1) The document discusses initial considerations for deploying applications on AWS such as how the service will be accessed, what data is being handled, and compliance needs.
2) It then covers the AWS shared responsibility model and who manages what between AWS and the customer for different types of AWS services.
3) Practical advice is provided on security controls to deploy on AWS, including using Route 53, CloudFront, S3 buckets, application load balancers, and VPC components.
4) The document concludes by recommending several AWS security audit tools including CloudTrail, Config, GuardDuty, and VPC flow logs to ensure deployments are working as planned.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we cover considerations, limitations, and security patterns when building a multi-account strategy. We explore topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. We conclude by presenting an enterprise-ready landing-zone framework and providing the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
Amazon RDS allows you to launch an optimally configured, secure and highly available database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you to focus on your applications and business.
In this session we will explore the world’s first cloud-scale file system and its targeted use cases. Session attendees will learn about EFS’s benefits, how to identify applications that are appropriate for use with EFS, and details about its performance and security models. The target audience is file system administrators, application developers, and application owners that operate or build file-based applications.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we cover considerations, limitations, and security patterns when building a multi-account strategy. We explore topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. We conclude by presenting an enterprise-ready landing-zone framework and providing the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
Amazon RDS allows you to launch an optimally configured, secure and highly available database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you to focus on your applications and business.
In this session we will explore the world’s first cloud-scale file system and its targeted use cases. Session attendees will learn about EFS’s benefits, how to identify applications that are appropriate for use with EFS, and details about its performance and security models. The target audience is file system administrators, application developers, and application owners that operate or build file-based applications.
AWS Control Tower is a new AWS service for cloud administrators to set up and govern their secure, compliant, multi-account environments on AWS.
In this session, University of York will discuss their implementation of AWS Landing Zone. We’ll also explain how AWS Control Tower automates AWS Landing Zone creation with best-practice blueprints.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM enables you to securely control access to your application or product services and resources for your users.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud trail key concepts, workflow and event history
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. Enabled with a few clicks in the AWS Management Console, Amazon GuardDuty can immediately begin analyzing billions of events across your AWS accounts for signs of risk. It does not require you to deploy and maintain software or security infrastructure, meaning it can be enabled quickly with no risk of negatively impacting existing application workloads.
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
Most modern businesses depend on a portfolio of technology solutions to operate and be successful every day. How do you know whether your team is following best practices or what the risks are in your architectures? This session shows how the AWS Well-Architected Framework provides prescriptive advice on best practices and how the AWS Well-Architected Tool enables you to measure and improve your technology portfolio. We explain how other customers are using AWS Well-Architected in their businesses, and we share what we learned from reviewing tens of thousands of architectures across operational excellence, security, reliability, performance efficiency, and cost optimization.
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud watch key concepts, workflow, dashboard, metrics, cloud watch agent, alarms, events and logs.
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIsAmazon Web Services
Amazon API Gateway is a fully managed service that makes it easy for developers to create, deploy, secure, and monitor APIs at any scale. In this presentation, you’ll find out how to quickly declare an API interface and connect it with code running on AWS Lambda. Amazon API Gateway handles all of the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. We will demonstrate how to build an API that uses AWS Identity and Access Management (IAM) for authorization and Amazon Cognito to retrieve temporary credentials for your API calls. We will write the AWS Lambda function code in Java and build an iOS sample application in Objective C.
At AWS, cloud security is our highest priority. All AWS customers inherit the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of the most security-sensitive organizations in the most highly-regulated industries in the world – including financial services. In this talk, AWS experts discuss the fundamentals of AWS Cloud security, best practices, and services customers can leverage in order to operate and innovate in the cloud – more securely than on premises.
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud
Can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage
Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic
AWS Control Tower is a new AWS service for cloud administrators to set up and govern their secure, compliant, multi-account environments on AWS.
In this session, University of York will discuss their implementation of AWS Landing Zone. We’ll also explain how AWS Control Tower automates AWS Landing Zone creation with best-practice blueprints.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM enables you to securely control access to your application or product services and resources for your users.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud trail key concepts, workflow and event history
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. Enabled with a few clicks in the AWS Management Console, Amazon GuardDuty can immediately begin analyzing billions of events across your AWS accounts for signs of risk. It does not require you to deploy and maintain software or security infrastructure, meaning it can be enabled quickly with no risk of negatively impacting existing application workloads.
