Securing Serverless Architectures
|
|
- Brandon Phelps
- 5 years ago
- Views:
Transcription
1 Securing Serverless Architectures Dave Walker, Specialist Solutions Architect, Security and Compliance Berlin 12/04/ , Web Services, Inc. or its Affiliates. All rights reserved.
2 With Thanks To:
3 Agenda Serverless Architectures: What they Are Caveat Emptor? Constraining Access and Permissions Wrapping Functions API Gateway and Service API Endpoints Generalising Across Serverless Functions Conclusions
4 Serverless Architectures: What They Are
5 Serverless Architectures: What they Are The shiny new thing though S3 has been around for 10 years, now Object stores, object transmission and aggregation pipelines, object format tranformers, standalone code execution systems Abstract (and sometimes, Container) Services looks after the underlying OS, High Availability, Scaling, often Application, transparently Often event-driven ( triggers etc) Customers only need to worry about their functionality
6 Serverless Services
7 For Example Backend Logic IoT Activity Indicator Activity Website Internet API Gateway Chat Service Messages Dynamo Streams Twilio Web Hosting Search Service Slack Chat Elasticsearch Service
8 Caveat Emptor?
9 Everything Starts with a Threat Model STRIDE, DREAD, others Identify: Actors Vectors Bad stuff that could happen, when bad people get creative Probabilities and consequences of bad stuff happening Apply technical and procedural mitigations all the way up the OSI stack, from Network to Application
10 Attack Vectors Application-level and API-level attacks If it takes input, it likely has an in-band attack vector If it has a control point, it likely has an out-of-band attack vector Even if it doesn t itself have a useful compromise, it might be a useful propagation vector A successful attack = disruption or corruption of service output, or reduction in responsiveness to future service calls, or being a conduit of bad content to vulnerable consumers of the service. Consider the OWASP Top 10 and other application-level attacks
11 Control Points and Out-of-band Attacks (Almost) everything in our list has an API Endpoint. API Endpoints are exposed to the Internet over https, using TLS 1.2 and unidirectional trust via s2n API Endpoints are scaled, rate-managed and connectionmonitored API Endpoint calls need Sigv4 SHA256 HMAC with Secret Access Key (240-bit entropic) over REST request REST calls are checked for formation correctness Looking pretty well-covered
12 In-band Attacks There are more variables here consider access methods and content sizes:
13 Constraining Access and Permissions
14 IAM is your First Port of Call Quickest and highly effective way to reduce risk of serverless misbehaviour at sub-data level All API access should be Role-based Roles can be given to EC2 Instances and functions Roles use ephemeral STS tokens rather than static keys Reduces consequences of static key mishandling, no motivation to hard-wire into code Cross-account access gets close to Mandatory Access Control See video of presentation from UK Security Roadshow (Coming Soon)
15 IAM is your First Port of Call API calls can be constrained in IAM by Source IP address Get the range from We could use this to ensure that only our wrapper functions can call our main functions or the real API endpoints Recent development: verify when permissions were last used See Tx280RX2WH6WUD7/Remove-Unnecessary-Permissions-in- Your-IAM-Policies-by-Using-Service-Last-Access
16 Wrapping Functions
17 Let s start with Why? It s a great test case, as: It can take input from (almost) anywhere It can do (almost) anything with that input, given appropriate permissions It can output (almost) anything to (almost) anywhere Customers have control over what happens between input and output Risk: you can write insecure code in any language (including Node.js, Java, Python and anything you can call from them )
18 Let s start with Already good info on developing functions functions run in an IAM role Consider cross-account function calls (see ) Now let s add a front-end wrapper / filter and back-end / side API checker
19 Wrapping Functions bucket API Gateway DynamoDB
20 Wrapping Functions bucket API Gateway DynamoDB Back end Front end Trigger event source Our original function
21 Wrapping Functions 1. Event triggers wrapper bucket API Gateway DynamoDB
22 Wrapping Functions 1. Event triggers wrapper bucket API Gateway DynamoDB 2. Wrapper passes trigger data to analyser
