AWS Certificate Manager (ACM) Private Certificate Authority (CA) is a managed private CA service that helps you easily and securely manage the lifecycle of your private certificates. In this session, learn how ACM Private CA extends ACM’s certificate management capabilities to private certificates and enables you to centrally manage public and private certificates. We also demonstrate how ACM Private CA enables you to create a Private CA and use it to create and deploy private certificates for your AWS resource and internal resources. We also discuss case studies demonstrating how customers use ACM Private CA to automate security and certificate management.
Learning Objectives:
- Introduction to AWS Certificate Manager (ACM) Private Certificate Authority
- Top use cases for AWS Certificate Manager (ACM) Private Certificate Authority, including securing your internal resources such as IoT and mobile devices
- Short demo on how to quickly get your own private certificate authority up and running with this new service
AWS Certificate Management and Private Certificate Authority Deep Dive (SEC41...Amazon Web Services
This document discusses AWS Certificate Manager (ACM) and ACM Private Certificate Authority (CA). ACM makes it easy to provision, manage, deploy and renew TLS/SSL certificates on AWS. ACM Private CA allows customers to establish a managed private CA to issue private certificates trusted within their organization. Examples are provided of using private certificates with Elastic Load Balancing and for device authentication. The document also covers customizing private certificates, chaining a private CA to an enterprise root CA, and revocation.
Using Amazon Inspector to Discover Potential Security Issues - AWS Online Tec...Amazon Web Services
The document provides an overview of the Amazon Inspector security assessment service. It discusses how Amazon Inspector can automate vulnerability assessments for DevSecOps workflows, complementing AWS's shared security model. The session demonstrates how to quickly assess an entire Amazon EC2 fleet using Amazon Inspector, tailor assessments by tuning rules and schedules, and scale assessments using CloudFormation templates.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
You may already know that you can use Amazon CloudWatch to view graphs of your AWS resources like Amazon Elastic Compute Cloud instances or Amazon Simple Storage Service. But, did you know that you can monitor your on-premises servers with Amazon CloudWatch Logs? Or, that you can integrate CloudWatch Logs with Elasticsearch for powerful visualization and analysis? This session will offer a tour of the latest monitoring and automation capabilities that we’ve added, how you can get even more done with Amazon CloudWatch.
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
This document discusses using Amazon CloudFront, AWS WAF, and AWS Lambda to protect web applications. AWS WAF provides firewall protection at CloudFront edge locations and can block exploits, abuse, and application DDoS attacks. CloudFront works with AWS WAF to filter legitimate traffic from attacks like SQL injection, cross-site scripting, and others. AWS Lambda can be used to automate security by integrating IP reputation lists and detecting HTTP floods and scans/probes. Resources are provided for webinars and tutorials on configuring AWS WAF and AWS Lambda for automatic protection of web applications.
Learning Objectives:
- Introduction to AWS Certificate Manager (ACM) Private Certificate Authority
- Top use cases for AWS Certificate Manager (ACM) Private Certificate Authority, including securing your internal resources such as IoT and mobile devices
- Short demo on how to quickly get your own private certificate authority up and running with this new service
AWS Certificate Management and Private Certificate Authority Deep Dive (SEC41...Amazon Web Services
This document discusses AWS Certificate Manager (ACM) and ACM Private Certificate Authority (CA). ACM makes it easy to provision, manage, deploy and renew TLS/SSL certificates on AWS. ACM Private CA allows customers to establish a managed private CA to issue private certificates trusted within their organization. Examples are provided of using private certificates with Elastic Load Balancing and for device authentication. The document also covers customizing private certificates, chaining a private CA to an enterprise root CA, and revocation.
