-Learn how to use AWS services to protect highly classified information
-Learn about compliance and governance with AWS -Learn how to use AWS CloudTrail to gain visibility into your AWS account activity
Containers Managing Secrets for Containers with Amazon ECS - AWS Online Tech ...Amazon Web Services
- Common methods and risks of injecting and sharing secrets for containerized applications
- Learn how to manage and insert secrets for containers using IAM roles and Amazon S3
- Learn how to configure container networking for security
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Amazon Web Services
This document discusses how AWS Config and CloudTrail can be used to automate governance and compliance. It provides an overview of both services and how they can be used together. Specifically, it demonstrates how CloudTrail provides visibility into API activity and configuration changes through AWS Config. It also shows how Config can be used to continuously monitor resources and define compliance rules. Lastly, it provides an example of how Config and Lambda can be used to automatically remediate issues, such as restricting insecure security group rules.
Join the “AWS Services Overview” webinar to take a fast-paced 45-minute tour through our broad range of new and existing services. During the webinar, you will have the opportunity to propose questions for the live Q&A session following the presentation.
Learning Objectives:
• Overview of AWS New & Existing Services
• Advice for Getting Started
Who Should Attend:
• IT Administrators, IT Directors, IT Architects, and Technology or Business Decision Makers
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud trail key concepts, workflow and event history
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:In...Amazon Web Services
Sivakanth Mundru presented on Amazon Web Services CloudTrail. CloudTrail continuously records API calls made on AWS services and delivers log files to customers. The number of supported services has grown from 7 to over 30. CloudTrail logs can be used to determine who made a call, when, what action was performed, which resources were involved, and from/to where. It also records client errors, server errors, and authorization failures. Customers can aggregate logs across regions and accounts.
Deep Dive on S3 Storage Management Covering New Feature Announcements - Decem...Amazon Web Services
Customers using Amazon S3 at large scale benefit greatly from storage management features. Storage lifecycle policies help them reduce storage costs. Cross-region replication makes it easier to copy data between AWS regions for compliance or disaster recovery. Event notifications allow automatic initiation of processes on objects as they arrive, or capture information about objects and log it for security purposes. In this session, you'll learn about these features, and we'll also introduce several new storage management features like S3 Object Tagging, S3 Analytics Storage Class Analysis, S3 Inventory, S3 CloudWatch Metrics, and S3 CloudTrail integration that give users unmatched visibility into what data they are storing and how that data is being used. These new features make it simpler to analyze usage by users, apps, or organizations, to highlight anomalies, and to optimize business process workflows. They also help identify opportunities to reduce costs, improve performance, and archive infrequently used data. In addition, they can provide insight into who is accessing data stored in S3.
Learning Objectives:
• Understand the portfolio of storage management features available in S3
• Learn to manage cloud storage based upon what the data is (instead of where it's stored) using S3 Object Tagging
• Understand the benefits of using S3 Inventory over the LIST API
• Examine how S3 Analytics Storage Class Analysis helps to build lifecycle policies to optimize storage consumption
• Learn about how new S3 integration with AWS CloudWatch and AWS CloudTrail help enhance performance and security
AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. As an IoT developer, you will need to interact with AWS services like Amazon Kinesis, AWS Lambda, and Amazon Machine Learning to get the most from your IoT application. In this session, we will do a deep dive on how to define rules in the Rules Engine, or retrieve the last known and desired state of device using Device Shadows, routing data from devices to AWS services to leverage the entire cloud for your Internet of Things application.
This document provides an overview of AWS Identity and Access Management (IAM) access control policies, including:
- The goals of understanding the IAM policy language, common tasks, and doing a lab demonstration.
- An explanation of the basic components of a IAM policy including statements, actions, resources, principals, and conditions.
- Examples of specifying principals, actions, resources, and conditions in policy statements.
- Details on policy variables and resource-based policies attached directly to AWS services like S3 buckets.
- An invitation to ask questions and move to the lab portion of the demonstration.
Containers Managing Secrets for Containers with Amazon ECS - AWS Online Tech ...Amazon Web Services
- Common methods and risks of injecting and sharing secrets for containerized applications
- Learn how to manage and insert secrets for containers using IAM roles and Amazon S3
- Learn how to configure container networking for security
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Amazon Web Services
This document discusses how AWS Config and CloudTrail can be used to automate governance and compliance. It provides an overview of both services and how they can be used together. Specifically, it demonstrates how CloudTrail provides visibility into API activity and configuration changes through AWS Config. It also shows how Config can be used to continuously monitor resources and define compliance rules. Lastly, it provides an example of how Config and Lambda can be used to automatically remediate issues, such as restricting insecure security group rules.
Join the “AWS Services Overview” webinar to take a fast-paced 45-minute tour through our broad range of new and existing services. During the webinar, you will have the opportunity to propose questions for the live Q&A session following the presentation.
Learning Objectives:
• Overview of AWS New & Existing Services
• Advice for Getting Started
Who Should Attend:
• IT Administrators, IT Directors, IT Architects, and Technology or Business Decision Makers
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud trail key concepts, workflow and event history
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:In...Amazon Web Services
Sivakanth Mundru presented on Amazon Web Services CloudTrail. CloudTrail continuously records API calls made on AWS services and delivers log files to customers. The number of supported services has grown from 7 to over 30. CloudTrail logs can be used to determine who made a call, when, what action was performed, which resources were involved, and from/to where. It also records client errors, server errors, and authorization failures. Customers can aggregate logs across regions and accounts.
