SlideShare una empresa de Scribd logo
1 de 62
Descargar para leer sin conexión
AWS, I Choose You: Pokemon's Battle against the Bots (SEC402-R1) - AWS re:Invent 2018
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS, I Choose You: Pokemon's
Battle Against the Bots
S E C 4 0 2 - R
Edward Smith
Sr. Dev Ops Engineer
The Pokémon Company
International
David Williams
Sr. Dev Ops Engineer
The Pokémon Company
International
Sundar Jayashekar
Sr. Product Manager
AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
1. Are bots a problem?
2. The Pokémon story
3. Live demo
4. Conclusion
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Bad bots—Why are they bad?
1. Denial of service
2. Content scraping
4. Account takeover
5. Unfair advantage
6. Economic incentive ... and more!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What to expect from this session
• Pokémon bot challenge
• Initial solution
• New challenges
• Evolution of solution
• How to scale and improve performance
• Applying solutions to the real world
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Services we cover in this session
Amazon CloudFront
AWS WAF
AWS Shield
AWS Lambda
Amazon Kinesis
Amazon Kinesis
Data Firehose
Amazon Kinesis
Data AnalyticsAmazon
DynamoDB Amazon Simple Queue
Service
(Amazon SQS)
AWS WAF
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The Pokémon Trainer
Club
Worldwide authentication service
Access to various Pokémon games
and services
Security of child accounts is our top
priority
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The Pokémon bot
challenge
Massive increase in new users
Massive, disproportional increase
in illegitimate users and traffic
• Bots
• Scanners
• DDoS attacks
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
When we last left our team
Switch to CloudFront + AWS
WAF & Shield improved
stability and performance
Improved support and response
from Shield DRT team
Our talk from Re:Invent 2017:
https://bit.ly/2IRCjGn
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Just getting started
Number of illegitimate
accounts extremely high
WAF Rules and rate limits kept
out the most egregious
offenders
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Overrun by bots
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CloudFront serverless analytics
• Amazon Big Data blog
• Rajeev Srinivasan
• Sai Sriparasa
• Basic traffic analysis
https://amzn.to/2RFpGlL
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Who are the bots?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Next level challenges
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Goals
Make bad behavior expensive
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Goals
Reduce risk of false positives
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Goals
Set and forget
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Goals
Audit trail
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Goals
All serverless
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Goals
So much scale
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Goals
Fast to implement
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
First iteration
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Putting together the winning deck—Ingestion
CREATE OR REPLACE PUMP "STREAM_PUMP" AS
INSERT INTO "REQUEST_COUNT_TIMESERIES" ("ip", "request_count",
"source", "timestamp")
SELECT STREAM "request_ip",
COUNT("request_ip") as request_count,
'sso',
ROWTIME
FROM "CF_LOG_STREAM_001"
GROUP BY "request_ip", STEP("CF_LOG_STREAM_001".ROWTIME BY
INTERVAL '10' SECOND);
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Putting together the winning deck—Processing
for rule_id in record['rules']:
new_ttl = 0
rule = rules[rule_id]
if rule['type'] == 'ratelimit':
new_ttl = check_ratelimit_rule(record, rule)
else:
print("Rule type '{}' of rule '{}' is not supported.".format(rule['type'], rule['rule_id']))
if new_ttl != 0:
blacklist_messages.append(generate_blacklist_message(rule, record))
if new_ttl == -1:
break
if cur_ttl < new_ttl:
cur_ttl = new_ttl
if cur_ttl != 0:
blacklist(record['ip'], record['timestamp'], cur_ttl, blacklist_messages)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Putting together the winning deck—Storage
{
"count": 1,
"ip": "127.0.0.1",
"key": "127.0.0.1-5",
"source": "club",
"timestamp": 1538629260,
"ttl": 1538629860,
"uri_classifier": "sign-up"
}
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Putting together the winning deck—WAF updating
response = waf_get_ip_set(ip_set_id)
if response is not None:
count_ips_existing = 0
for k in response['IPSet']['IPSetDescriptors']:
ip_value = k['Value'].split('/')[0]
if ip_value in deletes.keys():
# ip is on the waf, schedule it to be removed
ip_set_deletes.append(ip_set_record(ip_value, 'DELETE'))
elif ip_value in adds.keys():
# IP is already in the waf, don't waste an update
count_ips_existing += 1
adds.pop(ip_value)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Putting together the winning deck—WAF updating
for attempt in range(WAF_UPDATE_ATTEMPTS):
try:
response = waf.update_ip_set(IPSetId=ip_set_id,
ChangeToken=waf.get_change_token()['ChangeToken'],
Updates=updates_list)
except Exception, e:
delay = math.pow(2, attempt)
print(e)
print("[waf_update_ip_set] Retrying in %d seconds..." % (delay))
time.sleep(delay)
else:
break
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Scaling Kinesis Streams
• Triggers one lambda
invocation per shard
• Make sure shard key is fairly
unique to prevent heavily
used shards
• Can at most double shard
count when increasing shards
• Can only increase shard
count twice per 24 hours
• Retry when lambda fails
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Scaling Lambda—Variable re-use
