Secure user sign-up and sign-in is critical for many mobile and web applications. Amazon Cognito is the easiest way to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, integrations with existing corporate directories, and many other features. In addition, we will cover key use cases and discuss the associated benefits.
IAM Deep Dive - Custom IAM Policies with ConditionsBryant Poush
This document provides an overview of using conditions with IAM policies to customize access. It begins with examples of basic IAM policy structures and progresses to using conditions to limit actions based on factors like region, instance type, volume type and size. The document demonstrates how to structure policies with condition blocks and test policies to ensure the intended access is allowed or denied.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Identity and Access Management (IAM) is first in the Security Perspective of the AWS Cloud Adoption Framework CAF because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multifactor authentication mechanisms; and operate IAM at scale.
by Apurv Awasthi, Sr. Technical Product Manager, AWS
This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources. We also cover the concept of trust relationships, and how you can use them to delegate access to your AWS resources. This session covers also covers IAM best practices that can help improve your security posture. We cover how to manage IAM users and roles, and their security credentials. We also explain ways for how you can securely manage you AWS access keys. Using common use cases, we demonstrate how to choose between using IAM users or IAM roles. Finally, we explore how to set permissions to grant least privilege access control in one or more of your AWS accounts. Level 100
* 발표 동영상: https://youtu.be/DJlt1v4Gya8
AWS Single Sign-On(SSO)을 사용하면 여러 AWS 계정 및 비즈니스 애플리케이션에 대한 액세스를 중앙에서 손쉽게 관리하고 사용자에게 Single Sign-On 액세스를 제공하여 할당된 모든 계정 및 애플리케이션을 한 곳에서 액세스하도록 할 수 있습니다.
This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of Amazon VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information for current Amazon EC2-Classic network customers and help you prepare to adopt Amazon VPC.
Speakers:
Steve Seymour, AWS Solutions Architect
Eamonn O'Neill, Director, Lemongrass Consulting
Jackie Wong, Head of Networks, Financial Times
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
Ed Lima, a Solutions Architect at AWS, discusses adding user sign-in, user management, and security to mobile and web applications using Amazon Cognito. The presentation covers Amazon Cognito Identity for user authentication and authorization, Cognito User Pools for user management, and how applications can integrate with Cognito. It also demonstrates how Cognito can federate with identity providers and provides sample use cases for business to consumer, business to business, and IoT applications.
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021Amazon Web Services Korea
Amazon VPC 내의 주요 자원을 보호하거나 규정 준수를 위해 사용되어야 하는 보안 어플라이언스의 효율적인 구성을 돕는 AWS Gateway Load Balancer의 사용 방법과 동작 원리를 알려 드립니다. Amazon VPC 내부에서 인터넷 사이트의 접근을 제한하거나 외부로부터의 침입 탐지 및 차단 기능을 사용할 수 있는 IPS 기능을 포함하는 AWS 의 관리형 방화벽인 AWS Network Firewall 의 사용 방법과 구성 가능한 다양한 레퍼런스 케이스에 대해서도 설명해 드립니다.
Docker containers have become a key component of modern application design. Increasingly, developers are breaking their applications apart into smaller components and distributing them across a pool of compute resources.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
AWS CloudFormation is a comprehensive templating language that enables you to create managed 'stacks' of AWS resources, with a growing library of templates available for you to use. But how do you create one from scratch? This presentation will take you through building an AWS CloudFormation template from the ground up, so you can see all the essential template constructs in action.
Watch a recording of the webinar based on this presentation on YouTube here: http://youtu.be/6R44BADNJA8
Check out other upcoming webinars in the Masterclass Series here: http://aws.amazon.com/campaigns/emea/masterclass/
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives:
*Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily
*Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
AWS Fargate is a technology for Amazon ECS and EKS* that allows you to run containers without having to manage servers or clusters. Join us to learn more about how Fargate works, why we built it, and how you can get started using it to run containers today.
Transparency and Control with AWS CloudTrail and AWS ConfigAmazon Web Services
AWS CloudTrail and AWS Config are complementary services that provide visibility into API activity and resource configuration changes in AWS accounts. CloudTrail records API calls and related metadata, while Config captures configuration history and relationships between resources. These services can be used together to correlate API calls with resulting resource changes for security and compliance monitoring.
The document outlines 10 best practices for managing identity and access management (IAM) on AWS: 1) Create individual users, 2) Configure a strong password policy, 3) Rotate security credentials regularly, 4) Enable multi-factor authentication for privileged users, 5) Manage permissions with groups, 6) Grant least privilege, 7) Use IAM roles to share access, 8) Use IAM roles for Amazon EC2 instances, 9) Enable AWS CloudTrail for auditing API calls, and 10) Reduce or remove use of the root account. The document provides explanations and examples for implementing each best practice.
by Dave Dave McDermitt, Advisor – Global Security / Risk / Compliance, AWS Professional Services
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...Amazon Web Services
As attackers become more sophisticated, web application developers need to constantly update their security configurations. Static firewall rules are no longer good enough. Developers need a way to deploy automated security that can learn from the application behavior and identify bad traffic patterns to detect bad bots or bad actors on the Internet. This session showcases some of the real-world customer use cases that use machine learning and AWS WAF (a web application firewall) with automated incident response and machine learning to automatically identify bad actors. We also present tutorials and code samples that show how customers can analyze traffic patterns and deploy new AWS WAF rules on the fly.
