SlideShare una empresa de Scribd logo

Accelerate and secure your applications running on AWS - SVC208 - Santa Clara AWS Summit.pdf

Amazon Web Services
Amazon Web Services

This is a practical, demo-driven session where you learn best practice for protecting applications on AWS. We provide an overview of the threats on AWS, discuss why perimeter defense helps with these threats, and discuss some key techniques that use services

1 de 76
Descargar para leer sin conexión
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Accelerate and secure your applications running on AWS Ritwik Manan Sr. product mgr. tech AWS Shield Woodrow Arrington Sr. product mgr. tech Amazon CloudFront S V C 2 0 8
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T What to expect from this session Layered security Demos Use cases Faster applications
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T “I want it, and I want it now.”
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Challenges in web application development
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Malicious actors are always probing for weak points Customers want fast experiences wherever they are
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Accelerate and secure applications on AWS Build a fast, scalable, secure, and well-monitored DDoS-protected application Objective: Using Amazon CloudFront for fast, secure content delivery Creating a firewall with AWS WAF to counter any exploits Using AWS Shield for comprehensive DDoS protection Software automation of security
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Basic AWS application EC2 instance S3 bucket Public subnet Private subnet ALB
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Using Amazon CloudFront for fast, secure content delivery
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T security performance & Amazon CloudFront
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T The Amazon CloudFront secure global network
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T The Amazon CloudFront secure global network Compliance standards CloudFront CDN A PCI DSS Yes Yes*** ISO 27001 Yes No ISO 27002 Yes Yes ISO 9001 Yes No ISO 27017 Yes No ISO 27018 Yes No SOC 1/2/3 Yes Yes*** HIPAA Yes Yes GDPR Yes Yes Regional audits • Germany C5 • Australia’s IRAP/IRAP Protected • Singapore’s MTCS • Korea’s K-ISMS Yes No
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T CloudFront shields your origin Local edge locations Regional edge cache Application origin Users
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Lake Crescent, Olympic Peninsula, WA CloudFront acceleration in action
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T d1886tp5fhflpy.cloudfront.net? CloudFront DNS CloudFront POP HTTP request lifecycle Amazon Route 53
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T CloudFront POP architecture Regional edge cache Application origin → Infrequent → Dynamic → Dynamic & frequent
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T 0 25 50 75 100 CloudFront S3 US East S3 US West EC2 (N. Virginia) EC2 (Ohio) EC2 (N. California) EC2 (Oregon) p50 FBL latency Securing and accelerating your entire application CloudFront Amazon S3Static content Images JavaScript HTML
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Securing and accelerating your entire application CloudFront Amazon S3 Video content Video on demand Live streaming video AWS Media Services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Securing and accelerating your entire application CloudFront Dynamic content User inputs APIs ALB Amazon EC2 0 25 50 75 100 CloudFront S3 US East S3 US West EC2 (N. Virginia) EC2 (Ohio) EC2 (N. California) EC2 (Oregon) p50 FBL latency
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Dynamic content: WebSocket support “CloudFront WebSocket support means that we can simplify our infrastructure and further improve customer satisfaction. CloudFront edge locations will now contribute to better user performance in WebSocket apps.” Eduard Iskandarov, Team lead infrastructure, Coins.ph “CloudFront now supporting WebSockets enables us to consolidate both our dynamic and static content delivery under a single distribution, improving global reach, enhancing app security, and simplifying our delivery architecture, all at the same time.” Viesturs Proškins, Head of video R&D, Evolution Gaming
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Same global network for HTTPS and HTTP Strict TLS policy enforcement Perfect forward secrecy OCSP stapling Many more SSL optimizations and customizable options documented online Encrypting data in transit and at rest 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% Oct 2013 2014 2015 2016 2017 2018 % traffic SSL
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T SNI custom SSL • Bring your own SSL certificate • Relies on the SNI extension of the Transport Layer Security protocol Use case • www.example.com • Some older browsers/OS do not support SNI extension Dedicated IP custom SSL • Bring your own SSL certificate • CloudFront allocates dedicated IP addresses for your SSL content Use case • www.example.com • Supported by all browsers/OS Default CloudFront SSL • CloudFront certificate shared across customers Use case • cloudfront.net TLS/SSL options through CloudFront Free SSL certificates for ACM-integrated services, like CloudFront
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Signed URLs • Add signature to the URL query string • Your URL changes Signed cookies • Add signature to a cookie • Your URL does NOT change Use case • Restrict access to multiple files • You don’t want to change URLs Use case • Restrict access to individual files • Users are using a client that doesn't support cookies Restricting external access to your content Geo restriction • Country-based whitelist or deny list Use case • Broad restriction based on geographical mapping of client IP
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Amazon S3 origin access identity • Prevents direct access to your Amazon S3 bucket • No Amazon S3 URLs are directly accessible Custom origin security groups • Whitelist only the CloudFront IP range • Protects origin from overload Restricting external access to your origin CloudFront ALB EC2CloudFront Amazon S3
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Read our blog for a step-by-step guide: How to Automatically Update Your Security Groups for Amazon CloudFront and AWS WAF by Using AWS Lambda Automatically update an ALB/EC2 security group for CloudFront using AWS Lambda IAM policy Lambda function Amazon SNS subscription
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Adding secure content delivery EC2 instance S3 bucket Public subnet Private subnet CloudFront ALB
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Biggest threats to web applications today App vulnerabilities Bad bots DDoS 0 200 400 600 800 1000 1200 1400 1600 1800 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Largest DDoS attacks (Gbps) Memcached Mirai botnet
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a web application firewall Four key tenets
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a web application firewall AWS WAF
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a web application firewall AWS WAF AWS CloudFormation templates Managed rules for AWS WAF
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Foundational security Managed rules for AWS WAF • Rules written, updated, and managed by security experts • Pay as you go: No lock-in or long-term commitment • Easy to deploy • Choice of protections • OWASP Top 10 & other web exploits • Common Vulnerabilities and Exposures (CVE) • Bot protection • IP reputation lists • CMS rules (WordPress, Joomla, and others) • Apache and NGINX vulnerabilities
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Security automations Managed rules for AWS WAF Choosing a web application firewall AWS WAF
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T AWS WAF is a powerful rule language framework
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a web application firewall AWS WAF Security automations Managed rules for AWS WAF Multiple rule condition types Combine and build hierarchy Actions: Allow / Block / Count
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Security automations Managed rules for AWS WAF Multiple rule condition types Combine and build hierarchy Actions: Allow / Block / Count Choosing a web application firewall AWS WAF
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Analyze security Visibility & analytics CloudWatch metrics • Metrics on every rule • Allowed | Blocked | Counted | Passed Sampled web requests • Detailed logs of a sample of requests • Automatically available for every rule Full logs • Detailed logs of every request this word just for spacing • Optionally enabled for your web ACL Use case Set alarms for notifications Use case Quickly test AWS WAF rules Easy triaging on the console Use case Security analytics, monitoring, automation, auditing, and compliance
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T AWS WAF full logs Key benefits Compliance & auditing • Every logged request includes request headers and rule IDs that matched • Redact sensitive fields Flexible implementation • Logs streamed in JSON format through Amazon Kinesis Data Firehose to your destination of choice Third-party integrations • Centralize and analyze logs from AWS WAF and other services Amazon S3 Amazon Redshift Amazon Elasticsearch Search Splunk Amazon Kinesis Data Firehose