Using Amazon Inspector to Discover Potential Security Issues - AWS Online Tec...Amazon Web Services
The document provides an overview of the Amazon Inspector security assessment service. It discusses how Amazon Inspector can automate vulnerability assessments for DevSecOps workflows, complementing AWS's shared security model. The session demonstrates how to quickly assess an entire Amazon EC2 fleet using Amazon Inspector, tailor assessments by tuning rules and schedules, and scale assessments using CloudFormation templates.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
You may already know that you can use Amazon CloudWatch to view graphs of your AWS resources like Amazon Elastic Compute Cloud instances or Amazon Simple Storage Service. But, did you know that you can monitor your on-premises servers with Amazon CloudWatch Logs? Or, that you can integrate CloudWatch Logs with Elasticsearch for powerful visualization and analysis? This session will offer a tour of the latest monitoring and automation capabilities that we’ve added, how you can get even more done with Amazon CloudWatch.
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
This document discusses using Amazon CloudFront, AWS WAF, and AWS Lambda to protect web applications. AWS WAF provides firewall protection at CloudFront edge locations and can block exploits, abuse, and application DDoS attacks. CloudFront works with AWS WAF to filter legitimate traffic from attacks like SQL injection, cross-site scripting, and others. AWS Lambda can be used to automate security by integrating IP reputation lists and detecting HTTP floods and scans/probes. Resources are provided for webinars and tutorials on configuring AWS WAF and AWS Lambda for automatic protection of web applications.
This document discusses security and compliance when using AWS. It covers the shared responsibility model between AWS and customers, where customer data is located, infrastructure security controls, identity and access management, encryption options, configuration management, and partner ecosystems that benefit security. Key services that help customers meet compliance requirements include AWS Config for continuous change monitoring, CloudTrail for auditing API calls, CloudWatch Logs for log management, VPC for virtual networking, KMS for encryption key management, and CloudHSM for dedicated hardware security modules.
Customers using AWS benefit from a multitude of security and compliance controls built into AWS solutions. In this session, you will learn how to take advantage of the advanced security features of AWS to gain the visibility, agility, and control that the cloud affords users over legacy environments. We will take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the Shared Responsibility Model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS.
Matt Johnson, Solutions Architect, AWS
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.
This document discusses encryption options when using AWS, focusing on the AWS Key Management Service (KMS). KMS allows users to simplify the creation, control, rotation and use of encryption keys in AWS services like S3, EBS, RDS, Redshift and others. It addresses key storage, access and usage considerations. KMS uses symmetric AES-256 encryption for data keys and allows granular IAM control over who can create, enable/disable, use and audit keys. The presentation demonstrates how to create and use customer master keys in KMS and integrate encryption with S3 and EBS volumes.
Data protection is the highest priority for any organisation, so we answer common questions about GDPR, data residency, freedom of information, and privacy. We also address security-related compliance, risk management strategies, and best practices for securing data on AWS.
This document introduces Amazon CloudFront, a content delivery network (CDN) that provides fast, secure, and cost-effective global delivery of content. Some key features of CloudFront include its full-featured caching network with a global infrastructure tuned for optimal performance, high security, robust analytics, and self-service capabilities. CloudFront can deliver content for various market segments like media/entertainment, gaming, eCommerce, and software downloads. It aims to provide high performance, reach a wide global audience, and ensure financial feasibility for scalable content delivery.
WIN403_AWS Directory Service for Microsoft Active Directory Deep DiveAmazon Web Services
The document discusses AWS Directory Service for Microsoft Active Directory. It provides an overview of AWS Managed Microsoft AD including what it is, the shared responsibilities model, deployment models, setup process, administration, and applications support. It describes how AWS Managed Microsoft AD can be used as a primary directory or as a resource directory connected to an on-premises Active Directory. Best practices for managing trusts between directories are also covered.
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Amazon Web Services
Learning Objectives:
- Reduce the complexity of governance
- Embed compliance in the development process
- Learn about AWS Management Tools
As your cloud operations evolve, complexity of governance, compliance, and risk auditing of your AWS account increases. With AWS Config and AWS CloudTrail you can automate your controls and compliance efforts so that they scale with your cloud footprint. You can discover resources that exist in your account, capture changes in configurations, and create alerts for out-of-compliance events.In this session, we will help you use AWS Config, AWS CloudTrail, and other AWS Management Tools to automate configuration governance so that compliance is embedded in the development process.