if rule_refresh <= cur_time:
rule_refresh = cur_time + random.randint(240,
360)
try:
refresh_rules()
except ClientError as e:
rule_refresh = -1
print("Unexpected error: {}".format(e))
raise Exception(e)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Scaling Lambda—Variable re-use
if not rules_table:
dynamodb = boto3.resource('dynamodb', region_name='us-east-1')
rules_table = dynamodb.Table(os.environ['RulesTable'])
results = rules_table.scan()
for item in results['Items']:
if item['rule_id'] in rules and item['version'] == rules[item['rule_id']]['version']:
continue
if 'uris' in item:
compiled_uris = []
for uri in item['uris']:
compiled_uris.append(re.compile(uri))
item['uris'] = compiled_uris
rules[item['rule_id']] = item
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Scaling Lambda—Rule logic
def check_rule_match(record, rule):
if 'host' in rule and record['host'] != rule['host']:
return False
if 'methods' in rule and record['method'] not in
rule['methods']:
return False
if 'uris' in rule:
for uri in rule['uris']:
if uri.match(record['uri']):
return True
else:
return True
return False
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Scaling DynamoDB
• Throughput dilution
• Spread load across partitions
• Don't keep data longer then
you need to (go TTL)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
First iteration (recap)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Second iteration
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What changed—
CREATE OR REPLACE PUMP "STREAM_PUMP" AS
INSERT INTO "REQUEST_COUNT_TIMESERIES" ("ip", "host",
"request_count", "uri", "method", "timestamp", "request_id")
SELECT STREAM CLIENT_IP "ip",
HEADER_HOST "host",
COUNT("CLIENT_IP") as request_count,
URI "uri",
HTTP_METHOD "method",
ROWTIME,
FIRST_VALUE("REQUEST_ID") IGNORE NULLS
FROM "waf_001"
WHERE NOT (TERMINATING_RULE_ID <> 'Default_Action' AND ACTION =
'ALLOW')
GROUP BY "CLIENT_IP", "HEADER_HOST", "URI", "HTTP_METHOD",
STEP("waf_001".ROWTIME BY INTERVAL '10' SECOND);
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What changed—
{
"rule_id": "592b8530-87e7-41a1-8633-
34ea0d1b9482",
"version": "1",
"type": "ratelimit",
"host": "club.pokemon.com",
"rate_limit": 75,
"period": 360,
"blacklist_duration": 60000,
"uris": [
"regex"
],
"methods": [
"GET"
]
}
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What changed—Simplified Kinesis Data Analytics
CREATE OR REPLACE PUMP "URI_STREAM_PUMP" AS
INSERT INTO "REQUEST_COUNT_BY_URI" ("ip", "request_count", "uri_classifier", "source", "timestamp")
SELECT STREAM T."request_ip" as "ip",
COUNT("request_ip") as "request_count",
'sign-up' as "uri_classifier",
-- T.uri_reg.COLUMN1 as "uri_stream",
'club' as "source",
T."timestamp"
FROM
(SELECT STREAM "request_ip", ROWTIME as "timestamp",
REGEX_LOG_PARSE("uri_stream", 'regex_expression') as uri_reg
FROM "CF_LOG_STREAM_001"
WHERE "http_method" = 'POST'
GROUP BY "request_ip", "uri_stream", STEP("CF_LOG_STREAM_001".ROWTIME BY INTERVAL '10' SECOND)) as
T
GROUP BY T."request_ip", 'sign-up', 'club', T."timestamp";
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What changed—Simplified Kinesis Data Analytics
CREATE OR REPLACE PUMP "STREAM_PUMP" AS
INSERT INTO "REQUEST_COUNT_TIMESERIES" ("ip", "host", "request_count", "uri", "method", "timestamp",
"request_id")
SELECT STREAM CLIENT_IP "ip",
HEADER_HOST "host",
COUNT("CLIENT_IP") as request_count,
URI "uri",
HTTP_METHOD "method",
ROWTIME,
FIRST_VALUE("REQUEST_ID") IGNORE NULLS
FROM "waf_001"
WHERE NOT (TERMINATING_RULE_ID <> 'Default_Action' AND ACTION = 'ALLOW')
GROUP BY "CLIENT_IP", "HEADER_HOST", "URI", "HTTP_METHOD", STEP("waf_001".ROWTIME BY INTERVAL '10'
SECOND);
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What changed—
{
"timestamp": 1533689070589,
"formatVersion": 1,
"webaclId": "385cb038-3a6f-4f2f-ac64-09ab912af590",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
...
"httpRequest": {
"clientIp": "192.10.23.23",
"country": "US",
"headers": [
...
],
"uri": "REDACTED",
"args": "usernam=abc",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "cloud front Request id"
}
}
Readable example at:
https://docs.aws.amazon.com/waf/latest/developerguide/logging.html
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Whitelisting
Issues
• No details
• No notes
• Once added it sticks around
• Easy to whitelist and forget
• No notifications if whitelist
starts misbehaving
Solution
• DynamoDB and Lambda
• Provides additional details
• Can expire whitelists
• Notifications for expirations
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Advanced behaviors
Additional IP information
Repeated offenses, harsher penalties
Misbehaving subnets?
Minute, hourly, and daily based
limits
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
WAF Logs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
WAF Logs to Kinesis Data Analytics
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lambda and DynamoDB
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon SQS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
WAF update
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
WAF Blacklist table
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
WAF Blacklist TTL timeout
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
WAF update
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
https://bit.ly/2J2OfoJ
Demo
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key takeaways
1. Bots are a problem!
2. AWS offers many weapons to choose from
3. AWS allows you to customize the solution
4. Evolve your solution, because the bots are
5. Now, go try your own solution!
Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Más contenido relacionado