23 Wrapping Functions 1. Event triggers wrapper bucket API Gateway DynamoDB 2. Wrapper passes trigger data to analyser 3. Analyser reads data
24 Wrapping Functions 1. Event triggers wrapper bucket 4. Wrapper invokes Function API Gateway DynamoDB 2. Wrapper passes trigger data to analyser 3. Analyser reads data
25 Wrapping Functions 5. Function reads data and processes as normal 1. Event triggers wrapper bucket 4. Wrapper invokes Function API Gateway DynamoDB 2. Wrapper passes trigger data to analyser 3. Analyser reads data
26 Wrapping Functions First function, configured to trigger on the event, is a front-end wrapper Passes copy of trigger event input and context to analysis engine (hello, Alert Logic J ) Optionally, waits for content OK response from analysis engine (in-band checking) to determine whether main function should be invoked or calls main function immediately, if performance is more critical (out-of-band checking) Has the same IAM Read / Get permissions in its role as the main function, plus what s needed to send trigger info and invoke the main function
27 Wrapping Functions Analysis Engine Needs IAM permissions to be able to read from the trigger source Needs to be configurable to respond to the calling function after checks are complete (in-band checking, IPSstyle) and / or raise alerts eg via SNS if badness is found (out-of-band checking, IDS-style) In discussion with Alert Logic (co-inventors), but concept and invocation mechanisms are non-exclusive
28 Wrapping Functions Second function, invoked by the first, is our main function Modify the permission conditions in the IAM role so that this function can only be called from IP addresses in the AMAZON range in the same Region ie our wrapping function Consider passing and verifying a shared secret With the front-end wrapped, now let s look at the back
29 API Gateway and API Endpoints
30 API Gateway and API Endpoints bucket API Gateway DynamoDB Back end
31 API Gateway and API Endpoints Consider API Gateway as a protective front-end onto the main API Endpoints Can rate-limit calling frequency Can have back-end functions on each of REST GET, PUT, POST, PATCH, DELETE, HEAD, OPTIONS to check call content Supports Sigv4 and generates logs So, we have a back-end wrapper function J But we need to make API Gateway the target(s) for calls to API Endpoints, in our main function Easy!
32 Endpoint mappings in boto and Java SDK: boto/boto/endpoints.json and aws-java-sdk-core/src/ main/resources/com/amazonaws/partitions/ endpoints.json { "autoscaling": { }, "ap-northeast-1": "autoscaling.ap-northeast-1.amazonaws.com", "ap-northeast-2": "autoscaling.ap-northeast-2.amazonaws.com", "ap-southeast-1": "autoscaling.ap-southeast-1.amazonaws.com", "ap-southeast-2": "autoscaling.ap-southeast-2.amazonaws.com", "cn-north-1": "autoscaling.cn-north-1.amazonaws.com.cn", "eu-central-1": "autoscaling.eu-central-1.amazonaws.com", "eu-west-1": "autoscaling.eu-west-1.amazonaws.com", "sa-east-1": "autoscaling.sa-east-1.amazonaws.com", "us-east-1": "autoscaling.us-east-1.amazonaws.com", "us-gov-west-1": "autoscaling.us-gov-west-1.amazonaws.com", "us-west-1": "autoscaling.us-west-1.amazonaws.com", "us-west-2": "autoscaling.us-west-2.amazonaws.com"
33 Wrapping Functions Hack the in-environment SDK for your own main function! 2-stage function needed, in the execution context: 1. Verify that the endpoints as defined in the SDK are your own API Gateway endpoints; set them if not 2. Invoke the actual doing stuff function
34 Generalising Across Serverless Functions
35 Filtering API Calls API Gateway DynamoDB
36 Filtering Kinesis (and some other) Streams Kinesis Kinesis DynamoDB ElastiCache
37 Services with Trigger Support Config CloudWatch S3 DynamoDB Kinesis SNS SES Cognito CloudFormation
38 Conclusions
39 Threats and Mitigations IAM is your first port of call, for limiting API calls and their scope Cross-account access can also be useful here API Endpoints are well-protected, but API Gateways can add hooks for further protection at Layer 7 to any service though they re most applicable to serverless ones functions can provide useful tap / inspection / filter hook points for queues and pipelines functions can themselves be used as wrap and filter hook points on the input to functions
40 Further Food for Thought? Using Serverless Capabilities to Add Security Functionality to More Traditional Services Config Rules already does this GitHub repo at CI / CD: Add a final post-deploy step onto CodePipeline, and API Gateway as a front-end to pentest infrastructure, to automatically call a pentest down onto the newly-deployed components Let s discuss