Whether you are a traditional enterprise exploring migrating workloads to the cloud or are already “all-in” on AWS, performing common tasks of inventory collection, OS patch management, and image creation at scale is increasingly complicated in hybrid infrastructure environments. Amazon EC2 Systems Manager allows you to perform automated configuration and ongoing management of your hybrid environment systems at scale. This session provides an overview of key EC2 Systems Manager capabilities that help you define and track system configurations, prevent drift, and maintain software compliance of your EC2 and on-premises configurations. We will also discuss common use cases for EC2 Systems Manager and give you a demonstration of a hybrid-cloud management scenario.
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
Amazon Web Services (AWS) provides on-demand computing resources and services in the cloud, with pay-as-you-go pricing. This session provides an overview and describes how using AWS resources instead of your own is like purchasing electricity from a power company instead of running your own generator. Using AWS resources provides many of the same benefits as a public utility: Capacity exactly matches your need, you pay only for what you use, economies of scale result in lower costs, and the service is provided by a vendor experienced in running large-scale networks. A high-level overview of AWS’s infrastructure (such as AWS Regions and Availability Zones) and AWS services is provided as part of this session.
In this session we will talk through deployment scenarios, design considerations and introduce AWS Active Directory Service. AWS Directory Service is a managed service that allows you to connect your AWS resources with an existing on-premises Microsoft Active Directory or to set up a new, stand-alone directory in the AWS cloud.
Cloudwatch: Monitoring your Services with Metrics and AlarmsFelipe
CloudWatch is AWS's monitoring and metrics service that collects data from AWS services and allows users to set alarms and view metrics. It collects both built-in metrics provided by AWS services as well as custom metrics defined by users. CloudWatch allows viewing metrics and setting alarms in the console, through APIs, and via integration with other AWS services. It provides visibility into applications and infrastructure to help with decisions around capacity planning and troubleshooting.
Learning Objectives:
- How you can rotate secrets safely
- How you can manage access to secrets using fine-grained access policies
- How you can secure and audit secrets centrally
Amazon S3 hosts trillions of objects and is used for storing a wide range of data, from system backups to digital media. This presentation from the Amazon S3 Masterclass webinar we explain the features of Amazon S3 from static website hosting, through server side encryption to Amazon Glacier integration. This webinar will dive deep into the feature sets of Amazon S3 to give a rounded overview of its capabilities, looking at common use cases, APIs and best practice.
See a recording of this video here on YouTube: http://youtu.be/VC0k-noNwOU
Check out future webinars in the Masterclass series here: http://aws.amazon.com/campaigns/emea/masterclass/
View the Journey Through the Cloud webinar series here: http://aws.amazon.com/campaigns/emea/journey/
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
This document discusses securing web applications with AWS WAF. It begins by explaining why a web application firewall (WAF) is needed to protect against bad users and application vulnerabilities while allowing good users. It then defines what AWS WAF is, noting that it allows users to block or allow web requests and monitor security events. AWS WAF provides APIs and a console for easy configuration of rules to protect websites and content while integrating with development workflows. The document outlines the steps to set up AWS WAF, including creating a web ACL, adding rules and match conditions, and assigning it to CloudFront. It notes the pay-as-you-go pricing model for AWS WAF.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
The document discusses Amazon Virtual Private Cloud (Amazon VPC), which allows users to define virtual networks within the AWS cloud. It describes benefits of using VPC such as security, IP address management, and network access control. It then covers VPC capabilities, architecture scenarios, configuration options for public/private subnets, security features like security groups and network ACLs, and additional topics such as dedicated hardware, VPC peering, and default VPC configuration.
The document provides an overview of Amazon Web Services (AWS) including its global infrastructure, key services, and security practices. It discusses AWS' 13+ years of experience and 165 cloud services. Specific AWS services covered include compute, storage, databases, security, and containers. Pricing and availability of AWS services are also summarized.
