Podcasts about aws identity

AT&T wireless announces a massive data breach. NATO will build a cyber defense center in Belgium. The White House outlines cybersecurity budget priorities.A popular phone spyware app suffers a major data breach.Some Linksys routers are sending user credentials in the clear. Sysdig describes Crystalray malware. A massive phishing campaign is exploiting Microsoft SharePoint servers. Germany strips Huawei and ZTE from 5G infrastructure. Our guest is Brigid Johnson, Director of AWS Identity, on the importance of identity management. The EU tells X-Twitter to clean up its act or pay the price. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest At the recent AWS re:Inforce 2024 conference, N2K's Brandon Karpf spoke with Brigid Johnson, Director of AWS Identity, about the importance of identity and where we need to go. You can watch a replay of Brigid's session at the event, IAM policy power hour, here.  Selected Reading AT&T Details Massive Breach of Customers' Call and Text Logs (Data Breach Today) NATO Set to Build New Cyber Defense Center (Infosecurity Magazine) New Presidential memorandum sets cybersecurity priorities for FY 2026, tasking OMB and ONCD to evaluate submissions (Industrial Cyber) mSpy Data Breach: Millions of Customers' Data Exposed (GB Hackers) Advance Auto Parts' Snowflake Breach Hits 2.3 Million People (Infosecurity Magazine) These Linksys routers are likely transmitting cleartext passwords (TechSpot) Known SSH-Snake bites more victims with multiple OSS exploitation (CSO Online) Beware of Phishing Attack that Abuses SharePoint Servers (Cyber Security News) Germany to Strip Huawei From Its 5G Networks (The New York Times) EU threatens Musk's X with a fine of up to 6% of global turnover (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Identity at the Center podcast is back for 2024! Jim McDonald and Jeff Steadman are joined by guest Phil Windley, Senior Software Development Manager at AWS Identity and co-founder/organizer of the Internet Identity Workshop, to share his insights on digital identity. Join us as we dive into topics such as Phil's journey into the field of identity, his involvement in the Internet Identity Workshop, and his book "Learning Digital Identity." We also discuss the book writing process, key takeaways, and the future of identity innovation. Don't miss this engaging conversation with one of the leading experts in the field! Phil's website: http://phil.windley.org/ Learning Digital Identity by Phil Windley: https://www.amazon.com/Learning-Digital-Identity-Design-Architectures/dp/1098117697 Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

CISA issues a new Binding Operational Directive. An update on CosmicEnergy. Hackers' homage to fromage in attacks against the Swiss government. Ukraine's Cyber Police shut down a pro-Russian bot farm. Clothing and footwear retailers see impersonation and online fraud. A 2021 ransomware attack contributed to a hospital closing. A proof-of-concept exploit of a patched MOVEit vulnerability. An industry letter calls for a new framework on the White House cybersecurity strategy. Joe Carrigan examines a ChatGPT fueled phishing scam. Our guest is Neha Rungta, Applied Science Director at AWS Identity discussing Amazon Verified Permissions. And trends in cyber risks for small and medium businesses. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/113 Selected reading. Binding Operational Directive 23-02 (US Cybersecurity and Infrastructure Security Agency) COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant) Dragos Analysis Determines COSMICENERGY Is Not an Immediate Threat (Dragos) More than 4,000 bots to discredit the Defense Forces of Ukraine and spread propaganda in favor of Russia: the police of Vinnytsia eliminated a large-scale bot farm (Ukraine Cyber Police) Ukraine police raid social media bot farm accused of pro-Russia propaganda (The Record) Widespread Brand Impersonation Scam Campaign Targeting Hundreds of the Most Popular Apparel Brands (Bolster) An Illinois hospital is the first health care facility to link its closing to a ransomware attack (NBC News) Ransomware attack causes Illinois hospital to close (Becker's Hospital Review) New BlackFog research: 61% of SMBs were victims of a cyberattack in the last year (BlackFog) Switzerland warns that a ransomware gang may have accessed government data (The Record) Swiss government warns of ongoing DDoS attacks, data leak (BleepingComputer) Swiss Government Targeted by Series of Cyber-Attacks (Infosecurity Magazine) DDoS attack on Federal Administration: various Federal Administration websites and applications unavailable (The Federal Council of the Swiss Government)

Welcome to the newest episode of The Cloud Pod podcast! Justin, Ryan, Jonathan, Matthew are your hosts this week as we discuss all things cloud and AI, as well as Amazon Detective, SageMaker, AWS Documentation, and Google Workstation.  Titles we almost went with (and there's a lot this week)

Phil Windley is a Senior Software Development Manager at AWS Identity. He was most recently an Enterprise Architect and Principal Engineer in the Office of Information Technology at Brigham Young University (BYU). He was the Founding Chair of the Sovrin Foundation serving from 2016 to 2020. He is also the co-founder and organizer of the Internet Identity Workshop, serves as an Adjunct Professor of Computer Science at BYU, writes the popular Technometria blog, and is the author of the books Learning Digital Identity (O'Reilly, Media 2023), The Live Web (Course Technology, 2011), and Digital Identity (O'Reilly Media, 2005). About Podcast Episode Read more about the episode by heading to https://northernblock.io/relationships-and-identity-systems-with-phil-windley/ Some of the key topics covered during this episode with Phil are: The differences in our knowledge needs between the physical world (tacit) and the digital world (explicit) are what make digital identity management complicated. Short-lived vs. long-lived relationships: a comparison. If the real world has pseudonymous relationships, why can't this be true online? (looking at recent Twitter and Meta verified account initiatives) Does the role of Identity Providers (IdPs) change as we move towards more user-controlled systems, rather than administrative identity systems? How does the term "Relying Party" translate into SSI? Breaking down trust and trustworthy, and differentiating between confidence and trust. Examining the tradespace between Privacy, Authenticity, and Confidentiality. How attribute-based access control (ABAC) will benefit from verifiable credentials. Where to find Phil? LinkedIn: https://www.linkedin.com/in/windley/ Twitter: https://twitter.com/windley Follow Mathieu Glaude Twitter: https://twitter.com/mathieu_glaude LinkedIn: https://www.linkedin.com/in/mathieuglaude/ Website: https://northernblock.io/

Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. You can register here: https://cloudposse.com/office-hoursJoin the conversation: https://slack.cloudposse.com/Find out how we can help your company:https://cloudposse.com/quizhttps://cloudposse.com/accelerate/Learn more about Cloud Posse:https://cloudposse.comhttps://github.com/cloudpossehttps://sweetops.com/https://newsletter.cloudposse.comhttps://podcast.cloudposse.com/[00:00:00] Intro[00:01:21] Use the GitHub CLI to test webhooks in your development environmenthttps://docs.github.com/en/developers/webhooks-and-events/webhooks/receiving-webhooks-with-the-github-cli[00:04:51]  GitHub Environment Protection Rules Now Support “waiting” Webhookhttps://github.blog/changelog/2022-11-22-webhook-enhancements-for-environment-protection-rules/[00:06:17] How Cloudflare uses Terraform to manage Cloudflare (with Atlantis)https://blog.cloudflare.com/terraforming-cloudflare-at-cloudflare/[00:07:55] Display your Terraform module call stack in your terminal with tftreehttps://github.com/busser/tftree[00:09:46]  Kubeshare is like Wireshark for Kuberneteshttps://github.com/kubeshark/kubeshark[00:10:44] AWS Identity and Access Management now supports multiple MFA deviceshttps://aws.amazon.com/about-aws/whats-new/2022/11/aws-identity-access-management-multi-factor-authentication-devices/[00:12:53] Too many more! https://sweetops.slack.com/archives/CHDR1EWNA/p1669231281395509?thread_ts=1669230039.133869&cid=CHDR1EWNA[00:56:04] Karpenter now supports native Spot Instance Interruption-handling feature, which makes cost savings with spot instances more viable for critical worklhttps://sweetops.slack.com/archives/CHDR1EWNA/p1669114607374279[00:1:03:51] Outro#officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#awsSupport the show

[00:00.000 --> 00:04.560] All right, so I'm here with 52 weeks of AWS[00:04.560 --> 00:07.920] and still continuing to do developer certification.[00:07.920 --> 00:11.280] I'm gonna go ahead and share my screen here.[00:13.720 --> 00:18.720] All right, so we are on Lambda, one of my favorite topics.[00:19.200 --> 00:20.800] Let's get right into it[00:20.800 --> 00:24.040] and talk about how to develop event-driven solutions[00:24.040 --> 00:25.560] with AWS Lambda.[00:26.640 --> 00:29.440] With Serverless Computing, one of the things[00:29.440 --> 00:32.920] that it is going to do is it's gonna change[00:32.920 --> 00:36.000] the way you think about building software[00:36.000 --> 00:39.000] and in a traditional deployment environment,[00:39.000 --> 00:42.040] you would configure an instance, you would update an OS,[00:42.040 --> 00:45.520] you'd install applications, build and deploy them,[00:45.520 --> 00:47.000] load balance.[00:47.000 --> 00:51.400] So this is non-cloud native computing and Serverless,[00:51.400 --> 00:54.040] you really only need to focus on building[00:54.040 --> 00:56.360] and deploying applications and then monitoring[00:56.360 --> 00:58.240] and maintaining the applications.[00:58.240 --> 01:00.680] And so with really what Serverless does[01:00.680 --> 01:05.680] is it allows you to focus on the code for the application[01:06.320 --> 01:08.000] and you don't have to manage the operating system,[01:08.000 --> 01:12.160] the servers or scale it and really is a huge advantage[01:12.160 --> 01:14.920] because you don't have to pay for the infrastructure[01:14.920 --> 01:15.920] when the code isn't running.[01:15.920 --> 01:18.040] And that's really a key takeaway.[01:19.080 --> 01:22.760] If you take a look at the AWS Serverless platform,[01:22.760 --> 01:24.840] there's a bunch of fully managed services[01:24.840 --> 01:26.800] that are tightly integrated with Lambda.[01:26.800 --> 01:28.880] And so this is another huge advantage of Lambda,[01:28.880 --> 01:31.000] isn't necessarily that it's the fastest[01:31.000 --> 01:33.640] or it has the most powerful execution,[01:33.640 --> 01:35.680] it's the tight integration with the rest[01:35.680 --> 01:39.320] of the AWS platform and developer tools[01:39.320 --> 01:43.400] like AWS Serverless application model or AWS SAM[01:43.400 --> 01:45.440] would help you simplify the deployment[01:45.440 --> 01:47.520] of Serverless applications.[01:47.520 --> 01:51.960] And some of the services include Amazon S3,[01:51.960 --> 01:56.960] Amazon SNS, Amazon SQS and AWS SDKs.[01:58.600 --> 02:03.280] So in terms of Lambda, AWS Lambda is a compute service[02:03.280 --> 02:05.680] for Serverless and it lets you run code[02:05.680 --> 02:08.360] without provisioning or managing servers.[02:08.360 --> 02:11.640] It allows you to trigger your code in response to events[02:11.640 --> 02:14.840] that you would configure like, for example,[02:14.840 --> 02:19.200] dropping something into a S3 bucket like that's an image,[02:19.200 --> 02:22.200] Nevel Lambda that transcribes it to a different format.[02:23.080 --> 02:27.200] It also allows you to scale automatically based on demand[02:27.200 --> 02:29.880] and it will also incorporate built-in monitoring[02:29.880 --> 02:32.880] and logging with AWS CloudWatch.[02:34.640 --> 02:37.200] So if you look at AWS Lambda,[02:37.200 --> 02:39.040] some of the things that it does[02:39.040 --> 02:42.600] is it enables you to bring in your own code.[02:42.600 --> 02:45.280] So the code you write for Lambda isn't written[02:45.280 --> 02:49.560] in a new language, you can write things[02:49.560 --> 02:52.600] in tons of different languages for AWS Lambda,[02:52.600 --> 02:57.600] Node, Java, Python, C-sharp, Go, Ruby.[02:57.880 --> 02:59.440] There's also custom run time.[02:59.440 --> 03:03.880] So you could do Rust or Swift or something like that.[03:03.880 --> 03:06.080] And it also integrates very deeply[03:06.080 --> 03:11.200] with other AWS services and you can invoke[03:11.200 --> 03:13.360] third-party applications as well.[03:13.360 --> 03:18.080] It also has a very flexible resource and concurrency model.[03:18.080 --> 03:20.600] And so Lambda would scale in response to events.[03:20.600 --> 03:22.880] So you would just need to configure memory settings[03:22.880 --> 03:24.960] and AWS would handle the other details[03:24.960 --> 03:28.720] like the CPU, the network, the IO throughput.[03:28.720 --> 03:31.400] Also, you can use the Lambda,[03:31.400 --> 03:35.000] AWS Identity and Access Management Service or IAM[03:35.000 --> 03:38.560] to grant access to what other resources you would need.[03:38.560 --> 03:41.200] And this is one of the ways that you would control[03:41.200 --> 03:44.720] the security of Lambda is you have really guardrails[03:44.720 --> 03:47.000] around it because you would just tell Lambda,[03:47.000 --> 03:50.080] you have a role that is whatever it is you need Lambda to do,[03:50.080 --> 03:52.200] talk to SQS or talk to S3,[03:52.200 --> 03:55.240] and it would specifically only do that role.[03:55.240 --> 04:00.240] And the other thing about Lambda is that it has built-in[04:00.560 --> 04:02.360] availability and fault tolerance.[04:02.360 --> 04:04.440] So again, it's a fully managed service,[04:04.440 --> 04:07.520] it's high availability and you don't have to do anything[04:07.520 --> 04:08.920] at all to use that.[04:08.920 --> 04:11.600] And one of the biggest things about Lambda[04:11.600 --> 04:15.000] is that you only pay for what you use.[04:15.000 --> 04:18.120] And so when the Lambda service is idle,[04:18.120 --> 04:19.480] you don't have to actually pay for that[04:19.480 --> 04:21.440] versus if it's something else,[04:21.440 --> 04:25.240] like even in the case of a Kubernetes-based system,[04:25.240 --> 04:28.920] still there's a host machine that's running Kubernetes[04:28.920 --> 04:31.640] and you have to actually pay for that.[04:31.640 --> 04:34.520] So one of the ways that you can think about Lambda[04:34.520 --> 04:38.040] is that there's a bunch of different use cases for it.[04:38.040 --> 04:40.560] So let's start off with different use cases,[04:40.560 --> 04:42.920] web apps, I think would be one of the better ones[04:42.920 --> 04:43.880] to think about.