are multiple concurrent sessions offered throughout the day covering topics ranging from cloud migration strategies to building mobile apps to container management. Sessions are at various technical levels and include time for breaks, exhibits, and networking.

The Cloud as a Platform - Cloud Connections 2011 Keynote - Jinesh Varia

Amazon Web Services

Redefining Security

Intel Corporation

Traditional security models rely on separating trusted internal systems from untrusted external ones through layers of trust and permeable perimeters. However, this model is breaking down as computing becomes more distributed and cloud-based. The new security model at Amazon Web Services focuses on distinguishing between ownership of systems and control over them, rather than attempting to maintain rigid boundaries between trusted and untrusted environments.

Account Based Marketing + Account Based Sales Development = Account Based E...

Engagio

The document discusses account-based everything (ABE), which is a strategic approach that orchestrates personalized marketing, sales, and customer success efforts to drive engagement and conversion at named accounts. It outlines a three-step process for ABE: 1) develop an ideal customer/buyer profile for accounts, 2) create account-specific messaging and content, 3) coordinate experiences across channels. Key aspects of ABE include treating each account individually to increase relevance, coordinating efforts across departments, and measuring engagement and impact on sales outcomes over time at accounts.

What's hot

From TCO to Optimization at Scale - Pop-up Loft TLV 2017

Amazon Web Services

AWS Elastic Compute Cloud (EC2)

zekeLabs Technologies

AWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web Services

Amazon Web Services

AWS Concepts - Internship Presentation - week 10

Devang Garach

Architecting for High Availability - Pop-up Loft Tel Aviv

Amazon Web Services

AWS IoT - Introduction - Pop-up Loft

Amazon Web Services

AWS Webcast - Best Practices in Architecting for the Cloud

Amazon Web Services

Amazon Lightsail

Amazon Web Services

"How to optimize the architecture of your platform" by Julien Simon

TheFamily

PHP Office Hours

Amazon Web Services

Amazon Lightsail: Jumpstart Your Cloud Project for a Low, Predictable Price.

Amazon Web Services

Deploying Java Applications in the AWS Cloud

Amazon Web Services

Aws cli

Anh Vu Pham

Leveraging AWS Systems Manager for your hybrid Microsoft Workloads - Pop-up L...

Amazon Web Services

Automating your AWS Security Operations

Amazon Web Services

Infographic: AWS vs Azure vs GCP: What's the best cloud platform for enterprise?

Veritis Group, Inc

Gaining Operational Insights out of Your Logs

Amazon Web Services

Workshop; Deploy a Deep Learning Framework on Amazon ECS and Spot Instances

Amazon Web Services

AWS Innovate 2016 : Opening Keynote - Glenn Gore

Amazon Web Services Korea

The Cloud as a Platform - Cloud Connections 2011 Keynote - Jinesh Varia

Amazon Web Services

What's hot (20)

From TCO to Optimization at Scale - Pop-up Loft TLV 2017

AWS Elastic Compute Cloud (EC2)

AWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web Services

AWS Concepts - Internship Presentation - week 10

Architecting for High Availability - Pop-up Loft Tel Aviv

AWS IoT - Introduction - Pop-up Loft

AWS Webcast - Best Practices in Architecting for the Cloud

Amazon Lightsail

"How to optimize the architecture of your platform" by Julien Simon

PHP Office Hours

Amazon Lightsail: Jumpstart Your Cloud Project for a Low, Predictable Price.

Deploying Java Applications in the AWS Cloud

Aws cli

Leveraging AWS Systems Manager for your hybrid Microsoft Workloads - Pop-up L...

Automating your AWS Security Operations

Infographic: AWS vs Azure vs GCP: What's the best cloud platform for enterprise?

