There is a constant tension between empowering teams to be agile through autonomy and enforcing governance policies to maintain regulatory compliance. Hear from Nathan Scott, Senior Consultant at AWS and James Martin, Automation Engineering Manager at 3M on how they have achieved both autonomy and governance through self-service automation tools on AWS. Learn how to avoid pitfalls with building the CI/CD team, right sizing and how to address. This session will also feature a demo from Casey Lee, Chief Architect at Stelligent on the tools used to accomplish this for 3M, including AWS Service Catalog, AWS CloudFormation, AWS CodePipeline and Cloud Custodian, an open source tool for managing AWS accounts.
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
As attacks and attempts to exploit vulnerabilities in web applications become more sophisticated, having an effective web request filtering solution becomes key to keeping your users’ data safe. In this workshop, discover how the OWASP Top 10 list of application security risks can help you secure your web applications. Learn how to use AWS services, such as AWS WAF, to mitigate vulnerabilities. This session includes hands-on labs to help you build a solution. Key learning goals include understanding the breadth and complexity of vulnerabilities customers need to protect from, understanding the AWS tools and capabilities that can help mitigate vulnerabilities, and learning how to configure effective HTTP request filtering rules using AWS WAF.
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...Amazon Web Services
Supporting a multitenant environment requires a robust management and monitoring strategy. SaaS operations teams require tools and views of system health that enable them to analyze and diagnose both multitenant and tenant-centric issues. The goal of this session is to identify specific strategies and tools that can be combined to support the unique set of operational challenges that SaaS providers face. In this session, we look at how analytics, consumption, and application metrics can correlate tenant activity with system health to proactively identify and troubleshoot issues. We also explore techniques for monitoring and managing different SaaS tenant isolation models, such as silo, pool, and so on.
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
It can be challenging to optimize AWS resources across cost, performance, security, and fault tolerance, much less do it automatically. AWS Trusted Advisor, an online resource, provides real-time guidance to help you provision your resources following AWS best practices. AWS Health provides ongoing visibility into the state of your AWS resources and remediation guidance for resource performance or availability issues that may affect your applications. Learn how to safely automate these best practices using Amazon CloudWatch Events and AWS Lambda, with samples for you to use. We also introduce you to AWS Health tools, a community-based source of tools to automate remediation actions and customize health alerts. See how to automate AWS best practices from Trusted Advisor and implement remediation from the AWS Health API on your AWS resources. Attendees should bring their own laptops.
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017Amazon Web Services
Macquarie, a global provider of financial services, identified early on that it would require strong partnership between its business, technology and risk teams to enable the rapid adoption of AWS cloud technologies. As a result, Macquarie built a Cloud Governance Platform to enable its risk functions to move as quickly as its development teams. This platform has been the backbone of Macquarie’s adoption of AWS over the past two years and has enabled Macquarie to accelerate its use of cloud technologies for the benefit of clients across multiple global markets. This talk will outline the strategy that Macquarie embarked on, describe the platform they built, and provide examples for other organizations who are on a similar journey.
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...Amazon Web Services
Implementing stringent security and compliance controls, like GxP, across your enterprise cloud ecosystem, while ensuring the agility of the DevSecOps process requires significant expertise and a lot of time to design, build, and maintain custom operations tooling. In this session, you learn how Turbot used AWS services to simplify IT operations to provide continuous compliance to major life sciences customers. You also hear how life sciences companies like Novartis Institutes for Biomedical Research (NIBR) have become agile, ensured control, and automated best practices using automated policy controls to configure, monitor, and maintain their cloud resources. By doing this, they became more supportive of their researchers' application stack. You also learn how data scientists and core researchers can take advantage of the power of DevOps and cloud computing without compromising enterprise security or data protection requirements.
GPSBUS204_Building a Profitable Next Generation AWS MSP PracticeAmazon Web Services
Join us in this session to learn more about the evolving landscape for AWS Partners capable of providing a full lifecycle experience for their customers, from plan and design to build and migrate to run, operate, and optimize. We share in-depth information about the investment, revenue, and margin opportunities for these next-gen MSPs. We also dive into AWS services and third-party tooling to help partners along this journey. Partners leave this session with a clear view of new ways to optimize their AWS business, expand their customer offerings, and improve their profitability.
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...Amazon Web Services
In this session, you’ll learn how to leverage AWS Service Catalog, AWS Lambda, AWS Config and AWS CloudFormation to create a robust, agile environment while maintaining enterprise standards, controls and workflows. Fannie Mae demonstrates how they are leveraging this solution to integrate with their existing workflows and CMDB/ITSM systems to create an end-to-end automated and agile IT lifecycle and workflow.
ENT210-How to Get from Zero to Hundreds of AWS-Certified EngineersAmazon Web Services
For many organizations, a perceived lack of cloud skills in their staff can limit their move to the cloud. Proper training of your engineers and developers can speed the pace of adoption, cloud migration, and delivery of business benefits by effectively operating the AWS Cloud. In this session, we discuss field-proven, prescriptive steps for reskilling and scaling your technical teams so that you can use the AWS Cloud securely, efficiently, and effectively.
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
As attacks and attempts to exploit vulnerabilities in web applications become more sophisticated, having an effective web request filtering solution becomes key to keeping your users’ data safe. In this workshop, discover how the OWASP Top 10 list of application security risks can help you secure your web applications. Learn how to use AWS services, such as AWS WAF, to mitigate vulnerabilities. This session includes hands-on labs to help you build a solution. Key learning goals include understanding the breadth and complexity of vulnerabilities customers need to protect from, understanding the AWS tools and capabilities that can help mitigate vulnerabilities, and learning how to configure effective HTTP request filtering rules using AWS WAF.