[04:43.880 --> 04:46.680] So you can combine AWS Lambda with other services[04:46.680 --> 04:49.000] and you can build powerful web apps[04:49.000 --> 04:51.520] that automatically scale up and down.[04:51.520 --> 04:54.000] And there's no administrative effort at all.[04:54.000 --> 04:55.160] There's no backups necessary,[04:55.160 --> 04:58.320] no multi-data center redundancy, it's done for you.[04:58.320 --> 05:01.400] Backends, so you can build serverless backends[05:01.400 --> 05:05.680] that lets you handle web, mobile, IoT,[05:05.680 --> 05:07.760] third-party applications.[05:07.760 --> 05:10.600] You can also build those backends with Lambda,[05:10.600 --> 05:15.400] with API Gateway, and you can build applications with them.[05:15.400 --> 05:17.200] In terms of data processing,[05:17.200 --> 05:19.840] you can also use Lambda to run code[05:19.840 --> 05:22.560] in response to a trigger, change in data,[05:22.560 --> 05:24.440] shift in system state,[05:24.440 --> 05:27.360] and really all of AWS for the most part[05:27.360 --> 05:29.280] is able to be orchestrated with Lambda.[05:29.280 --> 05:31.800] So it's really like a glue type service[05:31.800 --> 05:32.840] that you're able to use.[05:32.840 --> 05:36.600] Now chatbots, that's another great use case for it.[05:36.600 --> 05:40.760] Amazon Lex is a service for building conversational chatbots[05:42.120 --> 05:43.560] and you could use it with Lambda.[05:43.560 --> 05:48.560] Amazon Lambda service is also able to be used[05:50.080 --> 05:52.840] with voice IT automation.[05:52.840 --> 05:55.760] These are all great use cases for Lambda.[05:55.760 --> 05:57.680] In fact, I would say it's kind of like[05:57.680 --> 06:01.160] the go-to automation tool for AWS.[06:01.160 --> 06:04.160] So let's talk about how Lambda works next.[06:04.160 --> 06:06.080] So the way Lambda works is that[06:06.080 --> 06:09.080] there's a function and there's an event source,[06:09.080 --> 06:10.920] and these are the core components.[06:10.920 --> 06:14.200] The event source is the entity that publishes events[06:14.200 --> 06:19.000] to AWS Lambda, and Lambda function is the code[06:19.000 --> 06:21.960] that you're gonna use to process the event.[06:21.960 --> 06:25.400] And AWS Lambda would run that Lambda function[06:25.400 --> 06:29.600] on your behalf, and a few things to consider[06:29.600 --> 06:33.840] is that it really is just a little bit of code,[06:33.840 --> 06:35.160] and you can configure the triggers[06:35.160 --> 06:39.720] to invoke a function in response to resource lifecycle events,[06:39.720 --> 06:43.680] like for example, responding to incoming HTTP,[06:43.680 --> 06:47.080] consuming events from a queue, like in the case of SQS[06:47.080 --> 06:48.320] or running it on a schedule.[06:48.320 --> 06:49.760] So running it on a schedule is actually[06:49.760 --> 06:51.480] a really good data engineering task, right?[06:51.480 --> 06:54.160] Like you could run it periodically to scrape a website.[06:55.120 --> 06:58.080] So as a developer, when you create Lambda functions[06:58.080 --> 07:01.400] that are managed by the AWS Lambda service,[07:01.400 --> 07:03.680] you can define the permissions for the function[07:03.680 --> 07:06.560] and basically specify what are the events[07:06.560 --> 07:08.520] that would actually trigger it.[07:08.520 --> 07:11.000] You can also create a deployment package[07:11.000 --> 07:12.920] that includes application code[07:12.920 --> 07:17.000] in any dependency or library necessary to run the code,[07:17.000 --> 07:19.200] and you can also configure things like the memory,[07:19.200 --> 07:23.200] you can figure the timeout, also configure the concurrency,[07:23.200 --> 07:25.160] and then when your function is invoked,[07:25.160 --> 07:27.640] Lambda will provide a runtime environment[07:27.640 --> 07:30.080] based on the runtime and configuration options[07:30.080 --> 07:31.080] that you selected.[07:31.080 --> 07:36.080] So let's talk about models for invoking Lambda functions.[07:36.360 --> 07:41.360] In the case of an event source that invokes Lambda function[07:41.440 --> 07:43.640] by either a push or a pool model,[07:43.640 --> 07:45.920] in the case of a push, it would be an event source[07:45.920 --> 07:48.440] directly invoking the Lambda function[07:48.440 --> 07:49.840] when the event occurs.[07:50.720 --> 07:53.040] In the case of a pool model,[07:53.040 --> 07:56.960] this would be putting the information into a stream or a queue,[07:56.960 --> 07:59.400] and then Lambda would pull that stream or queue,[07:59.400 --> 08:02.800] and then invoke the function when it detects an events.[08:04.080 --> 08:06.480] So a few different examples would be[08:06.480 --> 08:11.280] that some services can actually invoke the function directly.[08:11.280 --> 08:13.680] So for a synchronous invocation,[08:13.680 --> 08:15.480] the other service would wait for the response[08:15.480 --> 08:16.320] from the function.[08:16.320 --> 08:20.680] So a good example would be in the case of Amazon API Gateway,[08:20.680 --> 08:24.800] which would be the REST-based service in front.[08:24.800 --> 08:28.320] In this case, when a client makes a request to your API,[08:28.320 --> 08:31.200] that client would get a response immediately.[08:31.200 --> 08:32.320] And then with this model,[08:32.320 --> 08:34.880] there's no built-in retry in Lambda.[08:34.880 --> 08:38.040] Examples of this would be Elastic Load Balancing,[08:38.040 --> 08:42.800] Amazon Cognito, Amazon Lex, Amazon Alexa,[08:42.800 --> 08:46.360] Amazon API Gateway, AWS CloudFormation,[08:46.360 --> 08:48.880] and Amazon CloudFront,[08:48.880 --> 08:53.040] and also Amazon Kinesis Data Firehose.[08:53.040 --> 08:56.760] For asynchronous invocation, AWS Lambda queues,[08:56.760 --> 09:00.320] the event before it passes to your function.[09:00.320 --> 09:02.760] The other service gets a success response[09:02.760 --> 09:04.920] as soon as the event is queued,[09:04.920 --> 09:06.560] and if an error occurs,[09:06.560 --> 09:09.760] Lambda will automatically retry the invocation twice.[09:10.760 --> 09:14.520] A good example of this would be S3, SNS,[09:14.520 --> 09:17.720] SES, the Simple Email Service,[09:17.720 --> 09:21.120] AWS CloudFormation, Amazon CloudWatch Logs,[09:21.120 --> 09:25.400] CloudWatch Events, AWS CodeCommit, and AWS Config.[09:25.400 --> 09:28.280] But in both cases, you can invoke a Lambda function[09:28.280 --> 09:30.000] using the invoke operation,[09:30.000 --> 09:32.720] and you can specify the invocation type[09:32.720 --> 09:35.440] as either synchronous or asynchronous.[09:35.440 --> 09:38.760] And when you use the AWS service as a trigger,[09:38.760 --> 09:42.280] the invocation type is predetermined for each service,[09:42.280 --> 09:44.920] and so you have no control over the invocation type[09:44.920 --> 09:48.920] that these events sources use when they invoke your Lambda.[09:50.800 --> 09:52.120] In the polling model,[09:52.120 --> 09:55.720] the event sources will put information into a stream or a queue,[09:55.720 --> 09:59.360] and AWS Lambda will pull the stream or the queue.[09:59.360 --> 10:01.000] If it first finds a record,[10:01.000 --> 10:03.280] it will deliver the payload and invoke the function.[10:03.280 --> 10:04.920] And this model, the Lambda itself,[10:04.920 --> 10:07.920] is basically pulling data from a stream or a queue[10:07.920 --> 10:10.280] for processing by the Lambda function.