Gaining Operational Insights out of Your Logs

Workshop; Deploy a Deep Learning Framework on Amazon ECS and Spot Instances

AWS Innovate 2016 : Opening Keynote - Glenn Gore

The Cloud as a Platform - Cloud Connections 2011 Keynote - Jinesh Varia

Viewers also liked

Redefining Security

Intel Corporation

Account Based Marketing + Account Based Sales Development = Account Based E...

Engagio

Werner Vogels

Amazon Web Services

This document discusses Amazon Web Services (AWS) and how it provides on-demand infrastructure for hosting web-scale solutions. It outlines the various services AWS offers, including compute, storage, databases, analytics, and more. It highlights how AWS allows customers to avoid upfront costs and scale infrastructure quickly. The document also discusses how AWS provides a more flexible system than traditional infrastructure and enables businesses to focus on innovation rather than managing infrastructure.

3 Tier Architecture

guestd0cc01

Data Center Migration to the AWS Cloud

Tom Laszewski

This webinar discusses RISO Inc.'s experience migrating their on-premise data center to the AWS cloud with assistance from Apps Associates. [1] Apps Associates designed and implemented the new infrastructure on AWS, migrating applications like Oracle ERP and SQL servers. [2] This provided benefits like a 35% reduction in backup costs, 50% fewer IT vendors, and the ability to relocate offices without interrupting operations. [3] The webinar explores considerations for cloud migrations and the hybrid cloud model.

3 Tier Architecture

Webx

The document discusses 3-tier architecture, which separates an application into three logical layers - the presentation layer, business logic layer, and data layer. It describes how this architecture evolved from earlier single-tier and dual-tier models. The 3-tier model provides advantages like scalability, reusability, security, and availability. While more complex than 2-tier, it allows for improved performance in medium to large systems by distributing the application across servers. An example is provided of implementing a 3-tier application using ASP.NET with distinct presentation, business, and data access layers.

Viewers also liked (6)

Redefining Security

Account Based Marketing + Account Based Sales Development = Account Based E...

Werner Vogels

3 Tier Architecture

Data Center Migration to the AWS Cloud

3 Tier Architecture

Similar to Securing The AWS Cloud, Steve Riley, AWS Events, April 2010

Cloud Security with Amazon Web Services

RightScale

Steve Riley, Sr. Technical Program Manager at Amazon Web Services, led this session at the RightScale User Conference 2010 in Santa Clara. Session Abstract: Moving to the cloud raises lots of questions, mostly about security. Amazon Web Services has built an infrastructure and established processes to mitigate common vulnerabilities and offer a safe compute and storage environment. In this session, we'll discuss common cloud security concerns, show how AWS protects its infrastructure from internal and external attack, and explain how you can take advantage of the security features of AWS in your own applications as you extend your enterprise into the cloud.

Security in the AWS Cloud - Steve Riley

Amazon Web Services

This document discusses security in the AWS cloud. It outlines the various AWS services like S3, EC2, VPC and how security groups can be used to restrict access between tiers (web, application, database). It also mentions that AWS provides strong security through control of physical infrastructure, access controls, audits and compliance with regulations like HIPAA and SOX. Customer data is protected and isolated from other customers.

AWS Security Best Practices and Design Patterns

Amazon Web Services

Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018

Amazon Web Services

In this introductory session, we cover how to secure your resources in the cloud for common AWS workloads such as Amazon EC2 computing, database, and serverless. We cover security best practices recommended by AWS for each workload using simple and effective identity and networking techniques. Learn how and why these controls do what they do, and come away with the ability to interpret and apply AWS identity and network access controls.

AWS Cyber Security Best Practices

DoiT International

Single Sign-On for APEX applications based on Kerberos (Important: latest ver...

Niels de Bruijn

This document provides instructions for setting up single sign-on (SSO) for Oracle Application Express (APEX) applications using Kerberos authentication. It describes: 1) Configuring an Apache web server with mod_auth_kerb on Linux to authenticate against a Windows Active Directory server without requiring additional credentials. 2) Configuring Tomcat, ORDS, and APEX to work with the Kerberos authentication. 3) Optional additional configurations for Windows with IIS or for verifying group membership.

