Vortrag "Security Boundaries and Functions of Services for Serverless Architectures on AWS" von Bertram Dorn beim AWS Serverless Web Day. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/28QIaxM
Securing Serverless Architectures - AWS Serverless Web DayAWS Germany
Vortrag "Securing Serverless Architectures" von Dave Walker beim AWS Serverless Web Day. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/28QIaxM
This document provides an agenda and overview for a workshop on connecting to AWS IoT. It discusses AWS IoT features like protocols, security, device shadows, and the AWS IoT button. It also provides steps to configure an IoT button and connect a device using the AWS IoT SDK, including creating certificates and policies. Examples are shown for subscribing to button presses with MQTT, invoking a Lambda function from a button press, and updating a device shadow to control simulated GPIOs on a device.
AWS serverless architecture components such as Amazon S3, Amazon SQS, Amazon SNS, CloudWatch Logs, DynamoDB, Amazon Kinesis, and Lambda can be tightly constrained in their operation. However, it may still be possible to use some of them to propagate payloads that could be used to exploit vulnerabilities in some consuming endpoints or user-generated code. This session explores techniques for enhancing the security of these services, from assessing and tightening permissions in IAM to integrating further tools and mechanisms for inline and out-of-band payload analysis that are more typically applied to traditional server-based architectures, and generalising these techniques to APIs for all AWS services.
AWS March 2016 Webinar Series Getting Started with Serverless ArchitecturesAmazon Web Services
Serverless Architectures allow you to build and run applications and services without having to manage the infrastructure. With serverless architectures on AWS, your application still runs on servers, but all the server management is done by AWS.
In this webinar, you will learn how to build applications and services using a serverless architecture. We will discuss how you can use AWS Lambda to run code for any type of application or backend service; use Amazon DynamoDB to store application data with high scalability and redundancy; and use Amazon API Gateway to create and manage secure API endpoints. We will also run through a demo setting up a web application using this architecture, and discuss best practices and patterns used by our customers to run serverless applications.
Learning Objectives:
• Understand the basics of serverless architectures
• Learn how to use Lambda, API Gateway, and DynamoDB to run web applications
Who Should Attend:
• Developers, web developers
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017Amazon Web Services
In this session we'll build a demo environment where temperature and humidity sensors, that can be distributed worldwide, are sending data that is processed using AWS IoT, stored to an S3 bucket using a Kinesis Firehose delivery stream, aggregated by location (using geohashes) and time (in 30 seconds tumbling time windows) via a Kinesis Analytics application, and the output Kinesis Stream is process by a Lambda function publishing the information back on the AWS IoT platform, in specific MQTT topics where a static web page, using client-side JavaScript, is subscribing via secure WebSockets to display the aggregated data on a world map.
Building Serverless Chat Bots - AWS August Webinar SeriesAmazon Web Services
Chat bots can help you increase visibility and improve operations or help your customers easily get information through a natural, conversational interface. In this webinar, you will learn how you use a chat bot to manage many aspects of your infrastructure, code, and data all from the comforts of a chat room. You'll learn how AWS Lambda can be used to run your chat bots. We’ll also demonstrate step-by-step how you can use AWS Lambda to easily build and run your first Slack bot – all without the need to provision and manage servers. Join us to: - Understand the basics of chatops - Learn how to use Lambda to create bots - Build a Slack bot running on Lambda Who should attend: Developers
AWS re:Invent 2016: Robots: The Fading Line Between Real and Virtual Worlds (...Amazon Web Services
Experience how live virtual 3D worlds rendered with Amazon Lumberyard, a free, cross-platform, 3D game engine, interconnect with IoT devices in the real world. This session will illustrate how AWS IoT can be used to remotely control animate objects with Bluetooth, such as a Sphero robot. By using AWS Lambda and AWS IoT, we will create a bi-directional communication between moving robots that detect collisions and a virtual world rendered in Amazon's game engine. By using AWS IoT with the Alexa Skills Kit and the Amazon Echo, we will learn how to control the physical and virtual robots through voice.
Securing Serverless Architectures - AWS Serverless Web DayAWS Germany
Vortrag "Securing Serverless Architectures" von Dave Walker beim AWS Serverless Web Day. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/28QIaxM
This document provides an agenda and overview for a workshop on connecting to AWS IoT. It discusses AWS IoT features like protocols, security, device shadows, and the AWS IoT button. It also provides steps to configure an IoT button and connect a device using the AWS IoT SDK, including creating certificates and policies. Examples are shown for subscribing to button presses with MQTT, invoking a Lambda function from a button press, and updating a device shadow to control simulated GPIOs on a device.
AWS serverless architecture components such as Amazon S3, Amazon SQS, Amazon SNS, CloudWatch Logs, DynamoDB, Amazon Kinesis, and Lambda can be tightly constrained in their operation. However, it may still be possible to use some of them to propagate payloads that could be used to exploit vulnerabilities in some consuming endpoints or user-generated code. This session explores techniques for enhancing the security of these services, from assessing and tightening permissions in IAM to integrating further tools and mechanisms for inline and out-of-band payload analysis that are more typically applied to traditional server-based architectures, and generalising these techniques to APIs for all AWS services.
AWS March 2016 Webinar Series Getting Started with Serverless ArchitecturesAmazon Web Services
Serverless Architectures allow you to build and run applications and services without having to manage the infrastructure. With serverless architectures on AWS, your application still runs on servers, but all the server management is done by AWS.
In this webinar, you will learn how to build applications and services using a serverless architecture. We will discuss how you can use AWS Lambda to run code for any type of application or backend service; use Amazon DynamoDB to store application data with high scalability and redundancy; and use Amazon API Gateway to create and manage secure API endpoints. We will also run through a demo setting up a web application using this architecture, and discuss best practices and patterns used by our customers to run serverless applications.
Learning Objectives:
• Understand the basics of serverless architectures
• Learn how to use Lambda, API Gateway, and DynamoDB to run web applications
Who Should Attend:
• Developers, web developers
Implementing a Serverless IoT Architecture - Pop-up Loft TLV 2017Amazon Web Services
In this session we'll build a demo environment where temperature and humidity sensors, that can be distributed worldwide, are sending data that is processed using AWS IoT, stored to an S3 bucket using a Kinesis Firehose delivery stream, aggregated by location (using geohashes) and time (in 30 seconds tumbling time windows) via a Kinesis Analytics application, and the output Kinesis Stream is process by a Lambda function publishing the information back on the AWS IoT platform, in specific MQTT topics where a static web page, using client-side JavaScript, is subscribing via secure WebSockets to display the aggregated data on a world map.
Building Serverless Chat Bots - AWS August Webinar SeriesAmazon Web Services
Chat bots can help you increase visibility and improve operations or help your customers easily get information through a natural, conversational interface. In this webinar, you will learn how you use a chat bot to manage many aspects of your infrastructure, code, and data all from the comforts of a chat room. You'll learn how AWS Lambda can be used to run your chat bots. We’ll also demonstrate step-by-step how you can use AWS Lambda to easily build and run your first Slack bot – all without the need to provision and manage servers. Join us to: - Understand the basics of chatops - Learn how to use Lambda to create bots - Build a Slack bot running on Lambda Who should attend: Developers
AWS re:Invent 2016: Robots: The Fading Line Between Real and Virtual Worlds (...Amazon Web Services
Experience how live virtual 3D worlds rendered with Amazon Lumberyard, a free, cross-platform, 3D game engine, interconnect with IoT devices in the real world. This session will illustrate how AWS IoT can be used to remotely control animate objects with Bluetooth, such as a Sphero robot. By using AWS Lambda and AWS IoT, we will create a bi-directional communication between moving robots that detect collisions and a virtual world rendered in Amazon's game engine. By using AWS IoT with the Alexa Skills Kit and the Amazon Echo, we will learn how to control the physical and virtual robots through voice.
