Want to simplify the process of meeting compliance goals in a world of increasing data regulation? AWS customers run mission-critical workloads—SQL and NoSQL databases, business applications, data analytics, log analysis—on Amazon EC2, backed by Amazon EBS and EC2 instance storage. Securing data content and storage access is critical to maintaining uptime and meeting compliance needs. In this session, we discuss data security and review the security capabilities of Amazon EBS and EC2 instance storage. Learn how you can benefit from new Amazon EBS features such as encryption by default, launch of encrypted instances from unencrypted AMIs, and simplified sharing of encrypted AMIs.
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...Amazon Web Services
In this session, we walk you through a demo of how a security team can build dashboards in minutes without having to gain deep knowledge on analytics. The AWS serverless services we use include AWS WAF logs, AWS Glue, Amazon Athena, and Amazon QuickSight.
Securing serverless and container services - SDD306 - AWS re:Inforce 2019 Amazon Web Services
Most customers are uncertain of how to secure their serverless services because these services deviate from traditional perimeter security. Additionally, many security stakeholders do not have as much insight into serverless architectures as developer communities. In this session, we provide best practices, patterns, and demos on securing serverless services using a combination of secure coding practices with partner code libraries, DevOps principles, code/container version control using code, and a deep understanding of serverless services such as AWS Lambda, AWS Fargate, and Amazon EKS. We aim to provide some baselining mechanisms and patterns to build full serverless and secure service architectures.
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Amazon Web Services
Slack stores lots of customer data, and it’s essential that it’s protected. Some customers need tight control over their keys, so Slack worked with AWS KMS to enable customers to revoke data access independently. With Slack’s Enterprise Key Management (EKM) capability, customers control master keys that unlock access to their data from KMS accounts. Using precise, granular KMS access controls, customers allow or deny access to individual channels, workspaces, or Slack channels and audit keys in AWS CloudTrail logs. This session covers KMS and how Slack used KMS to build the EKM capability. Learn how KMS can help you give your customers control over their data.
Containers and mission-critical applications - SEP309-R - AWS re:Inforce 2019 Amazon Web Services
Vanguard is running mission-critical applications on AWS Fargate that require enhanced security controls. In this session, we show you how Vanguard is using Amazon ECS, AWS Fargate, and Application Load Balancer to run its Docker-based microservices.
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...Amazon Web Services
With Amazon EC2, Amazon EBS, Amazon S3, AWS KMS, and more, Intuit’s data platform was able meet the requirements of high availability and rapid infrastructure scaling for 100 percent of the tax year’s seasonal demands. In this session, Intuit answers questions such as: Which portions of a complex system can be forklifted directly? Which need to be reengineered? How can highly sensitive data be migrated and stored securely in AWS? Are operational best practices in AWS different than those on premises? Intuit shares its strategy for establishing sufficient confidence in your business partners and delivering 100 percent product uptime.
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Amazon Web Services
This talk compares AWS CloudHSM to other AWS cryptography services for common use cases. We dive deep on how to build scalable, reliable workloads with CloudHSM, and we cover configuration of the service for performance, error resilience, and cross-region redundancy.
Compliance automation: Set it up fast, then code it your way - GRC330-R - AWS...Amazon Web Services
In this workshop, learn how to detect common resource misconfigurations using AWS Security Hub; how to extend coverage by deploying additional sets of existing rules or your own custom AWS Config rules using our Rule Development Kit (written in Python); and how to automatically remediate compliance violations when they are detected. Python basic skills and a basic understanding of boto3 are required for the coding portion of this workshop.
Building a well-engaged and secure AWS account access management - FND207-R ...Amazon Web Services
Building a well-managed and secure AWS account access management for enterprise customers and AWS partners is essential for managing a large number of AWS accounts. In this session, we review new features, best practices, and the risks involved when architecting organizational units. We also cover how to build dynamic access structures.
