AMAZON WEB SERVICES (AWS) SERVICES OVERVIEW & SECURITY TIPS
|
|
- Thomas Heath
- 6 years ago
- Views:
Transcription
1 AMAZON WEB SERVICES (AWS) SERVICES OVERVIEW & SECURITY TIPS MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER CYBER 1
2 AGENDA AWS SERVICES OVERVIEW REGIONS & AVAILABILITY ZONES VIRTUAL PRIVATE CLOUD (VPC) ELASTIC COMPUTE CLOUD (EC2) AWS OBJECT STORAGE: S3, AND GLACIER IDENTITY AND ACCESS MANAGEMENT (IAM) & SECURITY GROUPS CONTENT DELIVERY NETWORK (CDN) VERSIONING & ENCRYPTION 2
3 AWS SERVICES OVERVIEW Amazon Web Services offers ondemand cloud computing services to individuals, companies and governments, on demand with a paid subscription with an option available for 12 months. APPLICATION PLATFORM INFRASTRUCTURE 3
4 AWS SERVICES OVERVIEW 1. Infrastructure-as-a-service (IaaS) Servers, virtual machines, storage, networks, etc. provided by the cloud provider and billed per usage. 2. Platform as a service (PaaS) Access to a ready-made environment for development, testing, delivering, and managing software, billed per usage. 3. Software as a service (SaaS) Access to applications over the Internet, like for example Gmail, or Office365, billed per usage. Source: 4
5 AWS SERVICES OVERVIEW WHAT DO YOU NEED? WHAT REGULATION IS YOUR BUSINESS SUBJECT TO? WHAT IS YOUR RESPONSIBILITY? WHERE DO YOU NEED THESE SERVICES? 5
6 FIRST QUESTION - WHAT DO YOU NEED? 6
7 WHAT DO YOU NEED? Before starting the course, and your implementation it is very important to understand your choice, and what would you and your business need as architecture, and approach. Infrastructure as a service (IaaS) Platform as a service (PaaS) Software as a service (SaaS) Private cloud Public cloud Hybrid cloud 7
8 SECOND QUESTION - WHAT REGULATIONS IS YOUR BUSINESS SUBJECT TO? 8
9 WHAT REGULATIONS IS YOUR BUSINESS SUBJECT TO? AWS is providing great support in terms of good practices, and guidelines for business compliance with local regulations. For Singapore, financial institutions are highly regulated by the Monetary Authority of Singapore (MAS). We can find publicly available: AWS User Guide to Financial Services Regulations & Guidelines in Singapore, to support AWS services deployment and configuration. You can download the guide from the link: ons_guidelines_in_singapore.pdf 9
10 WHAT REGULATIONS IS YOUR BUSINESS SUBJECT TO? AWS features also a list of access-controlled documents relevant to compliance and security as AWS Artifact. The list can be easily accessible with an admin account, and you can download the correspondent document, to follow the instructions. m/artifact 10
11 THIRD QUESTION WHAT IS YOUR RESPONSIBILITY? 11
12 WHAT IS YOUR RESPONSIBILITY? Source: 12
13 FOURTH QUESTION - WHERE DO YOU NEED THESE SERVICES? 13
14 REGIONS & AVAILABILITY ZONES AWS Services are located worldwide in several locations. These locations are composed of Regions and Availability Zones. Region = One Geographical Area Availability Zone = Separated Location in a Geographical Area Example:
15 REGIONS & AVAILABILITY ZONES Regions are an important point for AWS implementation and deployment. Your choices might vary depending on the considered region, as all services are not available consistently over the regions. Example: Glacier is not available in Singapore. 15
16 REGIONS & AVAILABILITY ZONES Use multiple availability zones (AZs) for redundancy! Various service limits are enforced by Amazon. You can ask for soft limit increase, in some cases. 16
17 AWS SERVICES OVERVIEW LET S RECAP LET S REMEMBER THE IMPORTANT BASICS LET S CHECK THE SECURITY TIPS YOUR ARE AWESOMELY GETTING THERE 17
18 VIRTUAL PRIVATE CLOUD (VPC) 18
19 AMAZON VIRTUAL PRIVATE CLOUD (VPC) Amazon Virtual Private Cloud (VPC) What is it? Amazon Virtual Private Cloud (Amazon VPC) allows you the provisioning of a logically isolated section of the Amazon Web Services (AWS) cloud. Your can select your own IP address range, create subnets, and configure route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications. 19
20 AMAZON VIRTUAL PRIVATE CLOUD (VPC) This is an example of a simple architecture with the different services, including a VPC. Inside the VPC, we have two different subnets, a router, and an Internet Gateway. Tip: Use a load balancer to balance between AZs. It is definitely recommended to use a public subnet with an Internet Gateway for Internet access. 20
21 AMAZON VIRTUAL PRIVATE CLOUD (VPC) Default VPC and Custom VPC are the only VPC forms available. Default VPC is created when you create an AWS account. Custom VPC is dedicated for advanced users. 21
22 ELASTIC COMPUTE CLOUD (EC2) 22
23 ELASTIC COMPUTE CLOUD (EC2) Elastic Compute Cloud (EC2) What is it? EC2 provides a web service that provides secure, resizable compute capacity in the cloud. The different types of EC2 will provide you various CPUs, memory capacities, storage types, and networking capacity. An instance type can be changed if it has an Elastic Block Store (EBS) store volume root device. Example: Instance Type vcpu Memory Storage Networking Performance Clock Speed Physical Processor (GiB) (GB) (GHz) t2.nano EBS Only Low Intel Xeon family up to 3.3 t2.micro 1 1 EBS Only Low to Moderate Intel Xeon family Up to
24 ELASTIC COMPUTE CLOUD (EC2) Amazon Elastic Block Store (Amazon EBS) What is it? Amazon Elastic Block Store (Amazon EBS) is a block storage volume for Amazon EC2 instances. Data stored on an Amazon EBS volume can persist after instance termination, and independently of the instance life. EBS has four types of storage: Provisioned IOPS SSD (io1) General Purpose SSD (gp2) Throughput Optimized HDD (st1) Cold HDD (sc1) You can not detach or attach instance store volume to another instance. 24