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Security analytics common use cases Third-party integrations
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Check out our webinar for a step-by-step guide Enhanced Security Analytics Using AWS Full Logging Enhanced security analytics with AWS AWS WAF Amazon Athena Amazon S3 bucket
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Security automations Managed rules for AWS WAF Multiple rule condition types Combine and build hierarchy Actions: Allow / Block / Count CloudWatch metrics Sampled web requests Full logs Choosing a web application firewall AWS WAF
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Security automations Managed rules for AWS WAF Multiple rule condition types Combine and build hierarchy Actions: Allow / Block / Count CloudWatch metrics Sampled web requests Full logs Choosing a web application firewall AWS WAF
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Software automation of security Lambda-based AWS WAF automations Bad bot / Scanner / Known attackers AWS WAF integration with Amazon GuardDuty DevOps-friendly: Full featured APIs and fast rule updates Blog / Webinar: Automate Threat Mitigation Using AWS WAF and Amazon GuardDuty AWS Answers: AWS WAF Security Automations
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Software automation: Config-based AWS WAF policies Ensure compliance to mandatory rules across organization Simplify management of rules across accounts & applications with security policies Enable rapid response to internet attacks Customize policy scope to resource type and accounts (include/exclude)
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Automating web application security Create honeypot protections across apps A bad bot identified on one application can be easily blocked from an organization’s other applications To quickly create a honeypot automation on an account, read our step-by-step guide: AWS WAF Security Automations
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a web application firewall AWS WAF Security automations Managed rules for AWS WAF Multiple rule condition types Combine and build hierarchy Actions: Allow / Block / Count CloudWatch metrics Sampled web requests Full logs Lambda automations AWS Firewall Manager
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a web application firewall AWS WAF Security automations Managed rules for AWS WAF Multiple rule condition types Combine and build hierarchy Actions: Allow / Block / Count CloudWatch metrics Sampled web requests Full logs Lambda automations AWS Firewall Manager
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Adding a firewall EC2 instance S3 bucket Public subnet Private subnet CloudFront AWS WAF ALB Firewall Manager
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider Four key tenets
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Built-in DDoS protection for everyone Point and Protect Wizard
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T AWS Shield detects and mitigates 1,000s of DDoS attacks daily Source: AWS Global Threat Dashboard (available for AWS Shield Advanced customers)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Built-in DDoS protection for everyone Point and Protect Wizard
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Automatic protection across customers Enhanced protection baselined to you 24x7 access to DDoS response team (DRT) Built-in DDoS protection for everyone Point and Protect Wizard
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T ✓ Baselining and anomaly detection across all AWS ✓ Mitigation with proprietary packet filtering stacks using suspicion based scoring ✓ Automatic defense against the most common network and transport layer DDoS attacks for any AWS resource, in any AWS Region ✓ Comprehensive defense against all known network and transport layer attacks when using Amazon CloudFront and Amazon Route 53 AWS Shield Standard Layer 3/4 protection for everyone Automatic protection across customers
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T AWS Shield Advanced Enhanced protection • Enhanced Layer 3/4 attack detection baselined to you • Layer 7 attack detection • Pre-configured mitigations scoped to resource type • Advanced mitigations like SYN throttling • Customer-defined L3/4 mitigations (for regional services) Detection Mitigation • Help in incident triaging and mitigation • Automatically engaged for availability impacting L3/L4 events • Customer driven support cases through AWS Support or Shield Engagement Lambda Enhanced protection baselined to you 24x7 access to DDoS response team (DRT)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Recent significant attacks March 2018: Web application targeted by 1.4 Tbps Memcached reflection attack, mitigated with Amazon CloudFront and AWS Shield Advanced November 2018: Web application running on Amazon CloudFront targeted by 20 million requests per second, automatically mitigated by Amazon CloudFront and AWS Shield Advanced
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Automatic Protection across customers Enhanced protection baselined to you 24x7 access to DDoS response team (DRT) Built-in DDoS protection for everyone Point and Protect Wizard
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Automatic Protection across customers Enhanced protection baselined to you 24x7 access to DDoS response team (DRT) Built-in DDoS protection for everyone Point and Protect Wizard CloudWatch metrics Attack diagnostics Global threat environment dashboard
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Automatic protection across customers Enhanced protection baselined to you 24x7 access to DDoS response team (DRT) Built-in DDoS protection for everyone Point and Protect Wizard CloudWatch metrics Attack diagnostics Global threat environment dashboard
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Automatic protection across customers Enhanced protection baselined to you 24x7 access to DDoS response team (DRT) Built-in DDoS protection for everyone Point and Protect Wizard AWS WAF at no additional cost For protected resources AWS Firewall Manager at no additional cost Cost protection for scaling CloudWatch metrics Attack diagnostics Global threat environment dashboard
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T AWS Shield Advanced Cost protection for scaling AWS absorbs scaling cost on protected resources due to DDoS attack • Amazon CloudFront • Elastic Load Balancing (ELB/ALB/NLB) • Amazon Route 53 • Amazon EC2
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Automatic protection across customers Enhanced protection baselined to you 24x7 access to DDoS response team (DRT) Built-in DDoS protection for everyone Point and Protect Wizard AWS WAF at no additional cost For protected resources AWS Firewall Manager at no additional cost Cost protection for scaling CloudWatch metrics Attack diagnostics Global threat environment dashboard
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Adding DDoS protection EC2 instance S3 bucket Public subnet Private subnet AWS Shield AWS Shield Advanced ALB CloudFront AWS WAF Firewall Manager
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Specialized component use cases Different protection needs ❑ I have a serverless architecture / APIs ❑ I have TCP traffic (non-HTTP/S) ❑ I run UDP-based games • Create a unified API frontend for multiple microservices • Authenticate and authorize requests • Throttle, meter, and monetize API usage by third-party developers Amazon API GatewayAWS WAF • Full AWS WAF features • Custom and managed rules • Visibility through CloudWatch and logs • Automate with AWS Lambda AWS Shield Standard
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Specialized component use cases Different protection needs ❑ I have a serverless architecture / APIs ❑ I have TCP traffic (non-HTTP/S) ❑ I run UDP-based games AWS Shield Advanced Fast scaling, transparent load balancer architected for performance and availability Network Load Balancer Global load balancing across regions with anycast routing and fine grained controls AWS Global Accelerator • Granular detection thresholds (based on background architecture) • Pre-configured / customized mitigation templates • Network ACLs pushed to the border
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Specialized component use cases Different protection needs ❑ I have a serverless architecture / APIs ❑ I have TCP traffic (non-HTTP/S) ❑ I run UDP-based games AWS Shield Advanced EC2 instances Global load balancing across regions with anycast routing and fine grained controls AWS Global Accelerator • Granular detection thresholds (based on background architecture) • Pre-configured / customized mitigation templates • Network ACLs pushed to the border
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Basic AWS application EC2 instance S3 bucket Public subnet Private subnet ALB
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Accelerated and secured AWS application EC2 instance S3 bucket Public subnet Private subnet CloudFront AWS WAF AWS Shield AWS Shield Advanced ALB Firewall Manager
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ritwik Manan ritwikm@amazon.com Woodrow Arrington arrinw@amazon.com
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recomendados

Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Amazon Web Services
 
Building AR-VR applications on AWS
Building AR-VR applications on AWSBuilding AR-VR applications on AWS
Building AR-VR applications on AWSAmazon Web Services
 
Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...
Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...
Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...Amazon Web Services
 
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdf
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdfPerforming real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdf
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Managing Enterprise security in the Cloud
Managing Enterprise security in the CloudManaging Enterprise security in the Cloud
Managing Enterprise security in the CloudAmazon Web Services
 
Building IoT applications for a connected home - SVC206 - Santa Clara AWS Summit
Building IoT applications for a connected home - SVC206 - Santa Clara AWS SummitBuilding IoT applications for a connected home - SVC206 - Santa Clara AWS Summit
Building IoT applications for a connected home - SVC206 - Santa Clara AWS SummitAmazon Web Services
 
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...Amazon Web Services
 
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitDiscuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitAmazon Web Services
 

Recomendados

Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Amazon Web Services
 
Building AR-VR applications on AWS
Building AR-VR applications on AWSBuilding AR-VR applications on AWS
Building AR-VR applications on AWSAmazon Web Services
 
Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...
Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...
Build sophisticated forecasting & recommendation models - AIM204 - Santa Clar...Amazon Web Services
 
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdf
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdfPerforming real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdf
Performing real-time ETL into data lakes - ADB202 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Managing Enterprise security in the Cloud
Managing Enterprise security in the CloudManaging Enterprise security in the Cloud
Managing Enterprise security in the CloudAmazon Web Services
 
Building IoT applications for a connected home - SVC206 - Santa Clara AWS Summit
Building IoT applications for a connected home - SVC206 - Santa Clara AWS SummitBuilding IoT applications for a connected home - SVC206 - Santa Clara AWS Summit
Building IoT applications for a connected home - SVC206 - Santa Clara AWS SummitAmazon Web Services
 
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...Amazon Web Services
 
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitDiscuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitAmazon Web Services
 
Building enterprise solutions with blockchain and ledger technology - SVC202 ...
Building enterprise solutions with blockchain and ledger technology - SVC202 ...Building enterprise solutions with blockchain and ledger technology - SVC202 ...
Building enterprise solutions with blockchain and ledger technology - SVC202 ...Amazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...Amazon Web Services
 
Amazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Amazon Web Services
 
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdfAdd intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...Amazon Web Services
 
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfWhat's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...Amazon Web Services
 
Migrating Business Critical Applications to AWS
Migrating Business Critical Applications to AWSMigrating Business Critical Applications to AWS
Migrating Business Critical Applications to AWSAmazon Web Services
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceAmazon Web Services
 