From One to Many: Diving Deeper into Evolving VPC Design (ARC310-R2) - AWS re...

Amazon Web Services

Most organizations today run their production workloads inside Amazon Virtual Private Cloud (Amazon VPC). This software-defined network structure provides the boundaries that are needed for the security that an organization and its customers require. For most organizations, the natural evolution in their architecture, security, and environment involves migrating from a single VPC to multiple VPCs in the same AWS Region and across many other AWS Regions. The question of how to enforce security policies while simplifying the flow of traffic between multiple VPCs, the data center, and remote offices while adhering to AWS best practices becomes an intricate one to answer. In this chalk talk, we provide solutions to scenarios like these and more. Topics include Amazon security groups, NACLs, static and dynamic VPNs, AWS Direct Connect, IPS and IDS, transit VPC architectures, designing for security, and more.

(BAC404) Deploying High Availability and Disaster Recovery Architectures with...

Amazon Web Services

The document discusses disaster recovery strategies for AWS including backup and restore, pilot light, and warm standby approaches. It provides examples of architectures using these approaches including replicating databases across Availability Zones and regions for high availability and disaster recovery. CloudFormation templates are shown that can automate the deployment of load balanced auto-scaled web servers across Availability Zones for disaster recovery.

Security Overview

Amazon Web Services

This document summarizes security in the AWS cloud. It discusses the regions and edge locations that AWS operates, as well as services like S3, SimpleDB, RDS, and EC2. It outlines how customers control access to their instances and networks through security groups, SSH keys, and firewalls. The document then provides an example architecture with web, application, and database tiers and shows how security groups can be configured between them. It discusses using a VPC to connect a corporate network to the AWS cloud through an IPsec VPN tunnel. Finally, it covers AWS compliance with regulations like SOX, HIPAA, SAS 70, and ISO 27001.

Customer Case Study: Land Registry as a Service in the Cloud - AWS PS Summit ...

Amazon Web Services

Landgate undertook transform this platform into an as-a-service offering for other land jurisdictions. How was this done? What is the security posture? What is the availability? What was the business impact? And why is it that inspecting Land Title certificates didn't result in people accidentally being shown pictures of Beyoncé. Come find out. Speaker: James Bromberger, Associate Director & National Cloud Lead - Ajilon. Level: 300

VPC and DX PoP @ HKG

Amazon Web Services

Many enterprises on their hybrid cloud journey into the cloud require consistent and highly secure connectivity between their existing data center and AWS footprints. In this session, we walk through the different architecture options for establishing this connectivity using AWS Direct Connect and VPN. As we walk through these options, we try to answer some of the most common questions that typically arise from enterprises that tackle design and implementation. You'll learn how to make connectivity decisions that are suitable for your workloads, and how to best prepare against business impact in the event of failure.

Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...

Amazon Web Services

"Are your media assets secure? For media companies, security is paramount. Few things can more directly impact your company's bottom line. As the move to store, process, and distribute digital media via the cloud continues, it is imperative to examine the relevant security implications of a multitenant public cloud environment. This talk is intended to answer questions around securely storing, processing, distributing, and archiving digital media assets in the AWS environment. The talk also covers the security controls, features, and services that AWS provides its customers. Learn how AWS aligns with the MPAA security best practices and how media companies can leverage that for their media workloads. This session also includes a representative from Sony Media Cloud Sevices discussing the path to MPAA alignment of their application Ci on AWS based on these best practices."

(ARC401) Cloud First: New Architecture for New Infrastructure

Amazon Web Services

What do companies with internal platforms have to change to succeed in the cloud? The five pillars at the heart of IT solutions in the cloud are automation, fault tolerance, horizontal scalability, security, and cost-effectiveness. This talk discusses tools that facilitate the development and automate the deployment of secure, highly available microservices. The tools were developed using AWS CloudFormation, AWS SDKs, AWS CLI, Amazon RDS, and various open-source software such as Docker. The talk provides concrete examples of how these tools can help developers and architects move from beginning/intermediate AWS practitioners to cloud deployment experts.