25 ELASTIC COMPUTE CLOUD (EC2) Elastic Compute Cloud (EC2) Some Tips? "Enable termination protection" option allows you to protect an accidental EC2 instance termination. To enable termination protection for an instance at launch time Open the Amazon EC2 console at On the dashboard, choose Launch Instance and follow the directions in the wizard. On the Configure Instance Details page, select the Enable termination protection check box. To enable termination protection for a running or stopped instance Select the instance, choose Actions, Instance Settings, and then choose Change Termination Protection. Select Yes, Enable. In addition, enable backups, and output data to another AWS service. 25
26 ELASTIC COMPUTE CLOUD (EC2) If you need to copy an EC2 instance to another region, you can create an Amazon Machine Images (AMI). The AMI can be deployed then as it does represent a high performance execution environment for applications running on EC2, and contains all the information to launch an instance. EC2-Classic is an old configuration which is not available anymore. It is still being supported for clients. 26
27 ELASTIC COMPUTE CLOUD (EC2) The most secure option to connect to instances without Internet connectivity in a private subnet VPC is a bastion host server to connect to the instances. Bastion hosts are instances within your public subnet and are typically accessed using SSH or RDP. Once remote connectivity has been established with the bastion host, it then behaves like a bridge, allowing you to use SSH or RDP to login to other instances (within private subnets) within your network. You can use bastion as a bridge with security groups and NACL to access other private instances. 27
28 ELASTIC COMPUTE CLOUD (EC2) Placement group is a logical grouping of instances within a single Availability Zone, achieving high performance computing, with low-latency network performance. There is a soft limit of 20 instances per region. You can submit the limit increase form and retry the failed requests once approved. You can use CURL, or GET command; to access the information for your instance, for example: [ec2-user ~]$ curl Or [ec2-user ~]$ GET 28
29 AWS OBJECT STORAGE: S3, AND GLACIER 29
30 AWS OBJECT STORAGE: S3, AND GLACIER AWS provides various storage options What are they? Let s focus on the four below: S3 Amazon Simple Storage Service, min object storage size is 0B S3 Standard - Infrequent Access (Standard - IA), min object storage size is 128KB Amazon S3 Reduced Redundancy Storage, min object storage size is 128KB Glacier 30
31 AWS OBJECT STORAGE: S3, AND GLACIER AWS provides various storage options Some Tips? AWS RRS provides the same functionality as AWS S3, but is cheaper. It is ideally suited for non-mission, critical applications, such as files which can be reproduced. Example: Storing image thumbnails can be a good use case for storing content in AWS RRS. AWS RRS is being cheaper than AWS IA. 31
32 AWS OBJECT STORAGE: S3, AND GLACIER Key points to remember regarding an S3 bucket are: S3 is a Object Based storage, only for, for example files. and not OS. It can store files from 0 to 5 TB Names of Buckets are universal, and therefore need to be unique HTTP 200 CODE is the confirmation for successful data upload When you upload an object, the object will be immediately available - Read after write consistency If you change/delete an object in the bucket, the object might not be immediately updated. It might take few minutes - Override after put or deleting No partial or damaged/corrupted objects when uploading, updating, or deleting. Encryption is enabled 32
33 AWS OBJECT STORAGE: S3, AND GLACIER Implementing versioning and lifecycle rules are key to prevent data loss. Accidental deletion of data from an S3 bucket can be avoided by: Enabling versioning Enabling MFA access 33
34 AWS OBJECT STORAGE: S3, AND GLACIER You can't have any dots in your bucket name if you use the bucket name in the subdomain of your URLs if you would like to use SSL for your bucket. This will cause a certificate mismatch. AWS SSL certificate only covers *.s3.amazonaws.com. Versioning is required for replication in S3. To list delete markers (and other versions of an object), you need to use the versions subresource in a GET Bucket versions request, as a simple GET will not retrieve delete marker objects. 34
35 AWS OBJECT STORAGE: S3, AND GLACIER You can retrieve data faster from Glacier with: Expedited retrievals and access data in 1 5 minutes for a flat rate of $0.03 per GB retrieved, or Bulk retrievals to access your data in approximately 5 12 hours for a flat rate of just $ per GB retrieved. Cross region replication has additional cost (Redundancy) 35
36 IDENTITY AND ACCESS MANAGEMENT (IAM) & SECURITY GROUPS 36
37 IDENTITY AND ACCESS MANAGEMENT (IAM) & SECURITY GROUPS Identity and Access Management (IAM) What is it? Access Control is one of the most important security controls to put in place, and therefore we can check the below important points offered par AWS services. You can define your Identity Access Management rules, and create Security Groups to control and limit the access to the resources. The statement is the main element of the IAM policy and it is a must for a policy. Elements such as condition, version and ID are not required. 37