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...Amazon Web Services
Supporting a multitenant environment requires a robust management and monitoring strategy. SaaS operations teams require tools and views of system health that enable them to analyze and diagnose both multitenant and tenant-centric issues. The goal of this session is to identify specific strategies and tools that can be combined to support the unique set of operational challenges that SaaS providers face. In this session, we look at how analytics, consumption, and application metrics can correlate tenant activity with system health to proactively identify and troubleshoot issues. We also explore techniques for monitoring and managing different SaaS tenant isolation models, such as silo, pool, and so on.
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
It can be challenging to optimize AWS resources across cost, performance, security, and fault tolerance, much less do it automatically. AWS Trusted Advisor, an online resource, provides real-time guidance to help you provision your resources following AWS best practices. AWS Health provides ongoing visibility into the state of your AWS resources and remediation guidance for resource performance or availability issues that may affect your applications. Learn how to safely automate these best practices using Amazon CloudWatch Events and AWS Lambda, with samples for you to use. We also introduce you to AWS Health tools, a community-based source of tools to automate remediation actions and customize health alerts. See how to automate AWS best practices from Trusted Advisor and implement remediation from the AWS Health API on your AWS resources. Attendees should bring their own laptops.
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017Amazon Web Services
Macquarie, a global provider of financial services, identified early on that it would require strong partnership between its business, technology and risk teams to enable the rapid adoption of AWS cloud technologies. As a result, Macquarie built a Cloud Governance Platform to enable its risk functions to move as quickly as its development teams. This platform has been the backbone of Macquarie’s adoption of AWS over the past two years and has enabled Macquarie to accelerate its use of cloud technologies for the benefit of clients across multiple global markets. This talk will outline the strategy that Macquarie embarked on, describe the platform they built, and provide examples for other organizations who are on a similar journey.
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...Amazon Web Services
Implementing stringent security and compliance controls, like GxP, across your enterprise cloud ecosystem, while ensuring the agility of the DevSecOps process requires significant expertise and a lot of time to design, build, and maintain custom operations tooling. In this session, you learn how Turbot used AWS services to simplify IT operations to provide continuous compliance to major life sciences customers. You also hear how life sciences companies like Novartis Institutes for Biomedical Research (NIBR) have become agile, ensured control, and automated best practices using automated policy controls to configure, monitor, and maintain their cloud resources. By doing this, they became more supportive of their researchers' application stack. You also learn how data scientists and core researchers can take advantage of the power of DevOps and cloud computing without compromising enterprise security or data protection requirements.
GPSBUS204_Building a Profitable Next Generation AWS MSP PracticeAmazon Web Services
Join us in this session to learn more about the evolving landscape for AWS Partners capable of providing a full lifecycle experience for their customers, from plan and design to build and migrate to run, operate, and optimize. We share in-depth information about the investment, revenue, and margin opportunities for these next-gen MSPs. We also dive into AWS services and third-party tooling to help partners along this journey. Partners leave this session with a clear view of new ways to optimize their AWS business, expand their customer offerings, and improve their profitability.
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...Amazon Web Services
In this session, you’ll learn how to leverage AWS Service Catalog, AWS Lambda, AWS Config and AWS CloudFormation to create a robust, agile environment while maintaining enterprise standards, controls and workflows. Fannie Mae demonstrates how they are leveraging this solution to integrate with their existing workflows and CMDB/ITSM systems to create an end-to-end automated and agile IT lifecycle and workflow.
ENT210-How to Get from Zero to Hundreds of AWS-Certified EngineersAmazon Web Services
For many organizations, a perceived lack of cloud skills in their staff can limit their move to the cloud. Proper training of your engineers and developers can speed the pace of adoption, cloud migration, and delivery of business benefits by effectively operating the AWS Cloud. In this session, we discuss field-proven, prescriptive steps for reskilling and scaling your technical teams so that you can use the AWS Cloud securely, efficiently, and effectively.
Whether you’re just getting started with AI or you’re a deep learning expert, this session will provide a meaningful overview of how to get started with Artificial Intelligence on the AWS Cloud. In particular, we will explore AWS cloud-native machine learning and deep learning technologies that address a range of different use cases and needs. These include AWS Lex, which provides natural language understanding (NLU) and automatic speech recognition (ASR); Amazon Rekognition, which provides visual search and image recognition capabilities; Amazon Polly for text-to-speech (TTS) capabilities; and Amazon Machine Learning tools. The session will also cover the AWS Deep Learning AMI, which lets you run deep learning in the cloud at any scale. You can use launch instances of the AMI, pre-installed with open source deep learning engines (Apache MXNet, TensorFlow, Caffe, Theano, Torch and Keras), to run sophisticated AI models, experiment with new algorithms, and learn new deep learning skills and techniques; all backed by auto-scaling clusters of GPU-based instances.
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesAmazon Web Services
Healthcare and life sciences companies often have to adhere to specific regulatory requirements, such as GxP or HIPAA. The ability to treat your application environment as code on AWS lets you iterate faster while adhering to the appropriate regulatory frameworks. In this session, we discuss how DevOps principles can help you achieve your compliance requirements by validating your infrastructure in the same way that you do software. In particular, we discuss common compliance principles, demonstrate how to translate from policies to technical controls, and highlight how our partners are building for GxP and HIPAA.
越來越多的企業正在使用 Amazon Web Services 的靈活、可擴展和安全的基礎架構來運行他們的 Microsoft Windows 工作負載。 這場線上研討會將演示 AWS 如何確保大多數 Microsoft 應用程序的定制、高可用性和可擴展性。 我們分享在 AWS 上部署 Active Directory(AD)的最佳做法,以支援 Microsoft 工作負載,如何在AWS上部署 SQL Server 以確保高可用性,以及 AWS 上的客戶使用案例。 立即報名參加這場研討會,了解有關在 AWS 上運行 Microsoft 工作負載的最佳做法和注意事項。
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...Amazon Web Services
In this session, we will provide an overview of Amazon Neptune, AWS’s newest database service. Amazon Neptune is a fast, reliable graph database that makes it easy to build applications over highly connected data. We will then explore how Siemens is building a knowledge using Amazon Neptune.