[10:10.280 --> 10:12.640] Some examples would be a stream-based event service[10:12.640 --> 10:17.640] would be Amazon DynamoDB or Amazon Kinesis Data Streams,[10:17.800 --> 10:20.920] and these stream records are organized into shards.[10:20.920 --> 10:24.640] So Lambda would actually pull the stream for the record[10:24.640 --> 10:27.120] and then attempt to invoke the function.[10:27.120 --> 10:28.800] If there's a failure,[10:28.800 --> 10:31.480] AWS Lambda won't read any of the new shards[10:31.480 --> 10:34.840] until the failed batch of records expires or is processed[10:34.840 --> 10:36.160] successfully.[10:36.160 --> 10:39.840] In the non-streaming event, which would be SQS,[10:39.840 --> 10:42.400] Amazon would pull the queue for records.[10:42.400 --> 10:44.600] If it fails or times out,[10:44.600 --> 10:46.640] then the message would be returned to the queue,[10:46.640 --> 10:49.320] and then Lambda will keep retrying the failed message[10:49.320 --> 10:51.800] until it's processed successfully.[10:51.800 --> 10:53.600] If the message will expire,[10:53.600 --> 10:56.440] which is something you can do with SQS,[10:56.440 --> 10:58.240] then it'll just be discarded.[10:58.240 --> 11:00.400] And you can create a mapping between an event source[11:00.400 --> 11:02.960] and a Lambda function right inside of the console.[11:02.960 --> 11:05.520] And this is how typically you would set that up manually[11:05.520 --> 11:07.600] without using infrastructure as code.[11:08.560 --> 11:10.200] All right, let's talk about permissions.[11:10.200 --> 11:13.080] This is definitely an easy place to get tripped up[11:13.080 --> 11:15.760] when you're first using AWS Lambda.[11:15.760 --> 11:17.840] There's two types of permissions.[11:17.840 --> 11:20.120] The first is the event source and permission[11:20.120 --> 11:22.320] to trigger the Lambda function.[11:22.320 --> 11:24.480] This would be the invocation permission.[11:24.480 --> 11:26.440] And the next one would be the Lambda function[11:26.440 --> 11:29.600] needs permissions to interact with other services,[11:29.600 --> 11:31.280] but this would be the run permissions.[11:31.280 --> 11:34.520] And these are both handled via the IAM service[11:34.520 --> 11:38.120] or the AWS identity and access management service.[11:38.120 --> 11:43.120] So the IAM resource policy would tell the Lambda service[11:43.600 --> 11:46.640] which push event the sources have permission[11:46.640 --> 11:48.560] to invoke the Lambda function.[11:48.560 --> 11:51.120] And these resource policies would make it easy[11:51.120 --> 11:55.280] to grant access to a Lambda function across AWS account.[11:55.280 --> 11:58.400] So a good example would be if you have an S3 bucket[11:58.400 --> 12:01.400] in your account and you need to invoke a function[12:01.400 --> 12:03.880] in another account, you could create a resource policy[12:03.880 --> 12:07.120] that allows those to interact with each other.[12:07.120 --> 12:09.200] And the resource policy for a Lambda function[12:09.200 --> 12:11.200] is called a function policy.[12:11.200 --> 12:14.160] And when you add a trigger to your Lambda function[12:14.160 --> 12:16.760] from the console, the function policy[12:16.760 --> 12:18.680] will be generated automatically[12:18.680 --> 12:20.040] and it allows the event source[12:20.040 --> 12:22.820] to take the Lambda invoke function action.[12:24.400 --> 12:27.320] So a good example would be in Amazon S3 permission[12:27.320 --> 12:32.120] to invoke the Lambda function called my first function.[12:32.120 --> 12:34.720] And basically it would be an effect allow.[12:34.720 --> 12:36.880] And then under principle, if you would have service[12:36.880 --> 12:41.880] S3.AmazonEWS.com, the action would be Lambda colon[12:41.880 --> 12:45.400] invoke function and then the resource would be the name[12:45.400 --> 12:49.120] or the ARN of actually the Lambda.[12:49.120 --> 12:53.080] And then the condition would be actually the ARN of the bucket.[12:54.400 --> 12:56.720] And really that's it in a nutshell.[12:57.560 --> 13:01.480] The Lambda execution role grants your Lambda function[13:01.480 --> 13:05.040] permission to access AWS services and resources.[13:05.040 --> 13:08.000] And you select or create the execution role[13:08.000 --> 13:10.000] when you create a Lambda function.[13:10.000 --> 13:12.320] The IAM policy would define the actions[13:12.320 --> 13:14.440] of Lambda functions allowed to take[13:14.440 --> 13:16.720] and the trust policy allows the Lambda service[13:16.720 --> 13:20.040] to assume an execution role.[13:20.040 --> 13:23.800] To grant permissions to AWS Lambda to assume a role,[13:23.800 --> 13:27.460] you have to have the permission for IAM pass role action.[13:28.320 --> 13:31.000] A couple of different examples of a relevant policy[13:31.000 --> 13:34.560] for an execution role and the example,[13:34.560 --> 13:37.760] the IAM policy, you know,[13:37.760 --> 13:39.840] basically that we talked about earlier,[13:39.840 --> 13:43.000] would allow you to interact with S3.[13:43.000 --> 13:45.360] Another example would be to make it interact[13:45.360 --> 13:49.240] with CloudWatch logs and to create a log group[13:49.240 --> 13:51.640] and stream those logs.[13:51.640 --> 13:54.800] The trust policy would give Lambda service permissions[13:54.800 --> 13:57.600] to assume a role and invoke a Lambda function[13:57.600 --> 13:58.520] on your behalf.[13:59.560 --> 14:02.600] Now let's talk about the overview of authoring[14:02.600 --> 14:06.120] and configuring Lambda functions.[14:06.120 --> 14:10.440] So really to start with, to create a Lambda function,[14:10.440 --> 14:14.840] you first need to create a Lambda function deployment package,[14:14.840 --> 14:19.800] which is a zip or jar file that consists of your code[14:19.800 --> 14:23.160] and any dependencies with Lambda,[14:23.160 --> 14:25.400] you can use the programming language[14:25.400 --> 14:27.280] and integrated development environment[14:27.280 --> 14:29.800] that you're most familiar with.[14:29.800 --> 14:33.360] And you can actually bring the code you've already written.[14:33.360 --> 14:35.960] And Lambda does support lots of different languages[14:35.960 --> 14:39.520] like Node.js, Python, Ruby, Java, Go,[14:39.520 --> 14:41.160] and.NET runtimes.[14:41.160 --> 14:44.120] And you can also implement a custom runtime[14:44.120 --> 14:45.960] if you wanna use a different language as well,[14:45.960 --> 14:48.480] which is actually pretty cool.[14:48.480 --> 14:50.960] And if you wanna create a Lambda function,[14:50.960 --> 14:52.800] you would specify the handler,[14:52.800 --> 14:55.760] the Lambda function handler is the entry point.[14:55.760 --> 14:57.600] And a few different aspects of it[14:57.600 --> 14:59.400] that are important to pay attention to,[14:59.400 --> 15:00.720] the event object,[15:00.720 --> 15:03.480] this would provide information about the event[15:03.480 --> 15:05.520] that triggered the Lambda function.[15:05.520 --> 15:08.280] And this could be like a predefined object[15:08.280 --> 15:09.760] that AWS service generates.[15:09.760 --> 15:11.520] So you'll see this, like for example,[15:11.520 --> 15:13.440] in the console of AWS,[15:13.440 --> 15:16.360] you can actually ask for these objects[15:16.360 --> 15:19.200] and it'll give you really the JSON structure[15:19.200 --> 15:20.680] so you can test things out.[15:21.880 --> 15:23.900] In the contents of an event object[15:23.900 --> 15:26.800] includes everything you would need to actually invoke it.