38 IDENTITY AND ACCESS MANAGEMENT (IAM) & SECURITY GROUPS You will have: A centralised control of your AWS account (I recommend hardware MFA for the root account) Granular Permissions Identity Federation, including Active Directory Multi Factor Authentication Password Policies PCI DSS Compliance Every user gets an IAM account. Never login to the master. 38
39 IDENTITY AND ACCESS MANAGEMENT (IAM) & SECURITY GROUPS Identity and Access Management (IAM) Some Tips? I encourage highly to use hardware MFA or Virtual MFA Device for your access control, as for example Google Authenticator. 39
40 IDENTITY AND ACCESS MANAGEMENT (IAM) & SECURITY GROUPS When you create a new user, a pair of access key is generated if enabled. Make sure that you do not enable it if not necessary. The access keys (Users can have multiple API keys) will not allow a user to connect to the console however will allow for an API to get access. 40
41 IDENTITY AND ACCESS MANAGEMENT (IAM) & SECURITY GROUPS AWS Best practices advise a password with 14 characters length. I recommend using at least 12 characters, complexity, password expiration, and no password reuse. It is possible to create an IAM when an instance is running ONLY if "no reboot" option is checked. 41
42 IDENTITY AND ACCESS MANAGEMENT (IAM) & SECURITY GROUPS Another access control measure is Security Groups. This in fact is one of the main controls. I highly recommend to add Network Access Control Lists as an additional layer of security. Security Group Operates at the instance level (first layer of defense) Network ACL Operates at the subnet level (second layer of defense) Supports allow rules only Is stateful: Return traffic is automatically allowed, regardless of any rules Weevaluate all rules before deciding whether to allow traffic Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on Supports allow rules and deny rules Is stateless: Return traffic must be explicitly allowed by rules We process rules in number order when deciding whether to allow traffic Automatically applies to all instances in the subnets it's associated with (backup layer of defense, so you don't have to rely on someone specifying the security group) 42
43 IDENTITY AND ACCESS MANAGEMENT (IAM) & SECURITY GROUPS Outbound Ports should be enabled on NACL, when an instance needs to be accessible by everyone, even if port 80 allows inbound. Source/Destination check should be disabled when a custom NAT instance is launched, even after configuring security groups and NACL. Instances should have either public IP or elastic IP to be able to reach the Internet. You can have one Elastic IP address associated with a running instance at no charge. You can also check the associated IP through the instance metadata. For an instance to be able to connect to the Internet with an Internet Gateway, and a public subnet, a route should be created as /0 and your internet gateway as target. 43
44 IDENTITY AND ACCESS MANAGEMENT (IAM) & SECURITY GROUPS A NAT gateway in the Failed state is automatically deleted after about an hour. Ensure that different route tables for your private and your public subnet. If the table is the same, it will not route traffic to the Internet. Use the tracert (Windows) command or traceroute (Linux) command. ICMP packets are ignored. Define all rules within a single aws_security_group_rules resource to refresh security groups rules faster. (To be confirmed and feedback is welcome) 44
45 IDENTITY AND ACCESS MANAGEMENT (IAM) & SECURITY GROUPS Here you can find a great example of the different between ACL and Security Groups. Security groups Act as a firewall for Amazon EC2 instances Network access control lists (ACLs) Act as a firewall for subnets Changes to Security Groups rules are automatically applied after a short period. 45
46 IDENTITY AND ACCESS MANAGEMENT (IAM) & SECURITY GROUPS By default, security groups are configured as below: Allow no inbound traffic Allow all outbound traffic Allow instances associated with this security group to communicate You need to disable SSH access. You can create an IAM role with two attached policies to delegate permission to access a resource. The permission policy grants the user for the desired task on the resource and the trust policy indicates which trusted accounts are allowed to grant its users permissions to assume the role. 46
47 CONTENT DELIVERY NETWORK (CDN) 47
48 CONTENT DELIVERY NETWORK (CDN) Content Delivery Network What is it? Another service that is provided by AWS and is critical is the CDN CloudFront. This service is critical when hosting a web application online. It delivers content by replicating commonly requested files (static content) across a globally distributed set of caching servers. From my experience, I suggest analyse your business requirements, as you might have additional functionalities needed. Amazon CloudFront doesn t have these features: purge it all, or purge instant, SPDY Protocol Support, Real time statistics or CDN balancing tech. 48
49 CONTENT DELIVERY NETWORK (CDN) 49
50 VERSIONING & ENCRYPTION 50
51 VERSIONING & ENCRYPTION Encryption What is it? AWS offers various types of encryption: At rest, Server Side Encryption S3 Managed keys SSE-S3 AWS Key Management Service, SSE-KMS Server Side Encryption with Customer Provided Keys SSE-C Client Side Encryption 51
52 VERSIONING & ENCRYPTION A new version of a file on an S3 bucket is considered an update subject to eventual consistency. If you specified the version ID on the GET request, then the new file will be subject to a read-after-write consistency. With SSE-KMS you can have different objects stored with different keys in the same bucket. You will have two layers of security controls: the bucket and the objects. Boot volume encryption on an EC2 instance, has some known issues. Google is your friend :D! 52