The document discusses how Amazon Mobile Analytics can help mobile developers analyze user behavior and key business metrics from their mobile apps with just one line of code. It collects usage data from millions of users at scale without sharing or aggregating individual user data. Metrics like monthly/daily active users, new users, daily sessions, retention rates, and custom events can provide insights for improving user engagement and monetization.
The CQRS pattern enables you to build highly scalable, distributed and event-driven applications. Microsoft Azure contains all the serverless building blocks you need to take advantage of the CQRS pattern. In this session, we’re going to transform a monolithic web app into a modern cloud application, that easily handles peak loads and offers great flexibility. Expect architectural guidance, cost-effective designs and live demo’s.
AWS API Gateway allows creating APIs to access backend services and applications. It offers features like monitoring API usage, rate limiting requests, transforming requests and responses, connecting to multiple backend services, integrating with VPC, using serverless compute, authenticating via IAM or custom authorizers, documenting APIs with Swagger, and some limitations around timeouts, payload sizes and supported protocols.
Build a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS LambdaAmazon Web Services
Learn how to build a text enabled robot that will take your beer order, serve your pint, and notify you when it is ready, all while keeping an eye on your consumption so that you wake up on time the next morning. In this demo-heavy workshop, we will use the Zipwhip Texterator as the platform on which we will show you how to use Alexa, AWS Lambda, and AWS IoT to build the ultimate beer serving device.
AWS DevDay San Francisco, June 21, 2016.
Presenter: John Rotach, SDE, AWS IoT
AWS Summit Auckland - Introducing Well-Architected for DevelopersAmazon Web Services
The document provides an overview of the Well-Architected Framework from Amazon Web Services (AWS). It discusses the main pillars of security, reliability, performance efficiency, cost optimization, and operational excellence. It also covers key best practices under each pillar such as credential protection, high availability, right sizing resources, cost awareness, and managed services. The document aims to help users architect their applications on AWS following these best practices.
Developing Applications with the IoT Button - March 2017 AWS Online Tech TalksAmazon Web Services
Develop and program the AWS IoT button to create a one-click experience for users to access applications in the cloud. This webinar will show you how you can configure your AWS IoT Button using the AWS IoT Button mobile app. The mobile app simplifies the process of registering, configuring, and programming the button. Using preconfigured AWS Lambda blueprints, the app lets you quickly program the button to send an SMS or email when clicked. Or, you can write your own Lambda code for the functionality of your choice. In this webinar, we will also demo an end to end application using an AWS IoT button.
Learning Objectives:
1. Build a fully customized IoT application
2. Integrate Lambda blueprints for easy functionality
3. see how you can write your own Lambda code
This document discusses building secure and scalable APIs using Amazon API Gateway and AWS Lambda. It introduces Amazon API Gateway for hosting APIs and routing API calls. AWS Lambda is introduced for executing application business logic. Amazon Cognito is discussed for user signup, authentication, and temporary credentials. The document provides an example of integrating these services to build a secure and scalable mobile backend API.
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"Chris Munns
Solstice and Amazon Web Services (AWS) will present the benefits and use cases of edge computing, including an overview AWS IoT and the newly launched AWS Greengrass.
AWS IoT closes the gap between physical and digital with things, internet and connectivity. AWSGreengrass enables connected devices running on AWS’s technology to process data locally-- reducing latency, allowing offline functionality, improving security, and more. We’ll share best practices for building with edge computing and Greengrass, and how you can apply it to your current and future IoT solutions. Solstice will also walk through a real-life implementation of AWS IoT and AWS Greengrass that was showcased at AWS re:Invent 2016.
Speakers:
• Chris Munns, Senior Developer Advocate, AWS
• Andrew Whiting, VP of Business Development, Solstice
• Pat Smolen, Sr. Technical Consultant, Solstice.
This document discusses how to get started with AWS IoT. It provides an overview of the AWS IoT platform and its key components, including the device registry, message broker, rules engine, device shadows, and authentication and authorization. It also highlights several AWS customers who are using AWS IoT for applications like connected home devices, smart city solutions, and connected vehicles. The document concludes by explaining how to get started with AWS IoT through the available SDKs and starter kits.
Developing a Continuous Automated Approach to Cloud SecurityAmazon Web Services
Many organizations struggle daily with the question - "Where do we stand with our AWS security practices?" With the recent release of the Center for Internet Security's CIS AWS Foundations Benchmark, organizations now have an industry-accepted set of security configuration best practices. These benchmarks, in combination with 3rd party security solutions that support them, can form the foundation for security operations at organizations of all sizes through continuous monitoring and auditing.
Real-time processing of streaming data is a common architectural pattern used in many applications. Amazon Kinesis Analytics is the easiest way to process streaming data in real time with standard SQL without having to learn new programming languages or processing frameworks. We will present how to use Amazon Kinesis Analytics on streaming data and gain actionable insights from your data.
Services: Amazon Kinesis Analytics, Amazon Redshift, Amazon Elastic Search Service and Amazon S3.
Presenters: Kobi Biton & Ran Tessler
House Temperature Monitoring using AWS IoT And Raspberry PiRoberto Falconi
Brief description and useful links:
Developed smart home automation project to measure your house's temperature and send it on your smartphone.
LinkedIn profile: https://www.linkedin.com/in/roberto-falconi
GitHub repository: https://github.com/RobertoFalconi/HouseTemperatureMonitoring
Hackster full description: https://www.hackster.io/Falkons/house-temperature-monitoring-using-aws-iot-and-raspberry-pi-3b6410
SlideShare presentation: https://www.slideshare.net/RobertoFalconi4/house-temperature-monitoring-using-aws-iot-and-raspberry-pi
YouTube video: https://www.youtube.com/watch?v=gQxOSbcN79s
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
Developing mobile apps can be complex and time-consuming. Learn how to simplify mobile identity management and data synchronization across devices. In addition, learn how to follow security best practices to give your app access to the resources it needs to provide a great user experience without hard-coding security credentials. We will cover how to easily and securely onboard users as anonymous guests using public login providers like Amazon, Facebook, Twitter, or your own user identity system. We are very excited to have Twitter representatives join us on stage for a deep dive on authenticating users with Twitter and Digits, which enables users to sign in with their phone numbers.
This document discusses information security by design on AWS. It begins with an agenda that covers industry best practices, standards and requirements, control mapping, and the Enterprise Accelerator initiative. It then discusses starting with CIS Amazon Web Services Foundations and provides overviews of AWS assurance programs, compliance resources, and how to work with AWS certifications. The rest of the document discusses specific compliance standards like SOC 1-3, PCI-DSS, ISO 27001, others, and how to map existing security controls to AWS. It concludes with discussing the Enterprise Accelerator initiative and helpful compliance resources.
This session will highlight the breadth and depth of services that make up the AWS platform. Participants will learn about the AWS Global Infrastructure, Networking, Compute, Storage, Database, Application Services, and Deployment & Administration. This session is designed for technical decision-makers to come away with a top-level understanding of AWS building block cloud services.
This document summarizes a session on developing Internet of Things (IoT) applications with AWS IoT, AWS Lambda, and AWS Cognito. The session will include deep dives on AWS IoT, patterns for building IoT applications, creating applications using the listed AWS services, and a customer story from EROAD. There will also be demonstrations and audience participation.
From Monolith to Microservices - Containerized Microservices on AWS - April 2...Amazon Web Services
Learning Objectives:
• Understand key microservices concepts and common patterns
• Learn how to deploy microservices on Amazon ECS
What are monoliths, what are microservices, how do containers fit into the picture, and how do I do this all in production?
