Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Security Day

Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.

AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.

Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM enables you to securely control access to your application or product services and resources for your users.

다시보기 영상 링크: https://youtu.be/QGgQOcA3W6w 클라우드로의 마이그레이션이 증가하면서, 퍼블릭 클라우드를 목표로 한 공격도 폭증하고 있습니다. 특히, 클라우드 관리자의 자격증명을 탈취하려는 시도나 탈취된 자격증명을 이용하여 중요정보를 유출하고 대규모로 비트코인 채굴을 시도하는 행위들이 늘어가고 있습니다. AWS로의 이관을 고려하고 있거나 사용중인 고객들이라면, 이와 같이 클라우드의 특성을 활용하여 발생하고 있는 정교한 보안 위협들에 대응하기 위한 방법을 고민하셔야 합니다. 본 세션에서는 이러한 클라우드 네이티브 위협들에 효과적으로 대응하는 기능을 제공하는 GuardDuty, Inspector, Config, SecurityHub와 같은 AWS 보안 서비스들에 대한 설명을 진행합니다.

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. In this session, we introduce the AWS CLI and how to use it to automate common administrative tasks in AWS. We cover several features and usage patterns including Amazon EBS snapshot management and Amazon S3 backups. We show how to combine AWS CLI features to create powerful tools for automation. See how to develop, debug, and deploy these examples in several live, end-to-end examples.

AWS Control Tower is a new AWS service for cloud administrators to set up and govern their secure, compliant, multi-account environments on AWS. In this session, University of York will discuss their implementation of AWS Landing Zone. We’ll also explain how AWS Control Tower automates AWS Landing Zone creation with best-practice blueprints.

This document discusses how AWS Control Tower can be used to govern multi-account AWS environments at scale. It provides an overview of AWS Control Tower's key capabilities including automated setup of a landing zone with best practice blueprints and guardrails, account factory for provisioning accounts, centralized identity and access management, and built-in monitoring and notifications. Examples are also given of how AWS Control Tower can be used to implement common multi-account architectures and operational models.

You may already know that you can use Amazon CloudWatch to view graphs of your AWS resources like Amazon Elastic Compute Cloud instances or Amazon Simple Storage Service. But, did you know that you can monitor your on-premises servers with Amazon CloudWatch Logs? Or, that you can integrate CloudWatch Logs with Elasticsearch for powerful visualization and analysis? This session will offer a tour of the latest monitoring and automation capabilities that we’ve added, how you can get even more done with Amazon CloudWatch.

This document provides an overview of an AWS Technical Essentials Workshop being conducted by Engr. Muhammad Usman Khan. It introduces the instructor's background and qualifications. The workshop will cover AWS fundamentals including services like EC2, S3, VPC, RDS, ELB, and CloudWatch. It will include lectures and hands-on labs where students will set up resources like VPCs, EC2 instances, RDS databases, and S3 buckets. The document also provides some historical context on the development of AWS.

AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 강동환 솔루션즈 아키텍트, AWS 고객의 조직, 서비스 구조에 따라 함께 늘어나는 VPC를 효과적으로 통합, 관리, 운영하기 위한 서비스와 아키텍처 패턴을 소개합니다. Peering의 한계를 넘어 VPC간 자유로운 연동을 제공하는 Transit Gateway(TGW), 조직내 다양한 Account간의 VPC 공유를 위한 Multi-Account VPC(MAVPC), 그리고 AWS 자원의 안전한 공유를 제공하기 위한 Resource Access Manager(RAM)를 활용하는 다양한 아키텍처 패턴을 살펴봅니다.

Slides for a short presentation I gave on AWS Lambda, which "lets you run code without provisioning or managing servers". Lambda is to running code as Amazon S3 is to storing objects.

The document discusses various AWS services for monitoring, logging, and security. It provides examples of AWS CloudTrail logs and best practices for CloudTrail such as enabling in all regions, log file validation, encryption, and integration with CloudWatch Logs. It also summarizes VPC flow logs, CloudWatch metrics and logs, and tools for automating compliance like Config rules, CloudWatch events, and Inspector.