53 AWS DATABASES 53
54 AWS DATABASE If You Need A managed relational database in the cloud that you can launch in minutes with a just a few clicks. A fully managed MySQL and PostgreSQL-compatible relational database with 5X performance and enterprise level features. A managed NoSQL database that offers extremely fast performance, seamless scalability and reliability A fast, fully managed, petabyte-scale data warehouse at less than a tenth the cost of traditional solutions. To deploy, operate, and scale in-memory cache based on memcached or Redis in the cloud. Help migrating your databases to AWS easily and inexpensively with zero downtime. To build flexible cloud-native directories for organizing hierarchies of data along multiple dimensions. Consider Using Amazon RDS Amazon Aurora Amazon DynamoDB Amazon Redshift Amazon ElastiCache AWS Database Migration Service Amazon Cloud Directory Product Type Relational Database Relational Database NoSQL Database Data Warehouse In-Memory Cache Database Migration Directory Source: aws.com 54
55 COMPLIANCE TESTING If you would like to test your configuration vs your compliance requirements, and regulation, you can run the AWS Script. I recommend the local execution. It was very fast and easy. AWS GitHub script to scan for CIS compliance 55
56 ADDITIONAL RESOURCES Link to CIS Benchmark Guideline Link to CIS Three-Tier Guideline AWS Well Architected AWS Cloud Adoption Framework Security 56
57 MAGDA CHELLY, CYBERFEMINIST, CISSP MAGDA LILIA CHELLY, IS THE MANAGING DIRECTOR OF RESPONSIBLE CYBER BY DAY, AND A CYBER FEMINIST HACKER BY NIGHT. SHE SPEAKS FIVE LANGUAGES FLUENTLY, AND HAS A PHD IN TELECOMMUNICATION ENGINEERING WITH A SUBSEQUENT SPECIALIZATION IN CYBER SECURITY (CISSP). Your employees are your company s biggest asset yet equally represent your weakest link. Empower YOUR people to protect YOUR business with a trusted, value-adding and effective cyber-security provider Magda Chelly, CyberFeminist, CISSP MAGDA WAS RECENTLY NOMINATED AS GLOBAL LEADER OF THE YEAR AT THE WOMEN IN IT AWARDS 2017, AND TOP 50 CYBER SECURITY INFLUENCER, GLOBALLY. 57
58 THANK YOU! PLEASE FEEL FREE TO ASK QUESTIONS OR SHARE YOUR TIPS 58
AWS Administration. Suggested Pre-requisites Basic IT Knowledge
Course Description Amazon Web Services Administration (AWS Administration) course starts your Cloud Journey. If you are planning to learn Cloud Computing and Amazon Web Services in particular, then this
More informationAmazon Web Services (AWS) Solutions Architect Intermediate Level Course Content
Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content Introduction to Cloud Computing A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction
More informationAWS Solution Architect Associate
AWS Solution Architect Associate 1. Introduction to Amazon Web Services Overview Introduction to Cloud Computing History of Amazon Web Services Why we should Care about Amazon Web Services Overview of
More informationLINUX, WINDOWS(MCSE),
Virtualization Foundation Evolution of Virtualization Virtualization Basics Virtualization Types (Type1 & Type2) Virtualization Demo (VMware ESXi, Citrix Xenserver, Hyper-V, KVM) Cloud Computing Foundation
More informationAWS Solutions Architect Associate (SAA-C01) Sample Exam Questions
1) A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI.
More informationAmazon Web Services Training. Training Topics:
Amazon Web Services Training Training Topics: SECTION1: INTRODUCTION TO CLOUD COMPUTING A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction to Cloud Computing
More informationEnroll Now to Take online Course Contact: Demo video By Chandra sir
Enroll Now to Take online Course www.vlrtraining.in/register-for-aws Contact:9059868766 9985269518 Demo video By Chandra sir www.youtube.com/watch?v=8pu1who2j_k Chandra sir Class 01 https://www.youtube.com/watch?v=fccgwstm-cc
More informationAmazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India
(AWS) Overview: AWS is a cloud service from Amazon, which provides services in the form of building blocks, these building blocks can be used to create and deploy various types of application in the cloud.
More informationCIT 668: System Architecture. Amazon Web Services
CIT 668: System Architecture Amazon Web Services Topics 1. AWS Global Infrastructure 2. Foundation Services 1. Compute 2. Storage 3. Database 4. Network 3. AWS Economics Amazon Services Architecture Regions
More informationBuilding a Modular and Scalable Virtual Network Architecture with Amazon VPC
Building a Modular and Scalable Virtual Network Architecture with Amazon VPC Quick Start Reference Deployment Santiago Cardenas Solutions Architect, AWS Quick Start Reference Team August 2016 (revisions)
More informationTraining on Amazon AWS Cloud Computing. Course Content
Training on Amazon AWS Cloud Computing Course Content 15 Amazon Web Services (AWS) Cloud Computing 1) Introduction to cloud computing Introduction to Cloud Computing Why Cloud Computing? Benefits of Cloud
More information8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop
Bishop Encryption and Decryption centralized Single point of contact First line of defense If working with VPC Creation and management of security groups Provides additional networking and security options
More informationAt Course Completion Prepares you as per certification requirements for AWS Developer Associate.