In this session, we will explore the reasoning and concepts behind microservices and how you can transform monolithic apps into microservices. We will discuss how containers simplify building microservices-based applications, and we will walk through a number of patterns used by our customers to run their microservices platforms. We will also dive deep into some of the challenges of running microservices, such as load balancing, service discovery, and secrets management, and we’ll see how Amazon EC2 Container Service (ECS) can help address them. We’ll also demo how you can easily deploy complex microservices applications using Amazon ECS.
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Amazon Web Services
This session enables security operators to automate governance and implement use cases addressed by AWS services such as AWS CloudTrail, AWS Config Rules, Amazon CloudWatch Events, and Trusted Advisor. Based on the nature of vulnerabilities, internal processes, compliance regimes, and other priorities, this session discusses the service to use when. We also show how to detect, report, and fix vulnerabilities, or gain more information about attackers. We dive deep into new features and capabilities of relevant services and use an example from an AWS customer, Siemens AG, about how to best automate governance and scale. A prerequisite for this session is knowledge of security and basic software development using Java, Python, or Node.
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIsAmazon Web Services
Amazon API Gateway is a fully managed service that makes it easy for developers to create, deploy, secure, and monitor APIs at any scale. In this presentation, you’ll find out how to quickly declare an API interface and connect it with code running on AWS Lambda. Amazon API Gateway handles all of the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. We will demonstrate how to build an API that uses AWS Identity and Access Management (IAM) for authorization and Amazon Cognito to retrieve temporary credentials for your API calls. We will write the AWS Lambda function code in Java and build an iOS sample application in Objective C.
AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. In this tech talk, we will discuss how constrained devices can leverage AWS IoT to send data to the cloud and receive commands back to the device from the cloud using the protocol of their choice. We will use the AWS IoT Starter Kit to demonstrate building a real connected product, securely connect with AWS IoT using MQTT, WebSockets, and HTTP protocols, and show how developers and businesses can leverage features of AWS IoT like Device Shadows and the Rules Engine, which provides message processing and integration with other AWS services.
Lambda and serverless - DevOps North East Jan 2017Mike Shutlar
Introduction to AWS Lambda, serverless architectures, & the new AWS Serverless Application Model.
Source code for demo serverless application available here:
https://github.com/infectedsoundsystem/lambda-refarch-webapp
Leveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web DayAWS Germany
This document discusses leveraging AWS APIs to secure your own APIs. It covers signing AWS API requests to verify identity, protect data, and prevent replay attacks. It recommends using IAM and access policies to authorize access to your APIs, similar to how AWS APIs work. API Gateway allows integrating IAM to authenticate and authorize requests to serverless APIs.
The document discusses how Amazon Mobile Analytics can help mobile developers analyze user behavior and key business metrics from their mobile apps with just one line of code. It collects usage data from millions of users at scale without sharing or aggregating individual user data. Metrics like monthly/daily active users, new users, daily sessions, retention rates, and custom events can provide insights for improving user engagement and monetization.
The CQRS pattern enables you to build highly scalable, distributed and event-driven applications. Microsoft Azure contains all the serverless building blocks you need to take advantage of the CQRS pattern. In this session, we’re going to transform a monolithic web app into a modern cloud application, that easily handles peak loads and offers great flexibility. Expect architectural guidance, cost-effective designs and live demo’s.
AWS API Gateway allows creating APIs to access backend services and applications. It offers features like monitoring API usage, rate limiting requests, transforming requests and responses, connecting to multiple backend services, integrating with VPC, using serverless compute, authenticating via IAM or custom authorizers, documenting APIs with Swagger, and some limitations around timeouts, payload sizes and supported protocols.
Build a Text Enabled Keg-orator Robot with Alexa, AWS IoT & AWS LambdaAmazon Web Services
Learn how to build a text enabled robot that will take your beer order, serve your pint, and notify you when it is ready, all while keeping an eye on your consumption so that you wake up on time the next morning. In this demo-heavy workshop, we will use the Zipwhip Texterator as the platform on which we will show you how to use Alexa, AWS Lambda, and AWS IoT to build the ultimate beer serving device.
AWS DevDay San Francisco, June 21, 2016.
Presenter: John Rotach, SDE, AWS IoT
AWS Summit Auckland - Introducing Well-Architected for DevelopersAmazon Web Services
The document provides an overview of the Well-Architected Framework from Amazon Web Services (AWS). It discusses the main pillars of security, reliability, performance efficiency, cost optimization, and operational excellence. It also covers key best practices under each pillar such as credential protection, high availability, right sizing resources, cost awareness, and managed services. The document aims to help users architect their applications on AWS following these best practices.
Developing Applications with the IoT Button - March 2017 AWS Online Tech TalksAmazon Web Services
Develop and program the AWS IoT button to create a one-click experience for users to access applications in the cloud. This webinar will show you how you can configure your AWS IoT Button using the AWS IoT Button mobile app. The mobile app simplifies the process of registering, configuring, and programming the button. Using preconfigured AWS Lambda blueprints, the app lets you quickly program the button to send an SMS or email when clicked. Or, you can write your own Lambda code for the functionality of your choice. In this webinar, we will also demo an end to end application using an AWS IoT button.
Learning Objectives:
1. Build a fully customized IoT application
2. Integrate Lambda blueprints for easy functionality
3. see how you can write your own Lambda code
This document discusses building secure and scalable APIs using Amazon API Gateway and AWS Lambda. It introduces Amazon API Gateway for hosting APIs and routing API calls. AWS Lambda is introduced for executing application business logic. Amazon Cognito is discussed for user signup, authentication, and temporary credentials. The document provides an example of integrating these services to build a secure and scalable mobile backend API.
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"Chris Munns
Solstice and Amazon Web Services (AWS) will present the benefits and use cases of edge computing, including an overview AWS IoT and the newly launched AWS Greengrass.
AWS IoT closes the gap between physical and digital with things, internet and connectivity. AWSGreengrass enables connected devices running on AWS’s technology to process data locally-- reducing latency, allowing offline functionality, improving security, and more. We’ll share best practices for building with edge computing and Greengrass, and how you can apply it to your current and future IoT solutions. Solstice will also walk through a real-life implementation of AWS IoT and AWS Greengrass that was showcased at AWS re:Invent 2016.
Speakers:
• Chris Munns, Senior Developer Advocate, AWS
• Andrew Whiting, VP of Business Development, Solstice
• Pat Smolen, Sr. Technical Consultant, Solstice.
This document discusses how to get started with AWS IoT. It provides an overview of the AWS IoT platform and its key components, including the device registry, message broker, rules engine, device shadows, and authentication and authorization. It also highlights several AWS customers who are using AWS IoT for applications like connected home devices, smart city solutions, and connected vehicles. The document concludes by explaining how to get started with AWS IoT through the available SDKs and starter kits.
Developing a Continuous Automated Approach to Cloud SecurityAmazon Web Services
Many organizations struggle daily with the question - "Where do we stand with our AWS security practices?" With the recent release of the Center for Internet Security's CIS AWS Foundations Benchmark, organizations now have an industry-accepted set of security configuration best practices. These benchmarks, in combination with 3rd party security solutions that support them, can form the foundation for security operations at organizations of all sizes through continuous monitoring and auditing.
Real-time processing of streaming data is a common architectural pattern used in many applications. Amazon Kinesis Analytics is the easiest way to process streaming data in real time with standard SQL without having to learn new programming languages or processing frameworks. We will present how to use Amazon Kinesis Analytics on streaming data and gain actionable insights from your data.
Services: Amazon Kinesis Analytics, Amazon Redshift, Amazon Elastic Search Service and Amazon S3.
Presenters: Kobi Biton & Ran Tessler
House Temperature Monitoring using AWS IoT And Raspberry PiRoberto Falconi
Brief description and useful links:
Developed smart home automation project to measure your house's temperature and send it on your smartphone.