La actualidad más candente

20180221 AWS Black Belt Online Seminar AWS Lambda@Edge
20180221 AWS Black Belt Online Seminar AWS Lambda@Edge20180221 AWS Black Belt Online Seminar AWS Lambda@Edge
20180221 AWS Black Belt Online Seminar AWS Lambda@EdgeAmazon Web Services Japan
 
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要Amazon Web Services Japan
 
20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...
20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...
20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...Amazon Web Services Japan
 
20190306 AWS Black Belt Online Seminar Amazon EC2スポットインスタンス
20190306 AWS Black Belt Online Seminar Amazon EC2スポットインスタンス20190306 AWS Black Belt Online Seminar Amazon EC2スポットインスタンス
20190306 AWS Black Belt Online Seminar Amazon EC2スポットインスタンスAmazon Web Services Japan
 
20200826 AWS Black Belt Online Seminar AWS CloudFormation
20200826 AWS Black Belt Online Seminar AWS CloudFormation 20200826 AWS Black Belt Online Seminar AWS CloudFormation
20200826 AWS Black Belt Online Seminar AWS CloudFormation Amazon Web Services Japan
 
20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier
20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier
20190220 AWS Black Belt Online Seminar Amazon S3 / GlacierAmazon Web Services Japan
 
20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline
20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline
20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipelineAmazon Web Services Japan
 
20191029 AWS Black Belt Online Seminar Elastic Load Balancing (ELB)
20191029 AWS Black Belt Online Seminar Elastic Load Balancing (ELB)20191029 AWS Black Belt Online Seminar Elastic Load Balancing (ELB)
20191029 AWS Black Belt Online Seminar Elastic Load Balancing (ELB)Amazon Web Services Japan
 
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows ServerAmazon Web Services Japan
 
20191023 AWS Black Belt Online Seminar Amazon EMR
20191023 AWS Black Belt Online Seminar Amazon EMR20191023 AWS Black Belt Online Seminar Amazon EMR
20191023 AWS Black Belt Online Seminar Amazon EMRAmazon Web Services Japan
 
AWS Black Belt Online Seminar AWS Key Management Service (KMS)
AWS Black Belt Online Seminar AWS Key Management Service (KMS) AWS Black Belt Online Seminar AWS Key Management Service (KMS)
AWS Black Belt Online Seminar AWS Key Management Service (KMS) Amazon Web Services Japan
 
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...Amazon Web Services Japan
 
AWS Black Belt Online Seminar 2018 AWS Certificate Manager
AWS Black Belt Online Seminar 2018 AWS Certificate ManagerAWS Black Belt Online Seminar 2018 AWS Certificate Manager
AWS Black Belt Online Seminar 2018 AWS Certificate ManagerAmazon Web Services Japan
 
20190911 AWS Black Belt Online Seminar AWS Batch
20190911 AWS Black Belt Online Seminar AWS Batch20190911 AWS Black Belt Online Seminar AWS Batch
20190911 AWS Black Belt Online Seminar AWS BatchAmazon Web Services Japan
 
20190320 AWS Black Belt Online Seminar Amazon EBS
20190320 AWS Black Belt Online Seminar Amazon EBS20190320 AWS Black Belt Online Seminar Amazon EBS
20190320 AWS Black Belt Online Seminar Amazon EBSAmazon Web Services Japan
 
AWS Black Belt Online Seminar 2017 Amazon ElastiCache
AWS Black Belt Online Seminar 2017 Amazon ElastiCacheAWS Black Belt Online Seminar 2017 Amazon ElastiCache
AWS Black Belt Online Seminar 2017 Amazon ElastiCacheAmazon Web Services Japan
 