Deep Dive on S3 Storage Management Covering New Feature Announcements - Decem...Amazon Web Services
Customers using Amazon S3 at large scale benefit greatly from storage management features. Storage lifecycle policies help them reduce storage costs. Cross-region replication makes it easier to copy data between AWS regions for compliance or disaster recovery. Event notifications allow automatic initiation of processes on objects as they arrive, or capture information about objects and log it for security purposes. In this session, you'll learn about these features, and we'll also introduce several new storage management features like S3 Object Tagging, S3 Analytics Storage Class Analysis, S3 Inventory, S3 CloudWatch Metrics, and S3 CloudTrail integration that give users unmatched visibility into what data they are storing and how that data is being used. These new features make it simpler to analyze usage by users, apps, or organizations, to highlight anomalies, and to optimize business process workflows. They also help identify opportunities to reduce costs, improve performance, and archive infrequently used data. In addition, they can provide insight into who is accessing data stored in S3.
Learning Objectives:
• Understand the portfolio of storage management features available in S3
• Learn to manage cloud storage based upon what the data is (instead of where it's stored) using S3 Object Tagging
• Understand the benefits of using S3 Inventory over the LIST API
• Examine how S3 Analytics Storage Class Analysis helps to build lifecycle policies to optimize storage consumption
• Learn about how new S3 integration with AWS CloudWatch and AWS CloudTrail help enhance performance and security
AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. As an IoT developer, you will need to interact with AWS services like Amazon Kinesis, AWS Lambda, and Amazon Machine Learning to get the most from your IoT application. In this session, we will do a deep dive on how to define rules in the Rules Engine, or retrieve the last known and desired state of device using Device Shadows, routing data from devices to AWS services to leverage the entire cloud for your Internet of Things application.
This document provides an overview of AWS Identity and Access Management (IAM) access control policies, including:
- The goals of understanding the IAM policy language, common tasks, and doing a lab demonstration.
- An explanation of the basic components of a IAM policy including statements, actions, resources, principals, and conditions.
- Examples of specifying principals, actions, resources, and conditions in policy statements.
- Details on policy variables and resource-based policies attached directly to AWS services like S3 buckets.
- An invitation to ask questions and move to the lab portion of the demonstration.
For more training on AWS, visit: https://www.qa.com/amazon
AWS Loft | London - Amazon S3: Masterclass by Ian Massingham, Chief Evangelist EMEA
April 18, 2016
This document discusses monitoring AWS resources and activity for billing, changes, and application usage. It provides examples of detailed billing records and recommends using AWS services like CloudTrail to log API activity, CloudWatch to monitor logs and metrics, VPC flow logs to monitor network traffic, and Config to inventory and track resource configurations over time. These services together provide visibility into usage and changes for security, compliance, and troubleshooting.
Manage Security & Compliance of Your AWS Account using CloudTrailCloudlytics
CloudTrail is an AWS service that records API calls made in an AWS account and delivers log files to enable security monitoring and compliance. It provides visibility into who accessed AWS resources, when they accessed them, and from where. Cloudlytics is a service that allows users to analyze CloudTrail logs to generate security and compliance reports. The document discusses enabling CloudTrail, configuring Cloudlytics to access CloudTrail logs, and using Cloudlytics to analyze the logs and generate various audit reports.
This document discusses security best practices for connecting IoT devices to AWS IoT. It recommends using TLS mutual authentication with X.509 certificates to securely connect devices. AWS IoT supports MQTT and HTTP protocols. Strong identity is ensured by generating unique certificates per device. Fine-grained access control is provided by attaching authorization policies to certificates. Mobile applications can also securely access devices via AWS Cognito identity pools.
I. AWS IAM provides identity and access management for AWS services and resources. It allows customization of access controls through policies and provides features like MFA and identity federation. IAM roles are preferable to users where possible for additional security.
II. EC2 allows launching virtual computing instances in AWS. AMIs contain templates for instances including the OS. Instance types determine hardware configurations. Security groups act as virtual firewalls controlling traffic to instances. EBS provides persistent storage volumes for instances.
III. Core AWS services discussed include IAM, EC2, S3, RDS, CloudWatch which provide fundamental cloud capabilities for security, computing, storage, databases and monitoring.
Amazon S3 hosts trillions of objects and is used for storing a wide range of data, from system backups to digital media. This presentation from the Amazon S3 Masterclass webinar we explain the features of Amazon S3 from static website hosting, through server side encryption to Amazon Glacier integration. This webinar will dive deep into the feature sets of Amazon S3 to give a rounded overview of its capabilities, looking at common use cases, APIs and best practice.
See a recording of this video here on YouTube: http://youtu.be/VC0k-noNwOU
Check out future webinars in the Masterclass series here: http://aws.amazon.com/campaigns/emea/masterclass/
View the Journey Through the Cloud webinar series here: http://aws.amazon.com/campaigns/emea/journey/
We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket or to launch an Amazon EC2 instance of a specific type.