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...Amazon Web Services
In this session, we walk you through a demo of how a security team can build dashboards in minutes without having to gain deep knowledge on analytics. The AWS serverless services we use include AWS WAF logs, AWS Glue, Amazon Athena, and Amazon QuickSight.
Securing serverless and container services - SDD306 - AWS re:Inforce 2019 Amazon Web Services
Most customers are uncertain of how to secure their serverless services because these services deviate from traditional perimeter security. Additionally, many security stakeholders do not have as much insight into serverless architectures as developer communities. In this session, we provide best practices, patterns, and demos on securing serverless services using a combination of secure coding practices with partner code libraries, DevOps principles, code/container version control using code, and a deep understanding of serverless services such as AWS Lambda, AWS Fargate, and Amazon EKS. We aim to provide some baselining mechanisms and patterns to build full serverless and secure service architectures.
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Amazon Web Services
Slack stores lots of customer data, and it’s essential that it’s protected. Some customers need tight control over their keys, so Slack worked with AWS KMS to enable customers to revoke data access independently. With Slack’s Enterprise Key Management (EKM) capability, customers control master keys that unlock access to their data from KMS accounts. Using precise, granular KMS access controls, customers allow or deny access to individual channels, workspaces, or Slack channels and audit keys in AWS CloudTrail logs. This session covers KMS and how Slack used KMS to build the EKM capability. Learn how KMS can help you give your customers control over their data.
Containers and mission-critical applications - SEP309-R - AWS re:Inforce 2019 Amazon Web Services
Vanguard is running mission-critical applications on AWS Fargate that require enhanced security controls. In this session, we show you how Vanguard is using Amazon ECS, AWS Fargate, and Application Load Balancer to run its Docker-based microservices.
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...Amazon Web Services
With Amazon EC2, Amazon EBS, Amazon S3, AWS KMS, and more, Intuit’s data platform was able meet the requirements of high availability and rapid infrastructure scaling for 100 percent of the tax year’s seasonal demands. In this session, Intuit answers questions such as: Which portions of a complex system can be forklifted directly? Which need to be reengineered? How can highly sensitive data be migrated and stored securely in AWS? Are operational best practices in AWS different than those on premises? Intuit shares its strategy for establishing sufficient confidence in your business partners and delivering 100 percent product uptime.
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Amazon Web Services
This talk compares AWS CloudHSM to other AWS cryptography services for common use cases. We dive deep on how to build scalable, reliable workloads with CloudHSM, and we cover configuration of the service for performance, error resilience, and cross-region redundancy.
Compliance automation: Set it up fast, then code it your way - GRC330-R - AWS...Amazon Web Services
In this workshop, learn how to detect common resource misconfigurations using AWS Security Hub; how to extend coverage by deploying additional sets of existing rules or your own custom AWS Config rules using our Rule Development Kit (written in Python); and how to automatically remediate compliance violations when they are detected. Python basic skills and a basic understanding of boto3 are required for the coding portion of this workshop.
Building a well-engaged and secure AWS account access management - FND207-R ...Amazon Web Services
Building a well-managed and secure AWS account access management for enterprise customers and AWS partners is essential for managing a large number of AWS accounts. In this session, we review new features, best practices, and the risks involved when architecting organizational units. We also cover how to build dynamic access structures.
Join us for this hands-on workshop where you will learn about a number of AWS services you can use to identify and respond to threats in your AWS environments. Learn about the capabilities of Amazon GuardDuty, Amazon Macie, Amazon Inspector, and AWS Security Hub as you walk through real-world threat scenarios. For each scenario, we will review methods to detect and respond to threats both manually and automated using services like Amazon CloudWatch Events and AWS Lambda.
Architecting security and governance through policy guardrails in Amazon EKS ...Amazon Web Services
Amazon EKS makes it easy to run Kubernetes on AWS without managing master nodes or etcd operators. Kubernetes offers a powerful abstraction layer for managing containerized infrastructure, which presents unique challenges to AWS media customers. In this session, we share lessons from Synamedia, and we discuss its reasons for moving to EKS and the security and governance implications for migrating workloads. Learn about the approach and benefits for establishing security and governance with Open Policy Agent (OPA), which uses Kubernetes validating and mutating admission controllers to establish policy guardrails for container registries, input, load balancers, and other objects within EKS.