20190522 AWS Black Belt Online Seminar AWS Step Functions
20190522 AWS Black Belt Online Seminar AWS Step Functions20190522 AWS Black Belt Online Seminar AWS Step Functions
20190522 AWS Black Belt Online Seminar AWS Step FunctionsAmazon Web Services Japan
 
20190326 AWS Black Belt Online Seminar Amazon CloudWatch
20190326 AWS Black Belt Online Seminar Amazon CloudWatch20190326 AWS Black Belt Online Seminar Amazon CloudWatch
20190326 AWS Black Belt Online Seminar Amazon CloudWatchAmazon Web Services Japan
 
20190723 AWS Black Belt Online Seminar AWS CloudHSM
20190723 AWS Black Belt Online Seminar AWS CloudHSM 20190723 AWS Black Belt Online Seminar AWS CloudHSM
20190723 AWS Black Belt Online Seminar AWS CloudHSM Amazon Web Services Japan
 

La actualidad más candente (20)

20180221 AWS Black Belt Online Seminar AWS Lambda@Edge
20180221 AWS Black Belt Online Seminar AWS Lambda@Edge20180221 AWS Black Belt Online Seminar AWS Lambda@Edge
20180221 AWS Black Belt Online Seminar AWS Lambda@Edge
 
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
 
20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...
20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...
20191002 AWS Black Belt Online Seminar Amazon EC2 Auto Scaling and AWS Auto S...
 
20190306 AWS Black Belt Online Seminar Amazon EC2スポットインスタンス
20190306 AWS Black Belt Online Seminar Amazon EC2スポットインスタンス20190306 AWS Black Belt Online Seminar Amazon EC2スポットインスタンス
20190306 AWS Black Belt Online Seminar Amazon EC2スポットインスタンス
 
20200826 AWS Black Belt Online Seminar AWS CloudFormation
20200826 AWS Black Belt Online Seminar AWS CloudFormation 20200826 AWS Black Belt Online Seminar AWS CloudFormation
20200826 AWS Black Belt Online Seminar AWS CloudFormation
 
20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier
20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier
20190220 AWS Black Belt Online Seminar Amazon S3 / Glacier
 
20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline
20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline
20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline
 
20191029 AWS Black Belt Online Seminar Elastic Load Balancing (ELB)
20191029 AWS Black Belt Online Seminar Elastic Load Balancing (ELB)20191029 AWS Black Belt Online Seminar Elastic Load Balancing (ELB)
20191029 AWS Black Belt Online Seminar Elastic Load Balancing (ELB)
 
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
 
20191023 AWS Black Belt Online Seminar Amazon EMR
20191023 AWS Black Belt Online Seminar Amazon EMR20191023 AWS Black Belt Online Seminar Amazon EMR
20191023 AWS Black Belt Online Seminar Amazon EMR
 
AWS Black Belt Online Seminar AWS Key Management Service (KMS)
AWS Black Belt Online Seminar AWS Key Management Service (KMS) AWS Black Belt Online Seminar AWS Key Management Service (KMS)
AWS Black Belt Online Seminar AWS Key Management Service (KMS)
 
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...
20200422 AWS Black Belt Online Seminar Amazon Elastic Container Service (Amaz...
 
AWS Black Belt Online Seminar 2018 AWS Certificate Manager
AWS Black Belt Online Seminar 2018 AWS Certificate ManagerAWS Black Belt Online Seminar 2018 AWS Certificate Manager
AWS Black Belt Online Seminar 2018 AWS Certificate Manager
 
20190911 AWS Black Belt Online Seminar AWS Batch
20190911 AWS Black Belt Online Seminar AWS Batch20190911 AWS Black Belt Online Seminar AWS Batch
20190911 AWS Black Belt Online Seminar AWS Batch
 
20190320 AWS Black Belt Online Seminar Amazon EBS
20190320 AWS Black Belt Online Seminar Amazon EBS20190320 AWS Black Belt Online Seminar Amazon EBS
20190320 AWS Black Belt Online Seminar Amazon EBS
 
AWS Black Belt Online Seminar 2017 Amazon ElastiCache
AWS Black Belt Online Seminar 2017 Amazon ElastiCacheAWS Black Belt Online Seminar 2017 Amazon ElastiCache
AWS Black Belt Online Seminar 2017 Amazon ElastiCache
 
20190522 AWS Black Belt Online Seminar AWS Step Functions
20190522 AWS Black Belt Online Seminar AWS Step Functions20190522 AWS Black Belt Online Seminar AWS Step Functions
20190522 AWS Black Belt Online Seminar AWS Step Functions
 