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives: • Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily • Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
AWS re:Invent 2016: Deep Dive: Building and Delivering Mobile Apps for the En...Amazon Web Services
This session takes a practical approach to developing real-world enterprise applications (business-to-consumers and business-to-employees) using a serverless backend that can scale to virtually unlimited users without any infrastructure to manage. Learn how to develop enterprise apps using AWS Mobile Hub, Amazon Cognito, Amazon API Gateway, and AWS Lambda to implement best practices for authentication/authorization, cloud logic, and secure integration of existing enterprise resources and user directories. Finally, see how to employ a robust application lifecycle (build, test, and deliver) and implement a multi-stage rollout to production.
Add User Sign in and Management to your Apps with Amazon CognitoAmazon Web Services
Secure user sign up and sign in is an important starting point for many mobile and web applications. Amazon Cognito enables you to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, and control for user permissions. In addition, we will cover key use cases and discuss the associated benefits.
Learning Objectives:
• What is Cognito’s comprehensive feature set
• What are the benefits associated with using Cognito
• How to integrate Cognito into your applications
• Which use cases are best suited for Cognito
Who Should Attend?
• Developers
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...Amazon Web Services
By leveraging "serverless architectures", startups and enterprises are building and running modern applications and services with increased agility and simplified scalability—all without managing a single server. Many applications need to manage user identities and support sign-in/sign-up. In this session, we dive deep on how to support millions of user identities, as well as how to integrate with social identity providers (such as Google and Facebook) and existing corporate directories. You learn the real-world design patterns that AWS customers use to implement authentication and authorization. By combining Amazon Cognito identity pools and user pools with API Gateway, AWS Lambda, and AWS IAM, you can add security without adding servers.
AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...Amazon Web Services
The document discusses Amazon Cognito and how it can be used to authenticate users, manage identity, and synchronize user data across devices. It provides an overview of Cognito's capabilities including support for guest users, developer authenticated identities, and using IAM roles to control access. It also demonstrates how to set up Cognito and integrate the mobile SDK to use Cognito's features in a mobile app.
AWS re:Invent 2016: Operating Your Production API (SVR402)Amazon Web Services
In this session, you learn how to monitor and manage your serverless APIs in production. We show you how to set up Amazon CloudWatch alarms, interpret CloudWatch logs for Amazon API Gateway and AWS Lambda, and automate common maintenance and management tasks on your service.
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...Amazon Web Services
In this deep-dive session, we outline how to leverage the appropriate AWS services for sending different types and sizes of data, such as images or streaming video. We'll cover common real-world scenarios related to authentication/authorization, access patterns, data transfer and caching for more performant Mobile Apps. You learn when you should access services such as Amazon Cognito, Amazon DynamoDB, Amazon S3, or Amazon Kinesis directly from your mobile app, and when you should route through Amazon API Gateway and AWS Lambda instead. Additionally, we cover coding techniques across the native, hybrid, and mobile web using popular open-source frameworks to perform these actions efficiently, and with a smooth user experience.
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...Amazon Web Services
As serverless architectures become more popular, AWS customers need a framework of patterns to help them deploy their workloads without managing servers or operating systems. This session introduces and describes four re-usable serverless patterns for web apps, stream processing, batch processing, and automation. For each, we provide a TCO analysis and comparison with its server-based counterpart. We also discuss the considerations and nuances associated with each pattern and have customers share similar experiences. The target audience is architects, system operators, and anyone looking for a better understanding of how serverless architectures can help them save money and improve their agility.
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Amazon Web Services
The document discusses securing serverless applications using Amazon API Gateway, AWS Lambda, and Amazon Cognito. It describes how to build a basic 3-tier web app that is fully serverless, add authentication with Amazon Cognito by integrating with Cognito user pools, and implement authorization using AWS Identity and Access Management (IAM) by leveraging Cognito. Key benefits mentioned are that AWS Lambda and API Gateway provide automatic scaling with no infrastructure to manage, while security is improved by making use of IAM through Cognito.
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)Amazon Web Services
This session covers AWS Identity and Access Management (IAM) best practices that can help improve your security posture. We cover how to manage users and their security credentials. We also explain why you should delete your root access keys—or at the very least, rotate them regularly. Using common use cases, we demonstrate when to choose between using IAM users and IAM roles. Finally, we explore how to set permissions to grant least privilege access control in one or more of your AWS accounts.