41
Zombie Apocalypse Workshop
Zombie Apocalypse Workshop Building Serverless Microservices Danilo Poccia @danilop Paolo Latella @LatellaPaolo September 22 nd, 2016 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
More informationServerless Architecture Hochskalierbare Anwendungen ohne Server. Sascha Möllering, Solutions Architect
Serverless Architecture Hochskalierbare Anwendungen ohne Server Sascha Möllering, Solutions Architect Agenda Serverless Architecture AWS Lambda Amazon API Gateway Amazon DynamoDB Amazon S3 Serverless Framework
More informationServerless Computing. Redefining the Cloud. Roger S. Barga, Ph.D. General Manager Amazon Web Services
Serverless Computing Redefining the Cloud Roger S. Barga, Ph.D. General Manager Amazon Web Services Technology Triggers Highly Recommended http://a16z.com/2016/12/16/the-end-of-cloud-computing/ Serverless
More informationServerless Architectures with AWS Lambda. David Brais & Udayan Das
Serverless Architectures with AWS Lambda by David Brais & Udayan Das 1 AGENDA AWS Lambda Basics Invoking Lambda Setting up Lambda Handlers Use Cases ASP.NET Web Service Log Processing with AWS Lambda +
More informationAWS 101. Patrick Pierson, IonChannel
AWS 101 Patrick Pierson, IonChannel What is AWS? Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help
More informationGoing Serverless. Building Production Applications Without Managing Infrastructure
Going Serverless Building Production Applications Without Managing Infrastructure Objectives of this talk Outline what serverless means Discuss AWS Lambda and its considerations Delve into common application
More informationHow to go serverless with AWS Lambda
How to go serverless with AWS Lambda Roman Plessl, nine (AWS Partner) Zürich, AWSomeDay 12. September 2018 About myself and nine Roman Plessl Working for nine as a Solution Architect, Consultant and Leader.
More informationAutomate best practices and operational health for your AWS resources with Trusted Advisor and AWS Health
Automate best practices and operational health for your AWS resources with Trusted Advisor and AWS Health Heitor Lessa, Solutions Architect @ AWS Stephen Gran, Senior Technical Architect @ Piksel June
More informationDiving into AWS Lambda
Diving into AWS Lambda An Intro to Serverless for Admins # Penn State MacAdmins 2018 Bryson Tyrrell # Systems Development Engineer II # Jamf Cloud Engineering @bryson3gps @brysontyrrell Diving into AWS
More informationAWS Lambda: Event-driven Code in the Cloud
AWS Lambda: Event-driven Code in the Cloud Dean Bryen, Solutions Architect AWS Andrew Wheat, Senior Software Engineer - BBC April 15, 2015 London, UK 2015, Amazon Web Services, Inc. or its affiliates.
More informationContainers or Serverless? Mike Gillespie Solutions Architect, AWS Solutions Architecture
Containers or Serverless? Mike Gillespie Solutions Architect, AWS Solutions Architecture A Typical Application with Microservices Client Webapp Webapp Webapp Greeting Greeting Greeting Name Name Name Microservice
More informationDeep Dive on AWS CodeStar
Deep Dive on AWS CodeStar with AWS CI/CD workflow Tara E. Walker Technical Evangelist @taraw June 28, 2017 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda What is DevOps
More informationReactive Microservices Architecture on AWS
Reactive Microservices Architecture on AWS Sascha Möllering Solutions Architect, @sascha242, Amazon Web Services Germany GmbH Why are we here today? https://secure.flickr.com/photos/mgifford/4525333972
More informationHow to use or not use the AWS API Gateway for Microservices
How to use or not use the AWS API Gateway for Microservices Presented by Dr. Martin Merck Wednesday 26 September 2018 What is an API Gateway Traits AWS API Gateway Features of API gateway OAuth2.0 Agenda
More informationSecurity Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance
Security Aspekts on Services for Serverless Architectures Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Agenda: Security in General Services in Scope Aspects of Services for
More informationMOBILE APP FOR ACME INC. by Sean Hull - Cloud Solutions Architect -
MOBILE APP FOR ACME INC. by Sean Hull - Cloud Solutions Architect - sean@iheavy.com ABOUT SEAN HULL +1-917-442-3939 sean@iheavy.com iheavy.com/blog about.me/hullsean github.com/hullsean NEWSLETTER - SIGNUP!