20190326 AWS Black Belt Online Seminar Amazon CloudWatch
20190326 AWS Black Belt Online Seminar Amazon CloudWatch20190326 AWS Black Belt Online Seminar Amazon CloudWatch
20190326 AWS Black Belt Online Seminar Amazon CloudWatch
 
Graph Database and Amazon Neptune
Graph Database and Amazon NeptuneGraph Database and Amazon Neptune
Graph Database and Amazon Neptune
 
20190723 AWS Black Belt Online Seminar AWS CloudHSM
20190723 AWS Black Belt Online Seminar AWS CloudHSM 20190723 AWS Black Belt Online Seminar AWS CloudHSM
20190723 AWS Black Belt Online Seminar AWS CloudHSM
 

Similar a AWS, I Choose You: Pokemon's Battle against the Bots (SEC402-R1) - AWS re:Invent 2018

Keynote - Adrian Hornsby on Chaos Engineering
Keynote - Adrian Hornsby on Chaos EngineeringKeynote - Adrian Hornsby on Chaos Engineering
Keynote - Adrian Hornsby on Chaos EngineeringAmazon Web Services
 
Serverless best practices plus design principles 20m version
Serverless   best practices plus design principles 20m versionServerless   best practices plus design principles 20m version
Serverless best practices plus design principles 20m versionHeitor Lessa
 
Resiliency and Availability Design Patterns for the Cloud
Resiliency and Availability Design Patterns for the CloudResiliency and Availability Design Patterns for the Cloud
Resiliency and Availability Design Patterns for the CloudAmazon Web Services
 
The Future of API Management Is Serverless
The Future of API Management Is ServerlessThe Future of API Management Is Serverless
The Future of API Management Is ServerlessChris Munns
 
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...Amazon Web Services
 
Building a Recommender System on AWS
Building a Recommender System on AWSBuilding a Recommender System on AWS
Building a Recommender System on AWSAmazon Web Services
 
[NEW LAUNCH!] Introducing Amazon SageMaker RL - Build and Train Reinforcement...
[NEW LAUNCH!] Introducing Amazon SageMaker RL - Build and Train Reinforcement...[NEW LAUNCH!] Introducing Amazon SageMaker RL - Build and Train Reinforcement...
[NEW LAUNCH!] Introducing Amazon SageMaker RL - Build and Train Reinforcement...Amazon Web Services
 
Keynote - Chaos Engineering: Why breaking things should be practiced
Keynote - Chaos Engineering: Why breaking things should be practicedKeynote - Chaos Engineering: Why breaking things should be practiced
Keynote - Chaos Engineering: Why breaking things should be practicedAWS User Group Bengaluru
 
Building Applications with Apache MXNet
Building Applications with Apache MXNetBuilding Applications with Apache MXNet
Building Applications with Apache MXNetApache MXNet
 
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...Amazon Web Services
 
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018Amazon Web Services
 
Run Production Workloads on Spot, Save up to 90% (CMP306-R1) - AWS re:Invent ...
Run Production Workloads on Spot, Save up to 90% (CMP306-R1) - AWS re:Invent ...Run Production Workloads on Spot, Save up to 90% (CMP306-R1) - AWS re:Invent ...
Run Production Workloads on Spot, Save up to 90% (CMP306-R1) - AWS re:Invent ...Amazon Web Services
 
AWS Keynote and Opening - AWS Startup Day Boston 2018.pdf
AWS Keynote and Opening - AWS Startup Day Boston 2018.pdfAWS Keynote and Opening - AWS Startup Day Boston 2018.pdf
AWS Keynote and Opening - AWS Startup Day Boston 2018.pdfAmazon Web Services
 
Advanced Serverless Data Processing (GPSWS406) - AWS re:Invent 2018
Advanced Serverless Data Processing (GPSWS406) - AWS re:Invent 2018Advanced Serverless Data Processing (GPSWS406) - AWS re:Invent 2018
Advanced Serverless Data Processing (GPSWS406) - AWS re:Invent 2018Amazon Web Services
 
Predictive Scaling for More Responsive Applications (API330) - AWS re:Invent ...
Predictive Scaling for More Responsive Applications (API330) - AWS re:Invent ...Predictive Scaling for More Responsive Applications (API330) - AWS re:Invent ...
Predictive Scaling for More Responsive Applications (API330) - AWS re:Invent ...Amazon Web Services
 
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018Amazon Web Services
 
The Future of Enterprise IT - Lessons Learned
The Future of Enterprise IT - Lessons LearnedThe Future of Enterprise IT - Lessons Learned
The Future of Enterprise IT - Lessons LearnedAmazon Web Services
 
Five New Security Automations Using AWS Security Services & Open Source (SEC4...
Five New Security Automations Using AWS Security Services & Open Source (SEC4...Five New Security Automations Using AWS Security Services & Open Source (SEC4...
Five New Security Automations Using AWS Security Services & Open Source (SEC4...Amazon Web Services
 