AWS re:Invent 2016: Deep Dive: Amazon EMR Best Practices & Design Patterns (B...Amazon Web Services
Amazon EMR is one of the largest Hadoop operators in the world. In this session, we introduce you to Amazon EMR design patterns such as using Amazon S3 instead of HDFS, taking advantage of both long and short-lived clusters, and other Amazon EMR architectural best practices. We talk about how to scale your cluster up or down dynamically and introduce you to ways you can fine-tune your cluster. We also share best practices to keep your Amazon EMR cluster cost-efficient. Finally, we dive into some of our recent launches to keep you current on our latest features. This session will feature Asurion, a provider of device protection and support services for over 280 million smartphones and other consumer electronics devices. Asurion will share how they architected their petabyte-scale data platform using Apache Hive, Apache Spark, and Presto on Amazon EMR.
AWS re:Invent 2016: Building Complex Serverless Applications (GPST404)Amazon Web Services
Provisioning, scaling, and managing physical or virtual servers—and the applications that run on them—has long been a core activity for developers and system administrators. The expanding array of managed AWS cloud services, including AWS Lambda, Amazon DynamoDB, Amazon API Gateway and more, increasingly allows organizations to focus on delivering business value without worrying about managing the underlying infrastructure or paying for idle servers and other fixed costs of cloud services. In this session, we discuss the design, development, and operation of these next-generation solutions on AWS. Whether you're developing end-user web applications or back-end data processing systems, join us in this session to learn more about building your applications without servers.
AWS re:Invent 2016: AWS Mobile State of the Union - Serverless, New User Expe...Amazon Web Services
AWS provides a range of services and tools to help you create industry leading, cloud-enabled mobile apps that can securely scale to millions of users globally. Join Amit Patel, GM of AWS Mobile, to hear our vision for mobile apps and the cloud, industry trends, recent product launches, and success stories directly from our customers. We'll walk through and demo the AWS Mobile offerings for building compelling cloud-enabled mobile apps and for engaging your app users. You’ll learn how to use these offerings (serverless – API Gateway/Lambda, Cognito, and new services) to make it easy to develop both your iOS and Android frontend, as well as your mobile backend.
NEW LAUNCH! How to Enable Real-Time Mobile App Engagement with Amazon PinpointAmazon Web Services
Amazon Pinpoint, a new AWS service, makes it easy to run targeted campaigns to improve user engagement. Pinpoint helps you understand app user behavior, define who to target, what push notification to send, when to deliver the notifications, and track results.
Deep Dive on Serverless Web Applications - AWS May 2016 Webinar SeriesAmazon Web Services
This document provides an overview of serverless architectures and how to build a serverless web application. It discusses how serverless applications remove the need for servers by leveraging event-driven compute services like AWS Lambda. The document then breaks down the anatomy of a typical web application and shows how each component maps to a serverless equivalent like API Gateway, Lambda, DynamoDB, S3. It also covers securing the application using AWS IAM, Cognito for authentication and authorization. The presentation includes a demo of a serverless blogging application and discusses other security and authorization options.
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...Amazon Web Services
Cloud computing offers many advantages, such as the ability to scale your web applications or website on demand. But how do you scale your security and compliance infrastructure along with the business? Join this session to understand best practices for scaling your security resources as you grow from zero to millions of users. Specifically, you learn the following:
How to scale your security and compliance infrastructure to keep up with a rapidly expanding threat base.
The security implications of scaling for numbers of users and numbers of applications, and how to satisfy both needs.
How agile development with integrated security testing and validation leads to a secure environment.
Best practices and design patterns of a continuous delivery pipeline and the appropriate security-focused testing for each.
The necessity of treating your security as code, just as you would do with infrastructure.
The services covered in this session include AWS IAM, Auto Scaling, Amazon Inspector, AWS WAF, and Amazon Cognito.
AWS re:Invent 2016: Securing Serverless Architectures, and API Filtering at L...Amazon Web Services
AWS serverless architecture components such as Amazon S3, Amazon SQS, Amazon SNS, CloudWatch Logs, DynamoDB, Amazon Kinesis, and Lambda can be tightly constrained in their operation. However, it may still be possible to use some of them to propagate payloads that could be used to exploit vulnerabilities in some consuming endpoints or user-generated code. This session explores techniques for enhancing the security of these services, from assessing and tightening permissions in IAM to integrating tools and mechanisms for inline and out-of-band payload analysis that are more typically applied to traditional server-based architectures.
AWS re:Invent 2016: Real-time Data Processing Using AWS Lambda (SVR301)Amazon Web Services
Serverless architecture can eliminate the need to provision and manage servers required to process files or streaming data in real time.
In this session, we will cover the fundamentals of using AWS Lambda to process data in real-time from push sources such as AWS Iot and pull sources such as Amazon DynamoDB Streams or Amazon Kinesis. We will walk through sample use cases and demonstrate how to set up some of these real-time data processing solutions. We'll also discuss best practices and do a deep dive into AWS Lambda real-time stream processing.
You also hear from speakers from Thomson Reuters, who discuss how the company leverages AWS for its Product Insight service. The service provides insights to collect usage analytics for Thomson Reuters products. The speakers walk through its architecture and demonstrate how they leverage Amazon Kinesis Streams, Amazon Kinesis Firehose, AWS Lambda, Amazon S3, Amazon Route 53, and AWS KMS for near real-time access to data being collected around the globe. They also outline how applying AWS methodologies benefited its business, such as time-to-market and cross-region ingestion, auto-scaling capabilities, low-latency, security features, and extensibility.
