Podcasts about aws control tower

AWS - Il podcast in italiano

Play Episode Listen Later Sep 9, 2024 3:36

AWS Morning Brief for the week of September 9th, with Corey Quinn. Links:Organizational Units in AWS Control Tower can now contain up to 1,000 accountsAmazon SES announces enhanced onboarding with adaptive setup wizard and Virtual Deliverability ManagerAWS Glue now provides job queuing AWS Network Load Balancer now supports configurable TCP idle timeoutAWS named as a Leader in the first Gartner Magic Quadrant for AI Code AssistantsAWS to highlight generative AI, cloud advancements at IBC 2024

amazon ai leader cloud aws devops ibc tcp corey quinn gartner magic quadrant aws control tower last week in aws

Come costruire una AWS Landing Zone (ospite: Stefano Boscolo)

Play Episode Listen Later Apr 23, 2024 28:05

Cos'è una Landing Zone e perché è importante per strutturare un progetto correttamente? Quali sono le linee guida e gli strumenti utili a definire a manutenere una landing zone su AWS? Quanta flessibilità abbiamo dopo aver creato la landing zone e come farla evolvere in base alle esigenze aziendali? E quanto costa? In questo episodio ospito Stefano Boscolo per parlare di Landing Zone, come crearle, gestirle e renderle uno strumento abilitante per tutti i team in azienda. Link utili: AWS Organizations: https://aws.amazon.com/it/organizations/ AWS Control Tower: https://aws.amazon.com/it/controltower/ Landing Zone Accelerator: https://aws.amazon.com/it/solutions/implementations/landing-zone-accelerator-on-aws/ Secure Cloud Foundation powered by Velocity: https://aws.amazon.com/marketplace/pp/prodview-vrcnef35kpz56

landing aws cos stefano quali velocity ospite quanta costruire boscolo aws organizations aws control tower

Episode 110 - AWS Certification Exam Prep - Part 2/6 with Anya Derbakova and Ted Trentler

AWS Developers Podcast

Play Episode Listen Later Mar 1, 2024 43:43

Welcome to part two in the AWS Certification Exam Prep Mini-Series! Whether you're an aspiring cloud enthusiast or a seasoned developer looking to deepen your architectural acumen, you've landed in the perfect spot. In this six-part saga, we're demystifying the pivotal role of a Solutions Architect in the AWS cloud computing cosmos. In this second episode, join Caroline and Dave as they host a riveting discussion with two cloud virtuosos - Anya Derbakova, a Senior Startup Solutions Architect at AWS, known for weaving social media magic, and Ted Trentler, a Senior AWS Technical Instructor with a knack for simplifying the complex. Together, they embark on a narrative journey through the clouds and break down the AWS Certification labyrinth. Expect to uncover: Designing Secure Access to AWS Resources: • Introduction to IAM for identity management. • Role switching with AWS STS. • Multi-account strategies using AWS Control Tower and federation with IAM roles. Designing Secure Workloads and Applications: • Architecting VPCs. • Implementing layered security models with security groups, NACLs, and gateways. Determining Appropriate Data Security Controls: • Data access, governance, and responsibility. • Data recovery, retention, and classification strategies. • Encryption and key management practices. Anatomy of an Exam Question: • Exam question formats: Multiple Choice and Multiple Response. • Dissecting questions: Stem, key, and distractors. • Scenario-based questions reflecting real-life challenges. • Alignment with the Well-Architected Framework. Sample Exam Question: • Scenario-based question on enabling software patch downloads for EC2 instances in private subnets without direct internet access. Whether you're aiming to elevate your career, transition roles, or simply quench your curiosity about the cloud, tune in to transform your understanding of AWS and gear up for success in the Solutions Architect realm. Anya on LinkedIn: https://www.linkedin.com/in/annadderbakova/ Ted on Twitter: https://twitter.com/ttrentler Ted on LinkedIn: https://linkedin/in/tedtrentler Caroline on Twitter: https://twitter.com/carolinegluck Caroline on LinkedIn: https://www.linkedin.com/in/cgluck/ Dave on Twitter: https://twitter.com/thedavedev Dave on LinkedIn: https://www.linkedin.com/in/davidisbitski AWS SAA Exam Guide - https://d1.awsstatic.com/training-and-certification/docs-sa-assoc/AWS-Certified-Solutions-Architect-Associate_Exam-Guide.pdf Party Rock for Exam Study - https://partyrock.aws/u/tedtrent/KQtYIhbJb/Solutions-Architect-Study-Buddy All Things AWS Training - Links to Self-paced and Instructor Led https://aws.amazon.com/training/ AWS Skill Builder – Free CPE Course - https://explore.skillbuilder.aws/learn/course/134/aws-cloud-practitioner-essentials AWS Skill Builder – Learning Badges - https://explore.skillbuilder.aws/learn/public/learning_plan/view/1044/solutions-architect-knowledge-badge-readiness-path AWS Well-Architected Framework - https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html Controlling the Network Free Lab - https://explore.skillbuilder.aws/learn/course/internal/view/elearning/11237/controlling-the-network-amazon Exam Prep Official Practice Question Set: AWS Certified Solutions Architect - Associate (SAA-C03 - English) - https://explore.skillbuilder.aws/learn/course/external/view/elearning/13266/aws-certified-solutions-architect-associate-official-practice-question-set-saa-c03-english?saa=sec&sec=prep AWS Skill Builder - Networking Core - Knowledge Badge Readiness Path - https://explore.skillbuilder.aws/learn/public/learning_plan/view/1944/networking-core-knowledge-badge-readiness-path Subscribe: Spotify: https://open.spotify.com/show/7rQjgnBvuyr18K03tnEHBI Apple Podcasts: https://podcasts.apple.com/us/podcast/aws-developers-podcast/id1574162669 RSS Feed: https://feeds.soundcloud.com/users/soundcloud:users:994363549/sounds.rss

data prep stem anatomy alignment i am implementing certification dissecting exam aws scenario encryption solutions architect multiple choice ec2 aws control tower

Managed OUs and An Intriguing IAM Hierarchical Model

Der AWS-Podcast auf Deutsch

Play Episode Listen Later Feb 20, 2024 2:37

AWS Morning Brief for the week of February 20, 2024, with Corey Quinn. Links:Amazon Bedrock console gets a modern look-and-feel AWS Control Tower introduces APIs to register Organizational Units Build generative AI chatbots using prompt engineering with Amazon Redshift and Amazon BedrockHow to enforce creation of roles in a specific path: Use IAM role naming in hierarchy models

amazon ai model cloud i am aws apis managed devops intriguing hierarchical corey quinn amazon redshift aws control tower last week in aws

96. AWS Governance and Landing Zone with Control Tower, Org Formation, and Terraform

AWS Bites

Play Episode Listen Later Sep 21, 2023 24:18

In this episode of AWS Bites, Luciano and Eoin dive deep into the world of AWS governance, landing zones, and automation tools. AWS emphasizes the importance of good governance for customers of all sizes, whether you're starting from scratch or have been using AWS for years. But with so many tools available, which one should you choose? Join us as we explore the best practices for setting up your AWS accounts correctly and discover tools that can automate the process, including AWS Control Tower and open-source alternatives like OrgFormation and Terraform. Whether you're new to AWS or a seasoned user, there's something valuable for everyone in this episode.