"Ever wondered how can you find out which user made a particular API call, when the call was made, and which resources were acted upon? In this session, you will learn how to turn on AWS CloudTrail for hundreds of AWS accounts in all AWS regions to ensure you have full visibility into API activity in all your AWS accounts. We will demonstrate how to use CloudTrail Lookup in the AWS Management Console to troubleshoot operational and security issues and how to use the AWS CLI or SDKs to integrate your applications with CloudTrail.
We will also demonstrate how you can monitor for specific API activity by using Amazon CloudWatch and receive email notifications, when such activity occurs. Using CloudTrail Lookup and CloudWatch Alarms, you can take immediate action to quickly remediate any security or operational issues. We will also share best practices and ready-to-use scripts, and dive deep into new features that help you configure additional layers of security for CloudTrail log files."
Certificate management concepts in AWS - SEC205 - New York AWS SummitAmazon Web Services
In this session, learn about the encryption and certificate management services that AWS offers. You also get to see a few demonstrations of how you can leverage these services on AWS to protect data at rest and data in transit.
Root CA hierarchies for AWS Certificate Manager (ACM) Private CA - FND320 - A...Amazon Web Services
AWS recently announced root certificate authority (CA) hierarchies for AWS Certificate Manager (ACM) Private CA. CA administrators can now quickly and easily create a complete CA hierarchy, including root and subordinate CAs, with no need for external CAs. In this presentation, we provide an overview of ACM Private CA and discuss some common use cases, such as issuing private certificates in order to identify devices. You learn how to create a two-level CA hierarchy and use it to issue private certificates. You also learn security best practices for creating and managing a CA hierarchy, and you have a chance to ask questions.
This document discusses security and compliance when using AWS. It covers the shared responsibility model between AWS and customers, where customer data is located, infrastructure security controls, identity and access management, encryption options, configuration management, and partner ecosystems that benefit security. Key services that help customers meet compliance requirements include AWS Config for continuous change monitoring, CloudTrail for auditing API calls, CloudWatch Logs for log management, VPC for virtual networking, KMS for encryption key management, and CloudHSM for dedicated hardware security modules.
Customers using AWS benefit from a multitude of security and compliance controls built into AWS solutions. In this session, you will learn how to take advantage of the advanced security features of AWS to gain the visibility, agility, and control that the cloud affords users over legacy environments. We will take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the Shared Responsibility Model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS.
Matt Johnson, Solutions Architect, AWS
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.
This document discusses encryption options when using AWS, focusing on the AWS Key Management Service (KMS). KMS allows users to simplify the creation, control, rotation and use of encryption keys in AWS services like S3, EBS, RDS, Redshift and others. It addresses key storage, access and usage considerations. KMS uses symmetric AES-256 encryption for data keys and allows granular IAM control over who can create, enable/disable, use and audit keys. The presentation demonstrates how to create and use customer master keys in KMS and integrate encryption with S3 and EBS volumes.
Data protection is the highest priority for any organisation, so we answer common questions about GDPR, data residency, freedom of information, and privacy. We also address security-related compliance, risk management strategies, and best practices for securing data on AWS.
This document introduces Amazon CloudFront, a content delivery network (CDN) that provides fast, secure, and cost-effective global delivery of content. Some key features of CloudFront include its full-featured caching network with a global infrastructure tuned for optimal performance, high security, robust analytics, and self-service capabilities. CloudFront can deliver content for various market segments like media/entertainment, gaming, eCommerce, and software downloads. It aims to provide high performance, reach a wide global audience, and ensure financial feasibility for scalable content delivery.
WIN403_AWS Directory Service for Microsoft Active Directory Deep DiveAmazon Web Services
The document discusses AWS Directory Service for Microsoft Active Directory. It provides an overview of AWS Managed Microsoft AD including what it is, the shared responsibilities model, deployment models, setup process, administration, and applications support. It describes how AWS Managed Microsoft AD can be used as a primary directory or as a resource directory connected to an on-premises Active Directory. Best practices for managing trusts between directories are also covered.