AWS Core Services Overview, Immersion Day Huntsville 2019

Amazon Web Services

The document provides an overview of AWS core services including compute, storage, database, analytics, machine learning, IoT, and mobile services. It discusses AWS' breadth and depth of services across infrastructure, application services, management tools, and developer tools. It also highlights AWS' leadership in cloud computing with the largest customer base and most comprehensive set of services and features.

My First Big Data Application

Amazon Web Services

This document provides instructions for setting up a big data application on AWS using various AWS services. It describes using Amazon Kinesis Firehose to collect web server logs from an EC2 instance into an S3 bucket. It then describes using Amazon EMR with Spark and Hive to process the data, Amazon Redshift for data analysis, and Amazon QuickSight for visualization. The document contains detailed steps for setting up IAM roles, security groups, launching the EC2 instance and EMR cluster, and ingesting and exploring the log data with Spark SQL and Zeppelin notebooks.

Deep Dive - Hybrid Architectures

Amazon Web Services

In this session, learn how you evaluate, design, build, and manage distributed applications over hybrid infrastructures using Amazon Web Services. This session follows the evolution of a simple legacy data center expansion with basic connectivity into managing complex hybrid applications. Along the way, we investigate best practice designs in use by AWS customers. Topics covered include: interconnectivity, availability, security, hybrid networks with Amazon VPC and AWS Direct Connect as well as automated provisioning with AWS CloudFormation, and configuration management with AWS OpsWorks. Speakers: Miha Kralj, AWS Solutions Architect Amarpal S. Attwal, Senior Technical Lead, ICT Engineering, Just Eat Koen van den Biggelaar, AWS Solutions Architect

Black Belt Tips for IT Operations - AWS Summit Sydney 2018

Amazon Web Services

Black Belt Tips for IT Operations Black Belt tips makes a comeback for the fifth consecutive year. How you used the AWS platform last year should be different to how you utilise it today. In this advanced technical session, learn about latest changes in compute, networking, and security. Understand how new architecture patterns will allow you to maximise performance efficiency, reliability, and security on AWS today. Evgeny Vaganov, Solutions Architect, Amazon Web Services

Secure your critical workload on AWS

Amazon Web Services

This document summarizes Harry Lin's presentation about securing critical workloads on AWS. The 3 main points are: 1) AWS provides security features at multiple layers including encryption, identity and access management, and auditing. Customers are responsible for security within their applications while AWS handles security of the cloud platform. 2) AWS services like CloudTrail, Config, and WAF can help customers with security monitoring, auditing changes, and blocking attacks. 3) A case study of an e-commerce company MyDress showed how moving to AWS improved availability during promotions and attacks while reducing costs compared to an on-premise infrastructure.

Best Practices for IoT Security in the Cloud

Amazon Web Services

AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. This webinar will introduce the best practices for IoT Security in the cloud and the access control mechanisms used by AWS IoT. These mechanisms can be used to not only securely build and provision devices, as well as integrate devices with other AWS services to create secure solutions. Learning Objectives: • Common IoT Thing Management Issues • Learn about AWS IoT Security and Access Control Mechanisms • Build Secure interactions with the AWS Cloud Who Should Attend: • Technical Decision Makers, Developers, Makers

利用AWS建立企業全球化網路

Amazon Web Services

This document summarizes recent improvements to AWS networking services over the past year, including VPC endpoints, VPC ingress routing, VPC traffic mirroring, AWS Site-to-Site VPN, AWS Client VPN, AWS Transit Gateway, AWS Direct Connect, and AWS Global Accelerator. It highlights new features like certificate authentication and IKEv2 for Site-to-Site VPN, split tunneling and MFA for Client VPN, and inter-region peering for Transit Gateway. The goal is to help customers build global enterprise networks using AWS networking services.