This session is especially tailored for technology and consulting partners, looking to learn more about big data and analytics on AWS. As individuals and commerce move online, companies have unprecedented access to data to improve customer experience and take advantage of new market opportunities. However, organizations often struggle with turning data into actionable insights to drive their business. Learn how AWS and big data APN partners are helping companies enable a broad range of analytic capabilities, to deliver better business results and better serve their customers. We discuss key big data and analytics use cases, and programs to enable partners to get to market with these solutions.
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfAmazon Web Services
Join AWS in examining governance and compliance designs aimed at helping organizations meet HIPAA and HITRUST standards. Learn how to better validate and document your compliance, expedite access to AWS compliance accelerators, and discover new ways to use AWS native features to monitor and control your accounts. This session is for a technical audience seeking to dive deep into the AWS service offerings, console, and API.
ENT203-Building a Solid Business Case for Cloud Migration.pdfAmazon Web Services
Favorable economics are the starting point for a compelling business case to move to the cloud, but it is only part of the total picture. The cloud can provide benefits in additional areas such as technology optimization, cost of change, and business value. In this session, you will learn a framework and the tools available to create a compelling business case for a large-scale migration to AWS.
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017Amazon Web Services
Amazon.com enables all of its developers to be productive on AWS by operating across tens-of-thousands of team-owned AWS accounts, all while raising the bar on security, visibility and operational control. Amazon has been able to achieve these seemingly conflicting ideals by automating setup and management of these accounts at scale using AWS Management Tools such as CloudFormation, Config, CloudTrail, CloudWatch and EC2 Systems Manager. In this session, discover more about how Amazon.com built ASAP using AWS Management tools, and understand some of the decisions they made as their usage of AWS evolved over time. You will learn about the design, architecture and implementation that Amazon.com went through as part of this effort.
Preparing Your Team for a Cloud Transformation - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- Learn a proven 12 step process to re-skill your technical teams on cloud technologies
- Review how cloud-tiger teams can jump start your cloud adoption
- Gain mechanisms for scaling organizational capacity to operate a cloud-based IT environment
The threat model for IoT devices is very different from the threat model for cloud applications. Customers must understand what these threats are, prioritize them effectively, and navigate the growing ecosystem of partners that give customers tools to build secure IoT solutions. We showcase how to leverage partner solutions to mitigate threats, explain how to avoid common pitfalls, and make it clear that all IoT solutions must incorporate end-to-end security from the start. We begin with the steps to take in the manufacturing process, how to provision and authenticate devices in the field, and we cover solutions that can help customers comply with IT requirements in the maintenance phase of the product lifecycle.
Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...Amazon Web Services
Recommendations are becoming an integral part of how many business serve customers, from targeted shopping on demand video. In this session, you’ll learn the key elements to build a recommendation system using Gluon, the new intuitive, dynamic programming interface for Apache MXNet. You’ll use matrix factorization techniques to build a video on-demand solution using deep learning.
In this webinar, we will show how you can migrate your Microsoft workloads into AWS and what strategies we’ve seen work best to get the fastest successful outcome. We will also cover Auditing, the 6 R’s methodology, tooling, pre-req’s for Microsoft workloads & migration techniques.
Data exfiltration—also called data extrusion, data exportation, or data theft—is the unauthorized transfer of data. It is a very serious challenge to business because attackers go after business critical or highly confidential data. Data exfiltration can be done manually by a person, or automated using scripts. Attack sophistication increases by the day. Signature-based techniques to defend against attacks are limited and cannot protect against zero-day attacks. To counter this, we use machine learning (ML) techniques. ML is effective at solving many problems in computer vision, robotics, etc., and is increasingly used in security. Learn an ML technique called anomaly detection, and other state-of-the-art techniques to identify data exfiltration attempts.
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Amazon Web Services
What do you do when leadership embraces what was called "shadow IT" as the new path forward? How do you onboard new accounts while simultaneously pushing policy to secure all existing accounts? This session walks through Cisco’s journey consolidating over 700 existing accounts in the Cisco organization, while building and applying Cisco’s new cloud policies. Learn valuable tips and hear about mechanisms used to automate the process. Gain insight into how Cisco integrates AWS’s security and monitoring with Cisco’s enterprise tools, Cisco SSO integration and continuous security auditability on Cisco’s AWS account, and Cisco’s CI/CD pipelines with AWS to ensure secure development.
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
Compliance is necessary and a good thing. However, many compliant companies are still getting breached. In this talk, we discuss the importance of using a risk model to figure out the biggest threat to your business and mitigation and monitoring tactics to guard against these high-risk threats. We also dive into a real-world example of achieving Payment Card Industry Data Security Standard (PCI-DSS) compliance in under a year; we share architecture and design patterns; and we discuss what worked and what didn't. Leave this session knowing what the top cloud attack vectors are and how to protect yourself by using AWS services to build a fully automated, highly flexible and secure environment.
This session is part of the re:Invent Developer Community Day, six community-led sessions where AWS enthusiasts share technical insights on trending topics based on first-hand experiences and knowledge shared within local AWS communities.
When migrating lots of applications to the AWS Cloud, it’s important to architect cloud environments that are efficient, secure, and compliant. Landing zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. In this session, we will review the benefits and best practices for developing landing zones as well as how to incorporate them into your migration process.
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
When you use the cloud to enable speed and agility, how do you know if you did it right? We are on a mission to help builders follow industry best practices within security guide rails by creating the largest compliance-as-code repo, available to all. Compliance-as-code is the idea to translate those best practices, guide rails, policies, or standards into codified unit testing. Apply this to your AWS environment to provide insights on what can/must be improved. Learn why compliance-as-code matters to gain speed (by getting developers, architects, and security pros on the same page), how it is currently used (demo), and how to start to use it or be part of building it.