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
Most modern businesses depend on a portfolio of technology solutions to operate and be successful every day. How do you know whether your team is following best practices or what the risks are in your architectures? This session shows how the AWS Well-Architected Framework provides prescriptive advice on best practices and how the AWS Well-Architected Tool enables you to measure and improve your technology portfolio. We explain how other customers are using AWS Well-Architected in their businesses, and we share what we learned from reviewing tens of thousands of architectures across operational excellence, security, reliability, performance efficiency, and cost optimization.
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud watch key concepts, workflow, dashboard, metrics, cloud watch agent, alarms, events and logs.
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIsAmazon Web Services
Amazon API Gateway is a fully managed service that makes it easy for developers to create, deploy, secure, and monitor APIs at any scale. In this presentation, you’ll find out how to quickly declare an API interface and connect it with code running on AWS Lambda. Amazon API Gateway handles all of the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. We will demonstrate how to build an API that uses AWS Identity and Access Management (IAM) for authorization and Amazon Cognito to retrieve temporary credentials for your API calls. We will write the AWS Lambda function code in Java and build an iOS sample application in Objective C.
At AWS, cloud security is our highest priority. All AWS customers inherit the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of the most security-sensitive organizations in the most highly-regulated industries in the world – including financial services. In this talk, AWS experts discuss the fundamentals of AWS Cloud security, best practices, and services customers can leverage in order to operate and innovate in the cloud – more securely than on premises.
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud
Can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage
Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic
Shared Responsibility and Setting Up Secure Account StructuresAmazon Web Services
In addition to discussing the AWS Shared Responsibility Model in detail for Infrastructure, Container and Abstract Services, we present a reference architecture for a secure, multi-account enterprise structure, including Mandatory Access Control for logging and separation assurance for different groups and functions within an organisation.
Datensicherheit mit AWS - AWS Security Web DayAWS Germany
Vortrag "Datensicherheit mit AWS" von Bertram Dorn beim AWS Security Web Day 2016. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/1NFtR5P
Dieser Vortrag bietet Ihnen eine Übersicht über mögliche Leistungsmerkmale und Optionen von Amazon Web Services, mit denen Ihre Daten gesichert werden können. Die AWS Dienste folgen spezifischen Bauplänen auf Basis von Regionen und Verfügbarkeitszonen. Das Verstehen dieser Baupläne ermöglicht es Ihnen, die richtige Wahl zu treffen, um erfolgreich Anwendungen auf AWS laufen zu lassen. Auch existieren verschiedenste Optionen welche von AWS zur Sicherung der Anwendungen empfohlen werden. Der Vortrag wird einen Überblick über diese Optionen geben und einige bewährte Verfahren im Bereich Verschlüsselung und AWS-Konto-Verwaltung beschreiben.
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
2. What we’ll cover today …
• Initial considerations before you deploy
• Walk through AWS Shared Responsibility Model
• Practical advice on AWS security controls to deploy
• Practical advice on AWS security audit tooling
4. Ask yourself some questions:
1. How will your service will be accessed (public or private)?
2. What sort of data are you handling?
3. Are there any regulations you need to be compliant with?
4. Are there any compliance assessments you need to plan for?
5. Who will be administering the application?
6. Who needs to audit the platform (internal or external)?
5. Answers will lead you to where you put your
data
Availability
Zone A
Availability
Zone B
Availability
Zone C
Each region has at least two Availability Zones
7. • Integration with AWS Services
• Identity Federation
• Granular Permissions Model
• Multi-factor Authentication
• Identity information for assurance
Answers will lead you to Identity and Access
Management
8. Ok - so who manages what?
(The AWS Shared Responsibility Model)
9. Does one model work for all AWS Services?
Infrastructure
Services
Container
Services
Abstracted
Services
10. Network Traffic Protection
Encryption / Integrity / Identity
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Optional – Opaque data: 1’s and 0’s (in transit/at rest)
Platform & Applications Management
Customer content
Customers
AWS Shared Responsibility Model:
for Infrastructure Services
Managed by
Client-Side Data encryption
& Data Integrity Authentication
AWSIAMCustomerIAM
Operating System, Network & Firewall Configuration
Server-Side Encryption
Fire System and/or Data
APIEndpoints
Management
Protocols
API
Calls
11. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Optional – Opaque data: 1’s and 0’s (in transit/at rest)
Firewall
Configuration
Platform & Applications Management
Operating System, Network Configuration
Customer content
Customers
AWS Shared Responsibility Model:
for Container Services
Managed by
Client-Side Data encryption
& Data Integrity Authentication
Network Traffic Protection
Encryption / Integrity / Identity
AWSIAMCustomerIAM
APIEndpoints
Management
Protocols
API
Calls
12. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Platform & Applications Management
Operating System, Network & Firewall Configuration
Customer content
Customers
Managed by
Data Protection by the Platform
Protection of Data at Rest
Network Traffic Protection by the Platform
Protection of Data at in Transit
(optional)
Opaque Data: 1’s and 0’s
(in flight / at rest)
Client-Side Data Encryption
& Data Integrity Authentication
APIEndpoints
AWSIAM
API Calls
AWS Shared Responsibility Model:
forAbstracted Services
13. What should I consider for my
Application?