Delivering petabyte-scale computational resources to a large community of users while meeting stringent security and compliance requirements presents a host of technical challenges. Seven Bridges Genomics met and overcame them when building the Cancer Genomics Cloud Pilot (CGC) for the National Cancer Institute. The CGC helps users to solve massive computational problems involving multidimensional data, which include: running diverse analyses in a reproducible manner, collaborating with other researchers, and keeping personal data secure to comply with NIH regulations on controlled data sets. Seven Bridges will highlight the lessons learned along the way, as well as best practices for constructing secure and compliant platform services using Amazon S3, Amazon Glacier, AWS Identity and Access Management (IAM), Amazon VPC, and Amazon Route 53.
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...Amazon Web Services
Customers using AWS resources such as EC2 instances, EC2 Security Groups and RDS instances would like to track changes made to such resources and who made those changes. In this session, customers will learn about gaining visibility into user activity in their account and aggregating logs across multiple accounts into a single bucket. Customers will also learn about how they can use the user activity logs to meet the logging guidelines/requirements of different compliance standards. AWS Advanced Technology Partners Splunk/Sumologic (exact partners TBD) will demonstrate applications for analyzing user activity within an AWS account.
Amazon Cognito now makes it easy to sign up and sign in users to your mobile and web apps. Previously, with Amazon Cognito you can use social identity providers like Facebook, Google, Twitter, and Amazon for user sign-in and federate these identities to allow secure access to AWS resources. Now with User Identity Pools in Amazon Cognito, you get a secure, low-cost, and fully managed user directory that can scale to 100s of millions of users. Join us for an overview of Amazon Cognito and how to get started with User Identity Pools.
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAmazon Web Services
How do you protect your private information and customer PII in the cloud when you don’t control all the hardware or software components that might access that information? AWS allows you to offload many management and data-handling tasks, but how do you evaluate the risks to your data as it passes through these services? AWS offers many options for using encryption to protect your data in transit and at rest. A variety of features let you determine how much control you want over your encryption keys in order to meet your security goals. This webinar will help you understand which AWS encryption features are available, when to use them, and how to integrate them in your workloads. In this webinar, you will learn:
• Learn how to think about using encryption to protect your private information in the cloud • Learn how to evaluate key management architectures to determine whether they meet your needs • Learn how to use AWS encryption features to accomplish your data security goals.
Who Should Attend: • Developers, DevOps Engineers, and IT Security Administrators
Developing a Continuous Automated Approach to Cloud SecurityAmazon Web Services
Many organizations struggle daily with the question - "Where do we stand with our AWS security practices?" With the recent release of the Center for Internet Security's CIS AWS Foundations Benchmark, organizations now have an industry-accepted set of security configuration best practices. These benchmarks, in combination with 3rd party security solutions that support them, can form the foundation for security operations at organizations of all sizes through continuous monitoring and auditing.
Cloud computing gives you a number of advantages, such as the ability to scale your web application or website on demand. If you have a new web application and want to use cloud computing, you might be asking yourself, "Where do I start?" Join us in this session to understand best practices for scaling your resources from zero to millions of users. We show you how to best combine different AWS services, how to make smarter decisions for architecting your application, and how to scale your infrastructure in the cloud.
"Ever wondered how can you find out which user made a particular API call, when the call was made, and which resources were acted upon? In this session, you will learn how to turn on AWS CloudTrail for hundreds of AWS accounts in all AWS regions to ensure you have full visibility into API activity in all your AWS accounts. We will demonstrate how to use CloudTrail Lookup in the AWS Management Console to troubleshoot operational and security issues and how to use the AWS CLI or SDKs to integrate your applications with CloudTrail.
We will also demonstrate how you can monitor for specific API activity by using Amazon CloudWatch and receive email notifications, when such activity occurs. Using CloudTrail Lookup and CloudWatch Alarms, you can take immediate action to quickly remediate any security or operational issues. We will also share best practices and ready-to-use scripts, and dive deep into new features that help you configure additional layers of security for CloudTrail log files."
AWSome Day was an event hosted by AWS Nordics to promote AWS services and solutions. The document advertised prizes that could be won by entering an online draw. It also promoted booth activities at the event and special offers related to AWSome Day. Key topics covered in presentations included the primary reasons businesses use AWS like agility, the breadth of AWS platforms and services, innovation at AWS's scale, and AWS's cost savings and pricing flexibility. Examples were given of how different companies in the Nordics were using AWS for tasks like development and testing, new workloads, supplementing existing workloads, migrating applications, and moving IT entirely to the cloud.
Log Analytics with Amazon Elasticsearch Service - September Webinar SeriesAmazon Web Services
Elasticsearch is a popular open-source search and analytics engine used for log analytics. With Amazon Elasticsearch Service, you can easily run Elasticsearch on AWS. In this webinar, we will provide an overview of Amazon Elasticsearch Service and demo how to set up and configure an Amazon Elasticsearch domain for the log analytics use case.
Learning Objectives:
'- Understand Amazon Elasticsearch Service use cases and key features
- Learn how to secure your Amazon Elasticsearch cluster for access from Kibana and other plug-ins
- Learn best practices for scaling, monitoring, and troubleshooting Amazon Elasticsearch domains
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013Amazon Web Services
Streamline your mobile app signup experience with social login. We demonstrate how to use web identity federation to enable users to log into your app using their existing Facebook, Google, or Amazon accounts. Learn how to apply policies to these identities to secure access to AWS resources, such as personal files stored in Amazon S3. Finally, we show how to handle anonymous access to AWS from mobile apps when there is no user logged in.