spotify tower landing governance formation aws eoin terraform cdk aws control tower

#621: AWS Control Tower and Cloud Governance in 2023

AWS Podcast

Play Episode Listen Later Sep 15, 2023 19:07

AWS Cloud Governance is the set of rules, practices, and reports that ensure your cloud use meets your business requirements. Tune into this episode, with host Jillian Forde, to hear from two Cloud Governance Specialists, Al Destefano and Nivas Durairaj, on how your organization can benefit from a multi-account strategy, meet regulatory requirements at scale, leverage AWS managed controls to meet business objectives and ensure data residency requirements are met by using services like AWS Organizations, AWS Config and AWS Control Tower. AWS Control Tower website: https://bit.ly/468g8oD AWS Cloud Governance options: https://bit.ly/3rb73N3

cloud governance aws aws organizations aws config aws control tower

46 - Ein sicherer Landeplatz in der Cloud: AWS Control Tower mit Michael Fraedrich

Play Episode Listen Later May 17, 2023 20:07

In dieser Episode des "AWS Cloud Horizonte" Podcasts diskutiert Host Oskar Neumann von AWS mit Gast Michael Fraedrich, Solutions Architect und Experte für AWS Control Tower bei AWS, die Funktionen und Vorteile von AWS Control Tower. Michael betont die Bedeutung des Dienstes für das zentrale Management der AWS-Umgebung, Compliance und Sicherheit. Darüber hinaus teilt er Best Practices und Anwendungsfälle und spricht über die Integration von AWS Control Tower in andere AWS-Dienste. Die zukünftige Entwicklung von AWS Control Tower und Ressourcen für Neueinsteiger werden ebenfalls angesprochen.

management cloud dar integration entwicklung best practices bedeutung compliance sicherheit vorteile experte aws ressourcen funktionen solutions architect sicherer anwendungsf neueinsteiger dienstes landeplatz aws control tower

#0023 StackZone

Innovando con AWS

Play Episode Listen Later May 8, 2023 53:10

Fernando Hönig es el fundador de StackZone, un partner de Amazon Web Services. Fernando nos viene a contar que es StackZone, como nos puede ayudar con la gobernanza del cloud, backups en AWS, como monitorear recursos y mantenerlos seguros. También nos cuenta cómo podemos monitorear y tomar acciones con respecto a control de costes.Fernando Hönig - https://www.linkedin.com/in/fernandohonig/ Fernando es el fundador de StackZone, una plataforma de administración para servicios de AWS de última generación. StackZone simplifica la administración del cloud, reduce los costes de funcionamiento de AWS y automatiza la adopción de mejores prácticas de seguridad y cumplimiento de normativas. Fernando es un influencer de la industria de AWS con 10 años de experiencia y 10 certificaciones en el cloud. Es un AWS Hero y lidera varios grupos de usuarios de AWS con miembros en todo el mundo. Ha brindado consultoría y capacitación tecnológica de AWS a organizaciones de diferentes tamaños, en muchas industrias. Fernando y su equipo han combinado su amplia experiencia en AWS para desarrollar la plataforma de automatización de StackZone. Como evangelista de seguridad y cumplimiento de AWS, Fernando aboga por las mejores prácticas de seguridad y cumplimiento. Las automatizaciones de StackZone permiten a las empresas adoptar esto rápidamente y a escala. Rodrigo Asensio - https://twitter.com/rasensio Basado en North Carolina, USA, Rodrigo es responsable de un equipo de cuentas estratégicas para el segmento de ISV de Educación. Rodrigo busca poder descomplejizar y desmitificar conceptos, herramientas y procesos relacionados al cloud para poder hacer que esta tecnología alcance a más gente. Links StackZone: https://www.stackzone.com/ AWS Config https://aws.amazon.com/config/AWS Control Tower https://aws.amazon.com/controltower/ Conectate con Rodrigo Asensio en Twitter https://twitter.com/rasensio y Linkedin en https://www.linkedin.com/in/rasensio/

united states north carolina partners tambi governance aws educaci amazon web services basado isv conectate aws hero aws config aws control tower

203: From vaporware to visual apps – AWS App Composer Generally Available

Play Episode Listen Later Mar 16, 2023 40:47

On this episode of The Cloud Pod, the team talks about the new AWS region in Malaysia, the launch of AWS App Composer, the expansion of spanner database capabilities, the release of a vision AI by Microsoft; Florence Foundation Model, and the three migration techniques to the cloud space. A big thanks to this week's sponsor, Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights

ai discover microsoft public stanford apps oracle hybrid malaysia visual composer generally web3 gb aws notebook prometheus azure confidential 200k rapidly operators google cloud on demand node kubernetes rds login mongodb tde power bi cloud native tib caching spanner uefi vaporware mariadb spanners azure cosmos db generally available amazon dynamodb aws glue west us aws control tower aws regions amazon documentdb cloud pod foghorn consulting

Happy Fun Podcast That Tells It Like It Is

Play Episode Listen Later Mar 6, 2023 6:25

AWS Morning Brief for the week of March 6, 2023 with Corey Quinn. Links: Amazon Aurora Serverless v1 now supports customer configurable maintenance windows Amazon CloudWatch Internet Monitor is now generally available AWS Lambda Powertools for .NET is now generally available Amazon Neptune Serverless now scales down to 1 NCU to save costs AWS Control Tower announces a progress tracker for landing zone setup and upgrades In the Works – AWS Region in Malaysia New – Amazon Lightsail for Research with All-in-One Research Environments Announcing Amazon ECS Task Definition Deletion Announcing the end of Windows Installer support for AWS Tools for Windows “Avatar: The Way of Water” and the future of filmmaking A detailed overview of Trusted Advisor Organizational Dashboard

amazon water research cloud aws devops fun podcast corey quinn ncu aws control tower last week in aws

200: Now you can make bad cloud decisions like running EKS on SNOW

The DevOps Kitchen Talks's Podcast

Play Episode Listen Later Feb 22, 2023 50:18

EKS on Snow Devices On this episode of The Cloud Pod, the team highlights the new Graviton3-based images for users of AWS, new ways provided by Google to pay for its cloud services, the new partnership between Azure and the Finops Foundation, as well as Oracle's new cloud banking, and the automation of CCOE. A big thanks to this week's sponsor, Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights

google microsoft decisions snow cloud oracle bots io aws java azure governing google cloud xr tagging redis postgresql eks aws lambda like running ec2 amazon rds cloudwatch amazon dynamodb aws sdk aws control tower finops foundation aws regions amazon elasticache amazon emr cloud pod foghorn consulting