LinkedIn profile: https://www.linkedin.com/in/roberto-falconi
GitHub repository: https://github.com/RobertoFalconi/HouseTemperatureMonitoring
Hackster full description: https://www.hackster.io/Falkons/house-temperature-monitoring-using-aws-iot-and-raspberry-pi-3b6410
SlideShare presentation: https://www.slideshare.net/RobertoFalconi4/house-temperature-monitoring-using-aws-iot-and-raspberry-pi
YouTube video: https://www.youtube.com/watch?v=gQxOSbcN79s
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
Developing mobile apps can be complex and time-consuming. Learn how to simplify mobile identity management and data synchronization across devices. In addition, learn how to follow security best practices to give your app access to the resources it needs to provide a great user experience without hard-coding security credentials. We will cover how to easily and securely onboard users as anonymous guests using public login providers like Amazon, Facebook, Twitter, or your own user identity system. We are very excited to have Twitter representatives join us on stage for a deep dive on authenticating users with Twitter and Digits, which enables users to sign in with their phone numbers.
This document discusses information security by design on AWS. It begins with an agenda that covers industry best practices, standards and requirements, control mapping, and the Enterprise Accelerator initiative. It then discusses starting with CIS Amazon Web Services Foundations and provides overviews of AWS assurance programs, compliance resources, and how to work with AWS certifications. The rest of the document discusses specific compliance standards like SOC 1-3, PCI-DSS, ISO 27001, others, and how to map existing security controls to AWS. It concludes with discussing the Enterprise Accelerator initiative and helpful compliance resources.
This session will highlight the breadth and depth of services that make up the AWS platform. Participants will learn about the AWS Global Infrastructure, Networking, Compute, Storage, Database, Application Services, and Deployment & Administration. This session is designed for technical decision-makers to come away with a top-level understanding of AWS building block cloud services.
This document summarizes a session on developing Internet of Things (IoT) applications with AWS IoT, AWS Lambda, and AWS Cognito. The session will include deep dives on AWS IoT, patterns for building IoT applications, creating applications using the listed AWS services, and a customer story from EROAD. There will also be demonstrations and audience participation.
From Monolith to Microservices - Containerized Microservices on AWS - April 2...Amazon Web Services
Learning Objectives:
• Understand key microservices concepts and common patterns
• Learn how to deploy microservices on Amazon ECS
What are monoliths, what are microservices, how do containers fit into the picture, and how do I do this all in production?
In this session, we will explore the reasoning and concepts behind microservices and how you can transform monolithic apps into microservices. We will discuss how containers simplify building microservices-based applications, and we will walk through a number of patterns used by our customers to run their microservices platforms. We will also dive deep into some of the challenges of running microservices, such as load balancing, service discovery, and secrets management, and we’ll see how Amazon EC2 Container Service (ECS) can help address them. We’ll also demo how you can easily deploy complex microservices applications using Amazon ECS.
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Amazon Web Services
This session enables security operators to automate governance and implement use cases addressed by AWS services such as AWS CloudTrail, AWS Config Rules, Amazon CloudWatch Events, and Trusted Advisor. Based on the nature of vulnerabilities, internal processes, compliance regimes, and other priorities, this session discusses the service to use when. We also show how to detect, report, and fix vulnerabilities, or gain more information about attackers. We dive deep into new features and capabilities of relevant services and use an example from an AWS customer, Siemens AG, about how to best automate governance and scale. A prerequisite for this session is knowledge of security and basic software development using Java, Python, or Node.
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIsAmazon Web Services
Amazon API Gateway is a fully managed service that makes it easy for developers to create, deploy, secure, and monitor APIs at any scale. In this presentation, you’ll find out how to quickly declare an API interface and connect it with code running on AWS Lambda. Amazon API Gateway handles all of the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. We will demonstrate how to build an API that uses AWS Identity and Access Management (IAM) for authorization and Amazon Cognito to retrieve temporary credentials for your API calls. We will write the AWS Lambda function code in Java and build an iOS sample application in Objective C.
AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. In this tech talk, we will discuss how constrained devices can leverage AWS IoT to send data to the cloud and receive commands back to the device from the cloud using the protocol of their choice. We will use the AWS IoT Starter Kit to demonstrate building a real connected product, securely connect with AWS IoT using MQTT, WebSockets, and HTTP protocols, and show how developers and businesses can leverage features of AWS IoT like Device Shadows and the Rules Engine, which provides message processing and integration with other AWS services.
Lambda and serverless - DevOps North East Jan 2017Mike Shutlar
Introduction to AWS Lambda, serverless architectures, & the new AWS Serverless Application Model.
Source code for demo serverless application available here:
https://github.com/infectedsoundsystem/lambda-refarch-webapp
Leveraging the Security of AWS's Own APIs for Your App - AWS Serverless Web DayAWS Germany
This document discusses leveraging AWS APIs to secure your own APIs. It covers signing AWS API requests to verify identity, protect data, and prevent replay attacks. It recommends using IAM and access policies to authorize access to your APIs, similar to how AWS APIs work. API Gateway allows integrating IAM to authenticate and authorize requests to serverless APIs.
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesDefconRussia
This document summarizes vulnerabilities related to server-side request forgery (SSRF) attacks and how they can be exploited. It discusses how external network access and internal network access can be obtained through SSRF. It provides examples of vulnerabilities in various protocols like HTTP, FTP, TFTP, and protocols used by services like Memcached, databases, and file uploads. It also describes how file descriptors can be used to write to open sockets or files to forge server responses or inject malicious content. Overall, the document is an overview of real-world SSRF attacks and exploitation techniques.
Programming Amazon Web Services for Beginners (1)Markus Klems
This document provides a summary of programming Amazon Web Services (AWS) using Java and the Eclipse integrated development environment (IDE). It discusses AWS libraries and tools for Java, including the AWS SDK for Java and AWS toolkit for Eclipse. It also provides code examples for performing common operations with AWS services like Amazon Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2), such as creating and accessing buckets and objects in S3 and launching, terminating, and managing instances in EC2.
This document discusses serverless frameworks on AWS like AWS Lambda, the Serverless framework, Gordon, and AWS Chalice. It provides an overview of each tool and code samples to define and deploy Lambda functions from the command line or within the frameworks. Various options are presented for developing, testing, and deploying serverless applications locally and to AWS.
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...Amazon Web Services
In this talk, we’ll take well known architectural patterns such as 3-tier web application, stream processing, scheduled jobs and show how they can be realized without needing to manage servers.
The AWS platform offers a rich set of capabilities that can be leveraged by the customer to better control applications state, configuration, and supporting infrastructure throughout the service lifecycle – all while operating with security best practices such as audit and accountability, access control, change review and governance, and systems integrity. We will showcase and discuss design patterns for using these capabilities in synergy with fast-paced and agile application development methodologies – such as DevOps – to achieve an integrated security operations program.
AWS provides a platform that is ideally suited for deploying highly available and reliable systems that can scale with a minimal amount of human interaction. This talk describes a set of architectural patterns that support highly available services that are also scalable, low cost, low latency and allow for agile development practices. We walk through the various architectural decisions taken for each tier and explain our choices for appropriate AWS services and building blocks to ensure the security, scale, availability and reliability of the application.
AWS re:Invent 2016: Operating Your Production API (SVR402)Amazon Web Services
In this session, you learn how to monitor and manage your serverless APIs in production. We show you how to set up Amazon CloudWatch alarms, interpret CloudWatch logs for Amazon API Gateway and AWS Lambda, and automate common maintenance and management tasks on your service.
The document discusses moving from traditional security practices to a DevSecOps model where security is integrated into the development lifecycle. It encourages making DevOps the security team's job, hardening the development toolchain, planning security epics and user stories, and sprinting to automate security practices. Specific examples provided include building an AWS Lambda function to respond to CloudTrail events and using AWS CodeDeploy for security tasks like imaging instance memory.