AWS re:Invent 2016: Using MXNet for Recommendation Modeling at Scale (MAC306)Amazon Web Services
For many companies, recommendation systems solve important machine learning problems. But as recommendation systems grow to millions of users and millions of items, they pose significant challenges when deployed at scale. The user-item matrix can have trillions of entries (or more), most of which are zero. To make common ML techniques practical, sparse data requires special techniques. Learn how to use MXNet to build neural network models for recommendation systems that can scale efficiently to large sparse datasets.
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
Amazon Cognito provides user authentication, authorization, and user management services for web and mobile applications. It allows adding user sign-up, sign-in and access management without having to build and maintain the backend infrastructure. Cognito supports user sign-in via social identity providers or corporate directories. It also provides multi-factor authentication and integrates with AWS services like API Gateway for authorization. Cognito can scale to support hundreds of millions of users.
Amazon Cognito now makes it easy to sign up and sign in users to your mobile and web apps. Previously, with Amazon Cognito you can use social identity providers like Facebook, Google, Twitter, and Amazon for user sign-in and federate these identities to allow secure access to AWS resources. Now with User Identity Pools in Amazon Cognito, you get a secure, low-cost, and fully managed user directory that can scale to 100s of millions of users. Join us for an overview of Amazon Cognito and how to get started with User Identity Pools.
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Amazon Web Services
Amazon Cognito lets you easily add user sign-up and sign-in to your mobile and web apps. Finding the right identity solution can often be challenging. In this session, we will look at how Cognito can support a wide range of authentication scenarios including customers, employees and systems to help you make the right choices.
Speaker: Stephen Liedig. Solutions Architect. Amazon Web Services
Level: 300
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
1) The document discusses user identity and authentication using Amazon Cognito. It describes how Cognito can provide user sign-up, sign-in, profile management, authorization, and federation with enterprise or social identities.
2) Amazon Cognito User Pools allow adding user sign-up and sign-in to mobile and web apps without server infrastructure, and provide enhanced security features and a managed user directory.
3) The document outlines Cognito's capabilities for comprehensive user flows, extensive admin controls, and integration with the AWS Mobile SDK for a seamless user experience across platforms.
This document discusses user identity and authentication options for mobile apps using Amazon Web Services. It describes Amazon Cognito user pools, which allow developers to easily add user sign-up, sign-in, and account management to mobile or web apps without having to build their own user directories. Cognito user pools support features like multi-factor authentication, extensive user profile management and permissions. The document also discusses using Cognito user pools with AWS SDKs for user authentication and accessing backend AWS services through Cognito identity pools.
Amazon Cognito is a service that provides authentication, authorization, and user management for web and mobile applications. It allows for user sign-up, sign-in, access control, account recovery, and integration with social identity providers. Cognito User Pools provides built-in user directory and authentication services, while Cognito Identity Pools enables the generation of temporary AWS credentials for application access. Sample use cases include business to consumer apps, business to employee apps, and IoT applications.
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...Amazon Web Services
Learn how to use Amazon Cognito to build the user identity management workflows, including user on-boarding, sign-up, and sign-on for mobile and web applications. Learn how to customize the look and feel of the UI and UX of the screens and pages, integrate with third-party social identity providers such as Facebook, Google, and Twitter, and use SAML to federate with enterprise directory services.
by Quint Van Deman, Sr. Business Development Manager, AWS
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in.
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Web Services
Learning Objectives:
-Understand user identity and federation principles and practices
-Learn how Amazon Cognito supports SAML and 3rd party IdP integration
-Demonstrate how to use Amazon Cognito’s built-in UI for user identity management.
App developers need a system to manage the identities of their users for sign-up, sign-in, and access control. Amazon Cognito now provides a public beta of built-in UI for developers to add user sign-up and sign-in pages to their application and customize the looks and feel of those pages simply through the Amazon Cognito console. Also in the public beta, Amazon Cognito now provides support for SAML based federation of user identities for integration with enterprise based directory systems and simplified support for 3rd party Identity Providers (IdP) such as Facebook and Google. This tech talk will provide a brief overview of Amazon Cognito and then discuss the details of the new features and capabilities of the public beta.
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
Learn how to set up an end-user directory, secure sign-up and sign-in, manage user profiles, authenticate and authorize your APIs, federate from enterprise and social identity providers, and use OAuth to integrate with your app—all without any server setup or code. With clear blueprints, we show you how to leverage Amazon Cognito to administer and secure your end users and enable identity for the applied patterns of mobile, web, and enterprise apps.
Curious about AWS Mobile Services and latest updates? Attend this session for a deep dive on recent updates to AWS Mobile Services aimed at helping you build scalable, reliable, and feature-rich mobile apps. We’ll dig into the new features and discuss the relevant use cases. Specifically, we will cover the following releases: Amazon Cognito Your User Pools - Add sign-up and sign-on to your mobile apps, Amazon Simple Notification Service Global SMS - Send SMS messages to phone numbers in 200+ countries, and AWS Device Farm Remote Access - Gesture, swipe, and interact with iOS and Android devices in real time, directly from your web browser.