[15:26.800 --> 15:29.640] The context object is generated by AWS[15:29.640 --> 15:32.360] and this is really a runtime information.[15:32.360 --> 15:35.320] And so if you needed to get some kind of runtime information[15:35.320 --> 15:36.160] about your code,[15:36.160 --> 15:40.400] let's say environmental variables or AWS request ID[15:40.400 --> 15:44.280] or a log stream or remaining time in Millies,[15:45.320 --> 15:47.200] like for example, that one would return[15:47.200 --> 15:48.840] the number of milliseconds that remain[15:48.840 --> 15:50.600] before your function times out,[15:50.600 --> 15:53.300] you can get all that inside the context object.[15:54.520 --> 15:57.560] So what about an example that runs a Python?[15:57.560 --> 15:59.280] Pretty straightforward actually.[15:59.280 --> 16:01.400] All you need is you would put a handler[16:01.400 --> 16:03.280] inside the handler would take,[16:03.280 --> 16:05.000] that it would be a Python function,[16:05.000 --> 16:07.080] it would be an event, there'd be a context,[16:07.080 --> 16:10.960] you pass it inside and then you return some kind of message.[16:10.960 --> 16:13.960] A few different best practices to remember[16:13.960 --> 16:17.240] about AWS Lambda would be to separate[16:17.240 --> 16:20.320] the core business logic from the handler method[16:20.320 --> 16:22.320] and this would make your code more portable,[16:22.320 --> 16:24.280] enable you to target unit tests[16:25.240 --> 16:27.120] without having to worry about the configuration.[16:27.120 --> 16:30.400] So this is always a really good idea just in general.[16:30.400 --> 16:32.680] Make sure you have modular functions.[16:32.680 --> 16:34.320] So you have a single purpose function,[16:34.320 --> 16:37.160] you don't have like a kitchen sink function,[16:37.160 --> 16:40.000] you treat functions as stateless as well.[16:40.000 --> 16:42.800] So you would treat a function that basically[16:42.800 --> 16:46.040] just does one thing and then when it's done,[16:46.040 --> 16:48.320] there is no state that's actually kept anywhere[16:49.320 --> 16:51.120] and also only include what you need.[16:51.120 --> 16:55.840] So you don't want to have a huge sized Lambda functions[16:55.840 --> 16:58.560] and one of the ways that you can avoid this[16:58.560 --> 17:02.360] is by reducing the time it takes a Lambda to unpack[17:02.360 --> 17:04.000] the deployment packages[17:04.000 --> 17:06.600] and you can also minimize the complexity[17:06.600 --> 17:08.640] of your dependencies as well.[17:08.640 --> 17:13.600] And you can also reuse the temporary runtime environment[17:13.600 --> 17:16.080] to improve the performance of a function as well.[17:16.080 --> 17:17.680] And so the temporary runtime environment[17:17.680 --> 17:22.280] initializes any external dependencies of the Lambda code[17:22.280 --> 17:25.760] and you can make sure that any externalized configuration[17:25.760 --> 17:27.920] or dependency that your code retrieves are stored[17:27.920 --> 17:30.640] and referenced locally after the initial run.[17:30.640 --> 17:33.800] So this would be limit re-initializing variables[17:33.800 --> 17:35.960] and objects on every invocation,[17:35.960 --> 17:38.200] keeping it alive and reusing connections[17:38.200 --> 17:40.680] like an HTTP or database[17:40.680 --> 17:43.160] that were established during the previous invocation.[17:43.160 --> 17:45.880] So a really good example of this would be a socket connection.[17:45.880 --> 17:48.040] If you make a socket connection[17:48.040 --> 17:51.640] and this socket connection took two seconds to spawn,[17:51.640 --> 17:54.000] you don't want every time you call Lambda[17:54.000 --> 17:55.480] for it to wait two seconds,[17:55.480 --> 17:58.160] you want to reuse that socket connection.[17:58.160 --> 18:00.600] A few good examples of best practices[18:00.600 --> 18:02.840] would be including logging statements.[18:02.840 --> 18:05.480] This is a kind of a big one[18:05.480 --> 18:08.120] in the case of any cloud computing operation,[18:08.120 --> 18:10.960] especially when it's distributed, if you don't log it,[18:10.960 --> 18:13.280] there's no way you can figure out what's going on.[18:13.280 --> 18:16.560] So you must add logging statements that have context[18:16.560 --> 18:19.720] so you know which particular Lambda instance[18:19.720 --> 18:21.600] is actually occurring in.[18:21.600 --> 18:23.440] Also include results.[18:23.440 --> 18:25.560] So make sure that you know it's happening[18:25.560 --> 18:29.000] when the Lambda ran, use environmental variables as well.[18:29.000 --> 18:31.320] So you can figure out things like what the bucket was[18:31.320 --> 18:32.880] that it was writing to.[18:32.880 --> 18:35.520] And then also don't do recursive code.[18:35.520 --> 18:37.360] That's really a no-no.[18:37.360 --> 18:40.200] You want to write very simple functions with Lambda.[18:41.320 --> 18:44.440] Few different ways to write Lambda actually would be[18:44.440 --> 18:46.280] that you can do the console editor,[18:46.280 --> 18:47.440] which I use all the time.[18:47.440 --> 18:49.320] I like to actually just play around with it.[18:49.320 --> 18:51.640] Now the downside is that if you don't,[18:51.640 --> 18:53.800] if you do need to use custom libraries,[18:53.800 --> 18:56.600] you're not gonna be able to do it other than using,[18:56.600 --> 18:58.440] let's say the AWS SDK.[18:58.440 --> 19:01.600] But for just simple things, it's a great use case.[19:01.600 --> 19:06.080] Another one is you can just upload it to AWS console.[19:06.080 --> 19:09.040] And so you can create a deployment package in an IDE.[19:09.040 --> 19:12.120] Like for example, Visual Studio for.NET,[19:12.120 --> 19:13.280] you can actually just right click[19:13.280 --> 19:16.320] and deploy it directly into Lambda.[19:16.320 --> 19:20.920] Another one is you can upload the entire package into S3[19:20.920 --> 19:22.200] and put it into a bucket.[19:22.200 --> 19:26.280] And then Lambda will just grab it outside of that S3 package.[19:26.280 --> 19:29.760] A few different things to remember about Lambda.[19:29.760 --> 19:32.520] The memory and the timeout are configurations[19:32.520 --> 19:35.840] that determine how the Lambda function performs.[19:35.840 --> 19:38.440] And these will affect the billing.[19:38.440 --> 19:40.200] Now, one of the great things about Lambda[19:40.200 --> 19:43.640] is just amazingly inexpensive to run.[19:43.640 --> 19:45.560] And the reason is that you're charged[19:45.560 --> 19:48.200] based on the number of requests for a function.[19:48.200 --> 19:50.560] A few different things to remember would be the memory.[19:50.560 --> 19:53.560] Like so if you specify more memory,[19:53.560 --> 19:57.120] it's going to increase the cost timeout.[19:57.120 --> 19:59.960] You can also control the memory duration of the function[19:59.960 --> 20:01.720] by having the right kind of timeout.[20:01.720 --> 20:03.960] But if you make the timeout too long,[20:03.960 --> 20:05.880] it could cost you more money.[20:05.880 --> 20:08.520] So really the best practices would be test the performance[20:08.520 --> 20:12.880] of Lambda and make sure you have the optimum memory size.[20:12.880 --> 20:15.160] Also load test it to make sure[20:15.160 --> 20:17.440] that you understand how the timeouts work.[20:17.440 --> 20:18.280] Just in general,[20:18.280 --> 20:21.640] anything with cloud computing, you should load test it.