DKT47: Что нового в мире IT по версии Thoughtworks technology radar

Play Episode Listen Later Jan 25, 2023 126:17

⏰Taйминг⏰ 00:00:00 - Start 00:11:12 - Path-to-production mapping (new) 00:14:06 - 2 Team cognitive load 00:22:33 - 6 Design tokens (new) 00:23:09 - 7 Fake SMTP server to test mail sending (new) 00:25:59 - 9 Incremental developer platform (new) 00:35:11 - 11 Observability for CI/CD pipelines (new) 00:39:53 - 12 Supply chain Levels for Software Artifacts, or SLSA (updated) 00:40:16 - 14 Carbon efficiency as an architectural characteristic (new) 00:42:48 - 16 GitHub push protection (new) 00:45:25 - 17 Local-first application (new) 00:51:22 - 20 SLIs and SLOs as code (new) 00:53:56 - Demo sloth 00:54:46 - 21 Synthetic data for testing models (new) 00:55:32 - 24 Satellite workers without "remote native" (new) - hold 00:56:05 - Вернемся ли мы офисы? А вы хотите вернуться? 01:01:47 - 26 Superficial cloud native 01:04:17 - 52 - k6 (up) 01:08:21 - 51 Great Expectations (up) 01:08:38 - 54 AWS Backup Vault Lock (new) 01:11:32 - 55 AWS Control Tower (new) 01:13:46 - 56 Clumio Protect 01:17:01 - 60. Kaniko 01:18:27 - 59. Hadolint (new) 01:22:38 - 64. xbar for build monitoring 01:27:13 - 65. Clasp 01:28:15 - 66 Databricks Overwatch (new) 01:35:34 - 68 git-together (new) 01:39:20 - Проблема code-review 01:43:16 - 69 Harness Cloud Cost Management 01:44:49 - 71. Karpenter 01:46:59 - 72. Mizu (new) 01:48:12 - 74. Teller (new) 01:49:03 - 75. Xcode Cloud 01:49:34 - 76. Online services for formatting or parsing code 01:51:13 - 27 Backstage (up) 01:52:57 - 29. AWS Database Migration Service (new) 01:55:17 - 37. Retool 01:55:55 - 39 Teleport (up) 02:00:31 - 40 VictoriaMetrics (new) 02:01:08 - 47. IAM Roles Anywhere (new) 02:02:33 - Languages & Frameworks 02:03:01 - 101. Stable Diffusion

online design local team levels supply demo carbon satellites backstage github great expectations teller synthetic incremental superficial ci cd stable diffusion observability teleport clasp mizu slos slis xcode cloud aws control tower thoughtworks technology radar aws database migration service

020. AWS Organizations лучшие практики - часть 2

AWS на русском

Play Episode Listen Later Sep 9, 2022 31:54

Продолжаем говорить про AWS организации. В первой части мы закончили говорить про Organization Units, а во второй уже начали с service control policies (SCPs): как работают политики и как внутренний сервис Amazon - Zelkova, помогает с безопасностью. Что такое AWS Control Tower и как он помогает в построении организации. Не забыли раскрыть тему уменьшения расходов при использовании AWS организации и другие преимущества работы с ней. Полезные ссылки Лучшие практики AWS организации AWS Whitepaper - Organizing Your AWS Environment Using Multiple Accounts О делегированном администраторе. Что такое Zelkova Если у вас есть вопросы, предложения темы, пишите мне в LinkedIn https://www.linkedin.com/in/vedmich/ или телеграмм https://t.me/VictorVedmich

aws aws organizations aws control tower

Cloud Posse DevOps "Office Hours" (2022-05-18)

Cloud Posse DevOps "Office Hours" Podcast

Play Episode Listen Later May 18, 2022 47:51

Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. You can register here: https://cloudposse.com/office-hoursJoin the conversation: https://slack.cloudposse.com/Find out how we can help your company:https://cloudposse.com/quizhttps://cloudposse.com/accelerate/Learn more about Cloud Posse:https://cloudposse.comhttps://github.com/cloudpossehttps://sweetops.com/https://newsletter.cloudposse.comhttps://podcast.cloudposse.com/[00:00:00] Intro[00:01:13] Red Hat open sources StackRoxhttps://techcrunch.com/2022/05/17/red-hat-open-sources-stackrox-the-kubernetes-security-platform-it-acquired-last-year/[00:01:52] Easily Manage Access to Kuberneteshttps://github.com/infrahq/infra[00:03:40] Heroku CI and Review App Secrets Compromised (Dejavu?)https://news.ycombinator.com/item?id=31417993[00:04:56] AWS Control Tower can now use customer provided core accountshttps://aws.amazon.com/about-aws/whats-new/2022/05/aws-control-tower-now-use-customer-provided-core-accounts/[00:07:41] AWS SSO delegated administration to a member accounthttps://aws.amazon.com/blogs/security/getting-started-with-aws-sso-delegated-administration/[00:10:21] Yet Another Kubernetes Controller for Terraform (weaveworks, rancher, et al)https://www.appvia.io/blog/self-service-of-cloud-resourceshttps://github.com/weaveworks/tf-controllerhttps://github.com/rancher/terraform-controller[00:12:20] Terraform provider for Atlas Database Migrations https://atlasgo.io/blog/2022/05/04/announcing-terraform-providerx[00:15:56] What does cloudposse use for ingress controller?[00:24:41] I'm curious what kinds of patterns cloudposse has seen work for “On demand” environments, for microservices? [00:38:10] atmos.tools launched![00:39:33] Using Terraform to create a DB from scratch - how are we supposed to manage the DB passwords? [00:44:02] How would you set up IAM policies if starting from scratch? [00:46:42] Outro #officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#awsSupport the show

cloud i am lunch aws db devops posse red hat kubernetes office hours ci cd terraform aws control tower

#3.02 - AWS Control Tower - Gestión de cuentas en Organizaciones

Charlas técnicas de AWS (AWS en Español)

Play Episode Listen Later Feb 21, 2022 59:13

En este episodio hablamos de como se recomienda que la organizaciones gestionen sus multiples cuentas de AWS. Para eso introducimos el concepto de Landing Zone y el servicio de AWS Control Tower.Este es el episodio 2 de la tercera temporada del podcast de Charlas Técnicas de AWS

videos madrid account problemas seguridad aws gesti cloud computing cuentas organizaciones terraform encontra la nube vpc aws summit inforce aws control tower

145: The Cloud Pod Evidently Wants to Talk about re:Invent

Cloud Posse DevOps "Office Hours" Podcast

Play Episode Listen Later Dec 13, 2021 95:22

On The Cloud Pod this week, the team finds out whose re:Invent 2021 crystal ball was most accurate. Also Graviton3 is announced, and Adam Selipsky gives his first re:Invent keynote. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located. This week's highlights

ceo amazon ai brazil ios customers ip saas developers intel powered swift slack time travel salesforce poem optimize users savings api troll io offline fcc asia pacific aws ml linux java snowflakes reinvent apis dl azure day two invent regions gpu vmware google cloud s3 sql git guardrails emr rds terraform msk ssh pii kotlin sql server udacity ebs access management 1tb amazon s3 ec2 lustre amazon connect 1gb us west dynamodb 100gb graviton aws marketplace cloudfront fargate jumpcloud vmware cloud intel xeon amazon sagemaker cloudwatch amd epyc openzfs 50gb amazon redshift amazon aurora aws step functions aws sdk aws identity amazon linux fsx amazon cloudfront aws control tower amazon cognito amazon kinesis aws cli amazon inspector aws regions amazon cloudwatch aws transit gateway amazon fsx aws snowball edge amazon ec2 instances cloud pod foghorn consulting