[AWS-DAW]: AWS Cloud Developer Associate Workshop Length Delivery Method : 4 days : Instructor-led (Classroom) At Course Completion Prepares you as per certification requirements for AWS Developer Associate.
More informationIntroduction to Cloud Computing
You will learn how to: Build and deploy cloud applications and develop an effective implementation strategy Leverage cloud vendors Amazon EC2 and Amazon S3 Exploit Software as a Service (SaaS) to optimize
More informationSAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions
SAA-C01 AWS Solutions Architect Associate Exam Summary Syllabus Questions Table of Contents Introduction to SAA-C01 Exam on AWS Solutions Architect Associate... 2 AWS SAA-C01 Certification Details:...
More informationAWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS
AWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS suneys@amazon.com AWS Core Infrastructure and Services Traditional Infrastructure Amazon Web Services Security Security Firewalls ACLs
More informationAmazon Web Services (AWS) Training Course Content
Amazon Web Services (AWS) Training Course Content SECTION 1: CLOUD COMPUTING INTRODUCTION History of Cloud Computing Concept of Client Server Computing Distributed Computing and it s Challenges What is
More informationCPM. Quick Start Guide V2.4.0
CPM Quick Start Guide V2.4.0 1 Content 1 Introduction... 3 Launching the instance... 3 CloudFormation... 3 CPM Server Instance Connectivity... 3 2 CPM Server Instance Configuration... 4 CPM Server Configuration...
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : SAA-C01 Title : AWS Certified Solutions Architect - Associate (Released February 2018)
More informationCloud Computing /AWS Course Content
Cloud Computing /AWS Course Content 1. Amazon VPC What is Amazon VPC? How to Get Started with Amazon VPC Create New VPC Launch an instance (Server) to use this VPC Security in Your VPC Networking in Your
More informationTestkingPass. Reliable test dumps & stable pass king & valid test questions
TestkingPass http://www.testkingpass.com Reliable test dumps & stable pass king & valid test questions Exam : AWS-Solutions-Architect- Associate Title : AWS Certified Solutions Architect - Associate Vendor
More informationOverview of AWS Security - Database Services
Overview of AWS Security - Database Services June 2016 (Please consult http://aws.amazon.com/security/ for the latest version of this paper) 2016, Amazon Web Services, Inc. or its affiliates. All rights
More informationSecurity on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance
Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Agenda: Overview AWS Regions Availability Zones Shared Responsibility Security Features Best Practices
More informationAbout Intellipaat. About the Course. Why Take This Course?
About Intellipaat Intellipaat is a fast growing professional training provider that is offering training in over 150 most sought-after tools and technologies. We have a learner base of 600,000 in over
More informationCloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014
Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014 Karthik Krishnan Page 1 of 20 Table of Contents Table of Contents... 2 Abstract... 3 What
More informationSimple Security for Startups. Mark Bate, AWS Solutions Architect
BERLIN Simple Security for Startups Mark Bate, AWS Solutions Architect Agenda Our Security Compliance Your Security Account Management (the keys to the kingdom) Service Isolation Visibility and Auditing
More informationCompute - 36 PCPUs (72 vcpus) - Intel Xeon E5 2686 v4 (Broadwell) - 512GB RAM - 8 x 2TB NVMe local SSD - Dedicated Host vsphere Features - vsphere HA - vmotion - DRS - Elastic DRS Storage - ESXi boot-from-ebs
More informationPass4test Certification IT garanti, The Easy Way!
Pass4test Certification IT garanti, The Easy Way! http://www.pass4test.fr Service de mise à jour gratuit pendant un an Exam : SOA-C01 Title : AWS Certified SysOps Administrator - Associate Vendor : Amazon
More informationActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD
ActiveNET #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD-500018 9848111288 activesurya@ @gmail.com wwww.activenetinformatics.com y Suryanaray yana By AWS Course Content 1. Introduction to Cloud
More informationAmazon AWS-Solution-Architect-Associate Exam
Volume: 858 Questions Question: 1 You are trying to launch an EC2 instance, however the instance seems to go into a terminated status immediately. What would probably not be a reason that this is happening?
More informationAWS 101. Patrick Pierson, IonChannel
AWS 101 Patrick Pierson, IonChannel What is AWS? Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help
More informationOracle WebLogic Server 12c on AWS. December 2018
Oracle WebLogic Server 12c on AWS December 2018 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationWe are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info
We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info START DATE : TIMINGS : DURATION : TYPE OF BATCH : FEE : FACULTY NAME : LAB TIMINGS : Storage & Database Services : Introduction
More informationAmazon Elastic Compute Cloud (EC2)
Amazon Elastic Compute Cloud (EC2) 1 Amazon EC2 Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity ( Virtual Machine) in the AWS cloud. Why EC2 Available in different locations
More informationStandardized Architecture for PCI DSS on the AWS Cloud
AWS Enterprise Accelerator Compliance Standardized Architecture for PCI DSS on the AWS Cloud Quick Start Reference Deployment AWS Professional Services AWS Quick Start Reference Team May 2016 (last update:
More informationAWS Storage Gateway. Amazon S3. Amazon EFS. Amazon Glacier. Amazon EBS. Amazon EC2 Instance. storage. File Block Object. Hybrid integrated.