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Amazon Web Services
Learning Objectives:
- Reduce the complexity of governance
- Embed compliance in the development process
- Learn about AWS Management Tools
As your cloud operations evolve, complexity of governance, compliance, and risk auditing of your AWS account increases. With AWS Config and AWS CloudTrail you can automate your controls and compliance efforts so that they scale with your cloud footprint. You can discover resources that exist in your account, capture changes in configurations, and create alerts for out-of-compliance events.In this session, we will help you use AWS Config, AWS CloudTrail, and other AWS Management Tools to automate configuration governance so that compliance is embedded in the development process.
Whether you are a traditional enterprise exploring migrating workloads to the cloud or are already “all-in” on AWS, performing common tasks of inventory collection, OS patch management, and image creation at scale is increasingly complicated in hybrid infrastructure environments. Amazon EC2 Systems Manager allows you to perform automated configuration and ongoing management of your hybrid environment systems at scale. This session provides an overview of key EC2 Systems Manager capabilities that help you define and track system configurations, prevent drift, and maintain software compliance of your EC2 and on-premises configurations. We will also discuss common use cases for EC2 Systems Manager and give you a demonstration of a hybrid-cloud management scenario.
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
Amazon Web Services (AWS) provides on-demand computing resources and services in the cloud, with pay-as-you-go pricing. This session provides an overview and describes how using AWS resources instead of your own is like purchasing electricity from a power company instead of running your own generator. Using AWS resources provides many of the same benefits as a public utility: Capacity exactly matches your need, you pay only for what you use, economies of scale result in lower costs, and the service is provided by a vendor experienced in running large-scale networks. A high-level overview of AWS’s infrastructure (such as AWS Regions and Availability Zones) and AWS services is provided as part of this session.
In this session we will talk through deployment scenarios, design considerations and introduce AWS Active Directory Service. AWS Directory Service is a managed service that allows you to connect your AWS resources with an existing on-premises Microsoft Active Directory or to set up a new, stand-alone directory in the AWS cloud.
Cloudwatch: Monitoring your Services with Metrics and AlarmsFelipe
CloudWatch is AWS's monitoring and metrics service that collects data from AWS services and allows users to set alarms and view metrics. It collects both built-in metrics provided by AWS services as well as custom metrics defined by users. CloudWatch allows viewing metrics and setting alarms in the console, through APIs, and via integration with other AWS services. It provides visibility into applications and infrastructure to help with decisions around capacity planning and troubleshooting.
Learning Objectives:
- How you can rotate secrets safely
- How you can manage access to secrets using fine-grained access policies
- How you can secure and audit secrets centrally
Amazon S3 hosts trillions of objects and is used for storing a wide range of data, from system backups to digital media. This presentation from the Amazon S3 Masterclass webinar we explain the features of Amazon S3 from static website hosting, through server side encryption to Amazon Glacier integration. This webinar will dive deep into the feature sets of Amazon S3 to give a rounded overview of its capabilities, looking at common use cases, APIs and best practice.
See a recording of this video here on YouTube: http://youtu.be/VC0k-noNwOU
Check out future webinars in the Masterclass series here: http://aws.amazon.com/campaigns/emea/masterclass/
View the Journey Through the Cloud webinar series here: http://aws.amazon.com/campaigns/emea/journey/
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
This document discusses securing web applications with AWS WAF. It begins by explaining why a web application firewall (WAF) is needed to protect against bad users and application vulnerabilities while allowing good users. It then defines what AWS WAF is, noting that it allows users to block or allow web requests and monitor security events. AWS WAF provides APIs and a console for easy configuration of rules to protect websites and content while integrating with development workflows. The document outlines the steps to set up AWS WAF, including creating a web ACL, adding rules and match conditions, and assigning it to CloudFront. It notes the pay-as-you-go pricing model for AWS WAF.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
The document discusses Amazon Virtual Private Cloud (Amazon VPC), which allows users to define virtual networks within the AWS cloud. It describes benefits of using VPC such as security, IP address management, and network access control. It then covers VPC capabilities, architecture scenarios, configuration options for public/private subnets, security features like security groups and network ACLs, and additional topics such as dedicated hardware, VPC peering, and default VPC configuration.