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...Amazon Web Services
 

Similar a AWS, I Choose You: Pokemon's Battle against the Bots (SEC402-R1) - AWS re:Invent 2018 (20)

Keynote - Adrian Hornsby on Chaos Engineering
Keynote - Adrian Hornsby on Chaos EngineeringKeynote - Adrian Hornsby on Chaos Engineering
Keynote - Adrian Hornsby on Chaos Engineering
 
Serverless best practices plus design principles 20m version
Serverless   best practices plus design principles 20m versionServerless   best practices plus design principles 20m version
Serverless best practices plus design principles 20m version
 
Resiliency and Availability Design Patterns for the Cloud
Resiliency and Availability Design Patterns for the CloudResiliency and Availability Design Patterns for the Cloud
Resiliency and Availability Design Patterns for the Cloud
 
The Future of API Management Is Serverless
The Future of API Management Is ServerlessThe Future of API Management Is Serverless
The Future of API Management Is Serverless
 
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...
Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...
 
Building a Recommender System on AWS
Building a Recommender System on AWSBuilding a Recommender System on AWS
Building a Recommender System on AWS
 
[NEW LAUNCH!] Introducing Amazon SageMaker RL - Build and Train Reinforcement...
[NEW LAUNCH!] Introducing Amazon SageMaker RL - Build and Train Reinforcement...[NEW LAUNCH!] Introducing Amazon SageMaker RL - Build and Train Reinforcement...
[NEW LAUNCH!] Introducing Amazon SageMaker RL - Build and Train Reinforcement...
 
Keynote - Chaos Engineering: Why breaking things should be practiced
Keynote - Chaos Engineering: Why breaking things should be practicedKeynote - Chaos Engineering: Why breaking things should be practiced
Keynote - Chaos Engineering: Why breaking things should be practiced
 
Building Applications with Apache MXNet
Building Applications with Apache MXNetBuilding Applications with Apache MXNet
Building Applications with Apache MXNet
 
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
 
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
 
Run Production Workloads on Spot, Save up to 90% (CMP306-R1) - AWS re:Invent ...
Run Production Workloads on Spot, Save up to 90% (CMP306-R1) - AWS re:Invent ...Run Production Workloads on Spot, Save up to 90% (CMP306-R1) - AWS re:Invent ...
Run Production Workloads on Spot, Save up to 90% (CMP306-R1) - AWS re:Invent ...
 
AWS Keynote and Opening - AWS Startup Day Boston 2018.pdf
AWS Keynote and Opening - AWS Startup Day Boston 2018.pdfAWS Keynote and Opening - AWS Startup Day Boston 2018.pdf
AWS Keynote and Opening - AWS Startup Day Boston 2018.pdf
 
Advanced Serverless Data Processing (GPSWS406) - AWS re:Invent 2018
Advanced Serverless Data Processing (GPSWS406) - AWS re:Invent 2018Advanced Serverless Data Processing (GPSWS406) - AWS re:Invent 2018
Advanced Serverless Data Processing (GPSWS406) - AWS re:Invent 2018
 
Predictive Scaling for More Responsive Applications (API330) - AWS re:Invent ...
Predictive Scaling for More Responsive Applications (API330) - AWS re:Invent ...Predictive Scaling for More Responsive Applications (API330) - AWS re:Invent ...
Predictive Scaling for More Responsive Applications (API330) - AWS re:Invent ...
 
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018
Moving to DevOps the Amazon Way (DEV210-R1) - AWS re:Invent 2018
 
The Future of Enterprise IT - Lessons Learned
The Future of Enterprise IT - Lessons LearnedThe Future of Enterprise IT - Lessons Learned
The Future of Enterprise IT - Lessons Learned
 
Five New Security Automations Using AWS Security Services & Open Source (SEC4...
Five New Security Automations Using AWS Security Services & Open Source (SEC4...Five New Security Automations Using AWS Security Services & Open Source (SEC4...
Five New Security Automations Using AWS Security Services & Open Source (SEC4...
 
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
 
Chaos Engineering
Chaos EngineeringChaos Engineering
Chaos Engineering
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS, I Choose You: Pokemon's Battle against the Bots (SEC402-R1) - AWS re:Invent 2018

