The document discusses securing serverless applications. It provides an overview of AWS Identity and Access Management (IAM), AWS Lambda, Amazon API Gateway, and Amazon Cognito. It then covers securing serverless microservices by discussing securing AWS Lambda functions using IAM roles and resource policies. It also covers securing Amazon API Gateway by discussing authorization types including Cognito, IAM, and custom authorizers. The document concludes by discussing auditing serverless applications using CloudWatch logs, CloudTrail, and AWS Config.
By leveraging serverless architectures, organisations are building and running modern applications and services with increased agility and simplified scalability—all without managing a single server. Many applications need to manage user identities and support sign-in/sign-up. In this session, we dive deep on how to support millions of user identities, as well as how to integrate with social identity providers and existing corporate directories. We will show the real-world design patterns that AWS customers use to implement authentication and authorisation.
Speaker: Myles Hosford, Security Solutions Architect, Amazon Web Services
Build a Server-less Event-driven Backend with AWS Lambda and Amazon API GatewayDanilo Poccia
The document discusses building a serverless, event-driven backend architecture using AWS Lambda and Amazon API Gateway. It describes how API Gateway can be used to define HTTP endpoints that trigger Lambda functions to execute business logic. This allows building scalable backend services without having to manage servers. The document provides an example media sharing application architecture built with this approach.
Stephen Liedig: Building Serverless Backends with AWS Lambda and API GatewaySteve Androulakis
Stephen Liedig (Amazon Web Services) is a Public Sector Solutions Architect at AWS working closely with local and state governments, educational institutions, and non-profit organisations across Australia and New Zealand to design, and deliver, highly secure, scalable, reliable and fault-tolerant architectures in the AWS Cloud while sharing best practices and current trends, with a specific focus on DevOps, messaging, and serverless technologies.
Serverless computing allows you to build and run applications without the need for provisioning or managing servers. With serverless computing, you can build web, mobile, and IoT backends; run stream processing or big data workloads; run chatbots, and more. In this session, you’ll learn how to get started with serverless computing with AWS Lambda, which lets you run code without provisioning or managing servers. We’ll introduce you to the basics of building with Lambda and how you can benefit from features such as continuous scaling, built-in high availability, integrations with AWS and third-party apps, and subsecond metering pricing. We’ll also introduce you to the broader portfolio of AWS services that help you build serverless applications with Lambda, including Amazon API Gateway, Amazon DynamoDB, AWS Step Functions, and more.
The “Twelve-Factor” application model has come to represent twelve best practices for building modern, cloud-native applications. With guidance on things like configuration, deployment, runtime, and multiple service communication, the Twelve-Factor model prescribes best practices that apply to everything from web applications to APIs to data processing applications.
Although serverless computing and AWS Lambda have changed how application development is done, the “Twelve-Factor” best practices remain relevant and applicable in a serverless world. In this talk, Chris will share with you how to apply the “Twelve-Factor” model to serverless application development with AWS Lambda and Amazon API Gateway and show you how these services enable you to build scalable, low cost, and low administration applications.
AWS Summit Auckland - Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
This document provides an overview of AWS Lambda and serverless computing. It discusses five sample use cases for AWS Lambda including adding features to Amazon S3, extending platforms, building scalable mobile backends, real-time streaming analysis, and serverless microservices. The document then covers requirements, building a mobile backend without coding it, and additional capabilities. It dives deeper into programming models and resource sizing and provides examples of extending other AWS services like Amazon S3.
Understanding AWS Identity and Access Management | AWS Public Sector Summit 2016Amazon Web Services
The AWS cloud provides a rich set of options around identity and access management. On the identity side, AWS has built-in identities that you can directly manage or synchronize, rich federation support with corporate or web identity systems, and also integration with AWS Directory Service. On the access management side, all AWS services share a powerful access control model and policy language, and some provide resource-based policies as well. In this session, we survey these rich capabilities and show how they integrate with existing identity systems.