[20:21.640 --> 20:24.200] Now let's talk about an important topic[20:24.200 --> 20:25.280] that's a final topic here,[20:25.280 --> 20:29.080] which is how to deploy Lambda functions.[20:29.080 --> 20:32.200] So versions are immutable copies of a code[20:32.200 --> 20:34.200] in the configuration of your Lambda function.[20:34.200 --> 20:35.880] And the versioning will allow you to publish[20:35.880 --> 20:39.360] one or more versions of your Lambda function.[20:39.360 --> 20:40.400] And as a result,[20:40.400 --> 20:43.360] you can work with different variations of your Lambda function[20:44.560 --> 20:45.840] in your development workflow,[20:45.840 --> 20:48.680] like development, beta, production, et cetera.[20:48.680 --> 20:50.320] And when you create a Lambda function,[20:50.320 --> 20:52.960] there's only one version, the latest version,[20:52.960 --> 20:54.080] dollar sign, latest.[20:54.080 --> 20:57.240] And you can refer to this function using the ARN[20:57.240 --> 20:59.240] or Amazon resource name.[20:59.240 --> 21:00.640] And when you publish a new version,[21:00.640 --> 21:02.920] AWS Lambda will make a snapshot[21:02.920 --> 21:05.320] of the latest version to create a new version.[21:06.800 --> 21:09.600] You can also create an alias for Lambda function.[21:09.600 --> 21:12.280] And conceptually, an alias is just like a pointer[21:12.280 --> 21:13.800] to a specific function.[21:13.800 --> 21:17.040] And you can use that alias in the ARN[21:17.040 --> 21:18.680] to reference the Lambda function version[21:18.680 --> 21:21.280] that's currently associated with the alias.[21:21.280 --> 21:23.400] What's nice about the alias is you can roll back[21:23.400 --> 21:25.840] and forth between different versions,[21:25.840 --> 21:29.760] which is pretty nice because in the case of deploying[21:29.760 --> 21:32.920] a new version, if there's a huge problem with it,[21:32.920 --> 21:34.080] you just toggle it right back.[21:34.080 --> 21:36.400] And there's really not a big issue[21:36.400 --> 21:39.400] in terms of rolling back your code.[21:39.400 --> 21:44.400] Now, let's take a look at an example where AWS S3,[21:45.160 --> 21:46.720] or Amazon S3 is the event source[21:46.720 --> 21:48.560] that invokes your Lambda function.[21:48.560 --> 21:50.720] Every time a new object is created,[21:50.720 --> 21:52.880] when Amazon S3 is the event source,[21:52.880 --> 21:55.800] you can store the information for the event source mapping[21:55.800 --> 21:59.040] in the configuration for the bucket notifications.[21:59.040 --> 22:01.000] And then in that configuration,[22:01.000 --> 22:04.800] you could identify the Lambda function ARN[22:04.800 --> 22:07.160] that Amazon S3 can invoke.[22:07.160 --> 22:08.520] But in some cases,[22:08.520 --> 22:11.680] you're gonna have to update the notification configuration.[22:11.680 --> 22:14.720] So Amazon S3 will invoke the correct version each time[22:14.720 --> 22:17.840] you publish a new version of your Lambda function.[22:17.840 --> 22:21.800] So basically, instead of specifying the function ARN,[22:21.800 --> 22:23.880] you can specify an alias ARN[22:23.880 --> 22:26.320] in the notification of configuration.[22:26.320 --> 22:29.160] And as you promote a new version of the Lambda function[22:29.160 --> 22:32.200] into production, you only need to update the prod alias[22:32.200 --> 22:34.520] to point to the latest stable version.[22:34.520 --> 22:36.320] And you also don't need to update[22:36.320 --> 22:39.120] the notification configuration in Amazon S3.[22:40.480 --> 22:43.080] And when you build serverless applications[22:43.080 --> 22:46.600] as common to have code that's shared across Lambda functions,[22:46.600 --> 22:49.400] it could be custom code, it could be a standard library,[22:49.400 --> 22:50.560] et cetera.[22:50.560 --> 22:53.320] And before, and this was really a big limitation,[22:53.320 --> 22:55.920] was you had to have all the code deployed together.[22:55.920 --> 22:58.960] But now, one of the really cool things you can do[22:58.960 --> 23:00.880] is you can have a Lambda function[23:00.880 --> 23:03.600] to include additional code as a layer.[23:03.600 --> 23:05.520] So layer is basically a zip archive[23:05.520 --> 23:08.640] that contains a library, maybe a custom runtime.[23:08.640 --> 23:11.720] Maybe it isn't gonna include some kind of really cool[23:11.720 --> 23:13.040] pre-trained model.[23:13.040 --> 23:14.680] And then the layers you can use,[23:14.680 --> 23:15.800] the libraries in your function[23:15.800 --> 23:18.960] without needing to include them in your deployment package.[23:18.960 --> 23:22.400] And it's a best practice to have the smaller deployment packages[23:22.400 --> 23:25.240] and share common dependencies with the layers.[23:26.120 --> 23:28.520] Also layers will help you keep your deployment package[23:28.520 --> 23:29.360] really small.[23:29.360 --> 23:32.680] So for node, JS, Python, Ruby functions,[23:32.680 --> 23:36.000] you can develop your function code in the console[23:36.000 --> 23:39.000] as long as you keep the package under three megabytes.[23:39.000 --> 23:42.320] And then a function can use up to five layers at a time,[23:42.320 --> 23:44.160] which is pretty incredible actually,[23:44.160 --> 23:46.040] which means that you could have, you know,[23:46.040 --> 23:49.240] basically up to a 250 megabytes total.[23:49.240 --> 23:53.920] So for many languages, this is plenty of space.[23:53.920 --> 23:56.620] Also Amazon has published a public layer[23:56.620 --> 23:58.800] that includes really popular libraries[23:58.800 --> 24:00.800] like NumPy and SciPy,[24:00.800 --> 24:04.840] which does dramatically help data processing[24:04.840 --> 24:05.680] in machine learning.[24:05.680 --> 24:07.680] Now, if I had to predict the future[24:07.680 --> 24:11.840] and I wanted to predict a massive announcement,[24:11.840 --> 24:14.840] I would say that what AWS could do[24:14.840 --> 24:18.600] is they could have a GPU enabled layer at some point[24:18.600 --> 24:20.160] that would include pre-trained models.[24:20.160 --> 24:22.120] And if they did something like that,[24:22.120 --> 24:24.320] that could really open up the doors[24:24.320 --> 24:27.000] for the pre-trained model revolution.[24:27.000 --> 24:30.160] And I would bet that that's possible.[24:30.160 --> 24:32.200] All right, well, in a nutshell,[24:32.200 --> 24:34.680] AWS Lambda is one of my favorite services.[24:34.680 --> 24:38.440] And I think it's worth everybody's time[24:38.440 --> 24:42.360] that's interested in AWS to play around with AWS Lambda.[24:42.360 --> 24:47.200] All right, next week, I'm going to cover API Gateway.