  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS, I Choose You: Pokemon's Battle Against the Bots S E C 4 0 2 - R Edward Smith Sr. Dev Ops Engineer The Pokémon Company International David Williams Sr. Dev Ops Engineer The Pokémon Company International Sundar Jayashekar Sr. Product Manager AWS
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda 1. Are bots a problem? 2. The Pokémon story 3. Live demo 4. Conclusion
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bad bots—Why are they bad? 1. Denial of service 2. Content scraping 4. Account takeover 5. Unfair advantage 6. Economic incentive ... and more!
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What to expect from this session • Pokémon bot challenge • Initial solution • New challenges • Evolution of solution • How to scale and improve performance • Applying solutions to the real world
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Services we cover in this session Amazon CloudFront AWS WAF AWS Shield AWS Lambda Amazon Kinesis Amazon Kinesis Data Firehose Amazon Kinesis Data AnalyticsAmazon DynamoDB Amazon Simple Queue Service (Amazon SQS) AWS WAF
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Pokémon Trainer Club Worldwide authentication service Access to various Pokémon games and services Security of child accounts is our top priority
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Pokémon bot challenge Massive increase in new users Massive, disproportional increase in illegitimate users and traffic • Bots • Scanners • DDoS attacks
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. When we last left our team Switch to CloudFront + AWS WAF & Shield improved stability and performance Improved support and response from Shield DRT team Our talk from Re:Invent 2017: https://bit.ly/2IRCjGn
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Just getting started Number of illegitimate accounts extremely high WAF Rules and rate limits kept out the most egregious offenders
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Overrun by bots
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFront serverless analytics • Amazon Big Data blog • Rajeev Srinivasan • Sai Sriparasa • Basic traffic analysis https://amzn.to/2RFpGlL
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Who are the bots?
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Next level challenges
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Goals Make bad behavior expensive
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Goals Reduce risk of false positives
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Goals Set and forget
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Goals Audit trail
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Goals All serverless
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Goals So much scale
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Goals Fast to implement
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. First iteration
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Putting together the winning deck—Ingestion CREATE OR REPLACE PUMP "STREAM_PUMP" AS INSERT INTO "REQUEST_COUNT_TIMESERIES" ("ip", "request_count", "source", "timestamp") SELECT STREAM "request_ip", COUNT("request_ip") as request_count, 'sso', ROWTIME FROM "CF_LOG_STREAM_001" GROUP BY "request_ip", STEP("CF_LOG_STREAM_001".ROWTIME BY INTERVAL '10' SECOND);
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Putting together the winning deck—Processing for rule_id in record['rules']: new_ttl = 0 rule = rules[rule_id] if rule['type'] == 'ratelimit': new_ttl = check_ratelimit_rule(record, rule) else: print("Rule type '{}' of rule '{}' is not supported.".format(rule['type'], rule['rule_id'])) if new_ttl != 0: blacklist_messages.append(generate_blacklist_message(rule, record)) if new_ttl == -1: break if cur_ttl < new_ttl: cur_ttl = new_ttl if cur_ttl != 0: blacklist(record['ip'], record['timestamp'], cur_ttl, blacklist_messages)
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Putting together the winning deck—Storage { "count": 1, "ip": "127.0.0.1", "key": "127.0.0.1-5", "source": "club", "timestamp": 1538629260, "ttl": 1538629860, "uri_classifier": "sign-up" }
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Putting together the winning deck—WAF updating response = waf_get_ip_set(ip_set_id) if response is not None: count_ips_existing = 0 for k in response['IPSet']['IPSetDescriptors']: ip_value = k['Value'].split('/')[0] if ip_value in deletes.keys(): # ip is on the waf, schedule it to be removed ip_set_deletes.append(ip_set_record(ip_value, 'DELETE')) elif ip_value in adds.keys(): # IP is already in the waf, don't waste an update count_ips_existing += 1 adds.pop(ip_value)
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Putting together the winning deck—WAF updating for attempt in range(WAF_UPDATE_ATTEMPTS): try: response = waf.update_ip_set(IPSetId=ip_set_id, ChangeToken=waf.get_change_token()['ChangeToken'], Updates=updates_list) except Exception, e: delay = math.pow(2, attempt) print(e) print("[waf_update_ip_set] Retrying in %d seconds..." % (delay)) time.sleep(delay) else: break
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scaling Kinesis Streams • Triggers one lambda invocation per shard • Make sure shard key is fairly unique to prevent heavily used shards • Can at most double shard count when increasing shards • Can only increase shard count twice per 24 hours • Retry when lambda fails
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scaling Lambda—Variable re-use if rule_refresh <= cur_time: rule_refresh = cur_time + random.randint(240, 360) try: refresh_rules() except ClientError as e: rule_refresh = -1 print("Unexpected error: {}".format(e)) raise Exception(e)