(Practical advice on AWS Security Controls to deploy)
14. Availability Zone #1
security group
security group
root volume
data volume
Application Load
Balancer
Amazon S3
Bucket Origin
logs
Amazon EBS
snapshot
CloudFront
distribution
EC2 instance
web app
server
Amazon
Route 53
u Malformed Packet Requests
u SYN/ACK or UDP Flood
u Reflection Attacks
u DNS Floods
u Shuffle Sharding (Forced Data Distribution and Isolation)
u Anycast Striping (Ability to advertise IP Scopes from any/all Regions)
myapp.com
Amazon S3
bucket
Route 53
1
www.myapp.com
media.myapp.com
15. Availability Zone #1
security group
security group
root volume
data volume
Application Load
Balancer
Amazon S3
Bucket Origin
logs
Amazon EBS
snapshot
CloudFront
distribution
EC2 instance
web app
server
Amazon
Route 53
u Content Caching
u Origin Acceleration
u AWS WAF Integration (Layer-7 Inspection)
u DDoS Shield and Shield Advanced Integration
myapp.com
Amazon S3
bucket
Cloudfront
2
www.myapp.com
media.myapp.com
16. Availability Zone #1
security group
security group
root volume
data volume
Application Load
Balancer
Amazon S3
Bucket Origin
logs
Amazon EBS
snapshot
CloudFront
distribution
EC2 instance
web app
server
Amazon
Route 53
u Path Based Routing
u HTTP/HTTPS Only
u SSL/TLS Offload
u AWS WAF Integration (Layer-7 Inspection)
u DDoS Shield and Shield Advanced Integration
myapp.com
Amazon S3
bucket
Application Load
Balancer
3
www.myapp.com
media.myapp.com
17. Availability Zone #1
security group
security group
root volume
data volume
Application Load
Balancer
Amazon S3
Bucket Origin
logs
Amazon EBS
snapshot
CloudFront
distribution
EC2 instance
web app
server
Amazon
Route 53
u AWS Macie Integration
u Static HTTP Web Server
u Origin for Cloudfront (use Custom Header for locking down)
u No HTTPS capability (use Cloudfront)
u Object and Bucket Level Logging
myapp.com
Amazon S3
bucket
S3 Bucket
4
www.myapp.com
media.myapp.com
18. Availability Zone #1
security group
security group
root volume
data volume
Application Load
Balancer
Amazon S3
Bucket Origin
logs
Amazon EBS
snapshot
CloudFront
distribution
EC2 instance
web app
server
Amazon
Route 53
u RouteTable – Decides which networks can be routed to/from
u NACL – Stateless – Rule Based, Order-Priority [Default OPEN]
u SG – Stateful – Evaluatative [Default CLOSED]
u VPC FlowLogs – Layer 2/3 Logging in a VPC
myapp.com
Amazon S3
bucket
VPC Controls
5
www.myapp.com
media.myapp.com
19. Availability Zone #1
security group
security group
root volume
data volume
Application Load
Balancer
Amazon S3
Bucket Origin
logs
Amazon EBS
snapshot
CloudFront
distribution
EC2 instance
web app
server
Amazon
Route 53
u Amazon Inspector
u CVE / Best Practices
u CIS Benchmarks / Network Behavioral Monitoring
u AWS Systems Manager Integration – Privileged Command Execution
u AWS Systems Manager Integration – Cloudwatch Logging
myapp.com
Amazon S3
bucket
Amazon Inspector
5
www.myapp.com
media.myapp.com
20. How do I ensure it is all working as
planned?
(Practical advice on AWS Security audit tooling)
21. Myapp Production Account Myapp Dev Account Myapp Sandbox Account
Myapp Audit Account myapp Billing Account
CloudTrail
Bucket
Config
Bucket
Amazon ES
Amazon
QuickSight
Amazon
Athena
u CloudTrail (Athena or ElasticSearch)
u Config (Aggregator)
u Guard Duty
u VPC FlowLogs
u CloudTrail
u Config (incl. Config Rules)
u Guard Duty
u VPC Flow Logs
u Inspector
Amazon
GuardDuty
Multi-Account
View
Local-Account
View
22. Shall we have a look at this in
action?
(Demo time!)