(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito

AWS security with Identity and Access Management. From the basics to advanced uses of federated access to multiple AWS accounts.

The document discusses Amazon Cognito and how it can be used to authenticate users, manage identity, and synchronize user data across devices. It provides an overview of Cognito's capabilities including support for guest users, developer authenticated identities, and using IAM roles to control access. It also demonstrates how to set up Cognito and integrate the mobile SDK to use Cognito's features in a mobile app.

AWS S3 provides cloud storage and object storage services. It allows users to store and retrieve large amounts of data over the internet at a low cost. Some key benefits include durability, scalability, availability, and security. S3 stores data as objects within buckets and provides features like lifecycle management, bucket policies, encryption, versioning, and cross-region replication.

- Understand user identity and federation principles and practices - Learn how Amazon Cognito works with federated identity providers - See how to use Amazon Cognito to add the forms for user Sign-up and Sign-in to an application

by Fritz Kunstler, Sr. AWS Security Consultant AWS Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.

This session is focused on diving into the AWS IAM policy categories to understand the differences, learn how the policy evaluation logic works, and go over some best practices. We will then walk through how to use permission boundaries to truly delegate administration in AWS.

After IAM and Detective Controls you’ll turn to Infrastructure Security, which means tuning AWS Service configurations, AMI composition, and hardening other digital assets that will be deployed. We will cover how to define networking architecture (e.g. VPC, subnets, security groups); how to develop hardened AMIs based on your requirements; the importance of defining Internet ingress and egress flows, and how to determine Vulnerability Management and operational maintenance cadence.

by Apurv Awasthi, Sr. Technical Product Manager, AWS This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources. We also cover the concept of trust relationships, and how you can use them to delegate access to your AWS resources. This session covers also covers IAM best practices that can help improve your security posture. We cover how to manage IAM users and roles, and their security credentials. We also explain ways for how you can securely manage you AWS access keys. Using common use cases, we demonstrate how to choose between using IAM users or IAM roles. Finally, we explore how to set permissions to grant least privilege access control in one or more of your AWS accounts. Level 100

Brief research on Amazon S3 for my company. Feel free to comment/feedback. Thanks! Connect with me on LinkedIn : sg.linkedin.com/in/yulunteo/ Seems like there are still plenty of people viewing this presentation after so long. Maybe i should consider doing a update for Cloudfront/Glacier as well..

IAM is first in the Security CAF because in the cloud first you grant access and only then can you provision infrastructure (the opposite of on-prem). In this session we’ll cover how to define fine grained access to AWS resources via users, roles and groups; designing privileged user & multi-factor authentication mechanisms and how to operate IAM at scale.

This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.

Come learn about new and existing Amazon S3 features that can help you better protect your data, save on cost, and improve usability, security, and performance. We will cover a wide variety of Amazon S3 features and go into depth on several newer features with configuration and code snippets, so you can apply the learnings on your object storage workloads.

There’s a fundamental difference between your customers and employees with regards to identity and access management (IAM). If the user experience doesn’t meet expectations, unlike employees within your organization, customers can easily turn to a competitor. Traditional enterprise IAM solutions usually don’t meet the unique requirements that customers demand such as scalability, performance, usability and support for seamless engagement through multiple channels. If your customer IAM solution is undesirably restrictive, it can affect your customer experience badly. On the other hand, if it’s not restrictive enough it compromises your security. Join Johann and Maduranga in this webinar as they explore how to achieve the perfect balance and create an IAM solution that meets your customers’ needs. He will discuss The security and usability concerns you need to consider when building a solution Common patterns for customer IAM solutions How WSO2 Identity Server can help you build a solution

Whether or not you’re in the cloud, your employees are. This brings new challenges for Identity, Security and Compliance teams. Bring the security of your on-premises systems to your cloud applications — both approved and unapproved — for deeper transparency, comprehensive controls, and enhanced protection against cloud security issues.

Cyberspace is the new battlefield: We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks. Personnel and resources are limited: According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs. Virtually anything can be corrupted: The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected.2

This document provides an overview of AWS data analytics solutions and services. It discusses modernizing a data warehouse with Amazon Redshift and building data lakes on AWS. The document also covers data migration options, the AWS analytics portfolio, building an analytics pipeline, and the Data Flywheel customer journey. Technical advantages of AWS services like performance and scalability are highlighted.

AWS Identity and Access Management (IAM) allows you to securely control access to AWS resources. IAM controls who can be authenticated and authorized to use resources by managing users, groups, roles, and their permissions. IAM supports single-factor, multi-factor, and two-factor authentication to verify identities. Authorization occurs after authentication and provides permissions to access resources. IAM helps create and manage users, groups, roles, and their permissions to govern access to AWS services.

You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps. Learning Objectives: *Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily *Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources

This document discusses using Weave networking with Amazon ECS containers. Weave provides networking and other services like load balancing and visualization for containers. It can integrate with ECS by using a Weave AMI. The future work section mentions lifting some AutoScaling limitations and improving data path performance.