AWS Storage Amazon EFS Amazon EBS Amazon EC2 Instance storage Amazon S3 Amazon Glacier AWS Storage Gateway File Block Object Hybrid integrated storage Amazon S3 Amazon Glacier Amazon EBS Amazon EFS Durable
More informationDocument Sub Title. Yotpo. Technical Overview 07/18/ Yotpo
Document Sub Title Yotpo Technical Overview 07/18/2016 2015 Yotpo Contents Introduction... 3 Yotpo Architecture... 4 Yotpo Back Office (or B2B)... 4 Yotpo On-Site Presence... 4 Technologies... 5 Real-Time
More information25 Best Practice Tips for architecting Amazon VPC
25 Best Practice Tips for architecting Amazon VPC 25 Best Practice Tips for architecting Amazon VPC Amazon VPC is one of the most important feature introduced by AWS. We have been using AWS from 2008 and
More informationCloud Computing. Amazon Web Services (AWS)
Cloud Computing What is Cloud Computing? Benefit of cloud computing Overview of IAAS, PAAS, SAAS Types Of Cloud private, public & hybrid Amazon Web Services (AWS) Introduction to Cloud Computing. Introduction
More informationAWS_SOA-C00 Exam. Volume: 758 Questions
Volume: 758 Questions Question: 1 A user has created photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to
More informationARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS
ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS Dr Adnene Guabtni, Senior Research Scientist, NICTA/Data61, CSIRO Adnene.Guabtni@csiro.au EC2 S3 ELB RDS AMI
More informationAWS Course Syllabus. Linux Fundamentals. Installation and Initialization:
AWS Course Syllabus Linux Fundamentals Installation and Initialization: Installation, Package Selection Anatomy of a Kickstart File, Command line Introduction to Bash Shell System Initialization, Starting
More informationHigh School Technology Services myhsts.org Certification Courses
AWS Associate certification training Last updated on June 2017 a- AWS Certified Solutions Architect (40 hours) Amazon Web Services (AWS) Certification is fast becoming the must have certificates for any
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationCloud Storage with AWS: EFS vs EBS vs S3 AHMAD KARAWASH
Cloud Storage with AWS: EFS vs EBS vs S3 AHMAD KARAWASH Cloud Storage with AWS Cloud storage is a critical component of cloud computing, holding the information used by applications. Big data analytics,
More informationAWS Certified Solutions Architect - Associate 2018 (SAA-001)
AWS Certified Solutions Architect - Associate 2018 (SAA-001) Amazon AWS Certified Solutions Architect Associate 2018 Dumps Available Here at: /amazon-exam/aws-certified-solutionsarchitect-associate-2018-dumps.html
More informationAWS Solutions Architect Exam Tips
AWS Solutions Architect Exam Tips This is not a brain dump! Questions and Answers are not given here, rather guidelines for further research, reviewing the Architecting on AWS courseware and AWS documentation.
More informationNGF0502 AWS Student Slides
NextGen Firewall AWS Use Cases Barracuda NextGen Firewall F Implementation Guide Architectures and Deployments Based on four use cases Edge Firewall Secure Remote Access Office to Cloud / Hybrid Cloud
More informationAmazon. Exam Questions AWS-Certified-Solutions-Architect- Professional. AWS-Certified-Solutions-Architect-Professional.
Amazon Exam Questions AWS-Certified-Solutions-Architect- Professional AWS-Certified-Solutions-Architect-Professional Version:Demo 1.. The MySecureData company has five branches across the globe. They want
More informationAgenda. AWS Database Services Traditional vs AWS Data services model Amazon RDS Redshift DynamoDB ElastiCache
Databases on AWS 2017 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon Web Services,
More informationBERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
BERLIN 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Introduction to Amazon EC2 Danilo Poccia Technical Evangelist @danilop 2015, Amazon Web Services, Inc. or its affiliates. All
More informationCloudera s Enterprise Data Hub on the AWS Cloud
Cloudera s Enterprise Data Hub on the AWS Cloud Quick Start Reference Deployment Shivansh Singh and Tony Vattathil Amazon Web Services October 2014 Last update: April 2017 (revisions) This guide is also
More informationAmazon Virtual Private Cloud. User Guide API Version
Amazon Virtual Private Cloud User Guide Amazon Web Services Amazon Virtual Private Cloud: User Guide Amazon Web Services Copyright 2012 Amazon Web Services LLC or its affiliates. All rights reserved. The
More informationConfiguring AWS for Zerto Virtual Replication
Configuring AWS for Zerto Virtual Replication VERSION 1 MARCH 2018 Table of Contents 1. Prerequisites... 2 1.1. AWS Prerequisites... 2 1.2. Additional AWS Resources... 3 2. AWS Workflow... 3 3. Setting
More informationIntroduction to Database Services
Introduction to Database Services Shaun Pearce AWS Solutions Architect 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Today s agenda Why managed database services? A non-relational
More informationHackproof Your Cloud Responding to 2016 Threats
Hackproof Your Cloud Responding to 2016 Threats Aaron Klein, CloudCheckr Tuesday, June 30 th 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Changing Your Perspective Moving
More informationFilters AWS CLI syntax, 43 Get methods, 43 Where-Object command, 43
Index Symbols AWS Architecture availability zones (AZs), 3 cloud computing, 1 regions amazon global infrastructure, 2 Govcloud, 3 list and locations, 3 services compute, 5 management, 4 monitoring, 6 network,
More informationConfluence Data Center on the AWS Cloud
Confluence Data Center on the AWS Cloud Quick Start Reference Deployment March 2017 Atlassian AWS Quick Start Reference Team Contents Overview... 2 Costs and Licenses... 2 Architecture... 3 Prerequisites...