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Amazon Web Services
This document provides an overview and summary of Amazon Cognito. It discusses how Cognito can be used to authenticate users, manage user identities, and synchronize user data across devices. It also describes Cognito's features for user sign-up, sign-in, verification, authentication, authorization and managing user profiles. Several sample use cases are presented, such as using Cognito for user management, social login, and employee single sign-on. The document concludes with information on getting started with Cognito.
AWS Webinar Series - Build web-based and native mobile applications on AWS Amazon Web Services
Building mobile apps on iOS or Android with React Native? The open-source AWS Amplify tool helps developers quickly add authentication, API’s, storage, cacheing, and analytics to apps using a declarative programming style. In this session we will cover how to build a mobile app for iOS and Android using AWS MobileHub, AWS Amplify, and React Native. You'll also see some framework specific techniques such as leveraging Higher Order Components (HOCs) in a React or React Native application as well as best practices and utilities from AWS MobileHub
This document summarizes a workshop on architecting user authentication and authorization in apps using AWS services. The workshop covers Amazon Cognito for user management, authentication, and data synchronization across devices. It provides an overview of Cognito User Pools and Federated Identities, demonstrates an authentication workflow using the services, and discusses how to get started with a sample Angular app.
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
This document discusses authentication and authorization for mobile and web applications using Amazon Cognito and AWS AppSync. It provides an overview of Amazon Cognito for user identity management, including user pools for authentication, custom user flows using Lambda hooks, and integration with AWS AppSync. It then describes authorization methods when using AWS AppSync, including using JSON Web Tokens from Cognito user pools and Cognito identity pools. The document demonstrates how to implement authentication and authorization between a mobile app and AWS AppSync using Amazon Cognito for user management and authorization.
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
AWS Community Day Kochi 2019 - Technical Session
Enterprise grade security for web and mobile applications on AWS by Robin Varghese , Chief Architect - TCS
Scaling your Mobile App Development in the Cloud - DevNexusTara Walker
The presentation done for DevNexus about Mobile Cloud Services. Presentation explores and demos services that help you scale your Mobile development to new heights by including Cloud as an integrated part of mobile development.
Amazon Cognito: A Primer on Authentication and AuthorizationKnoldus Inc.
Amazon Cognito is a service provided by Amazon Web Services (AWS) that facilitates user identity and access management in the cloud. It's commonly used for building secure and scalable authentication and authorization systems for web and mobile applications.
Similar to AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your Mobile and Web Applications with Amazon Cognito (MBL310) (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...Snarky Security
How wonderful it is that in our modern age, every bit of our biological data can be digitized, stored, and potentially pilfered by cyber thieves! Isn't it just splendid to think that while scientists are busy pushing the boundaries of biotechnology, hackers could be plotting the next big bio-data heist? This delightful scenario is brought to you by the ever-expanding digital landscape of biology and biotechnology, where the integration of computer science, engineering, and data science transforms our understanding and manipulation of biological systems.
While the fusion of technology and biology offers immense benefits, it also necessitates a careful consideration of the ethical, security, and associated social implications. But let's be honest, in the grand scheme of things, what's a little risk compared to potential scientific achievements? After all, progress in biotechnology waits for no one, and we're just along for the ride in this thrilling, slightly terrifying, adventure.
So, as we continue to navigate this complex landscape, let's not forget the importance of robust data protection measures and collaborative international efforts to safeguard sensitive biological information. After all, what could possibly go wrong?
-------------------------
This document provides a comprehensive analysis of the security implications biological data use. The analysis explores various aspects of biological data security, including the vulnerabilities associated with data access, the potential for misuse by state and non-state actors, and the implications for national and transnational security. Key aspects considered include the impact of technological advancements on data security, the role of international policies in data governance, and the strategies for mitigating risks associated with unauthorized data access.
This view offers valuable insights for security professionals, policymakers, and industry leaders across various sectors, highlighting the importance of robust data protection measures and collaborative international efforts to safeguard sensitive biological information. The analysis serves as a crucial resource for understanding the complex dynamics at the intersection of biotechnology and security, providing actionable recommendations to enhance biosecurity in an digital and interconnected world.
The evolving landscape of biology and biotechnology, significantly influenced by advancements in computer science, engineering, and data science, is reshaping our understanding and manipulation of biological systems. The integration of these disciplines has led to the development of fields such as computational biology and synthetic biology, which utilize computational power and engineering principles to solve complex biological problems and innovate new biotechnological applications. This interdisciplinary approach has not only accelerated research and development but also introduced new capabilities such as gene editing and biomanufact
How UiPath Discovery Suite supports identification of Agentic Process Automat...DianaGray10
📚 Understand the basics of the newly persona-based LLM-powered Agentic Process Automation and discover how existing UiPath Discovery Suite products like Communication Mining, Process Mining, and Task Mining can be leveraged to identify APA candidates.
Topics Covered:
💡 Idea Behind APA: Explore the innovative concept of Agentic Process Automation and its significance in modern workflows.