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Amazon Web Services
Customers trust AWS with mission-critical workloads because AWS is designed and built to deliver the most flexible, reliable, scalable, and secure cloud computing environment available today. AWS works to earn that trust by offering transparency, demonstrating consistency, and providing best practices to keep themselves secure. As customers adopt AWS, they traverse several trust-building milestones with due-diligence activities, such as assurance report and AWS Well-Architected Tool reviews and deep dives with AWS subject matter experts. This session addresses these milestones at common AWS adoption stages with examples, questions that customers often ask, and suggestions for how to get started.
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...Amazon Web Services
The builder in you wants to move fast in the cloud, taking advantage of the agility, flexibility, and scale that it offers. The security professional in you needs to ensure that—no matter what your team is doing in the cloud—certain security and compliance invariants are guaranteed to hold. This session is for the security builders among you. We show you how to take advantage of the security perimeters offered by AWS Organizations to simply, securely, and definitively assert your security rules at the perimeter.
Capital One case study: Addressing compliance and security within AWS - FND21...Amazon Web Services
Capital One is a leading global financial institution that has reimagined banking. Attend this session to learn how the company is governing and securing mission-critical infrastructure, its AWS environment, and its users and customers by building an integrated identity governance program that secures the organization and enables its workforce. Capital One shares its successes and lessons learned while building its identity strategy, and it covers what the company recommends that you consider when building or expanding your identity program. Learn how Capital One secures the wallet that it refers to when asking, “What’s in your wallet?”
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Amazon Web Services
"In this workshop, cloud architects, Cloud Center of Excellence (CCOE) team members, and IT managers learn how to launch and operate governed cloud workloads on AWS by leveraging AWS management tools. They extend a sample catalog containing Amazon EC2, Amazon S3, and so on, and enable catalog users to only manage the resources they create. They then perform the IT service management process integration using ServiceNow as an example solution.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...Amazon Web Services
Many enterprises use Active Directory for authentication, server and workstation management, group policy management, and more. It’s also one of the first applications to be deployed on AWS by those building or migrating Windows applications at scale. There are two primary models for running Active Directory on AWS: AWS Managed Microsoft AD and self-managed Active Directory on Amazon EC2. We discuss best practices for securing Active Directory deployment on AWS and the shared responsibility model for running AWS Managed Microsoft AD. We also examine a reference architecture that follows these best practices. Services include AWS Managed Microsoft AD, Amazon EC2, Amazon EBS, Amazon VPC, and AWS KMS.
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Amazon Web Services
Customers must regularly attest to the security and compliance of AWS services in order to confidently operate within the cloud. To support customers with this task, AWS provides a number of resources to define our 13 control domains, differentiate between customer and AWS responsibilities, and demonstrate the mapping of an organization’s attestation needs to an AWS audit framework. During this session, customers familiarize themselves with our compliance reports (e.g., FedRAMP, SOC, ISO, PCI, etc.), dive deep on AWS compliance tools, and discuss mechanisms for leveraging the knowledge of AWS security subject matter experts.
How encryption works in AWS: What assurances do you have that unauthorized us...Amazon Web Services
Customers who want their data encrypted on AWS increasingly take advantage of AWS services that allow them to encrypt data and manage access to the encryption keys. This session discusses how your data is encrypted in transit and at rest in AWS services like Amazon EC2, Amazon S3, and Elastic Load Balancing. Learn about the AWS key management options available, such as AWS KMS, CloudHSM, and ACM. The session also covers some of the security controls that AWS uses to minimize risk of compromise by unauthorized users as it works to keep your data safe.
Evolving perimeters with guardrails, not gates: Improving developer agility -...Amazon Web Services
In this session, Comcast discusses its AWS cloud governance strategy, focusing on self-service tooling and account management, and explaining how it improved the developer experience by leveraging federated identities, AWS Organizations, and AWS Identity and Access Management permissions boundaries.