This document provides an overview of practical steps to secure applications and infrastructure deployed in AWS. It discusses how security best practices need to be adapted for the cloud, where physical assets are secured within availability zones and identity and access management replaces physical security. It outlines how to minimize attack vectors, conduct perimeter assessments, and rules for penetration testing in AWS. It also covers security considerations for specific AWS services like EC2, S3, RDS, SQS, SNS, and using CloudTrail to monitor API calls. The document emphasizes having a complete inventory of all publicly accessible resources and adapting tools to understand AWS-specific aspects like dynamic IP addresses.

Discover how to deploy SQL Server databases on AWS using Amazon Relational Database Service (Amazon RDS) or Amazon Elastic Compute Cloud (Amazon EC2) and the advantages of each approach. Find out how Unilever leveraged RDS for SQL Server in their architecture for their website, unileverfoodsolution.com, and how they overcame the challenges they faced. Learn how to make an educated decision and choose the solution that best fits your needs.

Diversity in the technical workforce is a valuable asset for all companies, because it encourages different types of thinking and taps into the full potential of your team. Come learn from one AWS organization how a fast-moving, fast-growing team has put in place a "diversity circle" for personal and professional development. This program provides a peer mentoring group that builds skills and establishes informal networking support. The host and active participants of this two-year program will share tips and best practices for running a diversity peer mentoring group that spans engineering, product management, and operations.

Amazon Elastic Compute Cloud (Amazon EC2) provides a broad selection of instance types to accommodate a diverse mix of workloads. In this technical session, we provide an overview of the Amazon EC2 instance platform, key platform features, and the concept of instance generations. We dive into the current-generation design choices of the different instance families, including the General Purpose, Compute Optimized, Storage Optimized, Memory Optimized, and GPU instance families. We also detail best practices and share performance tips for getting the most out of your Amazon EC2 instances.

Based upon years of migration experience, Cloudreach will share their 5 top tips for successful Data Centre Migrations to AWS. Covering both digital and enterprise workloads, the session will walk you through the approach, tooling and skills needed to succeed.

In addition to running databases in Amazon EC2, AWS customers can choose among a variety of managed database services. These services save effort, save time, and unlock new capabilities and economies. In this session, we make it easy to understand how they differ, what they have in common, and how to choose one or more. We explain the fundamentals of Amazon DynamoDB, a fully managed NoSQL database service; Amazon RDS, a relational database service in the cloud; Amazon ElastiCache, a fast, in-memory caching service in the cloud; and Amazon Redshift, a fully managed, petabyte-scale data-warehouse solution that can be surprisingly economical. We’ll cover how each service might help support your application, how much each service costs, and how to get started.

Do you want to analyze AWS CloudTrail events within minutes of them arriving in your Amazon S3 bucket? Would you like to learn how to run expressive queries over your CloudTrail logs? We will demonstrate Apache Spark and Apache Spark Streaming as two tools to analyze recent and historical security logs for your accounts. To do so, we will use Amazon Elastic MapReduce (EMR), your logs stored in S3, and Amazon SNS to generate alerts. With these tools at your fingertips, you will be the first to know about security events that require your attention, and you will be able to quickly identify and evaluate the relevant security log entries.

Streamline your mobile app signup experience with social login. We demonstrate how to use web identity federation to enable users to log into your app using their existing Facebook, Google, or Amazon accounts. Learn how to apply policies to these identities to secure access to AWS resources, such as personal files stored in Amazon S3. Finally, we show how to handle anonymous access to AWS from mobile apps when there is no user logged in.

The document provides information on how to build Android for various ARM chip boards including Allwinner A31, Rockchip RK3188, MediaTek MT6589, Freescale i.MX6Q, and TI OMAP5432. It lists the chips, development boards, and Android support for each. It then provides detailed setup instructions for building Android on the Rockchip RK3188 and MediaTek MT6589 boards, including getting the kernel source, building images, and writing to the devices. Setup for the Freescale board involves downloading official source and patching to the Android code.

How do you create APIs? When publishing a new API there are a lot of factors to consider: Versioning, Network Management, Authorization, Ecosystem Management, and finally client SDKs. Amazon API Gateway is a fully managed service that makes it easy for developers to publish, maintain, monitor, and secure APIs at any scale. With Amazon API Gateway, you can quickly declare an API interface and connect it to existing web services running on Amazon Elastic Compute Cloud (Amazon EC2) or code running on AWS Lambda, and generate an SDK for client applications to access the API. Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. Amazon API Gateway has no minimum fees or startup costs, and you pay only for the API calls you receive and the amount of data transferred. Learning Objectives: Learn how to create APIs in the AWS Cloud without managing a single server with AWS Lambda Learn how to manage stages and versions of your APIs Learn how to map parameters and transform data in flight

AWS CloudTrail and AWS Config are complementary services that provide visibility into API activity and resource configuration changes in AWS accounts. CloudTrail records API calls and related metadata, while Config captures configuration history and relationships between resources. These services can be used together to correlate API calls with resulting resource changes for security and compliance monitoring.