Data modeling with Amazon DynamoDB - ADB301 - New York AWS Summit
Data modeling with Amazon DynamoDB - ADB301 - New York AWS SummitData modeling with Amazon DynamoDB - ADB301 - New York AWS Summit
Data modeling with Amazon DynamoDB - ADB301 - New York AWS SummitAmazon Web Services
 
A culture of rapid innovation with DevOps, microservices, & serverless - MAD2...
A culture of rapid innovation with DevOps, microservices, & serverless - MAD2...A culture of rapid innovation with DevOps, microservices, & serverless - MAD2...
A culture of rapid innovation with DevOps, microservices, & serverless - MAD2...Amazon Web Services
 
Alexa + IoT - SVC203 - New York AWS Summit
Alexa + IoT - SVC203 - New York AWS SummitAlexa + IoT - SVC203 - New York AWS Summit
Alexa + IoT - SVC203 - New York AWS SummitAmazon Web Services
 
Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Amazon Web Services
 
Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Amazon Web Services
 
AWS IoT services - Extract value for industrial applications - SVC205 - Santa...
AWS IoT services - Extract value for industrial applications - SVC205 - Santa...AWS IoT services - Extract value for industrial applications - SVC205 - Santa...
AWS IoT services - Extract value for industrial applications - SVC205 - Santa...Amazon Web Services
 
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...Amazon Web Services
 
Deploying AWS IoT-managed devices in an industrial setting - SVC302 - Atlanta...
Deploying AWS IoT-managed devices in an industrial setting - SVC302 - Atlanta...Deploying AWS IoT-managed devices in an industrial setting - SVC302 - Atlanta...
Deploying AWS IoT-managed devices in an industrial setting - SVC302 - Atlanta...Amazon Web Services
 
Increase the value of video using ML and AWS media services - SVC301 - Santa ...
Increase the value of video using ML and AWS media services - SVC301 - Santa ...Increase the value of video using ML and AWS media services - SVC301 - Santa ...
Increase the value of video using ML and AWS media services - SVC301 - Santa ...Amazon Web Services
 
Accelerating product development with high performance computing - CMP301 - S...
Accelerating product development with high performance computing - CMP301 - S...Accelerating product development with high performance computing - CMP301 - S...
Accelerating product development with high performance computing - CMP301 - S...Amazon Web Services
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Amazon Web Services
 
Securely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS SummitSecurely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS SummitAmazon Web Services
 

Más contenido relacionado

La actualidad más candente

Building enterprise solutions with blockchain and ledger technology - SVC202 ...
Building enterprise solutions with blockchain and ledger technology - SVC202 ...Building enterprise solutions with blockchain and ledger technology - SVC202 ...
Building enterprise solutions with blockchain and ledger technology - SVC202 ...Amazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...Amazon Web Services
 
Amazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Amazon Web Services
 
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdfAdd intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...Amazon Web Services
 
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfWhat's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...Amazon Web Services
 
Migrating Business Critical Applications to AWS
Migrating Business Critical Applications to AWSMigrating Business Critical Applications to AWS
Migrating Business Critical Applications to AWSAmazon Web Services
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceAmazon Web Services
 
Data modeling with Amazon DynamoDB - ADB301 - New York AWS Summit
Data modeling with Amazon DynamoDB - ADB301 - New York AWS SummitData modeling with Amazon DynamoDB - ADB301 - New York AWS Summit
Data modeling with Amazon DynamoDB - ADB301 - New York AWS SummitAmazon Web Services
 
A culture of rapid innovation with DevOps, microservices, & serverless - MAD2...
A culture of rapid innovation with DevOps, microservices, & serverless - MAD2...A culture of rapid innovation with DevOps, microservices, & serverless - MAD2...
A culture of rapid innovation with DevOps, microservices, & serverless - MAD2...Amazon Web Services
 
Alexa + IoT - SVC203 - New York AWS Summit
Alexa + IoT - SVC203 - New York AWS SummitAlexa + IoT - SVC203 - New York AWS Summit
Alexa + IoT - SVC203 - New York AWS SummitAmazon Web Services
 
Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Amazon Web Services
 
Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Amazon Web Services
 
AWS IoT services - Extract value for industrial applications - SVC205 - Santa...
AWS IoT services - Extract value for industrial applications - SVC205 - Santa...AWS IoT services - Extract value for industrial applications - SVC205 - Santa...
AWS IoT services - Extract value for industrial applications - SVC205 - Santa...Amazon Web Services
 
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...Amazon Web Services
 
Deploying AWS IoT-managed devices in an industrial setting - SVC302 - Atlanta...
Deploying AWS IoT-managed devices in an industrial setting - SVC302 - Atlanta...Deploying AWS IoT-managed devices in an industrial setting - SVC302 - Atlanta...
Deploying AWS IoT-managed devices in an industrial setting - SVC302 - Atlanta...Amazon Web Services
 
Increase the value of video using ML and AWS media services - SVC301 - Santa ...
Increase the value of video using ML and AWS media services - SVC301 - Santa ...Increase the value of video using ML and AWS media services - SVC301 - Santa ...
Increase the value of video using ML and AWS media services - SVC301 - Santa ...Amazon Web Services
 
Accelerating product development with high performance computing - CMP301 - S...
Accelerating product development with high performance computing - CMP301 - S...Accelerating product development with high performance computing - CMP301 - S...
Accelerating product development with high performance computing - CMP301 - S...Amazon Web Services
 

La actualidad más candente (20)

Building enterprise solutions with blockchain and ledger technology - SVC202 ...
Building enterprise solutions with blockchain and ledger technology - SVC202 ...Building enterprise solutions with blockchain and ledger technology - SVC202 ...
Building enterprise solutions with blockchain and ledger technology - SVC202 ...
 