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
AWS Organizations allows you to centrally manage multiple AWS accounts. It provides features like consolidated billing, account creation APIs, and service control policies to control access to AWS services across accounts. Service control policies can be used to whitelist or blacklist access to specific AWS APIs on a per-account basis. Organizations helps structure accounts for better security, compliance, and management of access controls and resources.
This document provides an overview of AWS compliance programs and certifications. It discusses several certifications including ISO 27001, SOC 1, SOC 2, PCI-DSS, and ISO 27018. For each certification, it provides information on availability of audit reports, scope of services covered, whether sensitive data is in scope, strengths, and weaknesses. It also discusses AWS Config and CloudTrail services and how they can help with auditing, compliance, and security monitoring. In addition, it covers billing data collection and sample billing records.
Transparency and Control with AWS CloudTrail and AWS ConfigAmazon Web Services
AWS CloudTrail and AWS Config are complementary services that provide visibility into API activity and resource configuration changes in AWS accounts. CloudTrail records API calls and related metadata, while Config captures configuration history and relationships between resources. These services can be used together to correlate API calls with resulting resource changes for security and compliance monitoring.
Using AWS CloudTrail to Enhance Governance and Compliance of Amazon S3 - DEV3...Amazon Web Services
As organizations move their workloads to the cloud, companies must take steps to protect and audit their private and confidential information. This session focuses on Amazon S3 best practices and using AWS CloudTrail Data Events to help better protect data residing within Amazon S3. The session includes a demonstration to show how CloudTrail, in combination with other AWS services, can help with Amazon S3 governance and compliance requirements.
AWS July Webinar Series - Troubleshooting Operational and Security Issues in ...Amazon Web Services
AWS CloudTrail is an essential tool for troubleshooting operational issues and investigating security incidents. CloudTrail provides detailed information about the API activity in your AWS account, including who made an API call, from where, and which resources they acted on.
This webinar will help you understand the features of CloudTrail and how to use them to gain maximum visibility into your AWS resources.
Learning Objectives:
Learn how to receive email notifications for specific API activity
Learn how to troubleshoot operational and security incidents in your AWS account
Learn how to turn on CloudTrail and receive a history of log files to an S3 bucket you specify
For more training on AWS, visit: https://www.qa.com/amazon
AWS Loft | London - Amazon S3: Masterclass by Ian Massingham, Chief Evangelist EMEA
April 18, 2016
This document discusses monitoring AWS resources and activity for billing, changes, and application usage. It provides examples of detailed billing records and recommends using AWS services like CloudTrail to log API activity, CloudWatch to monitor logs and metrics, VPC flow logs to monitor network traffic, and Config to inventory and track resource configurations over time. These services together provide visibility into usage and changes for security, compliance, and troubleshooting.
Manage Security & Compliance of Your AWS Account using CloudTrailCloudlytics
CloudTrail is an AWS service that records API calls made in an AWS account and delivers log files to enable security monitoring and compliance. It provides visibility into who accessed AWS resources, when they accessed them, and from where. Cloudlytics is a service that allows users to analyze CloudTrail logs to generate security and compliance reports. The document discusses enabling CloudTrail, configuring Cloudlytics to access CloudTrail logs, and using Cloudlytics to analyze the logs and generate various audit reports.
This document discusses security best practices for connecting IoT devices to AWS IoT. It recommends using TLS mutual authentication with X.509 certificates to securely connect devices. AWS IoT supports MQTT and HTTP protocols. Strong identity is ensured by generating unique certificates per device. Fine-grained access control is provided by attaching authorization policies to certificates. Mobile applications can also securely access devices via AWS Cognito identity pools.
I. AWS IAM provides identity and access management for AWS services and resources. It allows customization of access controls through policies and provides features like MFA and identity federation. IAM roles are preferable to users where possible for additional security.
II. EC2 allows launching virtual computing instances in AWS. AMIs contain templates for instances including the OS. Instance types determine hardware configurations. Security groups act as virtual firewalls controlling traffic to instances. EBS provides persistent storage volumes for instances.
III. Core AWS services discussed include IAM, EC2, S3, RDS, CloudWatch which provide fundamental cloud capabilities for security, computing, storage, databases and monitoring.
Amazon S3 hosts trillions of objects and is used for storing a wide range of data, from system backups to digital media. This presentation from the Amazon S3 Masterclass webinar we explain the features of Amazon S3 from static website hosting, through server side encryption to Amazon Glacier integration. This webinar will dive deep into the feature sets of Amazon S3 to give a rounded overview of its capabilities, looking at common use cases, APIs and best practice.
See a recording of this video here on YouTube: http://youtu.be/VC0k-noNwOU
Check out future webinars in the Masterclass series here: http://aws.amazon.com/campaigns/emea/masterclass/
View the Journey Through the Cloud webinar series here: http://aws.amazon.com/campaigns/emea/journey/
We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket or to launch an Amazon EC2 instance of a specific type.
Delivering petabyte-scale computational resources to a large community of users while meeting stringent security and compliance requirements presents a host of technical challenges. Seven Bridges Genomics met and overcame them when building the Cancer Genomics Cloud Pilot (CGC) for the National Cancer Institute. The CGC helps users to solve massive computational problems involving multidimensional data, which include: running diverse analyses in a reproducible manner, collaborating with other researchers, and keeping personal data secure to comply with NIH regulations on controlled data sets. Seven Bridges will highlight the lessons learned along the way, as well as best practices for constructing secure and compliant platform services using Amazon S3, Amazon Glacier, AWS Identity and Access Management (IAM), Amazon VPC, and Amazon Route 53.