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Amazon Web Services
Amazon Elastic Container Service for Kubernetes (Amazon EKS) is an AWS service offering a managed Kubernetes control plane for customers to orchestrate their containerized applications on Amazon EC2. In this chalk talk, Micah Hausler, AWS system development engineer, explains how customers can ensure the integrity and auditability of their applications on Amazon EKS. He demonstrates the exploitation of a misconfigured web application container, and he conducts a forensic analysis of what happened in the system.
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Amazon Web Services
"DevOps practices help push applications faster into production through better collaboration and automated testing. During that process, security is often seen as an inhibitor to speed. The challenge for many organizations is delivering applications at a fast pace while embedding security at the speed of DevOps. In this session, learn how products and customers in the AWS Marketplace help make DevSecOps a well-orchestrated methodology for ensuring the speed, stability, and security of your applications.
Unify security, compliance, and finance teams with governance at scale - GRC2...Amazon Web Services
Cloud users typically feel that security, compliance, and finance teams throttle speed and innovation. However, the concerns of security misconfigurations and cloud budget overruns are real threats to the enterprise as adoption scales. Organizations struggle with finding the right balance to empower these teams while giving end-users the autonomy required. The governance at scale framework provides visibility, control, autonomy, and confidence to move enterprises to the cloud. It was built on a decade of lessons learned from the largest customers, including AWS itself. This session shares stories of customer successes using this framework and the impacts to their cloud journeys.
Don’t be a haven for attackers: Mitigate misconfigurations with AWS Service C...Amazon Web Services
Security is a growing concern. Misconfigurations and inconsistent deployments provide opportunities for attackers to find vulnerabilities. This underscores the need to enforce policies as more and more production workloads move to the cloud. In this session, we focus on how customers are using Service Catalog as a layered defense-in-depth mechanism to mitigate misconfigurations and variability in workload deployments. In addition, we discuss how Control Tower provides guardrails for policy enforcement. These help customers like World Bank enforce security and manage compliance.
Auditing in the cloud is different from auditing in on-premises environments. In this workshop, we discuss those differences and share best practices for auditing in the cloud. We provide a cloud- and customer-agnostic foundation for cloud security auditing. In addition to covering necessary building blocks of cloud security, we cover cloud-specific considerations and guidelines that auditors should keep in mind when verifying security controls. Join us, and learn the cloud considerations for auditing from the experts.
New ways to automate compliance verification on AWS using provable security -...Amazon Web Services
The traditional audit methodology of manually sampling, interviewing, and observing provides limited insight into the adherence of a customer’s cloud environment to common regulatory frameworks. The auditor and customer’s challenge is to generate and evaluate evidence of an entire system’s compliance with specific controls, which becomes increasingly difficult with larger code bases. The AWS Provable Security initiative applies automated reasoning technology to automatically prove that a customer’s cloud environment meets certain regulatory standards. In this session, Chad Woolf, AWS VP of Security Assurance, and Byron Cook, director of the AWS Automated Reasoning Group, sit down with a representative from Coalfire, assessor of AWS, to discuss how the Provable Security initiative is creating new, higher-assurance models for auditors and customers.
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019 Amazon Web Services
In agile and elastic environments, having real-time visibility into instances and ensuring that they are secure and compliant is critical. Solutions must work with your DevOps tools to provide visibility without slowing down your release cadence. In this session, Qualys shares how you can implement an AWS golden AMI pipeline that is integrated with Qualys to assess your AMIs and monitor the instances for changes in production. Learn how Ancestry uses Qualys in its CI/CD pipeline to secure its applications and track-approved AMIs. Using Qualys, Ancestry was able to reduce the vulnerabilities in its application deployments by 80 percent in a few months.