This document summarizes an AWS Direct Connect presentation. It discusses how AWS Direct Connect allows organizations to establish private connections between their internal networks and AWS cloud services. It provides technical overviews of how Direct Connect works, how to set up connections, and examples of Direct Connect architectures including single router/port, dual router/port, and using Direct Connect with VPN backups. Advanced routing techniques like lollipop routing and multi-region connectivity are also briefly covered.

AWS를 활용한 글로벌 오피스 업무 환경 구축하기 류한진, 이랜드시스템스 AWS를 이용하면 쉽고 빠르게 전세계에 있는 데이터센터와 네트워크를 이용하여 글로벌 서비스를 구축할 수 있습니다. 본 세션에서는 전세계의 AWS 데이터 센터 및 온프레미스와 연결하는 글로벌 하이브리드 네트워크를 구성하는 방법과 고려할 점을 살펴봅니다. 그리고 이를 토대로 가상 업무 공유 서비스인 Amazon Workspace와 Amazon Workdocs, Amazon Appstream을 활용하여 단기간에 쉽고 빠르게 해외 근무자를 위한 근무 환경을 만들어 운영하는 방법을 공유합니다.

금융권 고객을 위한 클라우드 보안 및 규정 준수 가이드 이대근 시큐리티 어슈어런스 매니저, AWS 금융 서비스 산업은 전 세계적으로 가장 규제가 심한 산업 중 하나이면서, 가장 적대적인 정보 보안 위협을 받고 있습니다. 금융분야에 클라우드 도입을 위해서는 다양한 요소를 고려해야 하는 바, AWS는 이러한 의무를 인지하고 고객이 클라우드 사용을 위한 모든 단계에서 보안 및 규정 준수 요구사항을 충족할 수 있도록 협력하고 있습니다. 클라우드 도입을 고려하는 금융 서비스 분야의 고객들을 위해 AWS가 준비한 내용을 다룹니다.

AWS Security Week at the San Francisco Loft: Introduction to AWS Secrets Manager Presenter: Assaf Namer, Sr. Solutions Architect, AWS

AWS 클라우드는 IT의 새로운 기준을 정립하며 클라우드 컴퓨팅 산업을 혁신하고 있습니다. 본 온라인 세미나에서는 클라우드 컴퓨팅의 개념과 AWS가 제공하는 서비스 소개 및 주요 활용 사례에 대해 소개합니다. 특히 국내에 설립된 서울 리전(Region, 데이터센터 클러스터)에 대한 소개와 더불어 다양한 IT 업무를 위한 AWS 대표 서비스들을 중점적으로 다룰 예정입니다.

This document discusses building secure and scalable APIs using Amazon API Gateway and AWS Lambda. It introduces Amazon API Gateway for hosting APIs and routing API calls. AWS Lambda is introduced for executing application business logic. Amazon Cognito is discussed for user signup, authentication, and temporary credentials. The document provides an example of integrating these services to build a secure and scalable mobile backend API.

To find out more about training on AWS, visit: www.globalknowledge.co.uk/aws AWS Pop-up Loft | London, April 25, 2016

This document summarizes a workshop on architecting user authentication and authorization in apps using AWS services. The workshop covers Amazon Cognito for user management, authentication, and data synchronization across devices. It provides an overview of Cognito User Pools and Federated Identities, demonstrates an authentication workflow using the services, and discusses how to get started with a sample Angular app.

Learning Objectives: - Learn security best practices for AWS Lambda and Amazon API Gateway - Understand how to use Amazon Cognito to build identity and authentication features into serverless applications - Learn identity and access management best practices for serverless applications Securely building and deploying serverless applications requires cloud-native security best practices. In this talk, you will learn how to use AWS Lambda permissions and how to easily set up authentication and authorization for Amazon API Gateway. We will also cover how you can use Amazon Cognito for end user authentication and authorization. You'll also learn how to securely store your application secrets with AWS. This talk also discusses how to implement identity and access management best practices.