🔄 How APA is Different from RPA: Learn the key differences between Agentic Process Automation and Robotic Process Automation.
🚀 Discover the Advantages of APA: Uncover the unique benefits of implementing APA in your organization.
🔍 Identifying APA Candidates with UiPath Discovery Products: See how UiPath's Communication Mining, Process Mining, and Task Mining tools can help pinpoint potential APA candidates.
🔮 Discussion on Expected Future Impacts: Engage in a discussion on the potential future impacts of APA on various industries and business processes.
Enhance your knowledge on the forefront of automation technology and stay ahead with Agentic Process Automation. 🧠💼✨
Speakers:
Arun Kumar Asokan, Delivery Director (US) @ qBotica and UiPath MVP
Naveen Chatlapalli, Solution Architect @ Ashling Partners and UiPath MVP
Finetuning GenAI For Hacking and DefendingPriyanka Aash
Generative AI, particularly through the lens of large language models (LLMs), represents a transformative leap in artificial intelligence. With advancements that have fundamentally altered our approach to AI, understanding and leveraging these technologies is crucial for innovators and practitioners alike. This comprehensive exploration delves into the intricacies of GenAI, from its foundational principles and historical evolution to its practical applications in security and beyond.
Communications Mining Series - Zero to Hero - Session 3DianaGray10
This is a continuation to previous session focused on Model usage and adapting for Analytics and Automation usecases. We will understand how to use the Model for automation usecase with a demo.
• Model Usage and Maintenance
• Analytics Vs Automation Usecases
• Demo of Model usage
• Q/A
The Zaitechno Handheld Raman Spectrometer is a powerful and portable tool for rapid, non-destructive chemical analysis. It utilizes Raman spectroscopy, a technique that analyzes the vibrational fingerprint of molecules to identify their chemical composition. This handheld instrument allows for on-site analysis of materials, making it ideal for a variety of applications, including:
Material identification: Identify unknown materials, minerals, and contaminants.
Quality control: Ensure the quality and consistency of raw materials and finished products.
Pharmaceutical analysis: Verify the identity and purity of pharmaceutical compounds.
Food safety testing: Detect contaminants and adulterants in food products.
Field analysis: Analyze materials in the field, such as during environmental monitoring or forensic investigations.
The Zaitechno Handheld Raman Spectrometer is easy to use and features a user-friendly interface. It is compact and lightweight, making it ideal for field applications. With its rapid analysis capabilities, the Zaitechno Handheld Raman Spectrometer can help you improve efficiency and productivity in your research or quality control workflows.
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesSAI KAILASH R
Explore the advantages and disadvantages of blockchain technology in this comprehensive SlideShare presentation. Blockchain, the backbone of cryptocurrencies like Bitcoin, is revolutionizing various industries by offering enhanced security, transparency, and efficiency. However, it also comes with challenges such as scalability issues and energy consumption. This presentation provides an in-depth analysis of the key benefits and drawbacks of blockchain, helping you understand its potential impact on the future of technology and business.
Redefining Cybersecurity with AI CapabilitiesPriyanka Aash
In this comprehensive overview of Cisco's latest innovations in cybersecurity, the focus is squarely on resilience and adaptation in the face of evolving threats. The discussion covers the imperative of tackling Mal information, the increasing sophistication of insider attacks, and the expanding attack surfaces in a hybrid work environment. Emphasizing a shift towards integrated platforms over fragmented tools, Cisco introduces its Security Cloud, designed to provide end-to-end visibility and robust protection across user interactions, cloud environments, and breaches. AI emerges as a pivotal tool, from enhancing user experiences to predicting and defending against cyber threats. The blog underscores Cisco's commitment to simplifying security stacks while ensuring efficacy and economic feasibility, making a compelling case for their platform approach in safeguarding digital landscapes.
Vulnerability Management: A Comprehensive OverviewSteven Carlson
This talk will break down a modern approach to vulnerability management. The main focus is to find the root cause of software risk that may expose your organization to reputation damage. The presentation will be broken down into 3 main area, potential risk, occurrence, and exploitable risk. Each segment will help professionals understand why vulnerability management programs are so important.
Latest Tech Trends Series 2024 By EY IndiaEYIndia1
Stay ahead of the curve with our comprehensive Tech Trends Series! Explore the latest technology trends shaping the world today, from the 2024 Tech Trends report and top emerging technologies to their impact on business technology trends. This series delves into the most significant technological advancements, giving you insights into both established and emerging tech trends that will revolutionize various industries.
The History of Embeddings & Multimodal EmbeddingsZilliz
Frank Liu will walk through the history of embeddings and how we got to the cool embedding models used today. He'll end with a demo on how multimodal RAG is used.
Discovery Series - Zero to Hero - Task Mining Session 1DianaGray10
This session is focused on providing you with an introduction to task mining. We will go over different types of task mining and provide you with a real-world demo on each type of task mining in detail.
Mastering OnlyFans Clone App Development: Key Strategies for SuccessDavid Wilson
Dive into the critical elements of OnlyFans clone app development, from understanding user needs and designing engaging platforms to implementing robust monetization strategies and ensuring scalability. Discover how RichestSoft can guide you through the development process, offering expert insights and proven strategies to help you succeed in the competitive market of content monetization.