Whether you’re just getting started with AI or you’re a deep learning expert, this session will provide a meaningful overview of how to get started with Artificial Intelligence on the AWS Cloud. In particular, we will explore AWS cloud-native machine learning and deep learning technologies that address a range of different use cases and needs. These include AWS Lex, which provides natural language understanding (NLU) and automatic speech recognition (ASR); Amazon Rekognition, which provides visual search and image recognition capabilities; Amazon Polly for text-to-speech (TTS) capabilities; and Amazon Machine Learning tools. The session will also cover the AWS Deep Learning AMI, which lets you run deep learning in the cloud at any scale. You can use launch instances of the AMI, pre-installed with open source deep learning engines (Apache MXNet, TensorFlow, Caffe, Theano, Torch and Keras), to run sophisticated AI models, experiment with new algorithms, and learn new deep learning skills and techniques; all backed by auto-scaling clusters of GPU-based instances.
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesAmazon Web Services
Healthcare and life sciences companies often have to adhere to specific regulatory requirements, such as GxP or HIPAA. The ability to treat your application environment as code on AWS lets you iterate faster while adhering to the appropriate regulatory frameworks. In this session, we discuss how DevOps principles can help you achieve your compliance requirements by validating your infrastructure in the same way that you do software. In particular, we discuss common compliance principles, demonstrate how to translate from policies to technical controls, and highlight how our partners are building for GxP and HIPAA.
越來越多的企業正在使用 Amazon Web Services 的靈活、可擴展和安全的基礎架構來運行他們的 Microsoft Windows 工作負載。 這場線上研討會將演示 AWS 如何確保大多數 Microsoft 應用程序的定制、高可用性和可擴展性。 我們分享在 AWS 上部署 Active Directory(AD)的最佳做法,以支援 Microsoft 工作負載,如何在AWS上部署 SQL Server 以確保高可用性,以及 AWS 上的客戶使用案例。 立即報名參加這場研討會,了解有關在 AWS 上運行 Microsoft 工作負載的最佳做法和注意事項。
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...Amazon Web Services
In this session, we will provide an overview of Amazon Neptune, AWS’s newest database service. Amazon Neptune is a fast, reliable graph database that makes it easy to build applications over highly connected data. We will then explore how Siemens is building a knowledge using Amazon Neptune.
This session is especially tailored for technology and consulting partners, looking to learn more about big data and analytics on AWS. As individuals and commerce move online, companies have unprecedented access to data to improve customer experience and take advantage of new market opportunities. However, organizations often struggle with turning data into actionable insights to drive their business. Learn how AWS and big data APN partners are helping companies enable a broad range of analytic capabilities, to deliver better business results and better serve their customers. We discuss key big data and analytics use cases, and programs to enable partners to get to market with these solutions.
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfAmazon Web Services
Join AWS in examining governance and compliance designs aimed at helping organizations meet HIPAA and HITRUST standards. Learn how to better validate and document your compliance, expedite access to AWS compliance accelerators, and discover new ways to use AWS native features to monitor and control your accounts. This session is for a technical audience seeking to dive deep into the AWS service offerings, console, and API.
ENT203-Building a Solid Business Case for Cloud Migration.pdfAmazon Web Services
Favorable economics are the starting point for a compelling business case to move to the cloud, but it is only part of the total picture. The cloud can provide benefits in additional areas such as technology optimization, cost of change, and business value. In this session, you will learn a framework and the tools available to create a compelling business case for a large-scale migration to AWS.
How Amazon.com Uses AWS Management Tools - DEV340 - re:Invent 2017Amazon Web Services
Amazon.com enables all of its developers to be productive on AWS by operating across tens-of-thousands of team-owned AWS accounts, all while raising the bar on security, visibility and operational control. Amazon has been able to achieve these seemingly conflicting ideals by automating setup and management of these accounts at scale using AWS Management Tools such as CloudFormation, Config, CloudTrail, CloudWatch and EC2 Systems Manager. In this session, discover more about how Amazon.com built ASAP using AWS Management tools, and understand some of the decisions they made as their usage of AWS evolved over time. You will learn about the design, architecture and implementation that Amazon.com went through as part of this effort.
Preparing Your Team for a Cloud Transformation - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- Learn a proven 12 step process to re-skill your technical teams on cloud technologies
- Review how cloud-tiger teams can jump start your cloud adoption
- Gain mechanisms for scaling organizational capacity to operate a cloud-based IT environment
The threat model for IoT devices is very different from the threat model for cloud applications. Customers must understand what these threats are, prioritize them effectively, and navigate the growing ecosystem of partners that give customers tools to build secure IoT solutions. We showcase how to leverage partner solutions to mitigate threats, explain how to avoid common pitfalls, and make it clear that all IoT solutions must incorporate end-to-end security from the start. We begin with the steps to take in the manufacturing process, how to provision and authenticate devices in the field, and we cover solutions that can help customers comply with IT requirements in the maintenance phase of the product lifecycle.
Building Content Recommendation Systems Using Apache MXNet and Gluon - MCL402...Amazon Web Services
Recommendations are becoming an integral part of how many business serve customers, from targeted shopping on demand video. In this session, you’ll learn the key elements to build a recommendation system using Gluon, the new intuitive, dynamic programming interface for Apache MXNet. You’ll use matrix factorization techniques to build a video on-demand solution using deep learning.
In this webinar, we will show how you can migrate your Microsoft workloads into AWS and what strategies we’ve seen work best to get the fastest successful outcome. We will also cover Auditing, the 6 R’s methodology, tooling, pre-req’s for Microsoft workloads & migration techniques.
Data exfiltration—also called data extrusion, data exportation, or data theft—is the unauthorized transfer of data. It is a very serious challenge to business because attackers go after business critical or highly confidential data. Data exfiltration can be done manually by a person, or automated using scripts. Attack sophistication increases by the day. Signature-based techniques to defend against attacks are limited and cannot protect against zero-day attacks. To counter this, we use machine learning (ML) techniques. ML is effective at solving many problems in computer vision, robotics, etc., and is increasingly used in security. Learn an ML technique called anomaly detection, and other state-of-the-art techniques to identify data exfiltration attempts.