More informationOptiSol FinTech Platforms
OptiSol FinTech Platforms Payment Solutions Cloud enabled Web & Mobile Platform for Fund Transfer OPTISOL BUSINESS SOLUTIONS PRIVATE LIMITED #87/4, Arcot Road, Vadapalani, Chennai 600026, Tamil Nadu. India
More informationCogniFit Technical Security Details
Security Details CogniFit Technical Security Details CogniFit 2018 Table of Contents 1. Security 1.1 Servers........................ 3 1.2 Databases............................3 1.3 Network configuration......................
More informationCloud & AWS Essentials Agenda. Introduction What is the cloud? DevOps approach Basic AWS overview. VPC EC2 and EBS S3 RDS.
Agenda Introduction What is the cloud? DevOps approach Basic AWS overview VPC EC2 and EBS S3 RDS Hands-on exercise 1 What is the cloud? Cloud computing it is a model for enabling ubiquitous, on-demand
More informationBetter, Faster, Stronger web apps with Amazon Web Services. Senior Technology Evangelist, Amazon Web Services
Better, Faster, Stronger web apps with Amazon Web Services Simone Brunozzi ( @simon ) Senior Technology Evangelist, Amazon Web Services (from the previous presentation) Knowledge starts from great questions.
More informationAWS Well Architected Framework
AWS Well Architected Framework What We Will Cover The Well-Architected Framework Key Best Practices How to Get Started Resources Main Pillars Security Reliability Performance Efficiency Cost Optimization
More informationOnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems
OnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems April 2017 215-12035_C0 doccomments@netapp.com Table of Contents 3 Contents Before you create ONTAP Cloud systems... 5 Logging in
More informationCPM Quick Start Guide V2.2.0
CPM Quick Start Guide V2.2.0 1 Content 1 Introduction... 3 1.1 Launching the instance... 3 1.2 CPM Server Instance Connectivity... 3 2 CPM Server Instance Configuration... 3 3 Creating a Simple Backup
More informationDISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?
DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing Slide 1 Slide 3 ➀ What is Cloud Computing? ➁ X as a Service ➂ Key Challenges ➃ Developing for the Cloud Why is it called Cloud? services provided
More informationUnderstanding Perimeter Security
Understanding Perimeter Security In Amazon Web Services Aaron C. Newman Founder, CloudCheckr Aaron.Newman@CloudCheckr.com Changing Your Perspective How do I securing my business applications in AWS? Moving
More informationImmersion Day. Getting Started with Linux on Amazon EC2
January 2017 Table of Contents Overview... 3 Create a new Key Pair... 4 Launch a Web Server Instance... 6 Browse the Web Server... 13 Appendix Additional EC2 Concepts... 14 Change the Instance Type...
More informationConfiguring a Palo Alto Firewall in AWS
Configuring a Palo Alto Firewall in AWS Version 1.0 10/19/2015 GRANT CARMICHAEL, MBA, CISSP, RHCA, ITIL For contact information visit Table of Contents The Network Design... 2 Step 1 Building the AWS network...
More informationHow can you implement this through a script that a scheduling daemon runs daily on the application servers?
You ve been tasked with implementing an automated data backup solution for your application servers that run on Amazon EC2 with Amazon EBS volumes. You want to use a distributed data store for your backups
More informationAmazon Virtual Private Cloud. Getting Started Guide
Amazon Virtual Private Cloud Getting Started Guide Amazon Virtual Private Cloud: Getting Started Guide Copyright 2017 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks
More informationPuppet on the AWS Cloud
Puppet on the AWS Cloud Quick Start Reference Deployment AWS Quick Start Reference Team March 2016 This guide is also available in HTML format at http://docs.aws.amazon.com/quickstart/latest/puppet/. Contents
More informationIntroduction to cloud computing
Introduction to cloud computing History of cloud Different vendors of Cloud computing Importance of cloud computing Advantages and disadvantages of cloud computing Cloud deployment methods Private cloud
More informationAWS Storage Optimization. AWS Whitepaper
AWS Storage Optimization AWS Whitepaper AWS Storage Optimization: AWS Whitepaper Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress
More informationBest Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ
Best Practices for Cloud Security at Scale Phil Rodrigues Security Solutions Architect Web Services, ANZ www.cloudsec.com #CLOUDSEC Best Practices for Security at Scale Best of the Best tips for Security
More informationAWS Certified Developer Exam Guide
AWS Certified Developer Exam Guide January 2017 AWS Global Infrastructure 4 4 Regions 4 Availability Zones 4 IAM - Identity and Access Management 4 4 Console URL 5 5 Active Directory Federation 5 Web Identity
More informationDeploy the Firepower Management Center Virtual On the AWS Cloud
Deploy the Firepower Management Center Virtual On the AWS Cloud Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you define.
More informationInstallation of Informatica Services on Amazon EC2
Installation of Informatica Services on Amazon EC2 2014 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording
More informationIntroduction: Is Amazon Web Service (AWS) cloud supports best cost effective & high performance modern disaster recovery.