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...Zilliz
Enterprises have traditionally prioritized data quantity, assuming more is better for AI performance. However, a new reality is setting in: high-quality data, not just volume, is the key. This shift exposes a critical gap – many organizations struggle to understand their existing data and lack effective curation strategies and tools. This talk dives into these data challenges and explores the methods of automating data curation.
2. Identity is mission critical for your applications
Security
Revenue
Generation
Application
Backbone
Know your users
Monitor engagement
with your application
Store and manage
user data
Personalize your
users’ experiences
Protect sensitive data
Secure business-
critical processes
User Identity
3. Developing Auth Infrastructure is Difficult
• Need to develop a reliable user directory to manage identities
• Handling user data and passwords and protecting privacy
• Prioritizing scalability of your infrastructure upfront
• Implementing token-based authentication
• Support for multiple social identity providers
• Federation with corporate directories for B2E applications
1
2
3
5
6
4
4. Amazon Cognito Identity
Facebook
Corporate
OIDC
Sign in with
Your User Pools
You can easily and securely add sign-up
and sign-in functionality to your mobile and
web apps with a fully-managed service that
scales to support 100s of millions of users.
Federated Identities
Your users can sign in with third-party
identity providers, such as Facebook and
SAML providers, and you can control
access to AWS resources from your app.
SAML
Sign in
Username
Password
Submit
6. Amazon Cognito: Identity Management Scenarios
Business to Consumer
IoT Scenarios
Business to Employee
SAML
Federation
Enterprise
Directory
Partner A
Partner B
Business to Business
AWS IoT
API Gateway with Lambda
Deny
Allow
Custom
Authorizer
Access control for AWS
Resources
AWS IAM
7. Your User Pools
Add user sign-up and sign-
in easily to your mobile and
web apps without worrying
about server infrastructure
Serverless Authentication
and User Management
Verify phone numbers and
email addresses and offer
multi-factor authentication
Enhanced Security
Features
Launch a simple, secure,
low-cost, and fully managed
service to create and
maintain a user directory
that scales to 100s of
millions of users
Managed User Directory
1 2 3
8. Comprehensive User Flows
Email or Phone
Number Verification
Forgot Password
User Sign-Up and
Sign-In
Require users to verify their email address or phone number prior to activating
their account with a one-time password challenge
Provide users the ability to change their password when they forget it with a one-
time password challenge
Allow users to sign up and sign in using an email, phone number, or username
(and password) for your application.
User Profile Data Enable users to view and update their profile data – including custom attributes
SMS Multifactor
Authentication
Require users to complete a second factor of authentication by inputting a
security code received via SMS as part of the sign-in flow
Customize these User Flows Using Lambda
Token Based
Authentication
Use JSON Web Tokens (JWTs) based on OpenID Connect (OIDC) and OAuth
2.0 standards for user authentication in your backend
9. Custom User Flows Using Lambda Hooks
9
Category Lambda Hook Example Scenarios
Custom
Authentication
Flow
Define Auth Challenge Determines the next challenge in a custom auth flow
Create Auth Challenge Creates a challenge in a custom auth flow
Verify Auth Challenge Response Determines if a response is correct in a custom auth flow
Authentication
Events
Pre Authentication Custom validation to accept or deny the sign-in request
Post Authentication Event logging for custom analytics
Sign-Up
Pre Sign-up Custom validation to accept or deny the sign-up request
Post Confirmation Custom welcome messages or event logging for custom analytics
Messages Custom Message Advanced customization and localization of messages
11. Extensive Admin Capabilities
Define Custom
Attributes
Set per-App
Permissions
Set up Password
Policies
Create and manage
User Pools
Define custom attributes for your user profiles
Set read and write permissions for each user attribute on a per-app basis
Enforce password policies like minimum length and requirement of certain
types of characters
Create, configure, and delete multiple user pools across AWS regions
Require Submission
of Attribute Data
Select which attributes must be provided by the user prior to completion of
the sign-up process
Search Users
Search users based on a full match or a prefix match of their attributes
through the console or Admin API
Manage Users
Conduct admin actions, such as reset user password, confirm user, enable
MFA, delete user, and global sign-out
12. Remembered Devices
Remember the devices
associated with your users
1
How do I reduce the friction
that my users face when
having to complete the 2nd
factor challenge on every sign-
in?
How do I build logic to
associate devices with my
users to achieve my specific
business requirements?