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
 
Amazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS Summit
 
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
 
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdfAdd intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
 
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
 
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfWhat's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
 
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
Using AWS IoT & Amazon SageMaker to Improve Manufacturing Operations - SVC204...
 
Migrating Business Critical Applications to AWS
Migrating Business Critical Applications to AWSMigrating Business Critical Applications to AWS
Migrating Business Critical Applications to AWS
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practice
 
Data modeling with Amazon DynamoDB - ADB301 - New York AWS Summit
Data modeling with Amazon DynamoDB - ADB301 - New York AWS SummitData modeling with Amazon DynamoDB - ADB301 - New York AWS Summit
Data modeling with Amazon DynamoDB - ADB301 - New York AWS Summit
 
A culture of rapid innovation with DevOps, microservices, & serverless - MAD2...
A culture of rapid innovation with DevOps, microservices, & serverless - MAD2...A culture of rapid innovation with DevOps, microservices, & serverless - MAD2...
A culture of rapid innovation with DevOps, microservices, & serverless - MAD2...
 
Alexa + IoT - SVC203 - New York AWS Summit
Alexa + IoT - SVC203 - New York AWS SummitAlexa + IoT - SVC203 - New York AWS Summit
Alexa + IoT - SVC203 - New York AWS Summit
 
Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...Using ML to detect and prevent fraud without compromising user experience - F...
Using ML to detect and prevent fraud without compromising user experience - F...
 
Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...
 
AWS IoT services - Extract value for industrial applications - SVC205 - Santa...
AWS IoT services - Extract value for industrial applications - SVC205 - Santa...AWS IoT services - Extract value for industrial applications - SVC205 - Santa...
AWS IoT services - Extract value for industrial applications - SVC205 - Santa...
 
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
What's New with Amazon S3, Amazon EFS, and Other AWS Storage Services - STG20...
 
Deploying AWS IoT-managed devices in an industrial setting - SVC302 - Atlanta...
Deploying AWS IoT-managed devices in an industrial setting - SVC302 - Atlanta...Deploying AWS IoT-managed devices in an industrial setting - SVC302 - Atlanta...
Deploying AWS IoT-managed devices in an industrial setting - SVC302 - Atlanta...
 
Increase the value of video using ML and AWS media services - SVC301 - Santa ...
Increase the value of video using ML and AWS media services - SVC301 - Santa ...Increase the value of video using ML and AWS media services - SVC301 - Santa ...
Increase the value of video using ML and AWS media services - SVC301 - Santa ...
 
Accelerating product development with high performance computing - CMP301 - S...
Accelerating product development with high performance computing - CMP301 - S...Accelerating product development with high performance computing - CMP301 - S...
Accelerating product development with high performance computing - CMP301 - S...
 

Similar a Accelerate and secure your applications running on AWS - SVC208 - Santa Clara AWS Summit.pdf

Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Amazon Web Services
 
Securely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS SummitSecurely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS SummitAmazon Web Services
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Amazon Web Services
 
How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...Amazon Web Services
 
AWS Summit Singapore 2019 | The Serverless Lifecycle: Development and Operati...
AWS Summit Singapore 2019 | The Serverless Lifecycle: Development and Operati...AWS Summit Singapore 2019 | The Serverless Lifecycle: Development and Operati...
AWS Summit Singapore 2019 | The Serverless Lifecycle: Development and Operati...AWS Summits
 
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Amazon Web Services
 
Websites go Serverless - AWS Summit Berlin
Websites go Serverless - AWS Summit BerlinWebsites go Serverless - AWS Summit Berlin
Websites go Serverless - AWS Summit BerlinBoaz Ziniman
 
Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A... Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A...Amazon Web Services
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWSAmazon Web Services
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Amazon Web Services
 
Introduction to the AWS Cloud - AWSome Day 2019 - Denver
Introduction to the AWS Cloud - AWSome Day 2019 - Denver Introduction to the AWS Cloud - AWSome Day 2019 - Denver
Introduction to the AWS Cloud - AWSome Day 2019 - Denver Amazon Web Services
 
Breaking Up the Monolith with Containers
Breaking Up the Monolith with ContainersBreaking Up the Monolith with Containers
Breaking Up the Monolith with ContainersAmazon Web Services
 
Introduction to the AWS Cloud - AWSome Day 2019 - Charlotte
Introduction to the AWS Cloud - AWSome Day 2019 - CharlotteIntroduction to the AWS Cloud - AWSome Day 2019 - Charlotte
Introduction to the AWS Cloud - AWSome Day 2019 - CharlotteAmazon Web Services
 
Introduction to the AWS Cloud - AWSome Day 2019 - Vancouver
Introduction to the AWS Cloud - AWSome Day 2019 - VancouverIntroduction to the AWS Cloud - AWSome Day 2019 - Vancouver
Introduction to the AWS Cloud - AWSome Day 2019 - VancouverAmazon Web Services
 
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAmazon Web Services
 
Introduction to the AWS Cloud - AWSome Day 2019 - Chicago
Introduction to the AWS Cloud - AWSome Day 2019 - ChicagoIntroduction to the AWS Cloud - AWSome Day 2019 - Chicago
Introduction to the AWS Cloud - AWSome Day 2019 - ChicagoAmazon Web Services
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS servicesRuncy Oommen
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 Amazon Web Services
 
Introduction to the AWS Cloud - AWSome Day 2019 - Toronto
Introduction to the AWS Cloud - AWSome Day 2019 - TorontoIntroduction to the AWS Cloud - AWSome Day 2019 - Toronto
Introduction to the AWS Cloud - AWSome Day 2019 - TorontoAmazon Web Services
 

Similar a Accelerate and secure your applications running on AWS - SVC208 - Santa Clara AWS Summit.pdf (20)

Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
 
Securely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS SummitSecurely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS Summit
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
 
How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...
 