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014Amazon Web Services
If you're trying to figure out how to run enterprise applications and services on AWS securely, come join Intuit and the AWS Professional Services team to learn how to embrace a new discipline called DevSecOps. You'll learn more about software-defined security and why we think that DevSecOps helps organizations large and small adopt cloud services at a rapid pace. We'll provide you with links and information to help you get started with creating your own DevSecOps team.
Talk @ API Days Paris, 13/12/2016
Simplifying development and deployment of serverless applications with Open Source frameworks and tools: Serverless, Gordon, Chalice, etc.
Managed services such as AWS Lambda and API Gateway allow developers to focus on value adding development instead of IT heavy lifting. This workshop introduces how to build a simple REST blog backend using AWS technologies and the serverless framework.
This document discusses the concepts of DevSecOps at a high level. It begins with a brief history of development methodologies, from Waterfall to Agile, and how Ops became a bottleneck. This led to trends in Agile Operations and collaboration between Dev and Ops, known as DevOps. DevSecOps expands this to incorporate security. It discusses the importance of culture, processes, and technologies for effective communication, automation, and collaboration across Dev, Ops, and Security. The goal is to enable organizations to deliver inherently secure software at DevOps speed through a high-trust environment and automated security pipelines integrated into the software development lifecycle.
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
More organisations are embracing DevOps and automation to realise compelling business benefits, such as more frequent feature releases, increased application stability, and more productive resource utilization. However, many security and compliance monitoring tools have not kept up. In fact, they often represent the largest single remaining barrier to continuous delivery.
In the world of DevSecOps as you may predict we have three teams working together. Development, the Security team and Operations.
The “Sec” of DevSecOps introduces changes into the following:
• Engineering
• Operations
• Data Science
• Compliance
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon
The document discusses the concept of DevSecOps, which involves taking a holistic approach to shift security left in the software development process. It involves collaboration between developers, operations, and security teams. DevSecOps aims to build security and compliance into software development from the beginning through processes and tools. The document provides examples of how DevSecOps operates and is organized, the skills required, challenges to adoption, and emphasizes the importance of experimentation. It argues that with everyone participating in DevSecOps, safer software can be developed sooner.
DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...Amazon Web Services
In this deep-dive session, we outline how to leverage the appropriate AWS services for sending different types and sizes of data, such as images or streaming video. We'll cover common real-world scenarios related to authentication/authorization, access patterns, data transfer and caching for more performant Mobile Apps. You learn when you should access services such as Amazon Cognito, Amazon DynamoDB, Amazon S3, or Amazon Kinesis directly from your mobile app, and when you should route through Amazon API Gateway and AWS Lambda instead. Additionally, we cover coding techniques across the native, hybrid, and mobile web using popular open-source frameworks to perform these actions efficiently, and with a smooth user experience.
Cloud security best practices in AWS by: Ankit GiriOWASP Delhi
An expert discusses best practices for securing an AWS account, including disabling root access keys and secrets, enabling multi-factor authentication for IAM users, using least privilege policies, rotating keys regularly, and more. Examples are given of real breaches that occurred due to exposed keys and misconfigured security groups and S3 buckets. Scripts for finding publicly accessible S3 buckets and exploiting server side request forgery vulnerabilities are also mentioned.
AWS Initiate Berlin - Security Sessions - Mitigating Cyber Risks.pdfAmazon Web Services
Folien zu den Vorträgen von Bertram Dorn vom AWS Initiate Berlin Event
1) Sicher in die Cloud: Bewährte Methoden für Cloud-Security auf AWS
2) AWS Services für die Intrusion Detection und Intrusion Prevention
Sprecher: Bertram Dorn, Solutions Architect - AWS
The document discusses the state of serverless computing on AWS. It begins by explaining what serverless computing is and how it has evolved from physical servers to virtual servers in data centers to virtual servers in the cloud. It then discusses some of the key benefits of serverless computing such as no server management, automatic scaling, and pay per use. The document outlines some common use cases for serverless applications including web apps, backends, media processing, and big data workloads. It also provides examples of large customers using AWS Lambda at scale. Finally, it discusses some of the building blocks that enable serverless applications on AWS such as Lambda, API Gateway, DynamoDB, and others.
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...Amazon Web Services
Johnson & Johnson is in the process of doing a proof of concept to rewrite the compliance framework that they presented at re:Invent 2014. This framework leverages the newest AWS services and abandons the need for continual describes and master rules servers. Instead, Johnson & Johnson plans to use a distributed, event-based architecture that not only reduces costs but also assigns costs to the appropriate projects rather than central IT.
Getting Started with Windows Workloads on Amazon EC2 - TorontoAmazon Web Services
Thinking through how you want to run Microsoft Windows Server and application workloads on AWS is straightforward, when you have a game plan. Understanding which service to leverage– like Amazon EC2, Amazon RDS, and Directory Services to name a few – will accelerate the process further. There are also a number of new enhancements to help make things even easier. In this session we will walk through how to think about mapping to the various AWS services available so you can get your deployment or migration project off to the right start. Think of this session as the decoder ring between your on-premises deployment and what you can expect from the AWS cloud for your Microsoft Windows Server and applications.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
How to build and deploy serverless apps - AWS Summit Cape Town 2018Amazon Web Services
This document provides an overview of serverless computing on AWS and how to build and deploy serverless applications. It discusses what serverless computing is, common use cases, serverless patterns using AWS Lambda and Amazon API Gateway, examples of what customers are building, and how to do safe deployments of serverless apps using the AWS Serverless Application Model and AWS CodeDeploy.
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Amazon Web Services
AWS and the Cloud has ushered in a new era for Information Security & Risk Professionals. In this session, we will talk through how the world's leading corporates are reinventing their internal GRC practices to enable their business to leverage the business value of AWS while improving the security posture of their organisation. We will talk about the journey undertaken by globally regulated entities such as Capital One who now believe they can operate more securely in the public cloud than they can in their own data centres. Finally, we will provide lessons and best practices on how you can use AWS to improve the security posture of your organisation.
Speaker: Rodney Haywood, Manager Solutions Architecture, Amazon Web Services
Featured Customer - Xero
Operating and Managing Hybrid Cloud on AWSTom Laszewski
Operating in a hybrid architecture is a necessary component of an enterprise cloud adoption journey. Security, provisioning, change management, and monitoring are all key aspects of managing any hybrid cloud environment. This session will cover the AWS Services, open source tools, and AWS partners that can provide enterprises with a secure, well-governed, performant, reliable, and well-operated hybrid cloud environment. Infrastructure and application continuous delivery and improvement solutions, along with best practices to automate hybrid cloud provisioning and operations activities will be covered.
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...Amazon Web Services
This document discusses edge services from Amazon Web Services (AWS) as a critical component of AWS infrastructure. It defines edge services as services like AWS CloudFront, AWS Shield, AWS WAF, and Amazon Route 53 that control access to core application resources through the edge to secure, scale, and optimize applications. The document reviews the benefits of edge services like improved performance, security, and cost optimization. It provides overviews of specific edge services like CloudFront, Shield, WAF, and Route 53 and how they can be used to start leveraging edge services.
The State of Serverless Computing | AWS Public Sector Summit 2017Amazon Web Services
oin us to learn about the state of serverless computing from Dougal Ballantyne, Principal Product Manager, Serverless. Dougal Ballantyne discusses the latest developments from AWS Lambda and the serverless computing ecosystem. He talks about how serverless computing is becoming a core component in how companies build and run their applications and services, and he also discusses how serverless computing will continue to evolve. Learn More: https://aws.amazon.com/government-education/
re:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWSAnuj Dewangan
The document discusses operating and managing hybrid cloud environments on AWS. It provides an overview of AWS services that can help with fleet management, operations and monitoring, identity/security management, and developer tools to provide a consistent experience across on-premises and AWS environments. It also discusses examples of MassMutual and GreenPages using various AWS and third-party services to manage hybrid cloud environments at their organizations.