2
13. Importing Existing Users
Import users into your Cognito user pool by
uploading .csv files
Users will create a new password when they
first sign-in
Each imported user must have an email
address or a phone number
14. Your User Pools and Amazon API Gateway
Native Support Custom Authorizer Function
Control access to your APIs using bearer
token authentication strategies, such as
OAuth or SAML – API Gateway’s custom
authorizer feature uses bearer tokens to
determine access privileges
Configure API Gateway to accept ID tokens
to authorize users based on their existence
in a user pool – User Pools works together
with API Gateway to authorize API requests
1 2
15. Federate with Third Party Identity Providers
Username
Password
Sign In
SAML
Identity Provider
Example: Active
Directory with ADFS
Amazon Cognito
2. Get AWS credentials
API Gateway
Your APIs
DynamoDB S3
Lambda
16. Example Use Case: Asurion
Ravi Tiyyagura, Sr. Director, Enterprise Architecture
18. Asurion’s continuous innovation is helping 290M customers globally
stay connected while driving loyalty to our partners’ brands
• Founded in the mid 1990’s, Asurion has been serving the communications and retail industries for over 20 years
• Based in Nashville, Tennessee, Asurion has over 17,000 associates worldwide
• Serving more then 290 million consumers globally through our operations in 18 countries:
• Asurion is privately-held with annual revenues in excess of $5.8 billion
• Our management team comes from best-in-class companies with experience across mobile, wireline telecom, logistics, insurance, service
contracts, consulting, customer care, marketing, retail and more
• Asurion partners with the worlds leading mobile carriers, retailers cable satellite and cable providers.
North America
• Global Headquarters
• 15 Corporate Owned
Call Centers
• Logistics Center
South America
• 2 Corporate Offices
Europe
• 3 Corporate Offices
• 1 Corporate Owned Call Center
Asia Pacific
• 13 Corporate Offices
• Logistics Center
• 2 Corporate Owned
Call Centers
• Australia
• Brazil
• Canada
• China/Hong-Kong
• Colombia
• England
• France
• Israel
• Japan
• Korea
• Malaysia
• Mexico
• Philippines
• Peru
• Singapore
• Taiwan
• Thailand
• United States
Expanding Global Presence
Corporate Overview
19. Asurion Use Case
• 40 million identities for Asurion mobile applications
• 2 million authentication requests per day
• Need for a global and highly available B2C IAM service - North America, Europe, APAC
• Ability to customize Sign-Up and Sign-In workflow
Asurion
Mobile
Apps
Asurion
Websites
API
Gateway
Endpoints on
Amazon EC2
Asurion Private
CloudAmazon
CloudFront AWS Lambda
functions
Cognito
AWS Direct
Connect
V
Key Servers
API Gateway
Backend AWS Services
AWS
IAM
API calls
WAF
20. Why Asurion Selected Amazon Cognito
• Scalable service with global presence
• Support for wide variety of Identity models
• Custom: Cognito Sign-In, Developer Identities
• 3rd party: Amazon, Facebook, Google, Twitter etc
• Extensible provisioning workflow steps with Lambda function support
• Invite user flow using an OTP delivered via email or SMS
• Out-of-Box support for identity functions such as –
• Sign-Up
• Forgot Password
• Reset Password
• Good SDK support for all mobile and web platforms
21. Asurion implementation
• Multiple apps, starts with Device Identity
• Minimal user input
• Augment Device Identity with User details
• Provisioning based on the eligibility checks against On-Premise APIs
• Identity and sensitive data to be encrypted using Asurion hosted crypto service
• Tighter control over app libraries, for client approvals
• Predictable traffic routing
22. Registration Workflow
With an Identity Pool ID
Asurion Device Sign-Up
End Users
Device Registration
SMS confirmation
Crypto Service
Eligibility Service
Asurion Services
(on AWS) Cognito RDS
Asurion Services
(on-prem)
Submit the OTP code
SMS OTP code
Validate OTP
Check eligibility
Encrypt identity
and sensitive data
Sign-up Create app recordCreate device record
Ready for service
Create Identity
and Refresh tokens
Push tokens
23. Refresh Workflow
Refresh Token
Asurion Device Refresh
End Users
Device Refresh
Refresh app record
Cognito RDS
Refresh Identity
Fetch/Update
app changes
Push
Identity token and
App data
Validate refresh token
and
Issue Identity token
Ready for service
Asurion Services
(on AWS)
24. Registration Workflow
With an Identity Pool ID
Asurion User Sign-Up
End Users
User Registration
Email/SMS confirmation
Crypto Service
Eligibility Service
Cognito RDS
Check eligibility
Encrypt identity
and sensitive data
Update Update app record
Update/Create
user record
Ready for service
Validate Identity Validate Identity
Asurion Services
(on AWS)
Asurion Services
(on-prem)
25. What we learned
• Great collaboration
• Build in a robust testing program
• Weigh the costs and benefits of custom implementation
26. Demo
• Creating a user pool in
Amazon Cognito
Attributes, policies,
verifications, apps,
customizations, etc.
• Importing and creating
users
• Customizing authentication
27. Demo Recap
• Easy to create and
configure user pools
• Several options for
creating and importing
users
• Flows are customizable
through Lambda triggers
28. Groups
Cognito User Pools
Groups and Multiple Authenticated Roles
Group A
IAM Role A
Group B
IAM Role B
…
Authenticated
User Identity
Get
Credentials
Multiple Roles for Authenticated Identities
Cognito Federated Identities
IAM Role and Policy
IAM Role and Policy
IAM Role and Policy
Backend
Resources
MaptodifferentIAMroles
API Gateway
DynamoDB
S3
ControlAccess