AWS re:Invent 2021 - All the Cloud Security Updates so far

Cloud Security News

Play Episode Listen Later Dec 2, 2021 7:16

Cloud Security News this week 2 December 2021 AWS has launched some improvements to a few of their existing services and no new Security service has been announced yet. With Google Cloud announcing their CyberSecurity Action team earlier this year, we were hoping for a similar response or better from AWS but nothing so far. Updates to AWS Shield, Amazon Cloud Guru and Amazon Inspector. For those storing CloudTrail logs or other important logs to help with incident response in S3 buckets, you can now use EventBridge to build applications that react quickly and efficiently to changes in your S3 objects. This will deliver responses to potential Events/incidents of interest in a faster, more reliable, and in a more developer-friendly way than ever. More on this here If you use AWS Control Tower and care about Data Residency, now you will be able to apply Preventive and detective controls that prevent provisioning resources in unwanted AWS Regions by restricting access to AWS APIs through service control policies (SCPs) built and managed by AWS Control Tower. This means that content cannot be created or transferred outside of your selected Regions at the infrastructure level. More on this here They have announced Amazon VPC IP Address Manager (IPAM), a new feature that provides network administrators with an automated IP management workflow.making it easier to organize, assign, monitor, and audit IP addresses in at-scale networks. More on this here new feature.” Amazon VPC Network Access Analyzer. In contrast to manual checking of network configurations, which is error-prone and hard to scale, this tool lets you analyze your AWS networks of any size and complexity. You can get started with a set of Amazon-created scopes, and then either copy & customize them, or create your own from scratch. More on this here A new Amazon S3 Object Ownership setting and the Amazon S3 console policy editor. More on the Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

amazon events security ip aws reinvent regions s3 preventive cloud security live streamed amazon s3 scps eventbridge aws control tower amazon inspector aws regions

AWS re:Invent 2021 - All the Cloud Security Updates so far

Cloud Security Podcast

Play Episode Listen Later Dec 2, 2021 7:16

amazon events security ip aws reinvent regions s3 preventive cloud security live streamed amazon s3 scps eventbridge aws control tower amazon inspector aws regions

Cloud Posse DevOps "Office Hours" (2021-12-01)

Play Episode Listen Later Dec 1, 2021 53:17

Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. You can register here: https://cloudposse.com/office-hoursJoin the conversation: https://slack.cloudposse.com/Find out how we can help your company:https://cloudposse.com/quizhttps://cloudposse.com/accelerate/Learn more about Cloud Posse:https://cloudposse.comhttps://github.com/cloudpossehttps://sweetops.com/https://newsletter.cloudposse.comhttps://podcast.cloudposse.com/[00:00:00] Intro[00:04:00] AWS Proton Adds Terraform for infrastructure provisioninghttps://aws.amazon.com/about-aws/whats-new/2021/11/aws-proton-terraform-infrastructure/[00:05:55] AWS Proton introduces Git management of infrastructure as code templateshttps://aws.amazon.com/about-aws/whats-new/2021/11/aws-proton-git-infrastructure-code-templates/[00:10:43] Amazon Linux 2022https://aws.amazon.com/linux/amazon-linux-2022/?amazon-linux-whats-new.sort-by=item.additionalFields.postDateTime&amazon-linux-whats-new.sort-order=desc[00:12:11] Announcing Pull Through Cache Repositories for ECR and terraform provider support cominghttps://aws.amazon.com/blogs/aws/announcing-pull-through-cache-repositories-for-amazon-elastic-container-registry/https://github.com/hashicorp/terraform-provider-aws/issues/21951[00:17:10] AWS EMR Serverless in previewhttps://aws.amazon.com/about-aws/whats-new/2021/11/amazon-emr-serverless-preview/[00:19:06] AWS Control Tower introduces Terraform account provisioning and customization (with weird modules)https://aws.amazon.com/about-aws/whats-new/2021/11/aws-control-tower-terraform/https://github.com/aws-ia/terraform-aws-control_tower_account_factory[00:23:58] AWS Karpenter v0.5 Now Generally Availablehttps://aws.amazon.com/about-aws/whats-new/2021/11/aws-karpenter-v0-5/[00:28:45] AWS WAF adds support for Captcha (e.g. like Cloudflare)https://aws.amazon.com/about-aws/whats-new/2021/11/aws-waf-captcha-support/[00:33:45] Has anyone migrated an existing organisation into control tower? How did it go? @Alex Jurkiewicz [00:34:45] I wanna open a discussion regarding tagging/labeling conventions that are used company wide. And what tags do you guys use ? @Sherif Abdel-Naby[00:48:06] I have some nested providers that I'm moving to the root module. My approach is to replace the nested providers in the state file, with the root-level providers, which seems to be working. Any advice, suggestions? @Eric Berg[00:52:17] Outro #officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#awsSupport the show (https://cloudposse.com/office-hours/)

cloud lunch aws devops posse git kubernetes cloudflare office hours ci cd terraform captcha ecr amazon linux aws control tower aws waf

AWS re:Invent Day One Special

AWS Bites

Play Episode Listen Later Nov 30, 2021 30:16

In this special episode, Eoin and Luciano talk about their impression on the announcements from the first day of AWS re:invent 2021. AWS Lambda now supports event filtering for Amazon SQS, Amazon DynamoDB, and Amazon Kinesis as event sources: https://aws.amazon.com/about-aws/whats-new/2021/11/aws-lambda-event-filtering-amazon-sqs-dynamodb-kinesis-sources/ Amazon CodeGuru Reviewer now detects hardcoded secrets in Java and Python repositories: https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-codeguru-reviewer-hardcoded-secrets-java-python/ Amazon ECR announces pull through cache repositories: https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-ecr-cache-repositories/ Introducing recommenders optimized to deliver personalized experiences for Media & Entertainment and Retail with Amazon Personalize: https://aws.amazon.com/about-aws/whats-new/2021/11/recommenders-optimized-personalized-media-entertainment-retail-amazon-personalize/AWS Chatbot now supports management of AWS resources in Slack (Preview): https://aws.amazon.com/about-aws/whats-new/2021/11/aws-chatbot-management-resources-slack/ Amazon CloudWatch Evidently: https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-cloudwatch-evidently-feature-experimentation-safer-launches/ AWS Migration Hub Refactor Spaces - Preview: https://aws.amazon.com/about-aws/whats-new/2021/11/aws-migration-hub-refactor-spaces/ CloudWatch Real User Monitoring: https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-cloudwatch-rum-applications-client-side-performance/ CloudWatch Metrics Insights: https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-cloudwatch-metrics-insights-preview/ AWS Karpenter: https://github.com/aws/karpenter S3 Event Notifications with EventBridge: https://aws.amazon.com/blogs/aws/new-use-amazon-s3-event-notifications-with-amazon-eventbridge/ S3 Event Notifications for S3 Lifecycle, S3 Intelligent-Tiering, object tags, and object access control lists: https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-s3-event-notifications-s3-lifecycle-intelligent-tiering-object-tags-object-access-control-lists/ Amazon Athena ACID Transactions (Preview): https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-athena-acid-apache-iceberg/ AWS Control Tower introduces Terraform account provisioning and customization: https://aws.amazon.com/about-aws/whats-new/2021/11/aws-control-tower-terraform/ Leave a comment here or connect with us on Twitter: - https://twitter.com/eoins - https://twitter.com/loige

media retail day one python aws java reinvent eoin terraform aws lambda amazon dynamodb eventbridge amazon sqs aws control tower amazon kinesis amazon ecr