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Amazon Web Services
What do you do when leadership embraces what was called "shadow IT" as the new path forward? How do you onboard new accounts while simultaneously pushing policy to secure all existing accounts? This session walks through Cisco’s journey consolidating over 700 existing accounts in the Cisco organization, while building and applying Cisco’s new cloud policies. Learn valuable tips and hear about mechanisms used to automate the process. Gain insight into how Cisco integrates AWS’s security and monitoring with Cisco’s enterprise tools, Cisco SSO integration and continuous security auditability on Cisco’s AWS account, and Cisco’s CI/CD pipelines with AWS to ensure secure development.
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
Compliance is necessary and a good thing. However, many compliant companies are still getting breached. In this talk, we discuss the importance of using a risk model to figure out the biggest threat to your business and mitigation and monitoring tactics to guard against these high-risk threats. We also dive into a real-world example of achieving Payment Card Industry Data Security Standard (PCI-DSS) compliance in under a year; we share architecture and design patterns; and we discuss what worked and what didn't. Leave this session knowing what the top cloud attack vectors are and how to protect yourself by using AWS services to build a fully automated, highly flexible and secure environment.
This session is part of the re:Invent Developer Community Day, six community-led sessions where AWS enthusiasts share technical insights on trending topics based on first-hand experiences and knowledge shared within local AWS communities.
When migrating lots of applications to the AWS Cloud, it’s important to architect cloud environments that are efficient, secure, and compliant. Landing zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. In this session, we will review the benefits and best practices for developing landing zones as well as how to incorporate them into your migration process.
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
When you use the cloud to enable speed and agility, how do you know if you did it right? We are on a mission to help builders follow industry best practices within security guide rails by creating the largest compliance-as-code repo, available to all. Compliance-as-code is the idea to translate those best practices, guide rails, policies, or standards into codified unit testing. Apply this to your AWS environment to provide insights on what can/must be improved. Learn why compliance-as-code matters to gain speed (by getting developers, architects, and security pros on the same page), how it is currently used (demo), and how to start to use it or be part of building it.
Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017Amazon Web Services
In cloud migrations, the cloud's elastic nature is often touted as a critical capability in delivering on key business initiatives. However, you must account for it in your security and compliance plans or face some real challenges. Always counting on a virtual host to be running, for example, causes issues when that host is rebooted or retired. Managing security and compliance in the cloud is continuous, requiring forethought and automation. Learn how a leading, next generation managed cloud provider uses automation and cloud expertise to manage security and compliance at scale in an ever-changing environment. Through code examples and live demos, we show tools and automation to provide continuous compliance of your cloud infrastructure.
Session sponsored by 2nd Watch
Financial Services Firms are moving enterprise workloads to AWS to drive agility and innovation. Being regulated entities, firms need to ensure they have necessary controls in place to attain compliance with the industry regulations.
Find out how Cowen, a leader in diversified financial services, achieved a solution with CTP and AWS. With CTP’s Continuous Compliance for AWS managed service, Cowen has the confidence to move their workloads to AWS and can continuously monitor their applications in AWS against PCI and NIST compliance frameworks
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...Amazon Web Services
Hess Corporation is a leading global independent energy company engaged in exploration for and production of crude oil and natural gas. Early in Hess's journey to the cloud, they operated the AWS platform in a manner similar to how they operated their on-premises data centers, creating a number of challenges. In this session, Hess Corporation discusses how they worked to further optimize their use of the AWS Cloud following their data center migration. They also cover technical strategies implemented to improve security, governance, and financial reporting and examine changes to their corporate culture that encourage innovation while improving cost controls.
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- Learn how to reduce time to resolution for errors and performance bottlenecks from days/hours to minutes
- Learn how to detect latency distribution and pinpoint issues to specific service(s)
- Learn how to quantify customer impact
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...Amazon Web Services
Many enterprises that follow regulated, process-driven workflows would like to take advantage of the innate features and benefits of AWS to become more agile, achieve operational excellence, and accelerate time-to-market while leveraging a DevOps culture and development methodology. But building a mature DevOps capability doesn’t happen overnight. Creating and implementing testing, compliance, and security automation frameworks requires time and organizational and process changes. Financial institutions are addressing this challenge by using AWS Service Catalog to help bridge the gap between traditional operations and true DevOps.
AWS reInvent 2017 recap - Optimizing Costs as You Scale on AWSAmazon Web Services
The cloud offers a first-in-a-career-opportunity to constantly optimize your costs as you grow and stay on the bleeding edge of innovation. By developing a cost-conscious culture and assigning the responsibility for efficiency to the appropriate business owners, you can deliver innovation efficiently and cost effectively. This session will review a wide range of cost planning, monitoring, and optimization strategies featuring real-world experience from AWS customers.
DevOps, CI/CD, cost management, and security on AWSTom Laszewski
DevOps pipelines – how does one think about choosing between some legacy tools (such as Terraform versus CloudFormation. Build Pipeline, Code Pipeline versus Jenkins etc. ) versus going all in the AWS stack , what are companies doing, best practices.
Cost management – strategies , role intermediaries such as Cloudreach can play in rolling our efficient cost strategies
Security - industry specific capabilities, shared responsibility model a good framework , depending on the industry you need more sometimes in terms of access to AWS resources
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we discuss considerations, limitations, and security patterns when building out a multi-account strategy. We explore topics such as identity federation, cross-account roles, consolidated logging, and account governance. Thomson Reuters shared their journey and their approach to a multi-account strategy. At the end of the session, we present an enterprise-ready, multi-account architecture that you can start leveraging today.