More informationMicroservices on AWS. Matthias Jung, Solutions Architect AWS
Microservices on AWS Matthias Jung, Solutions Architect AWS Agenda What are Microservices? Why Microservices? Challenges of Microservices Microservices on AWS What are Microservices? What are Microservices?
More informationBest Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ
Best Practices for Cloud Security at Scale Phil Rodrigues Security Solutions Architect Web Services, ANZ www.cloudsec.com #CLOUDSEC Best Practices for Security at Scale Best of the Best tips for Security
More informationEmulating Lambda to speed up development. Kevin Epstein CTO CorpInfo AWS Premier Partner
Emulating Lambda to speed up development Kevin Epstein CTO CorpInfo AWS Premier Partner What is Lambda? Scalable, Highly Available, Stateless, event driven computing Fully managed runtime environment Python
More informationBERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
BERLIN 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Building Multi-Region Applications Jan Metzner, Solutions Architect Brian Wagner, Solutions Architect 2015, Amazon Web Services,
More informationAmazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India
(AWS) Overview: AWS is a cloud service from Amazon, which provides services in the form of building blocks, these building blocks can be used to create and deploy various types of application in the cloud.
More informationCrypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH
Crypto-Options on AWS Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH Amazon.com, Inc. and its affiliates. All rights reserved. Agenda
More informationThe Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter
AWS Solutions Architect (Associate) Exam Course Manual Enter Linux Academy Keller, Texas United States of America March 31, 2017 To All Linux Academy Students: Welcome to Linux Academy's AWS Certified
More informationWhat s New at AWS? A selection of some new stuff. Constantin Gonzalez, Principal Solutions Architect, Amazon Web Services
What s New at AWS? A selection of some new stuff Constantin Gonzalez, Principal Solutions Architect, Amazon Web Services Speed of Innovation AWS Pace of Innovation AWS has been continually expanding its
More informationAWS Lambda. 1.1 What is AWS Lambda?
Objectives Key objectives of this chapter Lambda Functions Use cases The programming model Lambda blueprints AWS Lambda 1.1 What is AWS Lambda? AWS Lambda lets you run your code written in a number of
More informationAWS Connected Vehicle Cloud
AWS Connected Vehicle Cloud AWS Implementation Guide Sean Senior Chris Rec Hitendra Nishar Tom Horton November 2017 Copyright (c) 2017 by Amazon.com, Inc. or its affiliates. The AWS Connected Vehicle Cloud
More informationHandel-CodePipeline Documentation
Handel-CodePipeline Documentation Release 0.0.6 David Woodruff Dec 11, 2017 Getting Started 1 Introduction 3 2 Installation 5 3 Tutorial 7 4 Using Handel-CodePipeline 11 5 Handel-CodePipeline File 13
More informationHow can you implement this through a script that a scheduling daemon runs daily on the application servers?
You ve been tasked with implementing an automated data backup solution for your application servers that run on Amazon EC2 with Amazon EBS volumes. You want to use a distributed data store for your backups
More informationAWS Lambda + nodejs Hands-On Training
AWS Lambda + nodejs Hands-On Training (4 Days) Course Description & High Level Contents AWS Lambda is changing the way that we build systems in the cloud. This new compute service in the cloud runs your
More informationServerless The Future of the Cloud?!
DEV4867 Serverless The Future of the Cloud?! by Bert Ertman Those who stand for nothing, fall for anything - Alexander Hamilton @BertErtman Fellow, Director of Technology Outreach at Luminis Background
More informationMONITORING SERVERLESS ARCHITECTURES
MONITORING SERVERLESS ARCHITECTURES CAN YOU HELP WITH SOME PRODUCTION PROBLEMS? Your Manager (CC) Rachel Gardner Rafal Gancarz Lead Consultant @ OpenCredo WHAT IS SERVERLESS? (CC) theaucitron Cloud-native
More informationMicroservices Architekturen aufbauen, aber wie?