AWS Lambda is a compute service that runs your code without provisioning or managing servers. Amazon API Gateway is a fully managed service that makes it easy for developers to publish, maintain, monitor, and secure APIs at any scale. This session will familiarize you with the basics of AWS Lambda and Amazon API Gateway and demonstrate how to build web, mobile, and IoT backends using these services. You will learn how to setup API endpoints that trigger AWS Lambda functions to handle mobile, web, IoT, and 3rd party API requests. You will also learn how to use Lambda to read and write to Amazon DynamoDB. We will run through a demo of setting up a simple serverless blogging web application that allows user authentication and the ability to create posts and comments. AWS DevDay San Francisco, June 21, 2016. Presenters: Vyom Nagrani, Ceci Deng

The document discusses securing serverless applications. It provides an overview of AWS Identity and Access Management (IAM), AWS Lambda, Amazon API Gateway, and Amazon Cognito. It then covers securing serverless microservices by discussing securing AWS Lambda functions using IAM roles and resource policies. It also covers securing Amazon API Gateway by discussing authorization types including Cognito, IAM, and custom authorizers. The document concludes by discussing auditing serverless applications using CloudWatch logs, CloudTrail, and AWS Config.

Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. It allows developers to create a unified API that acts as a gateway for multiple backend services, providing features like authentication, throttling, monitoring and documentation. The document discusses Amazon API Gateway and how it can be used with AWS Lambda to build scalable and secure APIs. It also provides a case study of how shipping company Temando used API Gateway and Lambda to migrate their monolithic architecture to a microservices approach.

With services like AWS Lambda, Amazon DynamoDB and Amazon API Gateway, you can build and run applications and services without having to manage infrastructure. By leveraging these fully managed AWS services, organizations can increase developer productivity while continuously scaling to meet their demand. Services: AWS Lambda, Amazon API Gateway, Amazon DynamoDB, Amazon Cognito User Pools. Presenters: Oren Reuveni & Oren Katz

The document provides an overview of a workshop on building serverless microservices using AWS Lambda. The workshop will introduce AWS Lambda, Amazon API Gateway, Amazon DynamoDB, and Amazon Cognito. Attendees will work in teams to build a secure, scalable chat service for zombie apocalypse survivors using these AWS serverless technologies. The workshop includes breakout sessions where attendees will add features like typing indicators, SMS integration with Twilio, messaging search with Elasticsearch, integration with Slack, and zombie sensor data integration with Intel Edison.

In Part II, we will take a look at Cognito User Pools and Custom Authorization for API Gateway using AWS Lambda.

Provisioning, scaling, and managing physical or virtual servers—and the applications that run on them—has long been a core activity for developers and system administrators. The expanding array of managed AWS cloud services, including AWS Lambda, Amazon DynamoDB, Amazon API Gateway and more, increasingly allows organizations to focus on delivering business value without worrying about managing the underlying infrastructure or paying for idle servers and other fixed costs of cloud services. In this session, we discuss the design, development, and operation of these next-generation solutions on AWS. Whether you're developing end-user web applications or back-end data processing systems, join us in this session to learn more about building your applications without servers.

This document discusses federated access to AWS resources using temporary security credentials. It describes how users from other identity stores can be provided access to AWS resources without needing AWS credentials. Common use cases include delegating access to other AWS accounts or federating with corporate directories. Sessions are generated by AWS Security Token Service and include temporary credentials. Multiple methods are covered, including getting sessions via GetSessionToken or GetFederationToken APIs or by assuming roles. Demos show federating access to the AWS console and CLI using Active Directory credentials.

Every journey to the AWS Cloud is unique. Some customers are migrating existing applications, while others are building Approved applications using cloud-native services. Along each journey, identity and access management helps customers protect their applications and resources. Come to this session and learn how AWS identity services provide you with a secure, flexible, and easy solution for managing identities and access on the AWS Cloud. With AWS identity services, you do not have to adapt to AWS. Instead, you have a choice of services designed to meet you anywhere along your journey to the AWS Cloud.