Similar to Securing The AWS Cloud, Steve Riley, AWS Events, April 2010 (20)

Cloud Security with Amazon Web Services

Security in the AWS Cloud - Steve Riley

AWS Security Best Practices and Design Patterns

Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018

AWS Cyber Security Best Practices

Single Sign-On for APEX applications based on Kerberos (Important: latest ver...

From One to Many: Diving Deeper into Evolving VPC Design (ARC310-R2) - AWS re...

(BAC404) Deploying High Availability and Disaster Recovery Architectures with...

Security Overview

Customer Case Study: Land Registry as a Service in the Cloud - AWS PS Summit ...

VPC and DX PoP @ HKG

Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...

(ARC401) Cloud First: New Architecture for New Infrastructure

AWS Core Services Overview, Immersion Day Huntsville 2019

My First Big Data Application

Deep Dive - Hybrid Architectures

Black Belt Tips for IT Operations - AWS Summit Sydney 2018

Secure your critical workload on AWS

Best Practices for IoT Security in the Cloud

利用AWS建立企業全球化網路

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Costruire Applicazioni Moderne con AWS

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Open banking as a service

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Computer Vision con AWS

Amazon Web Services

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Tools for building your MVP on AWS

Amazon Web Services

1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS). 2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels. 3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.

How to Build a Winning Pitch Deck

Amazon Web Services

This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.

Building a web application without servers

Amazon Web Services

This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.

Fundraising Essentials

Amazon Web Services

This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Amazon Web Services

This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.

Introduzione a Amazon Elastic Container Service

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

Recently uploaded

Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...

Tatiana Kojar

Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI. With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.

GraphRAG for Life Science to increase LLM accuracy

Tomaz Bratanic

HCL Notes and Domino License Cost Reduction in the World of DLAU

panagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/ The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this! We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model. Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward. These topics will be covered - Reducing license cost by finding and fixing misconfigurations and superfluous accounts - How do CCB and CCX licenses really work? - Understanding the DLAU tool and how to best utilize it - Tips for common problem areas, like team mailboxes, functional/test users, etc - Practical examples and best practices to implement right away

Recommendation System using RAG Architecture

fredae14

Skybuffer SAM4U tool for SAP license adoption

Tatiana Kojar

Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool. SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.

UI5 Controls simplified - UI5con2024 presentation

Wouter Lemaire

Fueling AI with Great Data with Airbyte Webinar

Zilliz

Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf

flufftailshop

When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.

Monitoring and Managing Anomaly Detection on OpenShift.pdf

Tosin Akinosho

Monitoring and Managing Anomaly Detection on OpenShift Overview Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices. Key Topics Covered 1. Introduction to Anomaly Detection - Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems. 2. Understanding Edge (IoT) - Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source. 3. What is ArgoCD? - Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices. 4. Deployment Using ArgoCD for Edge Devices - Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD. 5. Introduction to Apache Kafka and S3 - Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions. 6. Viewing Kafka Messages in the Data Lake - Learn how to view and analyze Kafka messages stored in a data lake for better insights. 7. What is Prometheus? - Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices. 8. Monitoring Application Metrics with Prometheus - Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system. 9. What is Camel K? - Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes. 10. Configuring Camel K Integrations for Data Pipelines - Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow. 11. What is a Jupyter Notebook? - Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text. 12. Jupyter Notebooks with Code Examples - Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.

AWS Cloud Cost Optimization Presentation.pptx

HarisZaheer8

This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.

June Patch Tuesday

Ivanti

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

Driving Business Innovation: Latest Generative AI Advancements & Success Story

Safe Software

Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency. During the hour, we’ll take you through: Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board. Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes. Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI. We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI. This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!