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scaling Lambda—Variable re-use if not rules_table: dynamodb = boto3.resource('dynamodb', region_name='us-east-1') rules_table = dynamodb.Table(os.environ['RulesTable']) results = rules_table.scan() for item in results['Items']: if item['rule_id'] in rules and item['version'] == rules[item['rule_id']]['version']: continue if 'uris' in item: compiled_uris = [] for uri in item['uris']: compiled_uris.append(re.compile(uri)) item['uris'] = compiled_uris rules[item['rule_id']] = item
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scaling Lambda—Rule logic def check_rule_match(record, rule): if 'host' in rule and record['host'] != rule['host']: return False if 'methods' in rule and record['method'] not in rule['methods']: return False if 'uris' in rule: for uri in rule['uris']: if uri.match(record['uri']): return True else: return True return False
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scaling DynamoDB • Throughput dilution • Spread load across partitions • Don't keep data longer then you need to (go TTL)
  • 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. First iteration (recap)
  • 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Second iteration
  • 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What changed— CREATE OR REPLACE PUMP "STREAM_PUMP" AS INSERT INTO "REQUEST_COUNT_TIMESERIES" ("ip", "host", "request_count", "uri", "method", "timestamp", "request_id") SELECT STREAM CLIENT_IP "ip", HEADER_HOST "host", COUNT("CLIENT_IP") as request_count, URI "uri", HTTP_METHOD "method", ROWTIME, FIRST_VALUE("REQUEST_ID") IGNORE NULLS FROM "waf_001" WHERE NOT (TERMINATING_RULE_ID <> 'Default_Action' AND ACTION = 'ALLOW') GROUP BY "CLIENT_IP", "HEADER_HOST", "URI", "HTTP_METHOD", STEP("waf_001".ROWTIME BY INTERVAL '10' SECOND);
  • 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What changed— { "rule_id": "592b8530-87e7-41a1-8633- 34ea0d1b9482", "version": "1", "type": "ratelimit", "host": "club.pokemon.com", "rate_limit": 75, "period": 360, "blacklist_duration": 60000, "uris": [ "regex" ], "methods": [ "GET" ] }
  • 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What changed—Simplified Kinesis Data Analytics CREATE OR REPLACE PUMP "URI_STREAM_PUMP" AS INSERT INTO "REQUEST_COUNT_BY_URI" ("ip", "request_count", "uri_classifier", "source", "timestamp") SELECT STREAM T."request_ip" as "ip", COUNT("request_ip") as "request_count", 'sign-up' as "uri_classifier", -- T.uri_reg.COLUMN1 as "uri_stream", 'club' as "source", T."timestamp" FROM (SELECT STREAM "request_ip", ROWTIME as "timestamp", REGEX_LOG_PARSE("uri_stream", 'regex_expression') as uri_reg FROM "CF_LOG_STREAM_001" WHERE "http_method" = 'POST' GROUP BY "request_ip", "uri_stream", STEP("CF_LOG_STREAM_001".ROWTIME BY INTERVAL '10' SECOND)) as T GROUP BY T."request_ip", 'sign-up', 'club', T."timestamp";
  • 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What changed—Simplified Kinesis Data Analytics CREATE OR REPLACE PUMP "STREAM_PUMP" AS INSERT INTO "REQUEST_COUNT_TIMESERIES" ("ip", "host", "request_count", "uri", "method", "timestamp", "request_id") SELECT STREAM CLIENT_IP "ip", HEADER_HOST "host", COUNT("CLIENT_IP") as request_count, URI "uri", HTTP_METHOD "method", ROWTIME, FIRST_VALUE("REQUEST_ID") IGNORE NULLS FROM "waf_001" WHERE NOT (TERMINATING_RULE_ID <> 'Default_Action' AND ACTION = 'ALLOW') GROUP BY "CLIENT_IP", "HEADER_HOST", "URI", "HTTP_METHOD", STEP("waf_001".ROWTIME BY INTERVAL '10' SECOND);
  • 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What changed— { "timestamp": 1533689070589, "formatVersion": 1, "webaclId": "385cb038-3a6f-4f2f-ac64-09ab912af590", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", ... "httpRequest": { "clientIp": "192.10.23.23", "country": "US", "headers": [ ... ], "uri": "REDACTED", "args": "usernam=abc", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "cloud front Request id" } } Readable example at: https://docs.aws.amazon.com/waf/latest/developerguide/logging.html
  • 45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Whitelisting Issues • No details • No notes • Once added it sticks around • Easy to whitelist and forget • No notifications if whitelist starts misbehaving Solution • DynamoDB and Lambda • Provides additional details • Can expire whitelists • Notifications for expirations
  • 47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Advanced behaviors Additional IP information Repeated offenses, harsher penalties Misbehaving subnets? Minute, hourly, and daily based limits
  • 48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. WAF Logs
  • 50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. WAF Logs to Kinesis Data Analytics
  • 51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lambda and DynamoDB
  • 52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon SQS
  • 53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. WAF update
  • 54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. WAF Blacklist table
  • 55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. WAF Blacklist TTL timeout
  • 56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. WAF update
  • 57. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. https://bit.ly/2J2OfoJ Demo
  • 59. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 60. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Key takeaways 1. Bots are a problem! 2. AWS offers many weapons to choose from 3. AWS allows you to customize the solution 4. Evolve your solution, because the bots are 5. Now, go try your own solution!
  • 61. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 62. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.