Microservices Architekturen aufbauen, aber wie? Constantin Gonzalez, Principal Solutions Architect glez@amazon.de, @zalez 30. Juni 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
More informationGetting Started with AWS IoT
Getting Started with AWS IoT Denis V. Batalov, PhD @dbatalov Sr. Solutions Architect, AWS EMEA 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Things are becoming connected Source:
More informationLeveraging the Security of AWS's Own APIs for Your App. Brian Wagner Solutions Architect Serverless Web Day June 23, 2016
Leveraging the Security of AWS's Own APIs for Your App Brian Wagner Solutions Architect Serverless Web Day June 23, 2016 AWS API Requests Access Key and Secret Key (access key and secret key have been
More informationLevel Up Your CF Apps with Amazon Web Services
Level Up Your CF Apps with Amazon Web Services Brian Klaas bklaas@jhu.edu @brian_klaas Level Up Your CF Apps with Amazon Web Services Brian Klaas bklaas@jhu.edu @brian_klaas Hello Hello Hello Hello Hello
More informationOvercoming the Challenges of Automating Security in a DevOps Environment
SESSION ID: LAB-W02 Overcoming the Challenges of Automating Security in a DevOps Environment Murray Goldschmidt Chief Operating Officer Sense of Security @ITsecurityAU Michael McKinnon Director, Commercial
More informationAccenture Cloud Platform Serverless Journey
ARC202 Accenture Cloud Platform Serverless Journey Tom Myers, Sr. Cloud Architect, Accenture Cloud Platform Matt Lancaster, Lightweight Architectures Global Lead November 29, 2016 2016, Amazon Web Services,
More informationFrom Your Keyboard to Your Customers without a Server to Manage In-between
From Your Keyboard to Your Customers without a Server to Manage In-between Chris Munns Senior Developer Advocate - Serverless 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved About
More informationMicroservices without the Servers: AWS Lambda in Action
Microservices without the Servers: AWS Lambda in Action Dr. Tim Wagner, General Manager AWS Lambda August 19, 2015 Seattle, WA 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Two
More informationIoT Device Simulator
IoT Device Simulator AWS Implementation Guide Sean Senior May 2018 Copyright (c) 2018 by Amazon.com, Inc. or its affiliates. IoT Device Simulator is licensed under the terms of the Amazon Software License
More informationARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS
ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS Dr Adnene Guabtni, Senior Research Scientist, NICTA/Data61, CSIRO Adnene.Guabtni@csiro.au EC2 S3 ELB RDS AMI
More informationAWS Solutions Architect Associate (SAA-C01) Sample Exam Questions
1) A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI.
More informationAWS IoT Overview. July 2016 Thomas Jones, Partner Solutions Architect
AWS IoT Overview July 2016 Thomas Jones, Partner Solutions Architect AWS customers are connecting physical things to the cloud in every industry imaginable. Healthcare and Life Sciences Municipal Infrastructure
More informationMonitoring Serverless Architectures in AWS
Monitoring Serverless Architectures in AWS The introduction of serverless architectures is a positive development from a security perspective. Splitting up services into single-purpose functions with well-defined
More informationAWS Well Architected Framework
AWS Well Architected Framework What We Will Cover The Well-Architected Framework Key Best Practices How to Get Started Resources Main Pillars Security Reliability Performance Efficiency Cost Optimization
More informationSAMPLE CHAPTER. Event-driven serverless applications. Danilo Poccia. FOREWORD BY James Governor MANNING
SAMPLE CHAPTER Event-driven serverless applications Danilo Poccia FOREWORD BY James Governor MANNING AWS Lambda in Action by Danilo Poccia Chapter 8 Copyright 2017 Manning Publications brief contents PART
More informationWerden Sie ein Teil von Internet der Dinge auf AWS. AWS Enterprise Summit 2015 Dr. Markus Schmidberger -
Werden Sie ein Teil von Internet der Dinge auf AWS AWS Enterprise Summit 2015 Dr. Markus Schmidberger - schmidbe@amazon.de Internet of Things is the network of physical objects or "things" embedded with
More informationAmazon Search Services. Christoph Schmitter