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...Amazon Web Services
Customers using AWS resources such as EC2 instances, EC2 Security Groups and RDS instances would like to track changes made to such resources and who made those changes. In this session, customers will learn about gaining visibility into user activity in their account and aggregating logs across multiple accounts into a single bucket. Customers will also learn about how they can use the user activity logs to meet the logging guidelines/requirements of different compliance standards. AWS Advanced Technology Partners Splunk/Sumologic (exact partners TBD) will demonstrate applications for analyzing user activity within an AWS account.
Amazon Cognito now makes it easy to sign up and sign in users to your mobile and web apps. Previously, with Amazon Cognito you can use social identity providers like Facebook, Google, Twitter, and Amazon for user sign-in and federate these identities to allow secure access to AWS resources. Now with User Identity Pools in Amazon Cognito, you get a secure, low-cost, and fully managed user directory that can scale to 100s of millions of users. Join us for an overview of Amazon Cognito and how to get started with User Identity Pools.
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAmazon Web Services
How do you protect your private information and customer PII in the cloud when you don’t control all the hardware or software components that might access that information? AWS allows you to offload many management and data-handling tasks, but how do you evaluate the risks to your data as it passes through these services? AWS offers many options for using encryption to protect your data in transit and at rest. A variety of features let you determine how much control you want over your encryption keys in order to meet your security goals. This webinar will help you understand which AWS encryption features are available, when to use them, and how to integrate them in your workloads. In this webinar, you will learn:
• Learn how to think about using encryption to protect your private information in the cloud • Learn how to evaluate key management architectures to determine whether they meet your needs • Learn how to use AWS encryption features to accomplish your data security goals.
Who Should Attend: • Developers, DevOps Engineers, and IT Security Administrators
Developing a Continuous Automated Approach to Cloud SecurityAmazon Web Services
Many organizations struggle daily with the question - "Where do we stand with our AWS security practices?" With the recent release of the Center for Internet Security's CIS AWS Foundations Benchmark, organizations now have an industry-accepted set of security configuration best practices. These benchmarks, in combination with 3rd party security solutions that support them, can form the foundation for security operations at organizations of all sizes through continuous monitoring and auditing.
Cloud computing gives you a number of advantages, such as the ability to scale your web application or website on demand. If you have a new web application and want to use cloud computing, you might be asking yourself, "Where do I start?" Join us in this session to understand best practices for scaling your resources from zero to millions of users. We show you how to best combine different AWS services, how to make smarter decisions for architecting your application, and how to scale your infrastructure in the cloud.
"Ever wondered how can you find out which user made a particular API call, when the call was made, and which resources were acted upon? In this session, you will learn how to turn on AWS CloudTrail for hundreds of AWS accounts in all AWS regions to ensure you have full visibility into API activity in all your AWS accounts. We will demonstrate how to use CloudTrail Lookup in the AWS Management Console to troubleshoot operational and security issues and how to use the AWS CLI or SDKs to integrate your applications with CloudTrail.
We will also demonstrate how you can monitor for specific API activity by using Amazon CloudWatch and receive email notifications, when such activity occurs. Using CloudTrail Lookup and CloudWatch Alarms, you can take immediate action to quickly remediate any security or operational issues. We will also share best practices and ready-to-use scripts, and dive deep into new features that help you configure additional layers of security for CloudTrail log files."
AWSome Day was an event hosted by AWS Nordics to promote AWS services and solutions. The document advertised prizes that could be won by entering an online draw. It also promoted booth activities at the event and special offers related to AWSome Day. Key topics covered in presentations included the primary reasons businesses use AWS like agility, the breadth of AWS platforms and services, innovation at AWS's scale, and AWS's cost savings and pricing flexibility. Examples were given of how different companies in the Nordics were using AWS for tasks like development and testing, new workloads, supplementing existing workloads, migrating applications, and moving IT entirely to the cloud.
Log Analytics with Amazon Elasticsearch Service - September Webinar SeriesAmazon Web Services
Elasticsearch is a popular open-source search and analytics engine used for log analytics. With Amazon Elasticsearch Service, you can easily run Elasticsearch on AWS. In this webinar, we will provide an overview of Amazon Elasticsearch Service and demo how to set up and configure an Amazon Elasticsearch domain for the log analytics use case.
Learning Objectives:
'- Understand Amazon Elasticsearch Service use cases and key features
- Learn how to secure your Amazon Elasticsearch cluster for access from Kibana and other plug-ins
- Learn best practices for scaling, monitoring, and troubleshooting Amazon Elasticsearch domains
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013Amazon Web Services
Streamline your mobile app signup experience with social login. We demonstrate how to use web identity federation to enable users to log into your app using their existing Facebook, Google, or Amazon accounts. Learn how to apply policies to these identities to secure access to AWS resources, such as personal files stored in Amazon S3. Finally, we show how to handle anonymous access to AWS from mobile apps when there is no user logged in.
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
AWS Organizations allows you to centrally manage multiple AWS accounts. It provides features like consolidated billing, account creation APIs, and service control policies to control access to AWS services across accounts. Service control policies can be used to whitelist or blacklist access to specific AWS APIs on a per-account basis. Organizations helps structure accounts for better security, compliance, and management of access controls and resources.