The document provides an overview of Amazon Web Services (AWS) including its global infrastructure, key services, and security practices. It discusses AWS' 13+ years of experience and 165 cloud services. Specific AWS services covered include compute, storage, databases, security, and containers. Pricing and availability of AWS services are also summarized.
"Ever wondered how can you find out which user made a particular API call, when the call was made, and which resources were acted upon? In this session, you will learn how to turn on AWS CloudTrail for hundreds of AWS accounts in all AWS regions to ensure you have full visibility into API activity in all your AWS accounts. We will demonstrate how to use CloudTrail Lookup in the AWS Management Console to troubleshoot operational and security issues and how to use the AWS CLI or SDKs to integrate your applications with CloudTrail.
We will also demonstrate how you can monitor for specific API activity by using Amazon CloudWatch and receive email notifications, when such activity occurs. Using CloudTrail Lookup and CloudWatch Alarms, you can take immediate action to quickly remediate any security or operational issues. We will also share best practices and ready-to-use scripts, and dive deep into new features that help you configure additional layers of security for CloudTrail log files."
Certificate management concepts in AWS - SEC205 - New York AWS SummitAmazon Web Services
In this session, learn about the encryption and certificate management services that AWS offers. You also get to see a few demonstrations of how you can leverage these services on AWS to protect data at rest and data in transit.
Root CA hierarchies for AWS Certificate Manager (ACM) Private CA - FND320 - A...Amazon Web Services
AWS recently announced root certificate authority (CA) hierarchies for AWS Certificate Manager (ACM) Private CA. CA administrators can now quickly and easily create a complete CA hierarchy, including root and subordinate CAs, with no need for external CAs. In this presentation, we provide an overview of ACM Private CA and discuss some common use cases, such as issuing private certificates in order to identify devices. You learn how to create a two-level CA hierarchy and use it to issue private certificates. You also learn security best practices for creating and managing a CA hierarchy, and you have a chance to ask questions.
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Amazon Web Services
Serverless architecture and a microservices approach has changed the way we develop applications. Increased composability doesn't have to mean decreased auditability or security. In this talk, we discuss the security model for applications based on AWS Lambda functions and Amazon API Gateway. Learn about the security and compliance that comes with Lambda right out of the box and with no extra charge or management. We also cover services like AWS Config, AWS Identity and Access Management (IAM), Amazon Cognito, and AWS Secrets Manager available on the platform to help manage application security.
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019 Amazon Web Services
In this hands-on workshop, we use the AWS Cloud9 IDE to learn about data encryption services, such as AWS Key Management Service (KMS) and AWS Certificate Manager (ACM). We also explore various aspects of AWS KMS and AWS ACM private certificate authority.
After AWS IAM and detective controls, the afternoon at AWS Security Week turns to infrastructure security, which means tuning AWS service configurations, AMI composition, and hardening other digital assets that will be deployed. You will learn how to define networking architecture (VPCs, subnets, security groups); how to develop hardened AMIs based on your requirements; the importance of defining Internet ingress and egress flows; and how to determine vulnerability management and operational maintenance cadence.
Speaker: Mike Wasielewski - Sr. Solutions Architect, AWS
Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...Amazon Web Services
Learning Objectives:
- Learn about common architecture patterns for network design, Microsoft Active Directory, and business productivity solutions like Dynamics AX, CRM, and Microsoft SharePoint
- Explore common scenarios for legacy and custom .NET, .NET Core with Microsoft SQL deployments and migrations
- Gain insights on simplifying your IT infrastructure and managing your Microsoft workloads in a familiar environment
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...Amazon Web Services
Build a serverless microservices application demonstrating end-to-end authentication and authorization through the use of Amazon Cognito, Amazon API Gateway, AWS Lambda, and all-things AWS Identity and Access Management (IAM). You will build an end-to-end functional app with a secure identity provider showcasing user authentication patterns.