Operating System Used by Users in day-to-day life.pptx

Pravash Chandra Das

Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes. Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions. Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻 The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️ Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution. The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟

Letter and Document Automation for Bonterra Impact Management (fka Social Sol...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on automated letter generation for Bonterra Impact Management using Google Workspace or Microsoft 365. Interested in deploying letter generation automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Taking AI to the Next Level in Manufacturing.pdf

ssuserfac0301

Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as: 1. How quickly AI is being implemented in manufacturing. 2. Which barriers stand in the way of AI adoption. 3. How data quality and governance form the backbone of AI. 4. Organizational processes and structures that may inhibit effective AI adoption. 6. Ideas and approaches to help build your organization's AI strategy.

Building Production Ready Search Pipelines with Spark and Milvus

Zilliz

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

saastr

Ocean lotus Threat actors project by John Sitima 2024 (1).pptx

SitimaJohn

Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf

Chart Kalyan

Best 20 SEO Techniques To Improve Website Visibility In SERP

Pixlogix Infotech

Recently uploaded (20)

Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...

GraphRAG for Life Science to increase LLM accuracy

HCL Notes and Domino License Cost Reduction in the World of DLAU

Recommendation System using RAG Architecture

Skybuffer SAM4U tool for SAP license adoption

UI5 Controls simplified - UI5con2024 presentation

Fueling AI with Great Data with Airbyte Webinar

Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf

Monitoring and Managing Anomaly Detection on OpenShift.pdf

AWS Cloud Cost Optimization Presentation.pptx

June Patch Tuesday

Driving Business Innovation: Latest Generative AI Advancements & Success Story

Operating System Used by Users in day-to-day life.pptx

Letter and Document Automation for Bonterra Impact Management (fka Social Sol...

Taking AI to the Next Level in Manufacturing.pdf

Building Production Ready Search Pipelines with Spark and Milvus

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

Ocean lotus Threat actors project by John Sitima 2024 (1).pptx

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf

Best 20 SEO Techniques To Improve Website Visibility In SERP

Securing The AWS Cloud, Steve Riley, AWS Events, April 2010

1. Securing the AWS Cloud Steve Riley [email_address] @steveriley @awscloud http://stvrly.wordpress.com

2. Amazon EC2 Amazon S3 Amazon CloudFront

5. Amazon EC2 Amazon S3 Amazon CloudFront

10.

11. Amazon S3 Amazon SimpleDB Amazon EBS Amazon RDS Amazon EC2 ++ ++ ++

12. … … … AWS admins only SSH via bastions Audits reviewed Customer only Inbound flows Default deny Customer only SSH, ID/pw, X.509 Root/admin control Hypervisor layer Physical interfaces AWS firewall Customer 1 security groups Customer 2 security groups Customer n security groups Customer 1 virtual interfaces Customer 2 virtual interfaces Customer n virtual interfaces Customer 1 Customer 2 Customer n

13. 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 / / / / / / / / / / / / / / / /

14. Web tier Application tier Database tier HTTP/HTTPS from Internet SSH/RDP management from corpnet SSH/RDP management from corpnet, vendor

15. ec2-authorize WebSG -P tcp -p 80 -s 0.0.0.0/0 ec2-authorize WebSG -P tcp -p 443 -s 0.0.0.0/0 ec2-authorize AppSG -P tcp -p AppPort -o WebSG ec2-authorize AppSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG -P tcp -p DBPort -o AppSG ec2-authorize DBSG -P tcp -p 22|3389 -s CorpNet ec2-authorize DBSG -P tcp -p 22|3389 -s Vendor

16. Your corporate network Amazon Web Services Cloud Your VPC

17.

18.

19.

20.

21.

22.