This document discusses AWS security services for financial services institutions. It covers the AWS shared security responsibility model, AWS compliance with standards like PCI and ISO, and key security services like IAM, VPC, encryption, WAF, and security monitoring tools. It also discusses the AWS security assessment methodology using the AWS Cloud Adoption Framework.
This document discusses how to build an app on AWS for the first 10 million users. It covers key expectations for modern applications like high availability, scalability, and fault tolerance. It then describes various AWS services that can help achieve these expectations, such as Elastic Beanstalk for deployment, RDS or DynamoDB for databases, S3 for storage, API Gateway and Lambda for serverless architectures, and CloudFront for content delivery. The document includes live demos of building web and mobile apps using these AWS services.
Introducing “Well-Architected” For Developers - Technical 101Amazon Web Services
With the multitude of different software development platforms, tools, and methodologies, it can be daunting to get started and ensure you are on the right architectural track in the cloud. AWS understands architectural best practices for designing reliable, secure, efficient, and cost-effective systems in the AWS cloud. This session will introduce you to the "Well-Architected" framework along with a number of key takeaways on setting solid architectural foundations.
Speaker: Ben Potter, Security Consultant, Amazon Web Services
Featured Customer - Reckon
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...Amazon Web Services Korea
This document summarizes a presentation on reinventing the security landscape in AWS. The presentation covers how cloud computing is gaining traction for allowing companies to focus more on innovation by reducing time spent on infrastructure. It discusses how security responsibilities are shared between AWS and customers. It also provides examples of security best practices and services in AWS like encryption, identity and access management, logging, and monitoring that can help customers strengthen their security posture while moving fast.
At our winter East Midlands Cyber Security Forum event, Dave Walker gave a presentation looking at Amazon’s security approach for their web services, outlining the key tools that are available to ensure a secure deployment.
http://qonex.com/east-midlands-cyber-security-forum/
Cloud computing gives you a number of advantages, such as the ability to scale your web application or website on demand. If you have a new web application and want to use cloud computing, you might be asking yourself, "Where do I start?" Join us in this session to understand best practices for scaling your resources from zero to millions of users. We show you how to best combine different AWS services, how to make smarter decisions for architecting your application, and how to scale your infrastructure in the cloud.
Cloud computing gives you a number of advantages, such as the ability to scale your web application or website on demand. If you have a new web application and want to use cloud computing, you might be asking yourself, "Where do I start?" Join us in this session to understand best practices for scaling your resources from zero to millions of users. We show you how to best combine different AWS services, how to make smarter decisions for architecting your application, and how to scale your infrastructure in the cloud.
This document summarizes Harry Lin's presentation about securing critical workloads on AWS. The 3 main points are:
1) AWS provides security features at multiple layers including encryption, identity and access management, and auditing. Customers are responsible for security within their applications while AWS handles security of the cloud platform.
2) AWS services like CloudTrail, Config, and WAF can help customers with security monitoring, auditing changes, and blocking attacks.
3) A case study of an e-commerce company MyDress showed how moving to AWS improved availability during promotions and attacks while reducing costs compared to an on-premise infrastructure.
Similar to Security Boundaries and Functions of Services for Serverless Architectures on AWS - AWS Serverless Web Day (20)
Analytics Web Day | From Theory to Practice: Big Data Stories from the FieldAWS Germany
The document discusses three case studies of companies using big data technologies:
1) An insurance company modernized its data warehouse by using AWS services like S3, EMR and Zeppelin for analytics at minimal cost.
2) A telecom company implemented advanced analytics and stream processing on AWS to better understand customers and enhance systems.
3) An industrial use case uses stream processing, machine learning and AWS services for predictive maintenance and error detection.
Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...AWS Germany
The previous presentation showed how events can be ingested and analyzed continuously in real time. One of Big Data's principles is to store raw data as long as possible - to be able to answer future questions. If the data is permanently stored in Amazon Simple Storage Service (S3), it can be queried at any time with Amazon Athena without spinning up a database.
This session shows step by step how the data should be structured so that both costs and response times are reduced when using Athena. The details and effects of compression, partitions, and column storage formats are compared. Finally, AWS Glue is used as a fully managed service for Extract Transform Load (ETL) to derive optimized views from the raw data for frequently issued queries.
Speaker: Steffen Grunwald, Senior Solutions Architect, AWS
Modern Applications Web Day | Impress Your Friends with Your First Serverless...AWS Germany
"Build and run applications without thinking about servers". You want it? You get it! We will start this session with a motivation why serverless applications are a thing. Once we got there, we will actually start building one, of course with making use of a serverless CI/CD pipeline. After we will have looked into how we can still test it locally, we shall also dive into analyzing and debugging our app - of course in a serverless manner.
Speaker: Dirk Fröhner, Senior Solutions Architect, AWS
Modern Applications Web Day | Manage Your Infrastructure and Configuration on...AWS Germany
It's easy to say - "Hey I will use the cloud and be scalable and elastic!" - But it is not easy managing all that at scale, and keeping it flexible! Let's talk about Infrastructure as Code and Configuration as Code! This session will help you grasp the available toolset and best practices when it comes to managing your infrastructure and configuration on AWS. It will show you how can you make any changes to your workload with a single 'git push origin master'
Speaker: Darko Meszaros, Solutions Architect, AWS
Modern Applications Web Day | Container Workloads on AWSAWS Germany
Containers gained strong traction since day one for both enterprises and startups. Today AWS customers are launching hundreds of millions of new containers – each week. Join us as we cover the state of containerized application development and deployment trends. This session will dive deep on new container capabilities that help customers deploying and running container-based workloads for web services and batches.
Speaker: Steffen Grunwald, Senior Solutions Architect, AWS & Sascha Möllering, Senior Solutions Architect, AWS
Modern Applications Web Day | Continuous Delivery to Amazon EKS with SpinnakerAWS Germany
With more and more application workloads moving to Kubernetes, the interest in managed Kubernetes services in enterprises is increasing. While Amazon EKS will make operations easier, an efficient and transparent delivery pipeline becomes more important than ever. This will provide an increased application development velocity that will directly convert into a competitive advantage with fast paced digital services. While established tools such as Jenkins can be used quite efficiently for CI tasks, modern cloud-native tools like Spinnaker are gaining attention by focusing more in the continuous delivery process. We will show you how Spinnaker and its new Kubernetes v2 provider can be utilized together with Amazon EKS to streamline your application deployments.
Speaker: Jukka Forsgren, nordcloud
The most common way to start developing for Alexa is with custom skills while not too many of us except for device manufacturers get in touch with Smart Home skills on Alexa. This session introduces and demonstrates the power of Smart Home skills and it takes a look behind the technical scene of what happens in between an “Alexa, turn on the lights” and Alexa´s final “Ok” confirmation. Once you are familiar with the concept of Smart Home skills you will find out that it’s not just for implementing large-scale Smart Home solutions as the Smart Home API is also a great playground for your next Do it Yourself project. At the end of this session you’ve learned about the probably simplest way to build a Smart Home project with Raspberry Pi and AWS IoT – and you will be equipped with essential knowledge on how to build your own voice-controlled “thing”.
Hotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructureAWS Germany
Automating the boring task of submitting travel expenses we developed ML model for classifying recipes. Using AWS EC2, Lambda, S3, SageMaker, Rekognition we evaluated different ways of training model and serving predictions as well as different model approaches (classical ML vs. Deep Learning).