DNSSEC Inspired Outages

Play Episode Listen Later Oct 7, 2021 8:16

Links: Let's Encrypt's root certificate has expired, and it might break your devices: https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/ Slack was bitten by DNSSEC: https://Twitter.com/tqbf/status/1443654964556013569 Prepare For Cybersecurity Assessments From Your Customers: https://www.securitysystemsnews.com/article/prepare-for-cybersecurity-assessments-from-your-customers AWS Lambda now supports triggering Lambda functions from an Amazon SQS queue in a different account: https://aws.amazon.com/about-aws/whats-new/2021/09/aws-lambda-lambda-function-amazon-sqs-queue/ Migrating custom Landing Zone with RAM to AWS Control Tower: https://aws.amazon.com/blogs/mt/migrating-custom-landing-zone-with-ram-to-aws-control-tower/ Introducing the Ransomware Risk Management on AWS Whitepaper: https://aws.amazon.com/blogs/security/introducing-the-ransomware-risk-management-on-aws-whitepaper/ Validate IAM policies in CloudFormation templates using IAM Access Analyzer: https://aws.amazon.com/blogs/security/validate-iam-policies-in-cloudformation-templates-using-iam-access-analyzer/ Pacu: The Open Source AWS Exploitation Framework: https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/ TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it's nobody in particular's job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Corey: This episode is sponsored in part by Thinkst Canary. This might take a little bit to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, or anything else like that that you can generate in various parts of your environment, wherever you want them to live. It gives you fake AWS API credentials, for example, and the only thing that these things do is alert you whenever someone attempts to use them. It's an awesome approach to detecting breaches. I've used something similar for years myself before I found them. Check them out. But wait, there's more because they also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment and manage them centrally. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files that it presents on a fake file store, you get instant alerts. It's awesome. If you don't do something like this, instead you're likely to find out that you've gotten breached the very hard way. So, check it out. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I am so glad I found them. I love it.” Again, those URLs are canarytokens.org and canary.tools. And the first one is free because of course it is. The second one is enterprise-y. You'll know which one of those you fall into. Take a look. I'm a big fan. More to come from Thinkst Canary in the weeks ahead.Corey: Somehow we made it through an entire week without a major vendor having a headline-level security breach. You know, I could get used to this; I'll take, “It's harder for me to figure out what to talk about here,” over, “A bunch of customers are scrambling because their providers have failed them,” every time.So, let's see what the community had to say. Last week, as you're probably aware, Let's Encrypt's root certificate expiredwhich caused pain for a bunch of folks. Any device or configuration that hadn't been updated for a few years is potentially going to see things breaking. The lesson here is to be aware that certificates do expire. The antipattern is to do super-long registrations for thing, but that just makes it worse.One of the things Let's Encrypt got very right is forcing 90-day certificate rotations for client certs. When you've got to do that every three months, you know where all of your certificates are. If you've got to replace it once every ten years, you'll have no clue; that was six employees ago.In bad week news, Slack was bitten by DNSSEC when they attempted and failed to roll it out. DNSSEC is a bag of pain it's best not to bother with, as a general rule. DNS is always a bag of pain because of caching and TTL issues. In effect, Slack tried to roll out DNSSEC—probably due to a demand by some big corporate customer—had it fail, panicked and rolled back the change, and was in turn bitten by outages as a bunch of DNS resolvers had the DS key cached, but the authoritative nameservers stopped publishing it. This is a mess and a great warning to those of us who might naively assume that anything like DNSSEC that offers improved security comes without severe tradeoffs. Measure twice, cut once because mistakes are going to show.I also found a somewhat alarmist article talking about cybersecurity assessments from your customers and fine, but it brings up a good point. If you're somehow responsible for security but don't have security in your job title—which, you know, this show is aimed at—you may one day be surprised to have someone from sales pop up and ask you to fill out a form from a prospective customer. Ignore the alarm and the panic but you're going to want to get towards something approaching standardization around how you handle those.The first time you get one of these, it's a novel exercise; by the tenth, you just want to have a prepared statement you can hand them so you can move on with things. Well, those prepared statements are often called things like, “SOC 2 certifications.” There's a spectrum and where you fall on it depends upon who you work for and what you do. So, take them seriously and don't be surprised when you get one.AWS had a few interesting security-related announcements. AWS Lambda now supports triggering Lambda functions from an Amazon SQS queue in a different account. That doesn't sound like a security announcement, so why am I talking about it? Because until recently, it wasn't possible so a lot of folks scoped their IAM policies very broadly; what do you care if any random SQS queue in your own account can invoke a Lambda? With this change, suddenly internet randos can invoke Lambda functions, and you should probably go check production immediately.Announcer: Have you implemented industry best practices for securely accessing SSH servers, databases, or Kubernetes? It takes time and expertise to set up. Teleport makes it easy. It is an identity-aware access proxy that brings automatically expiring credentials for everything you need, including role-based access controls, access requests, and the audit log. It helps prevent data exfiltration and helps implement PCI and FedRAMP compliance. And best of all, Teleport is open-source and a pleasure to use. Download Teleport at goteleport.com. That's goteleport.com.Corey: Migrating custom Landing Zone with RAM to AWS Control Tower. It's worth considering the concept here because, “Using the polished thing” is usually better than building and then maintaining something yourself. You wind up off in the wilderness; then AWS shows up and acts befuddled, “Why on earth would you build things the way that we told you to build them at the time you set up your environment?” It's obnoxious and they need to stop talking and own their mistakes, but keeping things current with the accepted way of doing things is usually worth at least considering.AWS has a whitepaper on Ransomware Risk Management out and I'm honestly conflicted about it. There are gems but it talks about a pile of different services they offer to offset the risk. Some of them—like AWS Backup—are great.Others—“Use Systems Manager State Manager”—present as product pitches for products of varying quality and low adoption. On balance, it's worth reading but retain a healthy skepticism if you do. It should be noted that the points that the address and the framework they lay out is exactly how risk management folks think, and that's helpful.Validate IAM policies in CloudFormation templates using IAM Access Analyzer. I like that one quite a bit. It does what it says on the tin, and applies a bunch of more advanced linting rules than you'd find in something like cfn-lint.Note that this costs nothing for a change, even though it does communicate with AWS to run its analysis. Note that as AWS improves the Access Analyzer, findings will likely change, so be aware that this may well result in a regression should you have it installed as part of a CI/CD pipeline.And as far as tools go, if you're not a security researcher, good; you're in the right place. But that said, if you have a spare afternoon at some point, you may want to check out Pacu—that's P-A-C-U. It's an open-source AWS exploitation framework that lets you see just how insecure your AWS accounts might be. I generally leave playing with those sorts of things to security professionals, but this is a fun way to just take a quick check and see if there's a burning fire that jumps out that might arise for you down the road. And I'll talk to you more about all this stuff next week.Corey: I have been your host, Corey Quinn, and if you remember nothing else, it's that when you don't get what you want, you get experience instead. Let my experience guide you with the things you need to know in the AWS security world, so you can get back to doing your actual job. Thank you for listening to the AWS Morning Brief: Security Edition.Announcer: This has been a HumblePod production. Stay humble.