We encourage you attend the full multi-account track:
SID331: Architecting Security and Governance Across a Multi-Account Strategy (Session)
SID335: Implementing Security and Governance Across a Multi-Account Strategy (Chalk Talk)
ENT324: Automating and Auditing Cloud Governance and Compliance in Multi-Account Environments (Session)
SID311: Designing Security and Governance Across a Multi-Account Strategy (Workshop)
SID308: Multi-Account Strategies (Chalk Talk)"
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
by Michael Wasielewski, CISSP, CCSP, AWS
The Security Perspective of the AWS Cloud Adoption Framework (CAF) provides a framework for maturation via a structured program that incorporates best practices and processes to define, build, and optimize how you operate security controls in the AWS platform. The Security perspective of the CAF provides a set of 5 core foundational theme designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection, and Incident response. During this session, we address how to put the Security Perspective of the CAF into practice.
Here are the seven best practices for getting started on AWS. Learn more about the key aspects you should focus on when getting started with the AWS Cloud.
In this session, we will review Amazon Macie, a new visibility security service that helps classify and secure your sensitive and business-critical content.
From July 2015 until January 2017 I represented the DevOps service space at AWS. I traveled the world and spoke about DevOps culture, practices and tools to companies small and large. Then I left for AWS Lambda team and now travel the world helping developers understand this new application paradigm that is serverless. People often ask me, what does serverless mean for DevOps? What does DevOps mean for serverless? In this talk I’ll give the AWS perspective and help clear up the future of both, talk about the culture, practice, and tools of serverless application development and explain what you should do if DevOps is in your title.
Leveraging a Cloud Policy Framework - From Zero to Well Governed - ENT318 - r...Amazon Web Services
Governing cloud infrastructure at scale requires software that enables you to capture and drive management from internal policies, best practices, and reference architectures. A policy-driven management and governance strategy is critical to successfully operate in cloud and hybrid environments. As infrastructure grows, you might leverage knowledge that extends beyond the organization. An open-source “cloud policy framework” enables users to leverage a community that can help define and tune best practice policies, and help SaaS vendors and ISVs capture the best way to manage an application and share it with customers. A well-defined management and governance strategy enables you to put automation in place that keeps your cloud running securely and efficiently without having to take it on as a full-time job. This session discusses the development of a “cloud policy framework” that enables users to leverage open source rule definition organizations can use to govern their cloud. Learn best practice policies for managing all aspects of services, applications, and infrastructure across cost, availability, performance, security and usage.
Session sponsored by CloudHealth Technologies
From Monolithic to Modern Apps: Best PracticesTom Laszewski
We are a lean team consisting of developers, lead architects, business analysts, and a project manager. To scale our applications and optimize costs, we need to reduce the amount of undifferentiated heavy lifting (e.g., patching, server management) from our projects. We have identified AWS serverless services that we will use. However, we need approval from a security and cost perspective. We need to build a business case to justify this paradigm shift for our entire technology organization. In this session, we learn to migrate existing applications and build a strategy and financial model to lay the foundation to build everything in a truly serverless way on AWS.
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityAmazon Web Services
How do you get your security and compliance team to embrace the cloud? "Getting to Yes" with Vanguard’s Security, Legal, and Compliance Teams was a key factor to the organization’s journey to the cloud. Maintaining a high level of assurance is solvable when using an iterative, agile approach. Vanguard is taking existing on-premises controls, plus cloud frameworks such as NIST, CSA, etc., to develop the right set of cloud controls that provide maximum security without sacrificing business agility. In this session, we cover: Vanguard’s approach to developing appropriate controls for its cloud deployments; key considerations and best practices when implementing controls; leveraging the AWS Cloud Adoption Framework and the four security perspectives to map controls appropriately; and the various AWS services (IAM, Amazon VPC, AWS KMS, and AWS CloudTrail) that we leveraged. We also cover the iterative and agile approach we are taking by embracing DevSecOps principles.
More and more enterprise companies are migrating to the AWS Cloud and there are a number of reasons why. While every organization is going to have their own unique motivations, common drivers include exiting data centers, increasing business agility, improving workforce productivity, gaining transparency in operational costs and reducing risk.
The AWS Migration Acceleration Program (MAP) is designed to help enterprises that are committed to a migration journey achieve a range of these business benefits by migrating existing workloads to Amazon Web Services. In this session, you will learn about proven migration patterns, methods and tools that AWS has delivered successfully to hundreds of enterprise customers globally that will help you accelerate migrations, reduce risk and quickly realize value.
Similar to Using AWS to Achieve Both Autonomy and Governance at 3M (20)
AWS Summit DC 2021: Improve the developer experience with AWS CDKCasey Lee
In this session, you will learn how to allow developers to rapidly deploy and iterate on their apps in AWS, using AWS CDK. You will also discover AWS CDK best practices related to security and cost optimization. You will hear from Gaggle about how they used these practices to allow their developers to focus on building, testing, and deploying applications rapidly, without focusing on undifferentiated heavy lifting.
https://www.youtube.com/watch?v=pJX1hvTRUYE
The Last Bottleneck of Continuous DeliveryCasey Lee
Raise your hand if you enjoy working with the CAB (Change Advisory Board) to get your app deployed to production; 臘♀️didn’t think so. Now raise your hand if you’d like a “Get out of CAB free card”; ♀️ hands go up across the room!
We’ve mastered the automation of building, testing and deploying software but one bottleneck still remains in continuous delivery, the CAB (Change Advisory Board). In this talk we will explore the use of tools such as Grafeas and OPA to automate the enforcement of the CAB’s policies to give teams a fast pass to production!
AWS offers all the resources needed to run your application workloads at any scale. The challenge becomes how best to leverage those resources in a reliable and secure manner while maintaining cost efficiency. We will cover the DOs and DON’Ts you need to consider on your journey to the cloud including account configuration, networking, security, and automation.