Wild Rydes with Big Data/Kinesis focus: AWS Serverless WorkshopAWS Germany
This is a hands-on workshop where every participant will not only learn how to architect and implement a serverless application on Amazon Web Services using nothing but serverless resources for all layers in theory, but actually do it in practice, with all the necessary support from the speakers. Serverless computing allows you to build and run applications and services without thinking about servers. Serverless applications don't require you to provision, scale, and manage any servers. You can build them for nearly any type of application or backend service, and everything required to run and scale your application with high availability is handled for you. Building serverless applications means that developers can focus on their core product instead of worrying about managing and operating servers or runtimes. This reduced overhead lets developers reclaim time and energy that can be spent on developing great products which scale and that are reliable.
Nearly everything in IT - servers, applications, websites, connected devices, and other things - generate discrete, time-stamped records of events called logs. Processing and analyzing these logs to gain actionable insights is log analytics. We'll look at how to use centralized log analytics across multiple sources with Amazon Elasticsearch Service.
Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS AWS Germany
Querying streaming data with SQL to derive actionable insights at the point of impact in a timely and continuous fashion offers various benefits over querying data in a traditional database. However, although it is desirable for many use cases to transition to a stream based paradigm, stream processing systems and traditional databases are fundamentally different: in a database, the data is (more or less) fixed and the queries are executed in an ad-hoc manner, whereas in stream processing systems, the queries are fixed and the data flows through the system in real-time. This leads to different primitives that are required to model and query streaming data.
In this session, we will introduce basic stream processing concepts and discuss strategies that are commonly used to address the challenges that arise from querying of streaming data. We will discuss different time semantics, processing guarantees and elaborate how to deal with reordering and late arriving of events. Finally, we will compare how different streaming use cases can be implemented on AWS by leveraging Amazon Kinesis Data Analytics and Apache Flink.
Zehntausende gemeinnützige und nichtstaatliche Organisationen weltweit verwenden AWS, damit sie sich auf ihre eigentliche Mission konzentrieren können, statt ihre IT-Infrastruktur zu verwalten. Die Anwendungsgebiete von Nonprofits und NGOs sind dabei genauso vielfältig, wie bei Enterprise oder Start-up oder anderen AWS-Anwendern im öffentlichen Sektor. Gemeinnützige Organisationen und NGOs nutzen AWS z.B. um hochverfügbare und hochskalierbare Websites zu erstellen, um ihre Spendenaktionen und Öffentlichkeitsarbeit effizient zu verwalten, oder um Nutzen aus Big Data Anwendungen zu ziehen.
In dieser Sitzung werden wir einen Blick auf die verschiedenen AWS-Programme werfen, die gemeinnützigen Organisationen den Einstige in AWS und die Umsetzung ihrer IT-Projekte erleichtern. Insbesondere informieren wir auch über das Angebote mit Stifter-Helfen.de - dem deutschen TechSoup-Partner. Dieses Angebot stellt den begünstigten Organisationen pro Jahr $2.000 in AWS Credit Codes zu Verfügung.
Die Session richtet sich an alle, die sich für einen guten Zweck engagieren wollen und dabei nicht auf innovative Cloud-Services zur Umsetzung ihrer IT-Projekte verzichten wollen. Für die Teilnahme and der Session sind keine technischen Vorkenntnisse notwendig
The document discusses data architecture challenges and best practices for microservices. It covers challenges like distributed transactions, eventual consistency, and choosing appropriate data stores. It provides recommendations for handling errors and rollbacks in a distributed system using techniques like correlation IDs, transaction managers, and event-driven architectures with DynamoDB streams. The document also provides a framework for classifying non-functional requirements and mapping them to suitable AWS data services.
Serverless vs. Developers – the real crashAWS Germany
With serverless things are getting really different. Commodity building blocks from our cloud providers, functional billing, serverless marketplaces etc. are going to hit the usual “Not invented here”3 syndrome in organizations.
Many beloved things have to be un- or re-learned by software developers. How can we prepare our organizations and people for unlearning old patterns and behaviours? Let’s have a look from a knowledge management perspective.
Objective of the talk:
Intro into systemic knowledge management
Query your data in S3 with SQL and optimize for cost and performanceAWS Germany
Streaming services allow you to ingest and analyze events continuously in real time. One of Big Data's principles is to store raw data as long as possible - to be able to answer future questions. If the data is permanently stored in Amazon Simple Storage Service (S3), it can be queried at any time with Amazon Athena without spinning up a database.
This session shows step by step how the data should be structured so that both costs and response times are reduced when using Athena. The details and effects of compression, partitions, and column storage formats are compared. Finally, AWS Glue is used as a fully managed service for Extract Transform Load (ETL) to derive optimized views from the raw data for frequently issued queries.
Secret Management with Hashicorp’s VaultAWS Germany
When running a Kubernetes Cluster in AWS there are secrets like AWS and Kubernetes credentials, access information for databases or integration with the company LDAP that need to be stored and managed.
HashiCorp’s Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets . It handles leasing, key revocation, key rolling, and auditing.
This talk will give an overview of secret management in general and Vault’s concepts. The talk will explain how to make use of Vault’s extensive feature set and show patterns that implement integration between Kubernetes applications and Vault.
Running more than one containerized application in production makes teams look for solutions to quickly deploy and orchestrate containers. One of the most popular options is the open-source project Kubernetes. With the release of the Amazon Elastic Container Service for Kubernetes (EKS), engineering teams now have access to a fully managed Kubernetes control plane and time to focus on building applications. This workshop will deliver hands-on labs to support you getting familiar with Amazon's EKS.
Our challenge is to provide a container cluster as part of the Cloud Platform at Scout24. Our goal is to support all the different applications with varying requirements the Scout24 dev teams can throw at us. Up until now, we have run all of them on the same ECS cluster with the same parameters. As we get further into our AWS migration, we have learned this does not scale. We combat this by introducing categories in one cluster with different configurations for the service. We will introduce how we tune each category differently, with different resource limits, different scaling approaches and more…
Containers gained strong traction since day one for both enterprises and startups. Today AWS customers are launching hundreds of millions of new containers – each week. Join us as we cover the state of containerized application development and deployment trends. This session will dive deep on new container capabilities that help customers deploying and running container-based workloads for web services and batches.
Deploying and Scaling Your First Cloud Application with Amazon LightsailAWS Germany
Are you looking to move to the cloud, but aren’t sure quite where to start? Are you already using AWS, and are looking for ways to simplify some of your workflows? If you answered “yes” (or even “maybe”) to either one of those questions, this session / hands-on workshop is for you. We’re going to take you through using Amazon Lightsail, an AWS service that provides the quickest way to get started in the cloud, to deploy and scale an application on AWS.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Security Boundaries and Functions of Services for Serverless Architectures on AWS - AWS Serverless Web Day