amazon cloud measure i am ram slack aws ds devops dns soc kubernetes urls migrating lambda pci ci cd outages ssh encrypt teleport aws lambda ttl fedramp pacu corey quinn nmap dnssec cloudformation sqs amazon sqs aws control tower last week in aws humblepod

129: The Cloud Pod ditches our m1.small instances

Cloud Posse DevOps "Office Hours" Podcast

Play Episode Listen Later Aug 13, 2021 63:57

On The Cloud Pod this week, the team is back in full force and some are sporting fresh tan lines. Also, it's earnings season, so get ready for some big numbers — as well as some losses. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located. This week's highlights

covid-19 amazon australia google los angeles france leader european union microsoft new zealand healthcare melbourne cloud increasing oracle region alphabet aws azure gpu google cloud kubernetes summits internet explorer ditches immutable instances sql server cloud infrastructure cdk aws lambda microsoft cloud ec2 amazon connect fhir gartner magic quadrant us east jumpcloud amazon redshift cloud build aws config aws control tower azure backup amazon cloudwatch cloud pod foghorn consulting

What's New in May 2021

Melbourne AWS User Group

Play Episode Listen Later Aug 12, 2021 69:25

Once again Arjen, Jean-Manuel, and Guy discuss the latest and greatest announcements from AWS in this roundup of the news of May. Also once again, this was recorded 2 months before it went up, but luckily it's all still relevant. Even the comments about being in lockdown. News Finally in Sydney

miami ios spark lift analytics oracle iot dimension aws java scalable on demand kubernetes 3x cdi 5x kantar ssr arjen postgresql sql server visual studio code ec2 20x lustre savings plan apache kafka nist cybersecurity framework access management iam auto scaling amazon rds aws fargate apache airflow amazon eks aws sdk aws control tower crls amazon emr amazon fsx aws iot device management

Cloud Posse DevOps "Office Hours" (2021-06-30)

Play Episode Listen Later Jun 30, 2021 59:35

Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. You can register here: https://cloudposse.com/office-hoursJoin the conversation: https://slack.cloudposse.com/Find out how we can help your company:https://cloudposse.com/quizhttps://cloudposse.com/accelerate/Learn more about Cloud Posse:https://cloudposse.comhttps://github.com/cloudpossehttps://sweetops.com/https://newsletter.cloudposse.comhttps://podcast.cloudposse.com/[00:00:00] Intro[00:01:10] July 21st: Waypoint Demo presented by Taylor Dolezal [00:01:45] AWS Firewall Manager released.https://github.com/cloudposse/terraform-aws-firewall-manager[00:03:12] New Terraform “Utils” Provider for AWS - The Cloud Posse “Escape Hatch”https://github.com/cloudposse/terraform-provider-awsutils[00:13:45] AWS Key Management Service Introduces Multi-Region Keyshttps://www.infoq.com/news/2021/06/aws-kms-global/[00:15:11] Official AWS Modules by Amazon Released(NOTE terraform-aws-modules GitHub organization is not official)https://github.com/aws-ia[00:22:19] Terraform 1.1-alpha implements “terraform add” generatorhttps://github.com/hashicorp/terraform/pull/28874[00:25:20] https://www.theverge.com/platform/amp/2021/6/30/22556992/slack-huddles-audio-calls-feature-launch-discord-like[00:29:05] GitHub AI Pair Programmerhttps://copilot.github.com [00:33:32] Leapp new version released to support AWS Named-profileshttps://github.com/Noovolari/leapp [00:34:57] Can you use Terraform to bootstrap a deployment of AWS Control Tower?[00:37:51] Any advice on using Cloud Posse modules with the CDK?[00:45:45] How to manage customer managed KMS Keys [00:49:09] Can you specify something other than 0.0.0.0 in the packer file? [00:52:51] Nike's gimme creds tool broke for everyone using Oktahttps://github.com/Nike-Inc/gimme-aws-creds [00:55:30] AWS cloud credentials is overly complex [00:58:35] Outro#officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#awsSupport the show (https://cloudposse.com/office-hours/)

cloud lunch aws github devops posse kubernetes office hours ci cd terraform cdk nike inc aws control tower

【毎日AWS #224】AWS Lambda から Amazon Elastic File System にアクセスする機能が大阪リージョンに登場他9件 #サバワ

サーバーワークスが送るAWS情報番組「さばラジ！」

Play Episode Listen Later Jun 24, 2021 7:25

最新情報を "ながら" でキャッチアップ！ラジオ感覚放送「毎日AWS」おはようございます、金曜日担当パーソナリティの菅谷です。今日は 06/24 に出たアップデートをピックアップしてご紹介。感想は Twitter にて「#サバワ」をつけて投稿してください！ ■ トークスクリプト【AWSアプデ 06/24】AWS Lambda から Amazon Elastic File System にアクセスする機能が大阪リージョンに登場他9件【#毎日AWS #224 】 ■ UPDATE PICKUP AWS Lambda から Amazon Elastic File System にアクセスする機能が大阪リージョンに登場 AWS Outposts が大阪リージョンに登場 Amazon RDS for Oracleで r5インスタンスクラスのvCPU数を調整できるように AWS Managed Services がセルフサービスレポートを提供開始 AWS Control Tower のコンソールおよび、全体的なサービスパフォーマンスが改善 Amazon Lookout for Metrics が CloudWatch とシームレスに統合、収集したメトリクスから異常検知できるように AWS Marketplace と AWS Data Exchange において香港、カタールのソフトウェアベンダーからソフトウェアおよびデータ製品を調達できるように AWS ClientVPNが desktop client for Linux を提供開始し、Linuxデスクトップに対応 Amazon Translate が XLIFF ドキュメントの翻訳をサポート Amazon Textract のフォーム抽出機能が精度向上し、より正確にドキュメントを解析できるように ■ サーバーワークスSNS Twitter / Facebook ■ サーバーワークスブログサーバーワークスエンジニアブログ ■ 関連ブログ AWS Lambda から Amazon Elastic File System にアクセスできるようになりました！！！

amazon oracle aws elastic aws lambda filesystem amazon rds aws outposts aws control tower