Continuous Delivery on AWS with Zero DowntimeCasey Lee
Learn how to leverage AWS CodePipeline, AWS CodeBuild, and AWS CodeDeploy to build continuous delivery pipelines for your containerized applications. In this talk, learn how these services work together, not only to automate the deployment of your application but to do so without downtime, by leveraging blue/green traffic shifting and automated rollbacks.
In this talk we will learn how to use GitHub Actions to define the steps of your CI/CD process as containers. Additionally, we will use a tool called "act" to validate the CI/CD workflow by running the containers locally for fast feedback.
Microservices as Containers on AWS . . . for Fun and ProfitCasey Lee
The architectural pattern of decomposing an application into microservices has proven extremely effective at delivering software faster. However, this type of an architecture comes with its fair share of challenges.
Fortunately, Amazon Web Services (AWS) offers many services that can be leveraged to overcome these challenges and adopt microservice best practices. If you are just starting to consider using AWS for running your microservices or if you have already started on the journey and looking for opportunities to improve, then this presentation will be beneficial for you.
Access the accompanying webinar at the following: http://www.hosting.com/resources/webinars/?commid=258551
In this talk, you will hear the best practices from analysts at Gartner, engineers at Heroku, and experiences at VSP distilled down into a top ten list of characteristics that applications ought to have to achieve high availability, scalability and flexibility. Target audience includes developers of APIs and web-based applications, the analysts and architects that design them and the infrastructure teams that support them.
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Looking for a reliable mobile app development company in Noida? Look no further than Drona Infotech. We specialize in creating customized apps for your business needs.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
5. 5
Historical business
Our legacy 1983–2011
Helping healthcare organizations
get complete and accurate
reimbursement and mitigate
compliance risks
Streamlining and simplifying the
process of documenting the
patient’s encounter
in a hospital
Working with hospitals
to efficiently access, compile,
code, classify, report, store,
and exchange health information
6. 6
Leading in a changing landscape
Our present course and future
Analyzing the cost, quality, and
outcomes data of both
patients and populations
over time and across the
healthcare continuum
Ensuring providers capture the
full burden of illness of their
patients to deliver effective
care management and receive
accurate and complete
payment
Measuring performance and
effectiveness among payer and
provider networks to deliver
higher quality outcomes at
lower total costs
7. 73M Confidential.
3M HIS grouper applications
22 states (27 grouper adoptions) through 1983–2006
11 additional states (37 grouper adoptions) 2007–2010
6 additional states (33 grouper adoptions) 2011–Q3 2012
• Industry-recognized expertise
in payment methodologies and
patient classification
• 24 states have adopted APR
DRGs for payment, including
the eight largest Medicaid
programs in the country
• The APR DRG adoption by
payers typically yields over
75% downstream penetration
with providers
• Lays a foundation for further
payment products
87%
of the US
population is
covered by 3M
patient
classification
systems
8. 8
Not moving fast enough
Lift and shift got us out of the traditional data center, but…
Lots of software is getting built with nowhere to go, so it’s time to evolve
again.
11. Deployment pipeline
Feedback loop
plan monitor
build test release
Developers Customers
Based on slideshare.net/AmazonWebServices/dvo202-devops-at-amazon-a-look-at-our-tools-processes
Continuous delivery
13. 13
Building the automation team
Automation engineering team
• Deep knowledge of AWS services
• Comfortable talking to other development
teams
• Understands the complete development
lifecycle—from commit to deploy
14. 14
Choosing the right technology
• Focus on the problem at hand
• Don’t try to predict the future
• Use native AWS services/AWS
Lambda/software as a service
(Saas) services
15. 15
Working with security
• Gain buy-in early
• Security from the start
• Security as consumers
• Freedom (with guard rails)
• Sensitive data
16. 16
• Find a simple application
• Just enough to prove your pipeline
• Rinse, repeat
The right services and teams
17. 17
The right services and teams
Find the hungry team that
• Wants the power
• Is willing to do the work
• Has a champion
• Has the business need
18. 18
Embed with the AppDev team
• Establish success criteria
• Works closely with application team
• Participates in the team’s sprint cycle
• Helps AppDev team consume the pipeline process and tools
AppDev
team
Automation
engineering
19. 19
Establishing a CI/CD process at scale
Problems
• Complex components
• Special snowflakes
• Limited governance
Been in business for 30+ years
Develop products and services that help our customers produce accurate documentation and medical coding to improve quality of care and reduce cost.
The US is moving from a fee-for-service based medical care to big data driven population health
Measuring performance and effectiveness of care
Determining actions to take on that performance for improvement
24 states have our adopted our systems
87 % of the population is covered by our systems
1% of the Gross Domestic Product is being risk adjusted with 3M HIS methodologies (products and services)
Lots of records
Lots of dollars
Bottleneck=The amount of time it takes to do the action and waiting on the availability of the team.
How long it took to get to production on some of our deployments
Get software into the hands of customers as fast as possible.
Rob Brigham
Building the CI/CD platform team
Choosing the right technology
Security
Find the right service
Find a hungry team
Embed with the team
Establishing a Feedback loop
Needed a balance of engineer types and consulting engineer types
If you don’t have it in house, bring in consultants and rotate FTEs into the team
Don't try to over engineer to solve all types of delivery
Don’t try to figure out what you are going to need, figure out what you do need
Know that your CI/CD platform is iterative, like any product it will get better over time
Use native AWS services/Lambda/SaaS over instance-based infrastructure when possible
Security involved in the cu
CI/CD needs to have security baked into the process
Start building the platform with the Security team to gain buy-in early
Help the security team become consumers of the platform so they can be champions
Regulated Data
Development with Guardrails
Sensitive Data requires unique control frameworks that must be implemented.
Find an easy to deploy service
Small, stateless, a web app?
Get that thing to production don’t worry about containers, microservices, just yet.