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Amazon Web Services
Learning Objectives:
- Learn how to set-up a CI/CD pipeline with AWS Fargate or Amazon ECS
- Understand how CodePipeline can help your team release high quality code, faster
- See a working sample of a CI/CD pipeline with AWS Fargate and AWS CodePipeline
Backing Up Amazon EC2 with Amazon EBS Snapshots (CMP301-R1) - AWS re:Invent 2018Amazon Web Services
With Amazon EBS, you can easily create a simple point-in-time backup for your Amazon EC2 instances. In this deep dive session, you learn how to use Amazon EBS snapshots to back up your Amazon EC2 environment. We review how snapshots work, and we share best practices for tagging snapshots, cost management, and snapshot automation.
Join us for this hands-on workshop where you will learn about a number of AWS services you can use to identify and respond to threats in your AWS environments. Learn about the capabilities of Amazon GuardDuty, Amazon Macie, Amazon Inspector, and AWS Security Hub as you walk through real-world threat scenarios. For each scenario, we will review methods to detect and respond to threats both manually and automated using services like Amazon CloudWatch Events and AWS Lambda.
Architecting security and governance through policy guardrails in Amazon EKS ...Amazon Web Services
Amazon EKS makes it easy to run Kubernetes on AWS without managing master nodes or etcd operators. Kubernetes offers a powerful abstraction layer for managing containerized infrastructure, which presents unique challenges to AWS media customers. In this session, we share lessons from Synamedia, and we discuss its reasons for moving to EKS and the security and governance implications for migrating workloads. Learn about the approach and benefits for establishing security and governance with Open Policy Agent (OPA), which uses Kubernetes validating and mutating admission controllers to establish policy guardrails for container registries, input, load balancers, and other objects within EKS.
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Amazon Web Services
Customers trust AWS with mission-critical workloads because AWS is designed and built to deliver the most flexible, reliable, scalable, and secure cloud computing environment available today. AWS works to earn that trust by offering transparency, demonstrating consistency, and providing best practices to keep themselves secure. As customers adopt AWS, they traverse several trust-building milestones with due-diligence activities, such as assurance report and AWS Well-Architected Tool reviews and deep dives with AWS subject matter experts. This session addresses these milestones at common AWS adoption stages with examples, questions that customers often ask, and suggestions for how to get started.
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...Amazon Web Services
The builder in you wants to move fast in the cloud, taking advantage of the agility, flexibility, and scale that it offers. The security professional in you needs to ensure that—no matter what your team is doing in the cloud—certain security and compliance invariants are guaranteed to hold. This session is for the security builders among you. We show you how to take advantage of the security perimeters offered by AWS Organizations to simply, securely, and definitively assert your security rules at the perimeter.
Capital One case study: Addressing compliance and security within AWS - FND21...Amazon Web Services
Capital One is a leading global financial institution that has reimagined banking. Attend this session to learn how the company is governing and securing mission-critical infrastructure, its AWS environment, and its users and customers by building an integrated identity governance program that secures the organization and enables its workforce. Capital One shares its successes and lessons learned while building its identity strategy, and it covers what the company recommends that you consider when building or expanding your identity program. Learn how Capital One secures the wallet that it refers to when asking, “What’s in your wallet?”
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Amazon Web Services
"In this workshop, cloud architects, Cloud Center of Excellence (CCOE) team members, and IT managers learn how to launch and operate governed cloud workloads on AWS by leveraging AWS management tools. They extend a sample catalog containing Amazon EC2, Amazon S3, and so on, and enable catalog users to only manage the resources they create. They then perform the IT service management process integration using ServiceNow as an example solution.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
How to secure your Active Directory deployment on AWS - FND306-R - AWS re:Inf...Amazon Web Services
Many enterprises use Active Directory for authentication, server and workstation management, group policy management, and more. It’s also one of the first applications to be deployed on AWS by those building or migrating Windows applications at scale. There are two primary models for running Active Directory on AWS: AWS Managed Microsoft AD and self-managed Active Directory on Amazon EC2. We discuss best practices for securing Active Directory deployment on AWS and the shared responsibility model for running AWS Managed Microsoft AD. We also examine a reference architecture that follows these best practices. Services include AWS Managed Microsoft AD, Amazon EC2, Amazon EBS, Amazon VPC, and AWS KMS.