Security Best Practices for Serverless Applications - July 2017 AWS Online T...Amazon Web Services
Learning Objectives:
- Learn security best practices for AWS Lambda and Amazon API Gateway
- Understand how to use Amazon Cognito to build identity and authentication features into serverless applications
- Learn identity and access management best practices for serverless applications
Securely building and deploying serverless applications requires cloud-native security best practices. In this talk, you will learn how to use AWS Lambda permissions and how to easily set up authentication and authorization for Amazon API Gateway. We will also cover how you can use Amazon Cognito for end user authentication and authorization. You'll also learn how to securely store your application secrets with AWS. This talk also discusses how to implement identity and access management best practices.
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives:
*Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily
*Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
This document discusses DevOps concepts and practices including:
- DevOps aims to improve collaboration between development and operations teams through practices like continuous integration, deployment automation, and infrastructure as code.
- The five pillars of DevOps are: microservices, infrastructure as code, automation and configuration management, continuous integration and continuous delivery, and logging and monitoring.
- Specific DevOps practices discussed include building infrastructure templates with CloudFormation, implementing continuous integration and delivery pipelines with CodePipeline/CodeBuild/CodeDeploy, and automating infrastructure provisioning and configuration changes.
Authoring and Deploying Serverless Applications with AWS SAMAmazon Web Services
Serverless applications can be composed of multiple AWS resources such as AWS Lambda functions Amazon API Gateway APIs Amazon DynamoDB tables and Amazon S3 buckets. When building a serverless application what is the most straightforward way to group all your resources into one serverless application? Once you define your serverless application how quickly can you develop test and iterate on your local machine before deploying to AWS? In this session learn how to define serverless applications with the AWS Serverless Application Model (AWS SAM) and how to use the AWS SAM Local CLI tool to develop and test locally before deploying to AWS.
The document discusses serverless applications on AWS. It describes how traditional monolithic architectures have evolved to use microservices and serverless computing. It provides examples of how to build applications using AWS services like AWS Lambda, Amazon API Gateway, Amazon DynamoDB, and Amazon S3 without having to manage servers. These services allow building scalable, fault tolerant applications that are cost effective and focus on solving business problems rather than infrastructure. The document concludes with a recommendation to try out serverless AWS services and provides next steps to get started.
Building AWS Lambda Applications with the AWS Serverless Application Model (A...Amazon Web Services
Learning Objectives:
- Learn how to build serverless applications in a simple and repeatable manner
- Understand the fundamentals of the AWS Serverless Application Model
- Gain best practices for serverless application development
When building applications with AWS Lambda, you need a way to easily model and deploy the resources in your serverless application such as Lambda functions, APIs, Amazon DynamoDB tables, and more. The AWS Serverless Application Model (AWS SAM) is an open source specification which defines simplified syntax for expressing serverless resources. In this session, we will teach you the essentials of using AWS SAM to model and deploy serverless applications in a simple and repeatable manner. You will learn best practices for using AWS SAM and how to deploy it using services like AWS CloudFormation and AWS CodePipeline.
Mobile Applications and The Internet of Things: AWS Lambda & AWS Cognito – Ad...Amazon Web Services
This session will show you how to get started quickly by covering key architectural design concepts and demonstrating the use of the AWS SDKs to simplify creating powerful applications for the always-on world that connects beyond the desktop.
Mobile App Development with Amazon Web Services Mobile HubAmazon Web Services
Mobile app development with AWS Mobile Hub allows developers to:
1) Build apps using services like Cognito for authentication, SNS for push notifications, and DynamoDB for data storage.
2) Gather analytics on app usage with Mobile Analytics SDK and store the data in S3, Redshift, or EMR.
3) Deliver personalized push notifications through SNS by sending messages to topics or individual users.
Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...Amazon Web Services
This document provides an overview of building API-driven microservices with Amazon API Gateway. It introduces Amazon API Gateway and how it can be used to create, publish, maintain, monitor, and secure APIs. It discusses different options for deploying microservices, including using EC2, ECS, and AWS Lambda. It also covers securing APIs with IAM, custom authorizers, and Cognito user pools. Finally, it discusses tools like Swagger/OpenAPI, Chalice, SAM, and SAM Local that can be used to define and deploy serverless applications and APIs.