Amazon Search Services Christoph Schmitter csc@amazon.de What we'll cover Overview of Amazon Search Services Understand the difference between Cloudsearch and Amazon ElasticSearch Service Q&A Amazon Search
More informationNetwork Security & Access Control in AWS
Network Security & Access Control in AWS Ian Massingham, Technical Evangelist @IanMmmm 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Account Security Day One Governance Account
More informationAWS Serverless Application Repository. Developer Guide
AWS Serverless Application Repository Developer Guide AWS Serverless Application Repository: Developer Guide Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationMid-Atlantic CIO Forum
Mid-Atlantic CIO Forum Agenda Security of the Cloud Security In the Cloud Your Product and Services Roadmap (innovation) AWS and Cloud Services Growth and Expansion at AWS Questions & Discussion Shared
More informationDevelop and test your Mobile App faster on AWS
Develop and test your Mobile App faster on AWS Carlos Sanchiz, Solutions Architect @xcarlosx26 #AWSSummit 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The best mobile apps are
More informationAdvanced Techniques for DDoS Mitigation and Web Application Defense
Advanced Techniques for DDoS Mitigation and Web Application Defense Dr. Andrew Kane, Solutions Architect Giorgio Bonfiglio, Technical Account Manager June 28th, 2017 2017, Amazon Web Services, Inc. or
More informationBuilding a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS
Building a Self-Defending Border Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS www.cloudsec.com #cloudsec Building A Defending Borders Protect Your Web-facing Workloads
More informationRed Team View: Gaps in the Serverless Attack Surface.
SESSION ID: CSV-W12 Red Team View: Gaps in the Serverless Attack Surface. Mike Cotton SVP Research & Development Digital Defense Inc. Overview Shift in Technology -> Shift in Tactics Serverless Another
More informationWho done it: Gaining visibility and accountability in the cloud
Who done it: Gaining visibility and accountability in the cloud By Ryan Nolette Squirrel Edition $whoami 10+ year veteran of IT, Security Operations, Threat Hunting, Incident Response, Threat Research,
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationStore, Protect, Optimize Your Healthcare Data in AWS
Healthcare reform, increasing patient expectations, exponential data growth, and the threat of cyberattacks are forcing healthcare providers to re-evaluate their data management strategies. Healthcare
More informationBeyond Virtual Machines: Tapping into the AWS Universe from FileMaker
Beyond Virtual Machines: Tapping into the AWS Universe from FileMaker ITG06 Jesse Barnum President, 360Works FILEMAKER DEVCON 2018 AUGUST 6-9 GRAPEVINE, TX Jesse founded 360Works in 1996 Primary or original
More informationMapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd
Berlin Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd AWS Compliance Display Cabinet Certificates: Programmes:
More informationGOING FULLY SERVERLESS
GOING FULLY SERVERLESS Is it possible to never worry about servers? Jonathon Valentine CTO ThingCo Who am I? CTO & Co-founder of ThingCo, using next generation telematics and IoT to use driving data to
More informationAWS Networking Fundamentals
AWS Networking Fundamentals Tom Adamski Specialist Solutions Architect, AWS Traditional Network WAN VPN VPN Fiber Applications Applications AWS Network VPN WAN (AWS Direct Connect) VPN Fiber Applications
More informationDevOps Tooling from AWS
DevOps Tooling from AWS What is DevOps? Improved Collaboration - the dropping of silos between teams allows greater collaboration and understanding of how the application is built and deployed. This allows
More informationElasticIntel. Scalable Threat Intel Aggregation in AWS
ElasticIntel Scalable Threat Intel Aggregation in AWS Presenter: Matt Jane Obligatory Who I Am slide.. Builder/Automator I put things in clouds Open Source Advocate
More informationBuilding a Microservices Platform, Patterns and Best Practices
Building a Microservices Platform, Patterns and Best Practices Sascha Möllering, Solutions Architect, @sascha242 May 29th, 2017 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What
More informationBuild planetary scale applications with compartmentalization