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Amazon Web Services
Customers must regularly attest to the security and compliance of AWS services in order to confidently operate within the cloud. To support customers with this task, AWS provides a number of resources to define our 13 control domains, differentiate between customer and AWS responsibilities, and demonstrate the mapping of an organization’s attestation needs to an AWS audit framework. During this session, customers familiarize themselves with our compliance reports (e.g., FedRAMP, SOC, ISO, PCI, etc.), dive deep on AWS compliance tools, and discuss mechanisms for leveraging the knowledge of AWS security subject matter experts.
How encryption works in AWS: What assurances do you have that unauthorized us...Amazon Web Services
Customers who want their data encrypted on AWS increasingly take advantage of AWS services that allow them to encrypt data and manage access to the encryption keys. This session discusses how your data is encrypted in transit and at rest in AWS services like Amazon EC2, Amazon S3, and Elastic Load Balancing. Learn about the AWS key management options available, such as AWS KMS, CloudHSM, and ACM. The session also covers some of the security controls that AWS uses to minimize risk of compromise by unauthorized users as it works to keep your data safe.
Evolving perimeters with guardrails, not gates: Improving developer agility -...Amazon Web Services
In this session, Comcast discusses its AWS cloud governance strategy, focusing on self-service tooling and account management, and explaining how it improved the developer experience by leveraging federated identities, AWS Organizations, and AWS Identity and Access Management permissions boundaries.
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Amazon Web Services
Amazon Elastic Container Service for Kubernetes (Amazon EKS) is an AWS service offering a managed Kubernetes control plane for customers to orchestrate their containerized applications on Amazon EC2. In this chalk talk, Micah Hausler, AWS system development engineer, explains how customers can ensure the integrity and auditability of their applications on Amazon EKS. He demonstrates the exploitation of a misconfigured web application container, and he conducts a forensic analysis of what happened in the system.
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Amazon Web Services
"DevOps practices help push applications faster into production through better collaboration and automated testing. During that process, security is often seen as an inhibitor to speed. The challenge for many organizations is delivering applications at a fast pace while embedding security at the speed of DevOps. In this session, learn how products and customers in the AWS Marketplace help make DevSecOps a well-orchestrated methodology for ensuring the speed, stability, and security of your applications.
Unify security, compliance, and finance teams with governance at scale - GRC2...Amazon Web Services
Cloud users typically feel that security, compliance, and finance teams throttle speed and innovation. However, the concerns of security misconfigurations and cloud budget overruns are real threats to the enterprise as adoption scales. Organizations struggle with finding the right balance to empower these teams while giving end-users the autonomy required. The governance at scale framework provides visibility, control, autonomy, and confidence to move enterprises to the cloud. It was built on a decade of lessons learned from the largest customers, including AWS itself. This session shares stories of customer successes using this framework and the impacts to their cloud journeys.
Don’t be a haven for attackers: Mitigate misconfigurations with AWS Service C...Amazon Web Services
Security is a growing concern. Misconfigurations and inconsistent deployments provide opportunities for attackers to find vulnerabilities. This underscores the need to enforce policies as more and more production workloads move to the cloud. In this session, we focus on how customers are using Service Catalog as a layered defense-in-depth mechanism to mitigate misconfigurations and variability in workload deployments. In addition, we discuss how Control Tower provides guardrails for policy enforcement. These help customers like World Bank enforce security and manage compliance.
Auditing in the cloud is different from auditing in on-premises environments. In this workshop, we discuss those differences and share best practices for auditing in the cloud. We provide a cloud- and customer-agnostic foundation for cloud security auditing. In addition to covering necessary building blocks of cloud security, we cover cloud-specific considerations and guidelines that auditors should keep in mind when verifying security controls. Join us, and learn the cloud considerations for auditing from the experts.