Keep trying new services, wait for patterns to develop, iterate
Find an easy to deploy service
Find a team that is eager
Some teams want in just because it’s the hot new thing
http://lghttp.32478.nexcesscdn.net/80E972/organiclifestylemagazine/wp-content/uploads/2015/02/Hungry.jpg
Explain the teams on the graphs
Explain the bullet points
Onboarding team works closely with the Automation Engineering Team
Communicates App Team challenges to Automation Engineering Team
Acts as champion for App Team issues to make sure they are captured for future Teams and Pipeline Factory enhancements
Hands the steering wheel when app team is ready
Consistent CICD Pipelines and process at scale
James covered challenges and the approach to addressing
3 parts to solution
Pipelines – every commit can make its way to production with minimal human intervention (SPEED/AGILITY)
Self service – teams can create and manage their own pipelines (AUTONOMY)
Monitor – guardrails to keep people from hurting themselves (REPUTATION & COMPLIANCE)
Restate problem – manual handoff
Some automation, but still requires support from a centralized team
Use CodePipeline for automating deployment workflow
### All deployments must be done via pipeline
### Triggered by commit
Single pipeline per deployable application/service
### Only yes/no input
All infrastructure defined as CFN by developer
### Everything in code
2 repos – one for app, one for IaC…allows separate of roles inside a team
Pipeline is trigged when either one changes
### Define all Jenkins jobs as JobDSL in the IaC repository
Every pipeline execution runs the DSL
Source is built, unit tested and packaged
We’ll come back to CfnNag later….
3 stages…one per environment (automated testing, manual testing, production)
### Only manual step is between each env...approve/reject
Launch infrastructure via CloudFormation templates defined in the IaC repo
ASGs, ELBs, DBs
Deploy app that was built previously to new infrastructure
* Run end to end tests…selenium, resteasy, postman/newman
Blue green switch at the ELB to the new ASG
!!!UPDATE – blue/green
New problem…how to allow self-service to provision pipelines?
Don’t want to allow folks to create manually
Needed a pipeline factory!
Least privilege - Control who can create pipelines via IAM.
Govern – Pipeline is creating exactly as intended as users can only create whats in the approved template.
Versioned - Changes can be versioned allowing users to consume changes to pipelines at their own pace
Declarative > Imperative - Easier to manage as CloudFormation does a great job of converging incremental changes. Simply declare the desired state of your resources and CFN will make it happen…rather than you having to write the code to do that hard stuff
### CloudFormation is king – easier to version and apply incremental changes
### CloudFormation service role – a role that only is used by service catalog/cloudformation that has all the access…can’t be assumed by users
### ServiceCatalog to provide self service with governance
Demo script…(to be recorded)
Create team via SC
Login to Jenkins
View list of created stacks (cross account)
Create pipeline via SC
View CodePipeline
View Jenkins
View CodeCommit
Watch pipeline succeed
Service Catalog creates top level stack
Custom resource backed by lambda function, creates nested stacks in other accounts using IAM role
Can reattach to existing stack, useful for KMS keys and S3 buckets
### Retain important resources – buckets, keys, databases
Custom resource
One per account, uses AssumeRole to jump accounts
Shared template for all accounts, versioned
DeletionPolicy…retained and reattached
Self service documentation
How to get started
How to solve common problems
Changelog and migration documentation
Teams create the CFN for their ELBs, ASGs, Route53, RDS
The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure.
ELBs that are open to outside
Security group rules that are too permissive (wildcards)
Access logs that aren't enabled
Encryption that isn't enabled
### static analysis before deployment
Rules defined via custodian DSL
Deployed as lambda functions
Perform notification and remediation
Look for public buckets
Automatically remove grants and website hosting
Notify the resource owner
### setup processes to assess and enforce policy compliance
!!! Mode/type
Look for instance missing ”Cost Center” or “Team” tags
Stop the instance
Notify resource owner
Teams can define their own tests (functional or non-functional) as lambda functions
Modify S3 bucket ACL -> failed build
IAM role trust policy with non-HIS account -> failed build
Permissive security groups
!!! UPDATE - icon
Dynamic testing framework for infrastructure and application level functional and non functional tests
Verify Infrastructure aligns with AWS Best Practices (AWS Security Epics) and your own organizational governance
Application Level Functional Tests (Call my endpoints and assert the response)
Non-Functional Tests (Terminate instances in auto-scaling group, verify resiliency )
Framework allows for dynamically testing AWS best practices like (AWS Security Epics)
Framework capable of running cross account tests, in multiple accounts
Security Tests (Organizational / BU Level) are run in SecOps, but test infra in other accounts
Application Tests (Product Level) Created by the app team are executed in the deployment account(s)
Framework that can be directly integrated with the pipeline or used independently with minor changes
Embraces DevSecOps allowing the security team and the application teams to build security into the development process
Organization Level Test – Test define to verify enterprise or business unit requirements Product Level Test – Test written by the product team to verify security, functional, and non-functional requirements
Single CW dashboard showing metrics for each pipeline
SuccessCount
FailureCount
CycleTime
RedTime
GreenTime
### monitor health of pipelines
!!!UPDATE – new picture
Triggered by each CW event
Recorded as CW metric, pipeline/stage/action as dimensions
Dashboard, built nightly via lambda that queries CW metrics
!!!UPDATE - typo
SAM
Defines both the function and the event rule
SAM
Runs nightly
!!!UPDATE - cron schedule
Continuous Delivery
### Everything in code
### Deployed via pipeline
### Triggered by commit
### Only manual step is between each env...approve/reject
Self Service
### ServiceCatalog to provide self service with governance
!!! UPDATE – add bullet point
Self Service
### CloudFormation is king – easier to version and apply incremental changes
### CloudFormation service role – a role that only is used by service catalog/cloudformation that has all the access…can’t be assumed by users
### ServiceCatalog to provide self service with governance
### Retain important resources – buckets, keys, databases
Monitor
### static analysis before deployment
### setup process as guardrails that assess and enforce policy compliance
### monitor pipeline health
!!! UPDATE – add bullet point