API Gateways can simplify the work that a developer needs to do to build API based services by helping to standardize authentication and authorization, consumer interfaces, and management needs. With Amazon API Gateway you get all of this and more, including a completely serverless management of your APIs and the ability to host them at almost any scale. You also can get the benefits of the numerous types of APIs that are supported, from pubic to private, REST to Websockets, backed by almost any backend you can think of. In this session we’ll review the powerful capabilities of Amazon API Gateway and how you can get started building awesome APIs.
Speaker: Chris Munns - Principal Developer Advocate, AWS Serverless Applications, AWS
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives: • Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily • Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
This document discusses how Amazon Cognito can be used to manage user identities, synchronize app data across devices, and securely access AWS cloud resources from a mobile app. It describes Amazon Cognito's key capabilities such as authenticating users, authorizing access, synchronizing app state, securely storing user data and media, and sending push notifications. It also provides examples of how to use Amazon Cognito for identity management, data synchronization, and secure AWS access in a mobile app.
AWS re:Invent 2016: Building Complex Serverless Applications (GPST404)Amazon Web Services
Provisioning, scaling, and managing physical or virtual servers—and the applications that run on them—has long been a core activity for developers and system administrators. The expanding array of managed AWS cloud services, including AWS Lambda, Amazon DynamoDB, Amazon API Gateway and more, increasingly allows organizations to focus on delivering business value without worrying about managing the underlying infrastructure or paying for idle servers and other fixed costs of cloud services. In this session, we discuss the design, development, and operation of these next-generation solutions on AWS. Whether you're developing end-user web applications or back-end data processing systems, join us in this session to learn more about building your applications without servers.
This document provides an overview of serverless architectures using AWS Lambda. It discusses how serverless architectures address issues with monolithic applications by removing the need to manage servers. AWS Lambda allows running code without provisioning servers by executing functions in response to events. Other key services that enable serverless architectures like Amazon API Gateway and a variety of event sources are also covered. The document outlines several serverless architecture patterns and best practices for building applications using AWS Lambda. It concludes by sharing references to serverless reference architectures on GitHub.
This document summarizes a presentation given by Dr. Tim Wagner, General Manager of AWS Lambda and Amazon API Gateway, at the AWS New York Summit on August 11, 2016 about getting started with serverless computing using AWS Lambda and Amazon API Gateway. The presentation introduced serverless computing and how it abstracts infrastructure management, discussed AWS Lambda and Amazon API Gateway services and how to choose between them. It also provided examples of serverless use cases including data processing, backend services, and app ecosystems. Tips for VPC configuration, function scheduling, and stage variables in API Gateway were also shared.
The document discusses serverless architectures using AWS Lambda and Amazon API Gateway. It provides background on moving from monolithic to microservices architectures. It then covers AWS Lambda functions, event sources, and networking environments. Amazon API Gateway is presented as a way to build multi-tier serverless applications. Common serverless architecture patterns and best practices for AWS Lambda, API Gateway, and general serverless development are outlined. The document concludes with a demonstration of a simple CRUD backend using Lambda and DynamoDB with API Gateway.
Build and Deploy Serverless Applications with AWS SAM - SRV316 - Chicago AWS ...Amazon Web Services
AWS Serverless Application Model (AWS SAM) is a tool for developing, deploying, and managing your serverless applications on AWS. Learn best practices and tricks for using AWS SAM at scale, including how to make the most of its dynamic template capabilities, how to use advanced features, and how to debug serverless applications. Also explore the new open-source AWS SAM translator, and see how AWS SAM works under the hood.
Voxxed Athens 2018 - Serverless by DesignVoxxed Athens
This document discusses serverless application design principles. It recommends separating business logic from event handlers using an adapter pattern and designing applications to be event-driven using event sourcing. It also recommends managing infrastructure as code using AWS Serverless Application Model (SAM) and AWS CloudFormation for safe deployments with canary/linear deployments, alarms, and hooks. Additionally, it suggests building CI/CD pipelines to speed up the feedback cycle.