This document provides an overview of AWS compliance programs and certifications. It discusses several certifications including ISO 27001, SOC 1, SOC 2, PCI-DSS, and ISO 27018. For each certification, it provides information on availability of audit reports, scope of services covered, whether sensitive data is in scope, strengths, and weaknesses. It also discusses AWS Config and CloudTrail services and how they can help with auditing, compliance, and security monitoring. In addition, it covers billing data collection and sample billing records.
Transparency and Control with AWS CloudTrail and AWS ConfigAmazon Web Services
AWS CloudTrail and AWS Config are complementary services that provide visibility into API activity and resource configuration changes in AWS accounts. CloudTrail records API calls and related metadata, while Config captures configuration history and relationships between resources. These services can be used together to correlate API calls with resulting resource changes for security and compliance monitoring.
Using AWS CloudTrail to Enhance Governance and Compliance of Amazon S3 - DEV3...Amazon Web Services
As organizations move their workloads to the cloud, companies must take steps to protect and audit their private and confidential information. This session focuses on Amazon S3 best practices and using AWS CloudTrail Data Events to help better protect data residing within Amazon S3. The session includes a demonstration to show how CloudTrail, in combination with other AWS services, can help with Amazon S3 governance and compliance requirements.
AWS July Webinar Series - Troubleshooting Operational and Security Issues in ...Amazon Web Services
AWS CloudTrail is an essential tool for troubleshooting operational issues and investigating security incidents. CloudTrail provides detailed information about the API activity in your AWS account, including who made an API call, from where, and which resources they acted on.
This webinar will help you understand the features of CloudTrail and how to use them to gain maximum visibility into your AWS resources.
Learning Objectives:
Learn how to receive email notifications for specific API activity
Learn how to troubleshoot operational and security incidents in your AWS account
Learn how to turn on CloudTrail and receive a history of log files to an S3 bucket you specify
- AWS CloudTrail is an AWS service that records API calls and other events made in an AWS account and delivers log files to an S3 bucket for monitoring and auditing purposes.
- A CloudTrail trail configures delivery of event logs to an S3 bucket and can filter the events captured. Trails can apply to a single region or all regions in an AWS account.
- CloudTrail captures management and data events across AWS services and writes them to log files stored in an S3 bucket according to the trail configuration.
The Amazon S3 connector allows integration with Amazon S3 storage via the AWS API. It enables storing and retrieving objects from S3 as well as building applications that leverage S3 storage. The connector requires AWS credentials and supports all standard S3 operations like creating/deleting buckets and objects, uploading/downloading data, and more. A sample Mule application demonstrates creating a bucket using the S3 connector.
In this session, we will help you use existing and recently launched services to automate configuration governance so that security is embedded in the development process. We outline four easy steps (Control, Monitor, Fix, and Audit) and demonstrate how different services can be used to meet your governance needs.
AWS provides several security capabilities and services to increase privacy and control infrastructure access. Built-in firewalls allow you to create private networks within AWS, and also control network access to your instances and subnets. Identity and access management capabilities enable you to define individual user accounts with permissions across AWS resources. AWS also provides tools and features that enable you to see exactly what’s happening in your AWS environment. In this session, you will gain an understanding of preventive and detective controls at the infrastructure level on AWS. We will cover Identity and Access Management as well as the security aspects of Amazon EC2, Virtual Private Cloud (VPC), Elastic Load Balancing (ELB), and CloudTrail.
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)Amazon Web Services
AWS CloudTrail, Amazon CloudWatch Events, AWS Identity & Access Management (IAM), Trusted Advisor, AWS Config Rules, other services? In this session, we will help you use existing and recently launched services to automate configuration governance so that security is embedded in the development process. We outline four easy steps (Control, Monitor, Fix, and Audit) and demonstrate how different services can be used to meet your governance needs. We will showcase real-life examples and you can take home a blog post with code examples and the full source code for scripts and tooling that AWS professional services have built using these services.
This document discusses tools for governing and auditing AWS resources, including CloudTrail, AWS Config, and AWS Config Rules. CloudTrail continuously records API calls to provide visibility into account activity. Config records configuration changes and relationships between resources. Config Rules validate configurations and enforce best practices. The document provides examples of monitoring security group changes, IAM policy changes, and failed sign-ins using CloudTrail and CloudWatch Logs. It emphasizes using these tools to perform security analysis, troubleshooting, and compliance.
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...Amazon Web Services
In this session, we’ll show how customers can use management tools to standardize the creation of AWS resources and then govern these resources through the lifecycle. By using AWS CloudFormation and AWS Service Catalog to provision resources at scale, AWS Config to audit any changes to the configuration of these resources, Amazon CloudWatch to monitor the health of these resources, and AWS CloudTrail to audit who or what made API calls to these resources, customers can automate and scale the administration of their infrastructure on AWS. They can even go one step further and automate compliance checking and remediation by using AWS Config rules and Amazon CloudWatch Events. We will demo how this is possible by looking at some common use cases.
In this session, we’ll expand on the S3 re:Invent deep-dive session with a hands-on workshop on advanced S3 features and storage management capabilities. We’ll have AWS S3 and Glacier experts on-hand to deep-dive on S3 architecture, performance & scalability optimization, how to analyze your content and leverage storage tiers (S3 Standard, S3 Standard Infrequent Access, Glacier) to balance cost and SLAs, security considerations, replication with Cross Region Replication (CRR), versioning for data protection and more.