Build planetary scale applications with compartmentalization Julien Lépine Solutions Architect, Amazon Web Services 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Software is taking
More informationDevOps Course Content
DevOps Course Content 1. Introduction: Understanding Development Development SDLC using WaterFall & Agile Understanding Operations DevOps to the rescue What is DevOps DevOps SDLC Continuous Delivery model
More informationDevOps on AWS Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS Deep Dive on Continuous Delivery and the AWS Developer Tools Woody Borraccino, AWS Solutions Architect May 4, 2016, Stockholm 2016, Amazon Web Services, Inc. or its Affiliates. All rights
More informationAUTOMATING SECDEVOPS WORKSHOP
SESSION ID: AUTOMATING SECDEVOPS WORKSHOP Murray Goldschmidt Chief Operating Officer Sense of Security Pty Ltd Agenda Overview Coding Scanning Attacking Security in DevOps Overview Stack Security AWS
More informationNEXT GENERATION CLOUD SECURITY
SESSION ID: CMI-F02 NEXT GENERATION CLOUD SECURITY Myles Hosford Head of FSI Security & Compliance Asia Amazon Web Services Agenda Introduction to Cloud Security Benefits of Cloud Security Cloud APIs &
More informationAWS London Loft: CloudFormation Workshop
AWS London Loft: CloudFormation Workshop Templated AWS Resources Tom Maddox Solutions Architect tmaddox@amazon.co.uk Who am I? Gardener (Capacity Planning) Motorcyclist (Agility) Mobile App Writer Problem
More informationServerless Website Publishing with AWS Code* Services. Steffen Grunwald Solutions Architect, AWS October 27, 2016
Serverless Website Publishing with AWS Code* Services Steffen Grunwald Solutions Architect, AWS October 27, 2016 Software Delivery Models evolved What do you need to move fast? Re-use services, Architect
More informationDeep Dive on Serverless Application Development
Deep Dive on Serverless Application Development Danilo Poccia, Technical Evangelist @danilop 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda What is a Serverless Application?
More informationSAMPLE CHAPTER. Event-driven serverless applications. Danilo Poccia. FOREWORD BY James Governor MANNING
SAMPLE CHAPTER Event-driven serverless applications Danilo Poccia FOREWORD BY James Governor MANNING in Action by Danilo Poccia Chapter 1 Copyright 2017 Manning Publications brief contents PART 1 FIRST
More informationImmersion Day. Getting Started with AWS Lambda. August Rev
Getting Started with AWS Lambda August 2016 Rev 2016-08-19 Table of Contents Overview... 3 AWS Lambda... 3 Amazon S3... 3 Amazon CloudWatch... 3 Handling S3 Events using the AWS Lambda Console... 4 Create
More informationAt Course Completion Prepares you as per certification requirements for AWS Developer Associate.
[AWS-DAW]: AWS Cloud Developer Associate Workshop Length Delivery Method : 4 days : Instructor-led (Classroom) At Course Completion Prepares you as per certification requirements for AWS Developer Associate.
More informationIntro to Big Data on AWS Igor Roiter Big Data Cloud Solution Architect
Intro to Big Data on AWS Igor Roiter Big Data Cloud Solution Architect Igor Roiter Big Data Cloud Solution Architect Working as a Data Specialist for the last 11 years 9 of them as a Consultant specializing
More informationManaging IoT and Time Series Data with Amazon ElastiCache for Redis
Managing IoT and Time Series Data with ElastiCache for Redis Darin Briskman, ElastiCache Developer Outreach Michael Labib, Specialist Solutions Architect 2016, Web Services, Inc. or its Affiliates. All
More informationVideo on Demand on AWS
Video on Demand on AWS AWS Implementation Guide Tom Nightingale April 2017 Last updated: November 2018 (see revisions) Copyright (c) 2018 by Amazon.com, Inc. or its affiliates. Video on Demand on AWS is
More informationWhat s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services
What s New at AWS? looking at just a few new things for Enterprise Philipp Behre, Enterprise Solutions Architect, Amazon Web Services 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
More informationBuilding Games with AWS Mobile Services
Building Games with AWS Mobile Services Ozkan Can Solutions Architect, AWS @_ozkancan How Do You Build a Mobile Game Today? AWS LAMBDA COMPUTE SERVICE EVENT DRIVEN Run code without thinking about servers
More informationHow to Route Internet Traffic between A Mobile Application and IoT Device?