New ways to automate compliance verification on AWS using provable security -...Amazon Web Services
The traditional audit methodology of manually sampling, interviewing, and observing provides limited insight into the adherence of a customer’s cloud environment to common regulatory frameworks. The auditor and customer’s challenge is to generate and evaluate evidence of an entire system’s compliance with specific controls, which becomes increasingly difficult with larger code bases. The AWS Provable Security initiative applies automated reasoning technology to automatically prove that a customer’s cloud environment meets certain regulatory standards. In this session, Chad Woolf, AWS VP of Security Assurance, and Byron Cook, director of the AWS Automated Reasoning Group, sit down with a representative from Coalfire, assessor of AWS, to discuss how the Provable Security initiative is creating new, higher-assurance models for auditors and customers.
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019 Amazon Web Services
In agile and elastic environments, having real-time visibility into instances and ensuring that they are secure and compliant is critical. Solutions must work with your DevOps tools to provide visibility without slowing down your release cadence. In this session, Qualys shares how you can implement an AWS golden AMI pipeline that is integrated with Qualys to assess your AMIs and monitor the instances for changes in production. Learn how Ancestry uses Qualys in its CI/CD pipeline to secure its applications and track-approved AMIs. Using Qualys, Ancestry was able to reduce the vulnerabilities in its application deployments by 80 percent in a few months.
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Amazon Web Services
Learning Objectives:
- Learn how to set-up a CI/CD pipeline with AWS Fargate or Amazon ECS
- Understand how CodePipeline can help your team release high quality code, faster
- See a working sample of a CI/CD pipeline with AWS Fargate and AWS CodePipeline
Backing Up Amazon EC2 with Amazon EBS Snapshots (CMP301-R1) - AWS re:Invent 2018Amazon Web Services
With Amazon EBS, you can easily create a simple point-in-time backup for your Amazon EC2 instances. In this deep dive session, you learn how to use Amazon EBS snapshots to back up your Amazon EC2 environment. We review how snapshots work, and we share best practices for tagging snapshots, cost management, and snapshot automation.
Solutions for Storage and Data Migrations | AWS Summit Tel Aviv 2019Amazon Web Services
Objects? File Systems? Block? Hybrid? Let's talk about AWS' storage solutions, starting from ways to migrate your data into AWS, through the different storage services AWS has to offer, alongside AWS's storage parterships.
Discover how EBS can take your application deployments on EC2 to the next level. You will learn service features and benefits, how to identify applications that are appropriate for use with EBS, best practices, and details about its performance and volume types.
“Lift and shift” storage for business-critical applications - STG203 - New Yo...Amazon Web Services
Among your company’s top priorities should be ensuring that its data is safely and securely persisted. But beyond data integrity, you also need to ensure availability. In this session, learn best practices for AWS block and file storage when supporting business-critical applications such as SAP HANA, Oracle RAC, Microsoft SQL Server, MySQL, Cassandra, and home directories. We discuss migrating mission-critical workload data, selecting volumes or file systems, maximizing performance, and designing for durability and availability. You also learn how to optimize for cost to make sure your “lift and shift” project is a complete success.
In this popular session, discover how Amazon EBS can take your application deployments on Amazon EC2 to the next level. Learn about Amazon EBS features and benefits, how to identify applications that are appropriate for use with Amazon EBS, best practices, snapshots, and details about its performance and volume types. The target audience is storage administrators, application developers, applications owners, and anyone who wants to understand how to optimize performance for Amazon EC2 using the power of Amazon EBS.
AWS storage solutions for business-critical applications - STG301 - Chicago A...Amazon Web Services
Ensuring that your company’s data is safely and securely persisted should be among your organization’s top priorities. But beyond data integrity, you also need to ensure availability. In this session, we focus on best practices for AWS block and file storage when supporting business-critical applications such as SAP HANA, Oracle RAC, Microsoft SQL Server, MySQL, Cassandra, and home directories. We discuss migrating mission-critical workload data, selecting volumes or file systems, maximizing performance, and designing for durability and availability. We also talk about how to optimize for cost to make sure your lift-and-shift project is a complete success.