[24:47.200 --> 25:13.840] All right, see you next week.If you enjoyed this video, here are additional resources to look at:Coursera + Duke Specialization: Building Cloud Computing Solutions at Scale Specialization: https://www.coursera.org/specializations/building-cloud-computing-solutions-at-scalePython, Bash, and SQL Essentials for Data Engineering Specialization: https://www.coursera.org/specializations/python-bash-sql-data-engineering-dukeAWS Certified Solutions Architect - Professional (SAP-C01) Cert Prep: 1 Design for Organizational Complexity:https://www.linkedin.com/learning/aws-certified-solutions-architect-professional-sap-c01-cert-prep-1-design-for-organizational-complexity/design-for-organizational-complexity?autoplay=trueEssentials of MLOps with Azure and Databricks: https://www.linkedin.com/learning/essentials-of-mlops-with-azure-1-introduction/essentials-of-mlops-with-azureO'Reilly Book: Implementing MLOps in the EnterpriseO'Reilly Book: Practical MLOps: https://www.amazon.com/Practical-MLOps-Operationalizing-Machine-Learning/dp/1098103017O'Reilly Book: Python for DevOps: https://www.amazon.com/gp/product/B082P97LDW/O'Reilly Book: Developing on AWS with C#: A Comprehensive Guide on Using C# to Build Solutions on the AWS Platformhttps://www.amazon.com/Developing-AWS-Comprehensive-Solutions-Platform/dp/1492095877Pragmatic AI: An Introduction to Cloud-based Machine Learning: https://www.amazon.com/gp/product/B07FB8F8QP/Pragmatic AI Labs Book: Python Command-Line Tools: https://www.amazon.com/gp/product/B0855FSFYZPragmatic AI Labs Book: Cloud Computing for Data Analysis: https://www.amazon.com/gp/product/B0992BN7W8Pragmatic AI Book: Minimal Python: https://www.amazon.com/gp/product/B0855NSRR7Pragmatic AI Book: Testing in Python: https://www.amazon.com/gp/product/B0855NSRR7Subscribe to Pragmatic AI Labs YouTube Channel: https://www.youtube.com/channel/UCNDfiL0D1LUeKWAkRE1xO5QSubscribe to 52 Weeks of AWS Podcast: https://52-weeks-of-cloud.simplecast.comView content on noahgift.com: https://noahgift.com/View content on Pragmatic AI Labs Website: https://paiml.com/

2022-07-12 Weekly News - Episode 156Watch the video version on YouTube at https://youtu.be/Lon8ghRKRvQHosts:  Gavin Pickin- Senior Developer at Ortus Solutions Dan Card - Senior Developer at Ortus Solutions Thanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. A few ways  to say thanks back to Ortus Solutions: BUY SOME ITB TICKETS - COME TO THE CONFERENCE - Have a few laughs! Like and subscribe to our videos on YouTube.  Help ORTUS reach for the Stars - Star and Fork our ReposStar all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github  Subscribe to our Podcast on your Podcast Apps and leave us a review Sign up for a free or paid account on CFCasts, which is releasing new content every week BOXLife store: https://www.ortussolutions.com/about-us/shop Buy Ortus's Book - 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)  Patreon SupportGoal 1 - We have 36 patreons providing 100% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. Goal 2 - We are 43% of the way to fully fund the hosting of ForgeBox.io News and AnnouncementsGithub Co-Pilot works with CFMLWe specifically designed GitHub Copilot as an editor extension to make sure nothing gets in the way of what you're doing. GitHub Copilot distills the collective knowledge of the world's developers into an editor extension that suggests code in real time, to help you stay focused on what matters most: building great software.Adam Tuttle confirmed in this Twitter thread https://twitter.com/gamesover/status/1545098071041724416 https://github.blog/2022-06-21-github-copilot-is-generally-available-to-all-developers/#:~:text=We're%20making%20GitHub%20Copilot,of%20popular%20open%20source%20projects.Working Code Podcast discussed Github Co-pilot: https://www.bennadel.com/blog/4295-working-code-podcast-episode-82-github-charging-for-copilot.htm CommandBox vNext supports enabling basic auth only for certain folders#CommandBox vNext supports enabling basic auth only for certain folders, making it easier to wrap additional security around your administrators and other sensitive folders in production. ortussolutions.atlassian.net/browse/COMMAND… #CFML #ColdFusionhttps://ortussolutions.atlassian.net/browse/COMMANDBOX-1419 AWS Identity and Access Management introduces Roles Anywhere for workloads outside of AWSAWS Identity and Access Management (IAM) now enables workloads that run outside of AWS to access AWS resources using IAM Roles Anywhere. IAM Roles Anywhere allows your workloads such as servers, containers, and applications to use X.509 digital certificates to obtain temporary AWS credentials and use the same IAM roles and policies that you have configured for your AWS workloads to access AWS resources. https://aws.amazon.com/about-aws/whats-new/2022/07/aws-identity-access-management-iam-roles-anywhere-workloads-outside-aws/ INTO THE BOX - UpdatesInto the Box Early Bird ticket pricing is over!We extended it for the 4th of July, but that is now over. ITB In Person Schedule Finalized on the Website New Speaker Added - John Farrar New sessions from Speakers Workshops are starting to fill up - don't miss your chance.https://intothebox.org/ New Releases and UpdatesNew Monitoring Solution? - MonikaMentioned by James Moberg on TwitterA #ColdFusion Taffy API was timing out due to 3rdparty MSSQL table locks. I started using @hyperjump_tech Monika to log performance every 60 seconds to expose impact. monika.hyperjump.tech #CFML Metrics are logged to SQLite DB. #opensource #portable #yaml #notificationsMonika is an open source synthetic monitoring command line application. It is actively developed and completely free!Loads of integrations.https://monika.hyperjump.tech/ ICYMI - Adobe ColdFusion Builder (VS Code) BetaDo you want to help us test and improve our upcoming Adobe ColdFusion Builder Extension for VS Code? Well, the time is nearly here. We are collecting emails of interested users.We are starting with a very small closed beta just to shake any lingering bugs out. This is happening over the weekend.Once we feel comfortable, users who have signed up for this beta (form link below) will slowly begin getting invites for a pre-release forum dedicated to the full closed beta program. This is likely to occur early to mid next week.We need people who are fired up, willing to put in time testing and provide us with solid, informative feedback. The full, open launch of the product is coming shortly after Dev Week but this is your opportunity to get a chance to see it early, test it and help us make it as awesome as possible.Please note: There may be bugs. This should not be used in production during the time of the beta testing. I shouldn't have to tell you that lol. But here we are. I use this tool already in my day to day. But your workflow might be different. We will be adding people slowly, so if you don't get an email early next week, just give it a moment. The earlier you sign up, the more likely you get in.Sign up here: https://forms.office.com/Pages/ResponsePage.aspx?id=Wht7-jR7h0OUrtLBeN7O4VmPZrcheetIstWzdVorFtxURjVKSE5KNFZSSzg4MzdHUzRaOTZBQ1Q3SS4u&fbclid=IwAR3eZ4hD9cSXJKuME2mIeOYp8c4j-LT0mr_iCzPnSU52NkBdBxU-Az5abLg Webinar / Meetups and WorkshopsLive Stream Series - Koding with the Kiwi + Friends - Special Guest - Wil De Bruin - Talking about CBValidationFriday July 15th, at 1pm PDTPatreon's check your email, there will be an email sent Wednesday with the registration link for the zoom call… or keep an eye out in the Patreon Only BoxTeam Slack channel or the Ortus Community Forum section.Not a patreon? Sign up today or wait for us to release the recording on CFCasts after the session.Adobe Developer Week is Next week! July 18-22ndThe Adobe ColdFusion Developer Week is back - bigger and better than ever! This year, our experts are gearing up to host a series of webinars on all things ColdFusion. This is your chance to learn with them, get your questions answered, and build cloud-native applications with ease.What are you waiting for? Register now!https://adobe-coldfusion-devweek-2022.attendease.com/registration/form Legacy Migration Follow Up: Using Coldbox with an Existing Code BaseJuly 29th 2022: Time 11:00 AM Central Time ( US and Canada )Dan Card will be