Whitepaper How to Route Internet Traffic between A Mobile Application and IoT Device? Website: www.mobodexter.com www.paasmer.co 1 Table of Contents 1. Introduction 3 2. Approach: 1 Uses AWS IoT Setup
More informationAdditional Security Services on AWS
Additional Security Services on AWS Bertram Dorn Specialized Solutions Architect Security / Compliance / DataProtection AWS EMEA The Landscape The Paths Application Data Path Path Cloud Managed by Customer
More informationSecuring Microservices Containerized Security in AWS
Securing Microservices Containerized Security in AWS Mike Gillespie, Solutions Architect, Amazon Web Services Splitting Monoliths Ten Years Ago Splitting Monoliths Ten Years Ago XML & SOAP Splitting Monoliths
More informationHigh School Technology Services myhsts.org Certification Courses
AWS Associate certification training Last updated on June 2017 a- AWS Certified Solutions Architect (40 hours) Amazon Web Services (AWS) Certification is fast becoming the must have certificates for any
More informationDevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY
DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo
More informationAWS Solution Architect Associate
AWS Solution Architect Associate 1. Introduction to Amazon Web Services Overview Introduction to Cloud Computing History of Amazon Web Services Why we should Care about Amazon Web Services Overview of
More informationExam Questions AWS-Certified- Developer-Associate
Exam Questions AWS-Certified- Developer-Associate Amazon AWS Certified Developer Associate https://www.2passeasy.com/dumps/aws-certified- Developer-Associate/ 1. When using Amazon SQS how much data can
More informationThis document (including, without limitation, any product roadmap or statement of direction data) illustrates the planned testing, release and
Serverless Integration Powered by Flogo and Lambda Leon Stigter Developer Advocate TIBCO 2 Abstract No matter the metric, "serverless" is definitely gaining interest. It s the dream of every developer,
More informationExperiences with Serverless Big Data
Experiences with Serverless Big Data AWS Meetup Munich 2016 Markus Schmidberger, Head of Data Service Munich, 17.10.16 Key Components of our Data Service Real-Time Monitoring Enable our development teams
More informationDeep Dive Amazon Kinesis. Ian Meyers, Principal Solution Architect - Amazon Web Services
Deep Dive Amazon Kinesis Ian Meyers, Principal Solution Architect - Amazon Web Services Analytics Deployment & Administration App Services Analytics Compute Storage Database Networking AWS Global Infrastructure
More informationTesting in AWS. Let s go back to the lambda function(sample-hello) you made before. - AWS Lambda - Select Simple-Hello
Testing in AWS Let s go back to the lambda function(sample-hello) you made before. - AWS Lambda - Select Simple-Hello Testing in AWS Simulate events and have the function react to them. Click the down
More informationCloud Computing. Amazon Web Services (AWS)
Cloud Computing What is Cloud Computing? Benefit of cloud computing Overview of IAAS, PAAS, SAAS Types Of Cloud private, public & hybrid Amazon Web Services (AWS) Introduction to Cloud Computing. Introduction
More informationHow the Cloud is Enabling the Disruption of the Construction Industry. AWS Case Study Construction Industry. Abstract
Case Study Construction Industry How the Cloud is Enabling the Disruption of the Construction Industry Abstract A Minfy-architected cloud solution is helping iquippo, a digital marketplace for the construction
More informationHardening AWS Environments. Automating Incident Response. AWS Compromises
Hardening AWS Environments and Automating Incident Response for AWS Compromises Hardening AWS Environments and Automating Incident Response for AWS Compromises Andrew Krug and Alex McCormack Agenda: Preparing
More informationSAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions
SAA-C01 AWS Solutions Architect Associate Exam Summary Syllabus Questions Table of Contents Introduction to SAA-C01 Exam on AWS Solutions Architect Associate... 2 AWS SAA-C01 Certification Details:...
More informationAWS Landing Zone. AWS Developers Guide. June 2018
AWS Landing Zone AWS Developers Guide June 2018 Copyright (c) 2018 by Amazon.com, Inc. or its affiliates. AWS Landing Zone Developer Guide is licensed under the terms of the Amazon Software License available
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : SAA-C01 Title : AWS Certified Solutions Architect - Associate (Released February 2018)
More informationEE 660: Computer Architecture Cloud Architecture: IaaS
EE 660: Computer Architecture Cloud Architecture: IaaS Yao Zheng Department of Electrical Engineering University of Hawaiʻi at Mānoa Based on the slides of Prof. Roy Campbell & Prof Reza Farivar Agenda
More information