AWS Summit Singapore 2019 | The Serverless Lifecycle: Development and Operati...
AWS Summit Singapore 2019 | The Serverless Lifecycle: Development and Operati...AWS Summit Singapore 2019 | The Serverless Lifecycle: Development and Operati...
AWS Summit Singapore 2019 | The Serverless Lifecycle: Development and Operati...
 
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
 
Websites go Serverless - AWS Summit Berlin
Websites go Serverless - AWS Summit BerlinWebsites go Serverless - AWS Summit Berlin
Websites go Serverless - AWS Summit Berlin
 
Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A... Learn how AWS customers are implementing robust security posture for their A...
Learn how AWS customers are implementing robust security posture for their A...
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWS
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
 
Introduction to the AWS Cloud - AWSome Day 2019 - Denver
Introduction to the AWS Cloud - AWSome Day 2019 - Denver Introduction to the AWS Cloud - AWSome Day 2019 - Denver
Introduction to the AWS Cloud - AWSome Day 2019 - Denver
 
Breaking Up the Monolith with Containers
Breaking Up the Monolith with ContainersBreaking Up the Monolith with Containers
Breaking Up the Monolith with Containers
 
Introduction to the AWS Cloud - AWSome Day 2019 - Charlotte
Introduction to the AWS Cloud - AWSome Day 2019 - CharlotteIntroduction to the AWS Cloud - AWSome Day 2019 - Charlotte
Introduction to the AWS Cloud - AWSome Day 2019 - Charlotte
 
Introduction to the AWS Cloud - AWSome Day 2019 - Vancouver
Introduction to the AWS Cloud - AWSome Day 2019 - VancouverIntroduction to the AWS Cloud - AWSome Day 2019 - Vancouver
Introduction to the AWS Cloud - AWSome Day 2019 - Vancouver
 
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
 
Introduction to the AWS Cloud - AWSome Day 2019 - Chicago
Introduction to the AWS Cloud - AWSome Day 2019 - ChicagoIntroduction to the AWS Cloud - AWSome Day 2019 - Chicago
Introduction to the AWS Cloud - AWSome Day 2019 - Chicago
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS services
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
 
Introduction to the AWS Cloud - AWSome Day 2019 - Toronto
Introduction to the AWS Cloud - AWSome Day 2019 - TorontoIntroduction to the AWS Cloud - AWSome Day 2019 - Toronto
Introduction to the AWS Cloud - AWSome Day 2019 - Toronto
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Accelerate and secure your applications running on AWS - SVC208 - Santa Clara AWS Summit.pdf