In the hands-on lab, we’ll walk through a customer scenario: architecting a high-performance infrastructure for consumer applications. In the scenario, we’ll use sample data sets on S3, analyze object retrieval patterns and design a complete solution using many of the features S3 offers including migrating objects to an appropriate tier.
Prerequisites:
- Participants should have an AWS account established and available for use during the workshop.
- Please bring your own laptop.
AWS ReInvent 2020: SEC313 - A security operator’s guide to practical AWS Clou...Brian Andrzejewski
AWS CloudTrail helps you discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account within a specified period of time. In this session, you learn about the AWS CloudTrail service and its value for security operations. The session dives deep into sources of data enrichment and reviews how to leverage AWS CloudTrail as part of your security operations and incident response procedures.
YouTube: https://www.youtube.com/watch?v=Tr78kq-Oa70
ENT302 Deep Dive on AWS Management Tools and New LaunchesAmazon Web Services
As companies shift workloads into the cloud, IT organizations are required to manage an increasing number of cloud resources. AWS provides a broad set of services that help IT organizations with provisioning, tracking, auditing, configuration management, and cost management of their AWS resources. In this session, we will explore the AWS Management Tools suite of services that support the lifecycle management of AWS resources at scale and enable IT governance and compliance. The Deep Dive on AWS Management Tools session will benefit both new and experienced IT administrators, systems administrators, and developers operating infrastructure on AWS and interested in learning about the AWS resource management capabilities.
Automated Compliance and Governance with AWS Config and AWS CloudTrailAmazon Web Services
This document discusses automating compliance and governance on AWS. It begins with defining compliance and governance, then discusses the need for automation in cloud environments where resources are dynamic. It outlines a three phase approach: 1) control using IAM and service catalog, 2) monitor using AWS Config and CloudTrail, and 3) respond using Config rules and CloudWatch events with Lambda. Key services like IAM, Config, and CloudTrail are described. It emphasizes using AWS services to protect AWS resources and provides a demo.
This document provides an overview of best practices for Amazon S3. It discusses storage classes and how to choose the class that best fits your use case. It also covers bucket settings and features like permissions, versioning, object locking, cross-region replication, and object tags. The document discusses how to manage data at scale using operations and analytics. It provides guidance on optimizing performance through object naming schemes and parallel processing. It also outlines methods for flexible data transfer into S3, including database migration and AWS Transfer for SFTP.
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Amazon Web Services
This session enables security operators to automate governance and implement use cases addressed by AWS services such as AWS CloudTrail, AWS Config Rules, Amazon CloudWatch Events, and Trusted Advisor. Based on the nature of vulnerabilities, internal processes, compliance regimes, and other priorities, this session discusses the service to use when. We also show how to detect, report, and fix vulnerabilities, or gain more information about attackers. We dive deep into new features and capabilities of relevant services and use an example from an AWS customer, Siemens AG, about how to best automate governance and scale. A prerequisite for this session is knowledge of security and basic software development using Java, Python, or Node.
(MBL305) You Have Data from the Devices, Now What?: Getting the Value of the IoTAmazon Web Services
We are collecting tons of sensor data from billions of devices. How do you get the value from your IoT data sources? In this session, we will explore different strategies for collecting and ingesting data, understanding its frequency, and leveraging the potential of the cloud to analyze and predict trends and behavior to get most out of your deployed devices.
AWS provides several security capabilities and services to increase privacy and control infrastructure access. Built-in firewalls allow you to create private networks within AWS, and also control network access to your instances and subnets. Identity and access management capabilities enable you to define individual user accounts with permissions across AWS resources. AWS also provides tools and features that enable you to see exactly what’s happening in your AWS environment. In this session, you will gain an understanding of preventive and detective controls at the infrastructure level on AWS. We will cover Identity and Access Management as well as the security aspects of Amazon EC2, Virtual Private Cloud (VPC), Elastic Load Balancing (ELB), and CloudTrail.
Similar to Using CloudTrail to Enhance Compliance and Governance of S3 - AWS Online Tech Talks (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
2. What to expect from the session?
• Overview of:
• Governance and compliance
• AWS Config and Config rules
• AWS CloudTrail
• AWS CloudTrail S3 Data Events
• Use cases and examples
• S3 Data Events demo
• Amazon Macie
3. What is Governance and Compliance?
Governance is the oversight role and the process by which
companies manage and mitigate business risks.
Compliance ensures that an organization has the process
and internal controls to meet the requirements imposed by
the governance body.
4. So what does this mean?
To effectively use IT in enabling an organization to achieve its governance and
compliance goals, you need to:
• Define and control what IT is supposed to do
• Monitor what IT is doing
• Respond to changes, report and remediate as appropriate
6. Customer Data in Amazon S3
What do you have in your S3 buckets?
• Static website content
• Source code
• SSL certificates, private keys
• iOS and Android app signing keys
• Database backups
• Logs
• Sensitive data
• Password files
7. Amazon S3 features to help you with governance and
compliance
• S3 bucket policies
• MFA delete
• Versioning and lifecycle policies
• Object tags
• S3 access logs
• Encryption options
8. AWS services that can further enhance your efforts
AWS Config AWS CloudTrail Amazon Macie
9. Gain visibility with AWS Config
• Get inventory of all your AWS resources
• Discover resources that exist in your account and capture configurations
• Provide rules to ensure resource configurations conform to your internal
best practices and guidelines
10. AWS Config key benefits
• Enables you to assess, audit, and evaluate the configurations of your AWS resources
• Continuously monitors and records your AWS resource configurations
• Allows you to automate the evaluation of recorded configurations against desired
configurations with Config rules
Continuous Monitoring
Change Management
Continuous Assessment
Operational Troubleshooting
11. AWS Config rules
Configurable and customizable rules:
• Check whether logging is enabled for your S3 buckets.