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAmazon Web Services
All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: operating systems, services and applications control responsibilities, the automation of security baselines, the configuration of security, and the auditing of controls for AWS customer infrastructure. You'll learn key principles of how to build a secure organization and protect your customers' data. Don't wait until your first security incident before putting these best practices in place.
In this webinar, you'll learn how to create security workspaces for multiple teams through your AWS account. Discover how IAM works and find out how it integrates with AWS services. In addition, learn how AWS Config rules and AWS Cloud Trial can help you identify and rectify misconfiguration issues quickly and effectively.
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Amazon Web Services
Security is job zero at AWS. Come and learn how to build a modern security practice on AWS and supercharge it with AWS partners and serverless automation. Learn about the Security Perspectives found the AWS Well-Architected Framework, which equip your security program to not only keep your environment secure but also move fast. Learn advanced techniques to empower your teams with Amazon GuardDuty so you can elevate your team's ability to identify, protect, detect, respond, and recover from security events.
All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. You'll learn key principles of how to build a secure organization and protect your customers data. Don't wait until your first security incident before putting these best practices in place.
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAmazon Web Services
AWS Security Week at the San Francisco Loft: Infrastructure Security - Your Minimum Security Baseline
Presenter: Damindra Bandara, Security Consultant, AWS
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
Zero trust security is quickly rising as a preferred alternative to traditional security approaches. The key enabling technology underlying the zero trust security approach is next-gen access which combines the critical capabilities of such technologies as identity as a service (IDaaS), enterprise mobility management (EMM), and privileged access management (PAM). In this session, we highlight AWS security best practices in a zero trust security model. Specifically, we explore securing the AWS root account, controlling access to the AWS Management Console, and the AWS Command Line Interface, and managing developer access to Amazon EC2 instances and containerized applications that run on them.
This document discusses best practices for securing customer data on AWS from day one, including implementing strong identity and access management, enabling traceability, applying security at all layers, automating security best practices, protecting data in transit and at rest, and preparing for security events. It provides guidance on setting up authentication and authorization controls with IAM, implementing detective controls with logging and monitoring tools, applying defense-in-depth with network and host security configurations, automating security configurations with tools like CloudFormation, encrypting data at rest and in transit, and planning incident response procedures.
This document discusses best practices for securing customer data on AWS from day one. It recommends implementing security by design principles such as establishing a strong identity foundation with IAM, enabling traceability with detective controls like logging and monitoring, applying security at all layers with a defense-in-depth approach, automating security best practices through tools like CloudFormation, protecting data in transit and at rest using encryption, and preparing for security events with an incident response plan.
Enabling a Digital Platform with Microservices Architecture (ARC218-S) - AWS ...Amazon Web Services
Bajaj Finserv Direct Limited (BFDL) serves millions of customers with its comprehensive portfolio and innovative offerings in financing, general insurance, life and health insurance and retirement and savings. BFDL envisioned building a cloud-native digital platform to offer an unmatched experience to its customers. In this session, hear from BDFL how they built a robust digital backbone on AWS with a scalable microservices architecture deployed using Docker containers. The session also focuses on how a scalable microservices-based architecture can be developed using various AWS services. This session is brought to you by AWS partner, Cognizant Technology Solutions US Corp.
The document provides an overview of AWS cloud security concepts, including the shared responsibility model and identity and access management (IAM). It discusses how AWS is responsible for security of the cloud, including physical and network security of data centers, while customers are responsible for security in the cloud, such as operating systems and applications. The document also describes IAM principles for authentication, authorization, and auditing using tools like IAM users, policies, and CloudTrail.
Learn more about the benefits of streamlining your cloud migrations and optimising the performance and value of your SAP, Oracle, VMware and Windows workloads running on AWS. Also features CP Mining's cloud journey.
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS Germany
All companies should build with security and protection of customer data as the number one priority. This talk will cover a wide range of best practices from MFA, root accounts, encrypting laptops, inventory management, MDM, and incident response. You'll learn key principles of how to build a secure organization to protect your data. Don't wait until your first security incident before putting these best practices in place.
Similar to SID305 AWS Certificate Manager Private CA (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.