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Accelerate and secure your applications running on AWS Ritwik Manan Sr. product mgr. tech AWS Shield Woodrow Arrington Sr. product mgr. tech Amazon CloudFront S V C 2 0 8
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T What to expect from this session Layered security Demos Use cases Faster applications
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T “I want it, and I want it now.”
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Challenges in web application development
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Malicious actors are always probing for weak points Customers want fast experiences wherever they are
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Accelerate and secure applications on AWS Build a fast, scalable, secure, and well-monitored DDoS-protected application Objective: Using Amazon CloudFront for fast, secure content delivery Creating a firewall with AWS WAF to counter any exploits Using AWS Shield for comprehensive DDoS protection Software automation of security
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Basic AWS application EC2 instance S3 bucket Public subnet Private subnet ALB
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Using Amazon CloudFront for fast, secure content delivery
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T security performance & Amazon CloudFront
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T The Amazon CloudFront secure global network
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T The Amazon CloudFront secure global network Compliance standards CloudFront CDN A PCI DSS Yes Yes*** ISO 27001 Yes No ISO 27002 Yes Yes ISO 9001 Yes No ISO 27017 Yes No ISO 27018 Yes No SOC 1/2/3 Yes Yes*** HIPAA Yes Yes GDPR Yes Yes Regional audits • Germany C5 • Australia’s IRAP/IRAP Protected • Singapore’s MTCS • Korea’s K-ISMS Yes No
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T CloudFront shields your origin Local edge locations Regional edge cache Application origin Users
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Lake Crescent, Olympic Peninsula, WA CloudFront acceleration in action
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T d1886tp5fhflpy.cloudfront.net? CloudFront DNS CloudFront POP HTTP request lifecycle Amazon Route 53
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T CloudFront POP architecture Regional edge cache Application origin → Infrequent → Dynamic → Dynamic & frequent
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T 0 25 50 75 100 CloudFront S3 US East S3 US West EC2 (N. Virginia) EC2 (Ohio) EC2 (N. California) EC2 (Oregon) p50 FBL latency Securing and accelerating your entire application CloudFront Amazon S3Static content Images JavaScript HTML
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Securing and accelerating your entire application CloudFront Amazon S3 Video content Video on demand Live streaming video AWS Media Services
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Securing and accelerating your entire application CloudFront Dynamic content User inputs APIs ALB Amazon EC2 0 25 50 75 100 CloudFront S3 US East S3 US West EC2 (N. Virginia) EC2 (Ohio) EC2 (N. California) EC2 (Oregon) p50 FBL latency
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Dynamic content: WebSocket support “CloudFront WebSocket support means that we can simplify our infrastructure and further improve customer satisfaction. CloudFront edge locations will now contribute to better user performance in WebSocket apps.” Eduard Iskandarov, Team lead infrastructure, Coins.ph “CloudFront now supporting WebSockets enables us to consolidate both our dynamic and static content delivery under a single distribution, improving global reach, enhancing app security, and simplifying our delivery architecture, all at the same time.” Viesturs Proškins, Head of video R&D, Evolution Gaming
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Same global network for HTTPS and HTTP Strict TLS policy enforcement Perfect forward secrecy OCSP stapling Many more SSL optimizations and customizable options documented online Encrypting data in transit and at rest 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% Oct 2013 2014 2015 2016 2017 2018 % traffic SSL
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T SNI custom SSL • Bring your own SSL certificate • Relies on the SNI extension of the Transport Layer Security protocol Use case • www.example.com • Some older browsers/OS do not support SNI extension Dedicated IP custom SSL • Bring your own SSL certificate • CloudFront allocates dedicated IP addresses for your SSL content Use case • www.example.com • Supported by all browsers/OS Default CloudFront SSL • CloudFront certificate shared across customers Use case • cloudfront.net TLS/SSL options through CloudFront Free SSL certificates for ACM-integrated services, like CloudFront
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Signed URLs • Add signature to the URL query string • Your URL changes Signed cookies • Add signature to a cookie • Your URL does NOT change Use case • Restrict access to multiple files • You don’t want to change URLs Use case • Restrict access to individual files • Users are using a client that doesn't support cookies Restricting external access to your content Geo restriction • Country-based whitelist or deny list Use case • Broad restriction based on geographical mapping of client IP
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Amazon S3 origin access identity • Prevents direct access to your Amazon S3 bucket • No Amazon S3 URLs are directly accessible Custom origin security groups • Whitelist only the CloudFront IP range • Protects origin from overload Restricting external access to your origin CloudFront ALB EC2CloudFront Amazon S3
  • 24. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Read our blog for a step-by-step guide: How to Automatically Update Your Security Groups for Amazon CloudFront and AWS WAF by Using AWS Lambda Automatically update an ALB/EC2 security group for CloudFront using AWS Lambda IAM policy Lambda function Amazon SNS subscription
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Adding secure content delivery EC2 instance S3 bucket Public subnet Private subnet CloudFront ALB
  • 27. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Biggest threats to web applications today App vulnerabilities Bad bots DDoS 0 200 400 600 800 1000 1200 1400 1600 1800 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Largest DDoS attacks (Gbps) Memcached Mirai botnet
  • 29. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a web application firewall Four key tenets
  • 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a web application firewall AWS WAF
  • 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a web application firewall AWS WAF AWS CloudFormation templates Managed rules for AWS WAF
  • 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Foundational security Managed rules for AWS WAF • Rules written, updated, and managed by security experts • Pay as you go: No lock-in or long-term commitment • Easy to deploy • Choice of protections • OWASP Top 10 & other web exploits • Common Vulnerabilities and Exposures (CVE) • Bot protection • IP reputation lists • CMS rules (WordPress, Joomla, and others) • Apache and NGINX vulnerabilities
  • 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Security automations Managed rules for AWS WAF Choosing a web application firewall AWS WAF
  • 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T AWS WAF is a powerful rule language framework
  • 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a web application firewall AWS WAF Security automations Managed rules for AWS WAF Multiple rule condition types Combine and build hierarchy Actions: Allow / Block / Count
  • 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Security automations Managed rules for AWS WAF Multiple rule condition types Combine and build hierarchy Actions: Allow / Block / Count Choosing a web application firewall AWS WAF
  • 38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Analyze security Visibility & analytics CloudWatch metrics • Metrics on every rule • Allowed | Blocked | Counted | Passed Sampled web requests • Detailed logs of a sample of requests • Automatically available for every rule Full logs • Detailed logs of every request this word just for spacing • Optionally enabled for your web ACL Use case Set alarms for notifications Use case Quickly test AWS WAF rules Easy triaging on the console Use case Security analytics, monitoring, automation, auditing, and compliance
  • 39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T AWS WAF full logs Key benefits Compliance & auditing • Every logged request includes request headers and rule IDs that matched • Redact sensitive fields Flexible implementation • Logs streamed in JSON format through Amazon Kinesis Data Firehose to your destination of choice Third-party integrations • Centralize and analyze logs from AWS WAF and other services Amazon S3 Amazon Redshift Amazon Elasticsearch Search Splunk Amazon Kinesis Data Firehose
  • 40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Security analytics common use cases Third-party integrations
  • 41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Check out our webinar for a step-by-step guide Enhanced Security Analytics Using AWS Full Logging Enhanced security analytics with AWS AWS WAF Amazon Athena Amazon S3 bucket