Design, Deploy, and Optimize Microsoft SQL Server on AWS (WIN324-R1) - AWS re...Amazon Web Services
In this session, we dive deep on best practices and design considerations for running Microsoft SQL Server on AWS. We cover how to choose between running SQL Server on Amazon EC2 and Amazon RDS. We also cover how to optimize the performance of SQL Server on AWS, how to leverage the new the Optimize CPU feature, and how to deploy SQL Server on Linux. We also review best practices for storage, monitoring, availability, security, and backup and recovery for SQL Server.
STG330_Case Study How Experian Leverages Amazon EC2, EBS, and S3 with Clouder...Amazon Web Services
Experian gathers, analyzes, and processes credit data at massive scale to help businesses make smarter decisions, individuals gain access to financial services, and lenders to minimize risk. The company built its petabyte-scale data-ingestion and analytics solution using CDH (Cloudera Distribution Including Apache Hadoop) running on Amazon EC2, with data stored in Amazon EBS and Amazon S3. This next generation big data platform aims to improve the data accuracy by moving away from traditional batch uploads to a real-time API-based ingestion process. In this talk, you will learn how Experian has leveraged different AWS compute and storage services for agility and quicker time to market. We will discuss lessons learned and best practices for success throughout.
Protecting Amazon EC2 Instances, Relational Databases, and NoSQL Workloads (S...Amazon Web Services
For many IT professionals, cloud data protection can be challenging. In this session, we explore options for protecting and restoring your Amazon EC2 instances, relational databases, and NoSQL databases, such as MongoDB and Cassandra. We show you how solutions such as Rubrik Cloud Data Management and Rubrik Datos IO augment your Amazon EC2 backup strategy, including lifecycle management of Amazon EBS snapshots and Amazon Machine Images (AMI), automation and simplification of Amazon EBS volume and file-level restores from Amazon EBS snapshots, and application-consistent backup and recovery for Oracle, Microsoft SQL Server, MongoDB, and Cassandra databases on Amazon EC2. This session is brought to you by AWS partner, Rubrik.
In this session, learn the best practices and considerations for running Microsoft SQL Server on AWS, best practices for deploying SQL Server, how to choose between Amazon EC2 and Amazon RDS, and ways to optimize the performance of your SQL Server deployment for different application types. We will review how to provision and monitor your SQL Server databases, and how to manage scalability, performance, availability, security, and backup and recovery in both Amazon RDS and Amazon EC2. In addition, we will also cover how you can set up a disaster recovery solution between an on-premises SQL Server environment and AWS, using native SQL Server features like log shipping, replication, and AlwaysOn Availability Groups.
Key Outcomes:
• Understand Microsoft SQL Server deployment options on AWS
• The Latest features in SQL Server 2016
• Get Best practices for deploying
• SQL Server on Amazon EC2
• Amazon RDS for SQL Server
Who Should Attend:
• Technical Decision Makers
• Senior IT Managers and Specialist
• DBA’s
• Solution Architects and Engineer
by Gowri Balasubramanian, AWS
Amazon RDS makes it easy to set up, operate, and scale a relational database in the cloud. We’ll look at what RDS does (and does not) do to manage the “muck” of database operations.
SRV310 Optimizing Relational Databases on AWS: Deep Dive on Amazon RDSAmazon Web Services
Amazon RDS enables you to launch an optimally configured, secure, and highly available relational database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming administration tasks, and freeing you to focus on your applications and business. In this session, we take a closer look at how Amazon RDS works, and we review best practices to achieve performance, flexibility, and cost saving for your MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server databases on Amazon RDS. We also discuss AWS Database Migration Service, a quick and secure means for migrating your existing RDBMS investments to Amazon RDS.
Similar to Securing your block storage on AWS - GRC207 - AWS re:Inforce 2019 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.