• Check whether S3 buckets have policies that require requests to
use Secure Socket Layer (SSL).
• Check whether versioning is enabled for your S3 buckets.
Optionally, you can check if MFA delete is enabled for your S3
buckets.
12. New AWS Config rules
• AWS Config now supports two new managed rules to detect overly
permissive Amazon S3 bucket policies
13. Track account activity with AWS CloudTrail
• Increase visibility into your user and resource activity
• Discover and troubleshoot security and operational issues by capturing a
comprehensive history of changes that occurred in your AWS account
• Simplify your compliance audits by automatically recording and storing
activity logs for your AWS account
14. AWS CloudTrail key benefits
• Allows you to log, continuously monitor, and retain events related to API calls across your
AWS infrastructure
• Provides a history of AWS API calls for your account, including API calls made through the
AWS Management Console, AWS SDKs, command line tools, and other AWS services
Simplified Compliance
Security Analysis and
Troubleshooting
Visibility Into User and
Resource Activity
Security Automation
15. AWS CloudTrail features
• Management Event and S3 Data Event logging
• Multi region and multi trail enabled
• S3 log delivery
• Log file encryption
• Integrity validation
• SNS notification
• Cross-account S3 delivery
• CloudWatch Logs integration
• CloudWatch Events integration
• Personal Health Dashboard integration
• Support for multi-region configurations
• Event filters for read/write event actions
16. AWS CloudTrail S3 Data Events
S3 Data events are object-level API operations that access S3
objects, such as GetObject, DeleteObject, and PutObject. By
default, trails don't log data events, but you can configure trails to
log data events for S3 buckets and objects that you specify.
• S3 bucket-level operations are still captured by default as part
of CloudTrail Management Events.
How it works:
• Enable at the bucket or bucket/prefix level
• Captures S3 object-level API activities
• Event logs delivered to your S3 bucket designated in your trail
• $0.10 per 100,000 data events
17. AWS CloudTrail S3 Data Events
S3 Data events differ from S3 access logs in the following
ways:
• Delivered to CloudWatch Events within seconds of the
activity occurring and to S3 log storage and CloudWatch
Logs within minutes
• Include additional information such as additional user
identity details, error messages, request parameters, and
regional information
• JSON format, consistent with all other CloudTrail event logs
• Inherit all the CloudTrail features including log file integrity
validation
18. Use case:
• Detect data exfiltration
• You can detect data exfiltration by collecting activity data on S3
objects through object-level API events recorded in CloudTrail.
After the activity data is collected, you can use other AWS
services, such as Macie, CloudWatch Events, and Lambda, to
trigger response procedures.
Example: Detect access to sensitive data from unauthorized networks or
IP addresses.
AWS CloudTrail S3 Data Events
19. Use case:
• Perform security analysis
• You can quickly detect misconfiguration and perform security
analysis by ingesting AWS CloudTrail S3 Data Events into your
log management and analytics solutions such as Macie,
CloudWatch Logs, CloudWatch Events, Athena, ElasticSearch
Service, or 3rd party solution
Example: Identify who changed the permissions on a confidential financial
file to public.
AWS CloudTrail S3 Data Events
20. Detect if an S3 object becomes public, auto-remediate the issue by removing
the public read/write permissions, and notify the Security team with full details
of the event.
Demo scenario (S3 Data Event – ACL Change)
21. Step 1. Setup CloudTrail S3 Data Events
Demo scenario (S3 Data Event – ACL Change)
22.
23. Step 2. Create your Lambda function
Demo scenario (S3 Data Event – ACL Change)
24.
25. Step 3. Create a CloudWatch Event rule
Demo scenario (S3 Data Event – ACL Change)
26.
27. Step 4. Change the file ‘Jan2017-profit-loss.xlsx” from private to publically
accessible.
This change will trigger the Lambda function ‘CheckandCorrectObjectACL’
which will log activity to CloudWatch Logs, revert the file ACL back to private,
and fire off an SNS notification to generate an email containing the details.
Demo scenario (S3 Data Event – ACL Change)
28.
29.
30. • Currently available in all commercial regions
• Easily enabled via the CloudTrail console or AWS CLI
• Ability to log read, write, or all S3 object-level events
AWS CloudTrail S3 Data Events
31. What is it?
• Amazon Macie is a security service that uses
machine learning to automatically discover, classify,
and protect sensitive data in AWS.
• What data do I have in the cloud?
• Where is it located?
• How is data being shared and stored?
• How can I classify data in near-real time?
• What PII/PHI is possibly exposed?
• How do I build workflow remediation for my
security and compliance needs?
Macie helps answer questions such as:
Amazon Macie
32. Summary
Config, CloudTrail, and Macie provide:
• Broad and deep visibility for S3 compliance and governance
• Governance and Compliance as code
• Enable: standardization, self-service, and automation
Find out more here:
https://aws.amazon.com/config/
https://aws.amazon.com/cloudtrail/
https://aws.amazon.com/macie/