SRV203 Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
Serverless computing allows you to build and run applications without the need for provisioning or managing servers. With serverless computing, you can build web, mobile, and IoT backends; run stream processing or big data workloads; run chatbots, and more. In this session, you'll learn how to get started with serverless computing with AWS Lambda, which lets you run code without provisioning or managing servers. We'll introduce you to the basics of building with Lambda and how you can benefit from features such as continuous scaling, built-in high availability, integrations with AWS and third-party apps, and subsecond metering pricing. We'll also introduce you to the broader portfolio of AWS services that help you build serverless applications with Lambda, including Amazon API Gateway, Amazon DynamoDB, AWS Step Functions, and more.
This talk will be a 2-300 level discussion on Serverless Architectures on AWS. We’ll first explore the Serverless ecosystem on AWS, looking at some particular use cases for Serverless. Looking through the lens of AWS customers, we’ll look at the typical Serverless journey, as well some of the key emerging patterns and benefits of Serverless Architectures. We’ll also touch some of the key challenges in a distributed environment and some potential solutions and tools that customers might want to consider.
The document provides an overview of a presentation on serverless development, outlining topics that will be covered such as building serverless APIs, CI/CD pipelines, development frameworks like AWS SAM and Chalice, debugging and testing locally, security features like Amazon Cognito, and using services like AWS Lambda and Amazon API Gateway. Paul Maddox will give the presentation, sharing his 16 years of development experience and focusing on debunking myths around serverless development.
Serverless architectures allow you to build and run applications and services without having to manage infrastructure. With serverless architectures, your application still runs on servers, but all the server management is done by AWS. In this session, you will learn how to build applications and services using a serverless architecture. We will discuss how you can use AWS Lambda to run code for any type of application or backend service; Amazon DynamoDB to store application data with high scalability and redundancy; and Amazon API Gateway to create and manage secure API endpoints. We will run through a demo setting up a web application using this architecture, and we will discuss best practices and patterns used by our customers to run serverless applications.
AWS March 2016 Webinar Series Getting Started with Serverless ArchitecturesAmazon Web Services
Serverless Architectures allow you to build and run applications and services without having to manage the infrastructure. With serverless architectures on AWS, your application still runs on servers, but all the server management is done by AWS.
In this webinar, you will learn how to build applications and services using a serverless architecture. We will discuss how you can use AWS Lambda to run code for any type of application or backend service; use Amazon DynamoDB to store application data with high scalability and redundancy; and use Amazon API Gateway to create and manage secure API endpoints. We will also run through a demo setting up a web application using this architecture, and discuss best practices and patterns used by our customers to run serverless applications.
Learning Objectives:
• Understand the basics of serverless architectures
• Learn how to use Lambda, API Gateway, and DynamoDB to run web applications
Who Should Attend:
• Developers, web developers
AWS Serverless Application Model (AWS SAM) is a tool for developing, deploying, and managing your serverless applications on AWS. Learn best practices and tricks for using AWS SAM at scale, including how to make the most of its dynamic template capabilities, how to use advanced features, and how to debug serverless applications. Also explore the Approved open-source AWS SAM translator, and see how AWS SAM works under the hood.
Productionize Serverless Application Building and Deployments with AWS SAM - ...Amazon Web Services
Learning Objectives:
- Learn abou the SAM template design best practices (e.g., use of globals, mappings, parameters, and conditionals)
- Learn how to test and debug serverless applications with SAM Local
- Learn how to customize SAM itself with the open source SAM implementation
Serverless computing - Build and run applications without thinking about serversAmazon Web Services
The document discusses serverless deployment patterns and tools for AWS Lambda functions. It describes common deployment patterns like blue/green, canary, and linear deployments. It then covers the AWS Serverless Application Model (SAM) which allows defining serverless applications using CloudFormation. The SAM CLI allows testing serverless applications locally. Lambda aliases and traffic shifting allow shifting traffic between Lambda function versions for deployments. Global variables and deployment preferences in SAM allow configuring safe linear deployments with validation hooks and alarms.