Gerenciando múltiplas contas com AWS Control Tower

Darede Cast

Play Episode Listen Later Jun 8, 2021 56:03

Para manter a independência de equipes e aumentar a segurança na utilização de serviços da AWS, as empresas geralmente possuem diversas contas na plataforma. Existem aplicações dentro da AWS para gerenciá-las, e por isso convidamos Amanda Quinto, Arquiteta de Soluções da AWS para explicar como é possível realizar essa função com o AWS Control Tower. Confere aí! Entre no nosso grupo do Telegram e tire mais dúvidas Cloud Evangelists BR: https://t.me/cloudevangelist Ou acesse: https://www.darede.com.br/

telegram aws existem solu contas confere gerenciando aws control tower

119: Oracle announces something amazing, The Cloud Pod worldview shook

Der AWS-Podcast auf Deutsch

Play Episode Listen Later Jun 4, 2021 55:37

This week on The Cloud Pod, Ryan is stuck somewhere in a tent under a broken-down motorcycle but is apparently still having fun. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights Amazon went back to school to become a detective. Google was voted prom queen at the virtual homecoming. Oracle shocks everyone with its new look. General News: Great Partners Hashicorp has partnered with AWS to launch support for predictive scaling policy in the Terraform AWS provider. This will be hugely popular for people new to the cloud. Amazon Web Services: Dropping Stories For No Reason AWS Lambda Extensions are now generally available with new performance improvements. This has pretty limited regional availability, though. Amazon releases the AWS Shield threat landscape 2020 year in review. One of our favourite blogs. AWS EKS Add-Ons now supports CoreDNS and kube-proxy. This is neat! Introducing the AWS Application Cost Profiler — there have been a few complaints about this on Twitter. AWS Compute Optimizer launches updates to its EC2 instance type recommendations. This is awesome. AWS Outposts launches support for EC2 Capacity Reservations. Being able to use the same tool regardless of where you are is a good thing! An AWS Region in the United Arab Emirates (UAE) is in the works. Great! Google Cloud Platform: Prom Queen 2021 Google VM Manager with OS configuration management is now in Preview. This is basically patch and agent management. Forrester names Google Cloud a leader in Unstructured Data Security Platforms. Good job, Google! Google has released a better way to manage firewall rules with Firewall Insights. We just want a firewall manager that does everything for us. Google announces new BigQuery user-friendly SQL launches. Thanks but no thanks. Azure: Selling No-Code To Developers Azure gains 100th compliance offering — protecting data with EU Cloud Code of Conduct. Now we know why France was so happy last week. Azure announces preview capabilities of Azure Application Services to run on K8 anywhere. We're really surprised by how quickly the cloud providers have embraced hybrid infrastructure. Azure releases several new features to empower developers to innovate with Azure Database services. We need to bring the tumbleweed sound effect back. Accenture, GitHub, Microsoft and ThoughtWorks launch the Green Software Foundation with the Linux Foundation. So they're anti-Bitcoin mining? Microsoft uses GPT-3 to add AI features to Power Apps. For developers who don't code. Microsoft's new research lab studies developer productivity and well-being. We'll see what happens. Oracle: One We're Actually Excited About Introducing Arm on Oracle Cloud Infrastructure. The free tier is amazing! TCP Lightning Round Justin really appreciates Jonathan for handing him an easy win and takes this week's point, leaving scores at Justin (9), Ryan (4), Jonathan (7). Other headlines mentioned: Amazon Forecast now supports generating predictions for 5X more items using 3X more historic data points Amazon Elastic File System now supports longer resource identifiers AWS X-Ray now supports VPC endpoints Announcing enhancements to Amazon Rekognition text detection — support for more words, higher accuracy and lower latency Amazon CloudWatch Application Insights now supports container monitoring Customizations for AWS Control Tower v2.1 adds more scaling optimizations and improves compatibility with AWS CodeBuild Amazon EventBridge now supports sharing events between event buses in the same account and Region Amazon SageMaker Pipelines is now integrated with Amazon SageMaker Experiments Amazon Braket introduces quantum circuit noise simulator, DM1 AWS Transfer Family now supports Microsoft Active Directory Amazon EMR now supports Amazon EC2 On-Demand Capacity Reservations The Microsoft Build of OpenJDK is now generally available Public preview: Azure Confidential Ledger Google now allows you to Test Dataflow pipelines with the Cloud Spanner emulator Things Coming Up Announcing Google Cloud 2021 Summits [frequently updated] Harness Unscripted Conference — June 16–17 Google Cloud Next — Not announced yet (one site says Moscone is reserved June 28–30) Amazon re:Inforce — August 24-25 — Houston TX Google Cloud Next 2021 — October 12–14, 2021 AWS re:Invent — November 29–December 3 — Las Vegas

amazon google ai las vegas france microsoft bitcoin os cloud preview oracle year in review arm conduct accenture gpt aws worldview github azure shook google cloud forrester sql summits 3x 5x linux foundation thoughtworks powerapps ec2 something amazing united arab emirates uae bigquery moscone openjdk k8 amazon rekognition aws outposts green software foundation aws control tower cloud spanner aws regions cloud pod foghorn consulting

EP39: Tech - Seguridad en AWS: Administración Multicuenta

Podcast AWS LATAM

Play Episode Listen Later Mar 22, 2021 12:23

Este nuevo episodio de la serie sobre seguridad y conformidad se enfoca en cómo implementar una estrategia de gobierno en AWS utilizando una administración multicuenta. Felipe de Bene y René Roldan explican cómo utilizar distintos servicios de seguridad, gestión y gobierno, y cómo AWS Control Tower puede ayudar en la orquestación de estos servicios. Material Adicional: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/organizing-your-aws-environment.html

tech seguridad aws bene administraci aws control tower

9 - AWS Control Tower - Zentrales Management einer sicheren AWS-Umgebung

Play Episode Listen Later Feb 1, 2021 11:43

Der offizielle deutschsprachige Podcast rund um Amazon Web Services (AWS), für Neugierige, Cloud-Einsteiger und AWS-Experten, produziert von Dennis Traub, Developer Advocate bei AWS. Bei Fragen, Anregungen und Feedback wendet euch gerne direkt an Dennis auf Twitter (@dtraub) oder per Mail an traubd@amazon.com. In dieser Episode spricht Dennis über AWS Control Tower, einen Service, der das zentrale Management einer AWS-Umgebung mit mehreren Konten erheblich erleichtert. Links zum Thema: - AWS Control Tower - https://aws.amazon.com/controltower/ - Enabling self-service provisioning of AWS resources - https://aws.amazon.com/de/blogs/mt/enabling-self-service-provisioning-of-aws-resources-with-aws-control-tower/ Für mehr Infos, Tipps und Tricks rund um AWS und die Cloud folgt Dennis auf: - Twitter - https://twitter.com/dtraub - Twitch - https://www.twitch.tv/dennis_at_work - YouTube - https://www.youtube.com/dennistraub

service management twitch mail cloud tricks tipps anregungen aws enabling umgebung amazon web services konten developer advocate neugierige aws control tower