Is Amazon Web Service (AWS) cloud supports best cost effective & high performance modern disaster recovery. Name: Rajib Das Employee ID- tcs 231462 ISU-CSP Email-rajib2.d@tcs.com Introduction: Disaster
More informationAgenda. Introduction Storage Primer Block Storage Shared File Systems Object Store On-Premises Storage Integration
Storage on AWS 2017 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon Web Services,
More informationHPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack
Content Pack data sheet HPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack HPE Content Pack number Content Pack length Content Pack category Learn more CP017 20 Hours Category
More informationAWS Storage Gateway. Not your father s hybrid storage. University of Arizona IT Summit October 23, Jay Vagalatos, AWS Solutions Architect
AWS Storage Gateway Not your father s hybrid storage University of Arizona IT Summit 2017 Jay Vagalatos, AWS Solutions Architect October 23, 2017 The AWS Storage Portfolio Amazon EBS (persistent) Block
More informationAWS Security. Stephen E. Schmidt, Directeur de la Sécurité
AWS Security Stephen E. Schmidt, Directeur de la Sécurité 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express
More informationIntroducing Amazon Elastic File System (EFS)
Introducing Amazon Elastic File System (EFS) Danilo Poccia, Technical Evangelist, AWS @danilop 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Goals and expectations for this session
More informationHOW TO PLAN & EXECUTE A SUCCESSFUL CLOUD MIGRATION
HOW TO PLAN & EXECUTE A SUCCESSFUL CLOUD MIGRATION Steve Bertoldi, Solutions Director, MarkLogic Agenda Cloud computing and on premise issues Comparison of traditional vs cloud architecture Review of use
More informationSecuring Amazon Web Services (AWS) EC2 Instances with Dome9. A Whitepaper by Dome9 Security, Ltd.
Securing Amazon Web Services (AWS) EC2 Instances with Dome9 A Whitepaper by Dome9 Security, Ltd. Amazon Web Services (AWS) provides business flexibility for your company as you move to the cloud, but new
More information25 Best Practice Tips for architecting Amazon VPC. 25 Best Practice Tips for architecting Amazon VPC. Harish Ganesan- CTO- 8KMiles
25 Best Practice Tips for architecting Amazon VPC 25 Best Practice Tips for architecting Amazon VPC Amazon VPC is one of the most important feature introduced by AWS. We have been using AWS from 2008 and
More informationIntroduction to Amazon Web Services
Introduction to Amazon Web Services Introduction Amazon Web Services (AWS) is a collection of remote infrastructure services mainly in the Infrastructure as a Service (IaaS) category, with some services
More informationAWS Certifications. Columbus Amazon Web Services Meetup - February 2018
AWS Certifications Columbus Amazon Web Services Meetup - February 2018 Presenter: Andrew May Senior Solutions Architect & Cloud Solutions Lead @ Leading EDJE Java developer since 2000 2 ½ years AWS experience
More informationDeploying Liferay Digital Experience Platform in Amazon Web Services
Deploying Liferay Digital Experience Platform in Amazon Web Services Table of Contents Introduction................................. 1 Reference Architecture........................ 1 Overview..................................
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationHow to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud
How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud The Barracuda NG Firewall can run as a virtual appliance in the Amazon cloud as a gateway device for Amazon EC2 instances in an
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationAdvanced Architectures for Oracle Database on Amazon EC2
Advanced Architectures for Oracle Database on Amazon EC2 Abdul Sathar Sait Jinyoung Jung Amazon Web Services November 2014 Last update: April 2016 Contents Abstract 2 Introduction 3 Oracle Database Editions
More informationThoughtSpot on AWS Quick Start Guide
ThoughtSpot on AWS Quick Start Guide Version 4.2 February 2017 Table of Contents Contents Chapter 1: Welcome to ThoughtSpot...3 Contact ThoughtSpot... 4 Chapter 2: Introduction... 6 About AWS...7 Chapter
More informationPexip Infinity and Amazon Web Services Deployment Guide
Pexip Infinity and Amazon Web Services Deployment Guide Contents Introduction 1 Deployment guidelines 2 Configuring AWS security groups 4 Deploying a Management Node in AWS 6 Deploying a Conferencing Node
More informationlab Highly Available and Fault Tolerant Architecture for Web Applications inside a VPC V1.01 AWS Certified Solutions Architect Associate lab title
lab lab title Highly Available and Fault Tolerant Architecture for Web Applications inside a VPC V1.01 Course title AWS Certified Solutions Architect Associate Table of Contents Contents Table of Contents...
More informationUsing SQL Server on Amazon Web Services
Using SQL Server on Amazon Web Services High Availability and Reliability in the Cloud Michael Barras, Sr. Database Engineer August 26, 2017 2017, Amazon Web Services, Inc. or its Affiliates. All rights
More informationAmazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.
Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect Amazon.com, Inc. and its affiliates. All rights reserved. Learning about Cloud Computing with AWS What is Cloud Computing and
More informationOracle IaaS, a modern felhő infrastruktúra
Sárecz Lajos Cloud Platform Sales Consultant Oracle IaaS, a modern felhő infrastruktúra Copyright 2017, Oracle and/or its affiliates. All rights reserved. Azure Window collapsed Oracle Infrastructure as
More information