  • 42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Security automations Managed rules for AWS WAF Multiple rule condition types Combine and build hierarchy Actions: Allow / Block / Count CloudWatch metrics Sampled web requests Full logs Choosing a web application firewall AWS WAF
  • 43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Security automations Managed rules for AWS WAF Multiple rule condition types Combine and build hierarchy Actions: Allow / Block / Count CloudWatch metrics Sampled web requests Full logs Choosing a web application firewall AWS WAF
  • 44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Software automation of security Lambda-based AWS WAF automations Bad bot / Scanner / Known attackers AWS WAF integration with Amazon GuardDuty DevOps-friendly: Full featured APIs and fast rule updates Blog / Webinar: Automate Threat Mitigation Using AWS WAF and Amazon GuardDuty AWS Answers: AWS WAF Security Automations
  • 45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Software automation: Config-based AWS WAF policies Ensure compliance to mandatory rules across organization Simplify management of rules across accounts & applications with security policies Enable rapid response to internet attacks Customize policy scope to resource type and accounts (include/exclude)
  • 46. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Automating web application security Create honeypot protections across apps A bad bot identified on one application can be easily blocked from an organization’s other applications To quickly create a honeypot automation on an account, read our step-by-step guide: AWS WAF Security Automations
  • 48. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a web application firewall AWS WAF Security automations Managed rules for AWS WAF Multiple rule condition types Combine and build hierarchy Actions: Allow / Block / Count CloudWatch metrics Sampled web requests Full logs Lambda automations AWS Firewall Manager
  • 49. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a web application firewall AWS WAF Security automations Managed rules for AWS WAF Multiple rule condition types Combine and build hierarchy Actions: Allow / Block / Count CloudWatch metrics Sampled web requests Full logs Lambda automations AWS Firewall Manager
  • 50. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Adding a firewall EC2 instance S3 bucket Public subnet Private subnet CloudFront AWS WAF ALB Firewall Manager
  • 51. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 52. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider Four key tenets
  • 53. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced
  • 54. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Built-in DDoS protection for everyone Point and Protect Wizard
  • 55. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T AWS Shield detects and mitigates 1,000s of DDoS attacks daily Source: AWS Global Threat Dashboard (available for AWS Shield Advanced customers)
  • 56. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Built-in DDoS protection for everyone Point and Protect Wizard
  • 57. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Automatic protection across customers Enhanced protection baselined to you 24x7 access to DDoS response team (DRT) Built-in DDoS protection for everyone Point and Protect Wizard
  • 58. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T ✓ Baselining and anomaly detection across all AWS ✓ Mitigation with proprietary packet filtering stacks using suspicion based scoring ✓ Automatic defense against the most common network and transport layer DDoS attacks for any AWS resource, in any AWS Region ✓ Comprehensive defense against all known network and transport layer attacks when using Amazon CloudFront and Amazon Route 53 AWS Shield Standard Layer 3/4 protection for everyone Automatic protection across customers
  • 59. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T AWS Shield Advanced Enhanced protection • Enhanced Layer 3/4 attack detection baselined to you • Layer 7 attack detection • Pre-configured mitigations scoped to resource type • Advanced mitigations like SYN throttling • Customer-defined L3/4 mitigations (for regional services) Detection Mitigation • Help in incident triaging and mitigation • Automatically engaged for availability impacting L3/L4 events • Customer driven support cases through AWS Support or Shield Engagement Lambda Enhanced protection baselined to you 24x7 access to DDoS response team (DRT)
  • 60. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Recent significant attacks March 2018: Web application targeted by 1.4 Tbps Memcached reflection attack, mitigated with Amazon CloudFront and AWS Shield Advanced November 2018: Web application running on Amazon CloudFront targeted by 20 million requests per second, automatically mitigated by Amazon CloudFront and AWS Shield Advanced
  • 61. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Automatic Protection across customers Enhanced protection baselined to you 24x7 access to DDoS response team (DRT) Built-in DDoS protection for everyone Point and Protect Wizard
  • 62. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Automatic Protection across customers Enhanced protection baselined to you 24x7 access to DDoS response team (DRT) Built-in DDoS protection for everyone Point and Protect Wizard CloudWatch metrics Attack diagnostics Global threat environment dashboard
  • 63. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Automatic protection across customers Enhanced protection baselined to you 24x7 access to DDoS response team (DRT) Built-in DDoS protection for everyone Point and Protect Wizard CloudWatch metrics Attack diagnostics Global threat environment dashboard
  • 64. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Automatic protection across customers Enhanced protection baselined to you 24x7 access to DDoS response team (DRT) Built-in DDoS protection for everyone Point and Protect Wizard AWS WAF at no additional cost For protected resources AWS Firewall Manager at no additional cost Cost protection for scaling CloudWatch metrics Attack diagnostics Global threat environment dashboard
  • 65. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T AWS Shield Advanced Cost protection for scaling AWS absorbs scaling cost on protected resources due to DDoS attack • Amazon CloudFront • Elastic Load Balancing (ELB/ALB/NLB) • Amazon Route 53 • Amazon EC2
  • 66. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Choosing a DDoS protection provider AWS Shield Standard & Advanced Automatic protection across customers Enhanced protection baselined to you 24x7 access to DDoS response team (DRT) Built-in DDoS protection for everyone Point and Protect Wizard AWS WAF at no additional cost For protected resources AWS Firewall Manager at no additional cost Cost protection for scaling CloudWatch metrics Attack diagnostics Global threat environment dashboard
  • 67. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Adding DDoS protection EC2 instance S3 bucket Public subnet Private subnet AWS Shield AWS Shield Advanced ALB CloudFront AWS WAF Firewall Manager
  • 68. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 69. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Specialized component use cases Different protection needs ❑ I have a serverless architecture / APIs ❑ I have TCP traffic (non-HTTP/S) ❑ I run UDP-based games • Create a unified API frontend for multiple microservices • Authenticate and authorize requests • Throttle, meter, and monetize API usage by third-party developers Amazon API GatewayAWS WAF • Full AWS WAF features • Custom and managed rules • Visibility through CloudWatch and logs • Automate with AWS Lambda AWS Shield Standard
  • 70. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Specialized component use cases Different protection needs ❑ I have a serverless architecture / APIs ❑ I have TCP traffic (non-HTTP/S) ❑ I run UDP-based games AWS Shield Advanced Fast scaling, transparent load balancer architected for performance and availability Network Load Balancer Global load balancing across regions with anycast routing and fine grained controls AWS Global Accelerator • Granular detection thresholds (based on background architecture) • Pre-configured / customized mitigation templates • Network ACLs pushed to the border
  • 71. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Specialized component use cases Different protection needs ❑ I have a serverless architecture / APIs ❑ I have TCP traffic (non-HTTP/S) ❑ I run UDP-based games AWS Shield Advanced EC2 instances Global load balancing across regions with anycast routing and fine grained controls AWS Global Accelerator • Granular detection thresholds (based on background architecture) • Pre-configured / customized mitigation templates • Network ACLs pushed to the border
  • 72. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 73. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Basic AWS application EC2 instance S3 bucket Public subnet Private subnet ALB
  • 74. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Accelerated and secured AWS application EC2 instance S3 bucket Public subnet Private subnet CloudFront AWS WAF AWS Shield AWS Shield Advanced ALB Firewall Manager
  • 75. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ritwik Manan ritwikm@amazon.com Woodrow Arrington arrinw@amazon.com
  • 76. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.