【毎日AWS #131】お待たせしました！！！毎日AWS再開です！！！アップデート4件 #サバワ

サーバーワークスが送るAWS情報番組「さばラジ！」

Play Episode Listen Later Jan 31, 2021 7:35

最新情報を "ながら" でキャッチアップ！ラジオ感覚放送「毎日AWS」おはようございます、サーバーワークスの加藤です。今日は 1/29 に出たアップデートをピックアップしてご紹介。感想は Twitter にて「#サバワ」をつけて投稿してください！ ■ UPDATE PICKUP Amazon CloudWatch Container Insights for EKS が Fluent Bit と統合 AWS Glue DataBrew が 6 つの新しい区切り文字に対応 AWS Control Tower が複数アカウントの設定を一括更新できるように AWS Marketplace が複数のプライベートマーケットプレースカタログをサポート ■ サーバーワークスSNS Twitter / Facebook ■ サーバーワークスブログサーバーワークスエンジニアブログ

aws aws marketplace aws control tower

What's New in April 2020

Melbourne AWS User Group

Play Episode Listen Later May 5, 2020 46:11

A month passed before we could blink, and once again Arjen is joined by Jean-Manuel and Guy to discuss the highlights of the April announcements. Co-starring interrupted chatbots and terrifying music. The News Finally in Sydney Sellers, consulting partners, and data providers from Australia and New Zealand now available in AWS Marketplace and AWS Data Exchange AWS Ground Station is now available in the Asia Pacific (Sydney) Region in Australia AWS Transit Gateway now Supports Inter-Region Peering in 11 additional regions EKS Adds Fargate Support in Frankfurt, Oregon, Singapore, and Sydney AWS Regions Amazon Aurora with PostgreSQL Compatibility for PostgreSQL 11 is available in all commercial AWS Regions Serverless Amazon RDS Proxy with PostgreSQL Compatibility (Preview) (not in Sydney) Exporting HTTP APIs as OpenAPI 3.0 Now Supported by Amazon API Gateway AWS Lambda now supports .NET Core 3.1 The AWS Toolkit for Visual Studio Code now supports AWS Step Functions Amplify CLI adds support for additional Lambda runtimes (Java, Go, .NET and Python) and Lambda cron jobs AWS X-Ray SDK for Go is now generally available Containers Amazon ECS and AWS Fargate support for Amazon EFS File Systems now generally available AWS App Mesh adds support to connect services deployed in multiple AWS accounts into a shared mesh Amazon EKS Now Supports Service-Linked Roles Amazon EKS managed node groups allow fully private cluster networking Databases Amazon Keyspaces (for Apache Cassandra) is now generally available Amazon RDS Now Supports PostgreSQL 12 Amazon RDS now supports MariaDB 10.4 AWS Database Migration Service now supports replicating data to Apache Kafka streaming platform (Keyspaces) Amazon Neptune now supports the T3.medium instance type Dev & Ops AWS Chatbot Now Generally Available Receive Notifications for AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, and AWS CodePipeline in Slack EC2 Image Builder adds support for Ubuntu, RHEL, CentOS, and SLES Amazon CloudWatch Synthetics is now generally available Amazon CloudWatch Synthetics now supports monitoring private endpoints in a VPC Security Amazon Detective is now generally available Review and remediate unintended access allowed on your AWS resources from outside your AWS organization Amazon Cognito Identity Pools now supports Sign in with Apple Track changes to secrets stored in AWS Secrets Manager using AWS Config and AWS Config Rules AWS Security Hub launches the Foundational Security Best Practices standard VPC & EC2 Amazon Elastic File System announces 400% increase in read operations for General Purpose mode file systems AWS Elastic Beanstalk Launches support for AWS PrivateLink AWS Elastic Beanstalk adds API support for listing platform branches AWS Elastic Beanstalk Announces General Availability of Amazon Linux 2 Based Docker, Corretto, and Python Platforms New AWS Elastic Beanstalk console now available AI & ML AWS DeepComposer is now generally available Introducing Amazon Augmented AI (A2I) for human reviews of machine learning predictions Introducing TorchServe: a PyTorch model serving framework Amazon Transcribe Medical now supports batch transcription of medical audio files Amazon Personalize now provides scores for recommended items Other Cool Stuff You can now use AWS Control Tower to set up new multi-account AWS environments in AWS Organizations Announcing the new AWS Africa (Cape Town) Region AWS Canada (Central) Region Adds Third Availability Zone Introducing AWS Cost Categories Amazon CloudWatch Contributor Insights is now generally available Introducing the AWS Transfer Family with fully managed support for SFTP, FTPS, and FTP Announcing general availability of Amazon Pinpoint Custom Channels Amazon Kinesis Data Firehose adds support for streaming data delivery to an Amazon Elasticsearch Service domain in an Amazon Virtual Private Cloud (VPC) AWS IQ waives fees until June 30, 2020 Amazon Connect adds custom terminating keypress for DTMF Amazon Connect now enables customers to interrupt Amazon Lex Chatbots Introducing Amazon Chime Proxy Phone Sessions AWS Snowball Edge Storage Optimized now delivers 25% faster data transfer performance AWS Snowball adds task automation with AWS Systems Manager AWS Snowball now supports local AWS IAM Introducing AWS OpsHub for Snow Family, a graphical user interface to manage AWS Snowball devices Other links AWS DeepComposer - Oasis - Wonderwall - Experiment #001 by The Dirk I Think Breath Noise is an Interesting One | Ambassador Lounge Podcast Episode #4 AWS Inside the Region | ig.nore.me Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions

australia new zealand oregon singapore region frankfurt api python aws java ubuntu t3 lambda arjen postgresql visual studio code pytorch net core centos apache kafka corretto open api mariadb rhel general purpose aws marketplace sftp apache cassandra aws fargate amazon linux aws config aws control tower aws codebuild aws secrets manager aws codedeploy aws codepipeline aws codecommit amazon elasticsearch service

SEC222-S: Protecting you from you: Misconfiguration-caused breaches

Play Episode Listen Later Dec 7, 2019 44:47

According to Gartner, "through 2022, at least 95 percent of cloud security failures will be the customer's fault." In this session, Roy Feintuch, cloud chief technologist at Check Point Software, outlines the problem statement while providing surprising examples of publicly known security breaches. He then provides best practices and methodologies to mitigate these breaches using detective, reactive, and preventative measures, as well as compliance and configuration monitoring. As part of the session, Feintuch also discusses alternative proprietary techniques that augment AWS native services and capabilities, like AWS Control Tower and AWS Lambda. This session is brought to you by Check Point Software, an APN Partner.

protecting aws gartner breaches aws lambda check point software aws control tower

SEC325-R2: Architecting security & governance across your landing zone

Play Episode Listen Later Dec 7, 2019 57:19

A key element of your AWS environment is having a framework to provide resource isolation, separation of duties, and clear billing separation (i.e., a landing zone). In this session, we discuss updates to multi-account strategy best practices for establishing your landing zone, new guidance for building organizational unit structures, and a historical context. We cover security patterns, such as identity federation, cross-account roles, consolidated logging, and account governance. We wrap up with considerations on using AWS Landing Zone, AWS Control Tower, or AWS Organizations.¬†We encourage you to attend all the landing zone sessions. Search for 'landing zone' in the session catalog.

search security landing governance aws architecting aws organizations aws control tower

MGT302-R1: Enable AWS adoption at scale with automation and governance

Play Episode Listen Later Dec 7, 2019 59:08

Enterprises are taking advantage of AWS so they can move quickly while maintaining governance control over costs, security, and compliance. In this session, we discuss how AWS Control Tower, AWS Service Catalog, AWS Organizations, and AWS CloudFormation simplifies compliance and makes ongoing governance easier. You learn how to set up and govern your multi-account AWS environment or landing zone through automation, blueprints, and guardrails. Finally, you learn how to launch governed and secure resources on AWS through a DevOps CI/CD pipeline.

scale adoption automation governance aws enterprises enable aws cloudformation aws organizations aws control tower aws service catalog

MGT201-L: Leadership session: AWS management and governance services