Serverless Architectural Patterns and Best Practices (ARC305-R2) - AWS re:Inv...Amazon Web Services
The document discusses serverless architectures and best practices. It covers topics like serverless foundations, web applications, stream processing, data lakes, and machine learning. It provides an overview of AWS serverless offerings and architectural patterns for building serverless applications and processing streaming data with services like AWS Lambda, Amazon API Gateway, Amazon Kinesis, Amazon S3, and AWS Step Functions.
Using AWS Lambda to Build Control Systems for Your AWS InfrastructureAmazon Web Services
Defining infrastructure resource policies in an organized manner can help your company better manage its infrastructure resources.
This session will familiarize you with using AWS Lambda to process data and provide control logic for your infrastructure. You can use Amazon CloudWatch Events to monitor infrastructure resources in real-time, and you can use AWS Lambda to react to events based on a set of rules. We will demonstrate how you can build a rules engine for creating, monitoring, and managing policies.
AWS DevDay San Francisco, June 21, 2016.
Presenter: Bryan Liston, Community Manager, AWS Lambda
SID201 Overview of AWS Identity, Directory, and Access ServicesAmazon Web Services
Every journey to the AWS Cloud is unique. Some customers are migrating existing applications, while others are building new applications using cloud-native services. Along each of these journeys, identity and access management helps customers protect their applications and resources. In this session, you learn how AWS identity services provide you a secure, flexible, and easy solution for managing identities and access on the AWS Cloud. With AWS identity services, you do not have to adapt to AWS. Instead, you have a choice of services designed to meet you anywhere along your journey to the AWS Cloud.
Raleigh DevDay 2017: Building serverless web applicationsAmazon Web Services
This document summarizes a presentation on building serverless web applications using AWS services like AWS Lambda and Amazon API Gateway. It discusses why serverless is useful by avoiding managing servers. It then covers design patterns like monolithic versus microservices architectures. Finally, it demonstrates how to define a serverless application using the AWS Serverless Application Model (SAM) and deploy it with AWS CloudFormation.
Getting Started with Serverless Architectures - August 2016 Monthly Webinar S...Amazon Web Services
Serverless architectures allow you to build and run applications and services without having to manage infrastructure. With serverless architectures, your application still runs on servers, but all the server management is done by AWS .
In this webinar, you will learn how to build applications and services using a serverless architecture. We will discuss how you can use AWS Lambda to run code for any type of application or backend service; use Amazon DynamoDB to store application data with high scalability and redundancy; and use Amazon API Gateway to create and manage secure API endpoints. We will run through a demo setting up a web application using this architecture, and we will discuss best practices and patterns used by our customers to run serverless applications.
Learning Objectives:
• Understand the basics of serverless architectures
• Learn how to use Lambda, API Gateway, and DynamoDB to run web applications
Similar to Cloud Security-how to create serverless applications (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
2. Agenda
• What is Serverless?
• Overview of AWS IAM, AWS Lambda, Amazon API
Gateway and Amazon Cognito
• Securing Serverless microservices
• Auditing and logging
• Summary
3. No servers to provision
or manage
Scales with usage
Never pay for idle Availability and fault
tolerance built in
Serverless means…
5. Microservices
AWS Lambda + Amazon API Gateway is the
easiest way to create microservices
• Event handlers one function per event type
• Serverless backends one function per API / path
• Data processing one function per data type
6. Let’s Start With AWS IAM
Fundamental security service within AWS
Securely control individual, group, and machine access to
your AWS resources
Principles of least privilege, separation of duties
Grant permissions for users outside of AWS (federated
users).
Grant cross-account permissions
AWS IAM
7. AWS IAM Example Policy
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket”
}
}AWS IAM
8. AWS IAM Principals
A principal is the entity that is allowed or
denied access to a resource.