1. Security Aspekts on Services for
Serverless Architectures
Bertram Dorn
EMEA Specialized Solutions Architect
Security and Compliance
2. Agenda:
• Security in General
• Services in Scope
• Aspects of Services for Serverless Architectures
• API Endpoint Concept
• API Calls
• Some Service Details
3. What is AWS?
AWS Global Infrastructure
Application Services
Networking
Deployment & Administration
DatabaseStorageCompute
4. Service in Scope I
• Architect should not care about AZ setup
• Architect should not care about scaling
• Architect should not care about availability
• Architect should not care about sizing
• Architect should not care about serivce side communication
• Architect should not take action on service side security
5. ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data
Collection
Machine
Learning
Elastic
Search
Virtual
Desktops
Sharing &
Collaboration
Corporate
Email
Backup
Queuing &
Notifications
Workflow
Search
Email
Transcoding
One-click App
Deployment
Identity
Sync
Single Integrated
Console
Push
Notifications
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource
Templates
TECHNICAL &
BUSINESS
SUPPORT
Account
Management
Support
Professional
Services
Training &
Certification
Security
& Pricing
Reports
Partner
Ecosystem
Solutions
Architects
MARKETPLACE
Business
Apps
Business
Intelligence
Databases
DevOps
Tools
NetworkingSecurity Storage
Regions
Availability
Zones
Points of
Presence
INFRASTRUCTURE
CORE SERVICES
Compute
VMs, Auto-scaling,
& Load Balancing
Storage
Object, Blocks,
Archival, Import/Export
Databases
Relational, NoSQL,
Caching, Migration
Networking
VPC, DX, DNS
CDN
Access
Control
Identity
Management
Key
Management
& Storage
Monitoring
& Logs
Assessment
and reporting
Resource &
Usage Auditing
SECURITY & COMPLIANCE
Configuration
Compliance
Web application
firewall
HYBRID
ARCHITECTURE
Data
Backups
Integrated
App
Deployments
Direct
Connect
Identity
Federation
Integrated
Resource
Management
Integrated
Networking
API
Gateway
IoT
Rules
Engine
Device
Shadows
Device
SDKs
Registry
Device
Gateway
Streaming Data
Analysis
Business
Intelligence
Mobile
Analytics
6. ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data
Collection
Machine
Learning
Elastic
Search
Virtual
Desktops
Sharing &
Collaboration
Corporate
Email
Backup
Queuing &
Notifications
Workflow
Search
Email
Transcoding
One-click App
Deployment
Identity
Sync
Single Integrated
Console
Push
Notifications
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource
Templates
TECHNICAL &
BUSINESS
SUPPORT
Account
Management
Support
Professional
Services
Training &
Certification
Security
& Pricing
Reports
Partner
Ecosystem
Solutions
Architects
MARKETPLACE
Business
Apps
Business
Intelligence
Databases
DevOps
Tools
NetworkingSecurity Storage
Regions
Availability
Zones
Points of
Presence
INFRASTRUCTURE
CORE SERVICES
Compute
VMs, Auto-scaling,
& Load Balancing
Storage
Object, Blocks,
Archival, Import/Export
Databases
Relational, NoSQL,
Caching, Migration
Networking
VPC, DX, DNS
CDN
Access
Control
Identity
Management
Key
Management
& Storage
Monitoring
& Logs
Assessment
and reporting
Resource &
Usage Auditing
SECURITY & COMPLIANCE
Configuration
Compliance
Web application
firewall
HYBRID
ARCHITECTURE
Data
Backups
Integrated
App
Deployments
Direct
Connect
Identity
Federation
Integrated
Resource
Management
Integrated
Networking
API
Gateway
IoT
Rules
Engine
Device
Shadows
Device
SDKs
Registry
Device
Gateway
Streaming Data
Analysis
Business
Intelligence
Mobile
Analytics
7. AWS Global Footprint
US West (N.California)
US West (Oregon)
GovCloud
US East (Virginia)
EU West (Ireland)
Asia Pacific (Tokyo)
Asia Pacific (Singapore)
Asia Pacific (Sydney)
China (Beijing)
São Paulo
EU Central (Frankfurt)
Korea (Seul)
Region
An independent collection of AWS
resources in a defined geography
A solid foundation for meeting location-
dependent privacy and compliance
requirements
8. AWS Global Footprint
Availability Zone
Designed as independent failure zones
Physically separated within a typical
metropolitan region
9. Shared Responsibility
Cross-service Controls
Service-specific Controls
Managed by
AWS
Managed by
Customer
Security of the Cloud
Security in the Cloud
Cloud Service Provider
Controls
Optimized
Network/OS/App Controls
Request reports at:
aws.amazon.com/compliance/#contact
ISO
27000
ISO
9001
10. Service in Scope II
• Architect needs to care about IAM
• Architect must secuire his access keys
• Architect should be aware of service features
• Architect should cross check service against compliance setup
• Architect must take care of encryption
• Knowledge of the service features
• Know how to work his own encryption into the architecture
11. ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data
Collection
Machine
Learning
Elastic
Search
Virtual
Desktops
Sharing &
Collaboration
Corporate
Email
Backup
Queuing &
Notifications
Workflow
Search
Email
Transcoding
One-click App
Deployment
Identity
Sync
Single Integrated
Console
Push
Notifications
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource
Templates
TECHNICAL &
BUSINESS
SUPPORT
Account
Management
Support
Professional
Services
Training &
Certification
Security
& Pricing
Reports
Partner
Ecosystem
Solutions
Architects
MARKETPLACE
Business
Apps
Business
Intelligence
Databases
DevOps
Tools
NetworkingSecurity Storage
Regions
Availability
Zones
Points of
Presence
INFRASTRUCTURE
CORE SERVICES
Compute
VMs, Auto-scaling,
& Load Balancing
Storage
Object, Blocks,
Archival, Import/Export
Databases
Relational, NoSQL,
Caching, Migration
Networking
VPC, DX, DNS
CDN
Access
Control
Identity
Management
Key
Management
& Storage
Monitoring
& Logs
Assessment
and reporting
Resource &
Usage Auditing
SECURITY & COMPLIANCE
Configuration
Compliance
Web application
firewall
HYBRID
ARCHITECTURE
Data
Backups
Integrated
App
Deployments
Direct
Connect
Identity
Federation
Integrated
Resource
Management
Integrated
Networking
API
Gateway
IoT
Rules
Engine
Device
Shadows
Device
SDKs
Registry
Device
Gateway
Streaming Data
Analysis
Business
Intelligence
Mobile
Analytics
12. API
• WebInterface
• CLI
• SDK
• API
Architect
AWS
IAM
Resource / Application
User
Amazon
S3
Amazon
DynamoDB
Amazon API
Gateway Amazon
SES
Amazon
SQS
Application
API Features
• DDoS Protected
• MultiAZ
• Available
• Encryption in
Transport
• Authenticated
• Logging
15. Amazon
S3 • Secure Transport
• Sever Side Encryption
• Individual Vector for each object
• Re-Encryption through copy and versioning
• KMS Integration
• Customer Managed KEYs
• IAM integration
• Versioning
• MFA Delete
• Storage Class
• S3 Logging
Security related features which need to be instrumented by the Architect
16. A view on S3
Bucket with
Objects
Region S3
Bucket with
Objects
• WebInterface
• CLI
• SDK
• API
Admin
For instrumentation
AWS
AWS
IAM
Command PATH
S3 Endpoints
Datapath
HTTP(s)
Bucket Policy
Object Policy
User Policy S3 Logging
Amazon
S3
17. Amazon API
Gateway
• Secure Transport
• Setup of Paths
• Secure coding inside the Lambda functions
• Client Certificates
• CloudWatchLogs Logging
Security related features which need to be instrumented by the Architect
18. A view on API Gateway
AWS Region
• WebInterface
• CLI
• SDK
• API
Admin
For instrumentation
AWS
AWS
IAM
Command PATH
APP GW Endpoints
Datapath
HTTP(s)
CloudWatch
Logs
Amazon API
Gateway
Mockups Proxy
19. AWS
Lambda
Possibilities which need to be instrumented by the Architect
• IAM Role needs to be focussed
• Secure Coding
• CloudWatchLogs Logging
• Well choosen triggers
20. A view on Lambda
AWS Region
• WebInterface
• CLI
• SDK
• API
Admin
For instrumentation
AWS
AWS
IAM
Command PATH
APP GW Endpoints
Datapath
HTTP(s)
CloudWatch
Logs
AWS
Lambda
Other Services
22. A view on Messaging
AWS Region
• WebInterface
• CLI
• SDK
• API
Admin
For instrumentation
AWS
AWS
IAM
Command PATH
APP GW Endpoints
Datapath
HTTP(s)
CloudTrail
Other Services
Amazon
SES
Amazon
SQS