23. Thank you very much! Steve Riley [email_address] @steveriley @awscloud http://stvrly.wordpress.com

Editor's Notes

Effective security includes good processes and technologies to protect confidentiality, integrity, and availability. AWS ensures availability by providing multiple independent geographic locations for compute and storage. Amazon EC2 and Amazon S3 exist in three (soon four) geographic Regions; Amazon CloudFront offers 15 global distribution points. [click] In the US-East Region…
… there are four Availability Zones. Think of an AZ as a distinct data center, with its own set of power supplies and network connections. Multiple AZs provide for compute and storage redundancy within each geographic Region.
As much as geographically possible, we separate the AZs in distinct seismological areas and flood plains. We don’t want weather to be a concern.
In the US-West and the EU Regions
… there are two availability zones. This is our minimum requirement for any Region.
Depending on the service, we may move data between AZs within a Region…
… however we don’t automatically move any data between Regions to help you satisfy any local or national regulatory requirements. You must initiate inter-Region data transfer yourself, and this will flow over the public Internet.
Our facilities are nondescript, we don’t indicate what they are; this is one example where “security by obscurity” actually makes sense.
We require multiple levels of physical access control before approved personnel can enter any of our facilities, they receive time-limited tokens to access only the required equipment, and all actions are logged.
Depending on which service you use to store information, AWS will automatically replicate it. Amazon S3 and Amazon SimpleDB create multiple replicas of each object, stored in multiple AZs. Amazon EBS and Amazon RDS make multiple replicas in only one AZ. The ephemeral storage of an instance has no replicas—so don’t rely on it for durability.
We use the Xen hypervisor with some custom modifications. Most importantly, the code we add to the hypervisor implements the security group functionality. Every Amazon EC2 instance must be associated with a security group, which defines the traffic allowed into the instance by destination port number and source IP address. AWS manages the physical machines and the host operating systems. Each customer manages his or own instances (virtual machines).
Each service has a specific disk virtualization technology. For most of them, like Amazon S3, SimpleDB, and instance storage, a logical-to-physical block mapping is created across unused physical disk space. The virtualization technology permits you to read only the information you’ve written and nothing else. [click] For EBS, we zero out the disk blocks when you allocate a volume—this explains the delay between when you allocate the volume and it becomes available for use. Your data belongs to you, not to us. We have a specific policy prohibiting routine access of customer data by AWS administrators. For additional protection… [click ] …you can also encrypt your data, if you wish. You’re free to choose whatever encryption tools you prefer. Remember, though, that key management is not a trivial task; if you lose your keys, there’s no way to recover your data.
It’s possible to build virtual three-tier architectures in AWS with creative use of security groups. Conceptually, each tier’s group allows the required traffic from its higher tier and also any necessary management traffic.
These seven API calls create the three security groups that define the three-tier architecture.
Amazon VPC allows you define compute instances that essentially live within your corporate network. You assign the IP addresses, and all traffic flows not directly over the Internet but through an IPsec tunnel mode security association defined between a gateway on your network and a gateway on our network. No one outside your corporate network has access to the instances. Your own security policies and technologies direct which traffic is allowed in and out.
Permissions on buckets and objects are distinct—they don’t inherit. And remember that in some S3 documentation, the term “key” is used to refer to the name of an object inside a bucket.
It’s fashionable to bash encryption now, not sure why? It’s the best tool we have to protect confidentiality. AWS supports your use of encryption if you need it to satisfy regulatory or compliance requirements.
Multifactor authentication helps protect your AWS account credentials and provides an additional level of security before services can be started or stopped or modified. Eventually you’ll be able to incorporate MFA into AWS-hosted applications.
The AWS Security Center is your one-stop shop for all things related to security and privacy information. Here you can find the most recent version of our security whitepaper and subscribe to our security bulletin feed.

Securing The AWS Cloud, Steve Riley, AWS Events, April 2010

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (6)

Similar to Securing The AWS Cloud, Steve Riley, AWS Events, April 2010

Similar to Securing The AWS Cloud, Steve Riley, AWS Events, April 2010 (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Recently uploaded

Recently uploaded (20)

Securing The AWS Cloud, Steve Riley, AWS Events, April 2010

Editor's Notes