• Users
• Services
• Roles
Indicated by an Amazon Resource Name
(ARN)
• arn:aws:iam::account-id:role/role-name
AWS IAM
9. AWS IAM Policies
IAM policies are attached directly to the
Principal (either Inline Policies or Managed
Policies)
permissions
bucket with
objects
role
10. AWS Resource-based Policies
You can attach a set of permissions (inline policy) to a
resource, such as an Amazon S3 bucket or Amazon
SNS topic.
Resource-based policies have to include information
about who is allowed to access the resource, known
as the Principal.
permissions
bucket with
objects
role
12. AWS Lambda Programming Model
Bring your own code
• Node.js, Java, Python, C#,
Go
• Bring your own libraries
(even native ones)
Simple resource model
• Select power rating from
128 MB to 1.5 GB
• CPU and network allocated
proportionately
• Pay only for what compute
you consume
Programming model
• AWS SDK built in (Python
and Node.js)
• Lambda is the “webserver”
• Use processes, threads,
/tmp, sockets normally
Stateless
• Persist data using Amazon
DynamoDB, S3, or
ElastiCache
• No affinity to infrastructure
(can’t “log in to the box”)
14. Introduction to Amazon API Gateway
Create a unified
API frontend for
multiple micro-
services
Authenticate and
authorize
requests to a
backend
DDoS protection
and throttling for
your backend
Throttle, meter,
and monetize API
usage by 3rd
party developers
15. Amazon API Gateway: Serverless APIs
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functionsAPI
Gateway
response
cache Endpoints on
Amazon EC2
Any publicly
accessible
endpoint
Amazon
CloudWatch
Amazon
CloudFront
API
Gateway
YOUR VPC
AWS
Lambda
functions
Amazon
EC2
endpoints
Amazon
CloudTrail
17. Identity is mission critical for your applications
Security
Revenue
Generation
Application
Backbone
Know your users
Monitor engagement
with your application
Store and manage
user data
Personalize your
users’ experiences
Protect sensitive data
Secure business-
critical processes
User Identity
18. Developing Auth Infrastructure is Difficult
• Need to develop a reliable user directory to manage identities
• Handling user data and passwords and protecting privacy
• Prioritizing scalability of your infrastructure upfront
• Implementing token-based authentication
• Support for multiple social identity providers
• Federation with corporate directories for B2E applications
1
2
3
5
6
4
19. Amazon Cognito Identity
Facebook
Corporate
OIDC
Sign in with
Your User Pools
You can easily and securely add sign-up
and sign-in functionality to your mobile and
web apps with a fully-managed service that
scales to support 100s of millions of users.
Federated Identities
Your users can sign in with third-party
identity providers, such as Facebook and
SAML providers, and you can control
access to AWS resources from your app.
SAML
Sign in
Username
Password
Submit
24. Lambda execution models
Synchronous (push) Asynchronous (event) Stream-based
Amazon
API Gateway
AWS Lambda
function
Amazon
DynamoDBAmazon
SNS
/order
AWS Lambda
function
Amazon
S3
reqs
Amazon
Kinesis
changes
AWS Lambda
service
function
25. The push model and resource policies
Function (resource) policy
• Permissions you grant to your Lambda
function determine which service or
event source can invoke your function
• Resource policies make it easy to
grant cross-account permissions to
invoke your Lambda function
28. The pull model and IAM roles
IAM execution role
• Permissions you grant to this role
determine what your AWS Lambda
function can do at run-time
• If event source is Amazon DynamoDB
or Amazon Kinesis, then add read
permissions in IAM role
30. Lambda function security – best practices
Use IAM Role per function and don’t be too
permissive – leverage principle of least privilege
Application Security Best practices still apply
(mandatory code review, static analysis, etc.)
Encrypt environment variables and sensitive data
via KMS and Lambda’s encryption helpers
Leverage AWS Secrets Manager for secrets
management
34. AWS Secrets Manager
Lifecycle management for secrets such as database
credentials and API keys.
Rotate Secrets
Safely
Pay as you goManage access
with fine-grained
policies
Secure and
audit secrets
centrally
38. Lambda vulnerabilities and security scan
Automate security analysis as part of your CI/CD
pipeline
Input validation/sanitization, SQLi, etc. still apply in
Serverless architectures
Continuously scan for vulnerabilities in
dependencies used; can be a step in your CI/CD
pipeline
40. API Gateway: three types of authorization
Amazon Cognito
User Pools
Amazon Cognito
Federated Identities
Custom Identity Providers
AWS IAM authorization
Lambda Authorizers
User Pools Authorizers
41. API Gateway: three types of authorization
Amazon Cognito
User Pools
Amazon Cognito
Federated Identities
Custom Identity Providers
AWS IAM authorization
Lambda Authorizers
User Pools Authorizers
49. API Gateway: three types of authorization
Amazon Cognito
User Pools
Amazon Cognito
Federated Identities
Custom Identity Providers
AWS IAM authorization
Lambda Authorizers
User Pools Authorizers
60. API Gateway: three types of authorization
Amazon Cognito
User Pools
Amazon Cognito
Federated Identities
Custom Identity Providers
AWS IAM authorization
Lambda Authorizers
User Pools Authorizers
67. Custom Authorizer
Lambda function
Auth
Mobile app
Lambda
function
AmazonAPI
Gateway
Lambda Authorizers
6. Generate and return
user IAM policy
AWS Identity &
Access Management
Amazon
DynamoDB
70. Lambda Authorizer
var testPolicy = new AuthPolicy(”userIdentifier", "XXXXXXXXXXXX", apiOptions);
testPolicy.allowMethod(AuthPolicy.HttpVerb.POST, "/locations/*");
testPolicy.allowMethod(AuthPolicy.HttpVerb.DELETE, "/locations/*");
callback(null, testPolicy.getPolicy());
Sample Code
71. API Gateway: three types of authorization
Amazon Cognito
User Pools
Amazon Cognito
Federated Identities
Custom Identity Providers
AWS IAM authorization
Lambda Authorizers
User Pools Authorizers
72. Throttle
Usage Plans: Throttle specific consumers
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
API
Gateway
response
cache
Endpoints on
Amazon EC2
Any publicly
accessible
endpoint
Amazon
CloudWatch
Amazon
CloudFront
API
Gateway
73. Usage Plans: Quotas and Throttling
• Prevents one customer from consuming all your
backend system’s capacity
• Let’s you decide how to allocate capacity among your
API consumers. Sample plan:
• Professional plan users: 10 TPS, up to 100 calls / day
• Premium plan users: 100 TPS, up to 1000 calls / day
• Enterprise plan users: 500 TPS, no limit on calls / day
74. Set daily
quota
Usage Plans: Enforce per-consumer quotas
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
API
Gateway
response
cache
Endpoints on
Amazon EC2
Any publicly
accessible
endpoint
Amazon
CloudWatch
Amazon
CloudFront
API
Gateway
78. Cloudwatch – Log streaming and metrics
Leverage built-in metrics and alarm on aggregates
(throttling)
Create Custom Metrics via Metric Filter out of logs
Captures Lambda invocation details, and all
logging statement output
Stream and centralize logs from multiple accounts
to Amazon ElasticSearch for near real-time
analysis
built-in custom
Amazon Cloudwatch
80. What can you answer using a CloudTrail event?
Who made the API call?
What was the API call?
When was the API call made?
Where was the API call made from and made to?
Which resources were acted upon in the API call?
Supported services:
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-services.html
81. AWS Config
• Get inventory of AWS resources
• Discover new and deleted resources
• Record configuration changes continuously
• Get notified when configurations change
82. Summary
• What is Serverless?
• Overview of AWS IAM, AWS Lambda, Amazon API
Gateway and Amazon Cognito
• Securing Serverless microservices
• Auditing and logging
• Summary
83. Additional Resources
- Serverless on AWS
- Serverless Computing on AWS
- re:Invent Talks and Webinars
- Serverless Auth: Identity Management
- Add User Sign-in, Management, and Security with Cognito
- Deep Dive on AWS Lambda
- Reference Projects
- Serverless Auth Reference App
- Cognito Angular 2 Quickstart
- Cognito API Gateway Auth Reference