presenting a follow up to his June webinar: Getting started with the Legacy Migration. Dan received some good questions, so July's Webinar: Legacy Migration Follow Up: Using Coldbox with an Existing Code Base with Dan Card. If you have a more traditional / legacy codebase, and are wanting to modernize with ColdBox, but don't know where to start, this webinar is just for you!with Dan Cardhttps://us02web.zoom.us/meeting/register/tZArde-srjgiGtUVIWhhVRmMpSgang6yqCzA ICYMI - Online CF Meetup - "Planning and Building my Developer Feud Quiz API", with Gavin PickinThursday, July 7, 20229:00 AM to 10:00 AM PDTIn this session, we are going to plan and build our very own Developer Feud Quiz. To do this, we will analyze and plan our app, starting with the User Stories, and then mapping that to Database, Models, and we can start building out our API, using CRUDDY by Design philosophies. We'll shell out our TDD style Tests, and then create a couple of resources and routes.Recording: https://www.youtube.com/watch?v=UCqxiaR5BWM&list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL Slides: https://t.co/NJZbjr3NTRMeetup Link: https://www.meetup.com/coldfusionmeetup/events/286853927/Adobe WorkshopsJoin the Adobe ColdFusion Workshop to learn how you and your agency can leverage ColdFusion to create amazing web content. This one-day training will cover all facets of Adobe ColdFusion that developers need to build applications that can run across multiple cloud providers or on-premiseTUESDAY, AUGUST 9, 20229.00 AM - 4.30 PM AESTColdFusion WorkshopBrian Sappeyhttps://coldfusion-1-day-training.meetus.adobeevents.com/ WEBINAR - THURSDAY, AUGUST 18, 202210:00 AM PDTMaking Games with Adobe ColdFusionMark Takatahttps://making-games-with-adobe-coldfusion.meetus.adobeevents.com/FREE :)Full list - https://meetus.adobeevents.com/coldfusion/ CFCasts Content Updateshttps://www.cfcasts.comJust Released 2022 ForgeBox Module of the Week Series - 1 new Videohttps://cfcasts.com/series/2022-forgebox-modules-of-the-week 2022 VS Code Hint tip and Trick of the Week Series - 1 new Videohttps://cfcasts.com/series/2022-vs-code-hint-tip-and-trick-of-the-week  Coming Soon Last video for Gavin Pickin - Publish Your First ForgeBox Package LogBox 101 from Eric Peterson Koding with the Kiwi + Friends More ForgeBox and VS Code Podcast snippet videos Box-ifying a 3rd Party Library from Gavin Conferences and TrainingICYMI - Quasar ConfPlease let us know about you and what you'd like to speak about in all things Quasar or Vue!!!Conference Date: Saturday, July 9th, 2022 - 3 p.m. GMTRecording: https://www.youtube.com/watch?v=CkHM8VLxuus THAT ConferenceHowdy. We're a full-stack, tech-obsessed community of fun, code-loving humans who share and learn together.We geek-out in Texas and Wisconsin once a year but we host digital events all the time.WISCONSIN DELLS, WI / JULY 25TH - 28TH, 2022A four-day summer camp for developers passionate about learning all things mobile, web, cloud, and technology.https://that.us/events/wi/2022/ Our very own Daniel Garcia is speaking there Easier API Development and Testing - Use PostMan, Webhook.site, and ngrok to Enhance Your Workflowhttps://that.us/activities/sb6dRP8ZNIBIKngxswIt Adobe Developer Week 2022July 18-22, 2022Online - Virtual - FreeThe Adobe ColdFusion Developer Week is back - bigger and better than ever! This year, our experts are gearing up to host a series of webinars on all things ColdFusion. This is your chance to learn with them, get your questions answered, and build cloud-native applications with ease.Speakers have been announcedAgenda has been announcedhttps://adobe-coldfusion-devweek-2022.attendease.com/registration/form VueJS Forge This Week - July 13th-14th Organized by Vue School _The largest hands-on Vue.js Event Team up with 1000s of fellow Vue.js devs from around the globe to build a real-world application in just 2 days in this FREE hackathon-style event. Make connections. Build together. Learn together. Sign up as an Individual or signup as a company Company Deal - $2000 for a team of 5, includes VueSchool annual membership and guaranteed seat at the workshops at VueJS Forge as well… and you can pick your team Project: Project Management SAAS Apphttps://vuejsforge.com/Into The Box 2022September 6, 7 and 8, 2022 in Houston, TexasOne day workshops before the two day conference!Sign up for the workshops before they fill up - couple are almost filledConference Website:https://intothebox.orgITB Blog has new updates!CF Summit - OfficialMirageOct 3rd & 4th - CFSummit ConferenceOct 5th - Adobe Certified Professional: Adobe ColdFusion Certification Classes & Testshttps://cfsummit.adobeevents.com/ https://www.adobe.com/products/coldfusion-family/certificate.html Registrations are now open.For just $99! Grab your early-bird tickets before June 30 - Still open!!!Call for Speakers is now Open - Supposed to close June 30th - Submit now!!!!From Slack re Adobe Certified ProfessionalThe Adobe Certified Professional: Adobe ColdFusion cert is a totally different, MUCH more difficult and comprehensive certification than the CF Specialist previously offered. Mark Takata, Nolan and Dave F + the CF engineering team, Elishia and Kishore all spent a week together building the new one and it is HARD. I highly recommend it as a test of your skills, I guarantee everyone will learn something new.Yes, but there's also over 100 hours of video to go over before the 1 day lecture + cert. So you watch videos, sit in class, then take the exam there. It is no joke, definitely challenging, but super satisfying to pass.Plus you get access to those videos for a year, which is nice for going back and reviewing things down the line.Ortus CF Summit Training WorkshopColdBox Zero to MegaHero : REST APIs + VueJS Mobile AppOct 5th and 6th - After CF Summit ConferenceLead by Luis Majano & Gavin PickinPrice: $799 - Early bird pricinghttps://www.eventbrite.com/e/ortus-cf-summit-training-workshop-tickets-375306340367Location: Aria - In the luxurious Executive Hospitality Suite like 2019The suite doubled it's prices but we're working hard to keep the costs to the attendees the sameInto the Box Latam 2022Dec 5th or 7thMore information is coming very soon.CFCampNo CFCAMP 2022, we're trying again for summer 2023TLDR is that it's just too hard and there's too much uncertainty right now.More conferencesNeed more conferences, this site has a huge list of conferences for almost any language/community.https://confs.tech/Blogs, Tweets, and Videos of the Week7/11/22 - Blog - Grae Desmond - ColdFusion Portal - Don't forget the built in web serverI was reading Mark's CLI Installation blog post and remembered when I was testing ColdFusion 2021. I was doing it on my desktop and I did not have a webserver on my machine. Now I could've tested using CommandBox but I wanted to mirror how I would be...https://coldfusion.adobe.com/?p=11180 7/11/22 - Blog - Grae Desmond - ColdFusion Portal - Sometimes its ok to have trust issuesI was working on an API call recently and everything was humming along till I ran into an edge case with a request and everything just stopped working. Nothing changed except the value I was sending to the API. What did change was that the value I wa...https://coldfusion.adobe.com/?p=11163 7/11/22 - Blog - Grae Desmond - ColdFusion Portal - Letting your non development colleagues update text on your site with a simple JSON fileI previously talked about how I leveraged using variables in queries to help with a site I was recently tasked to build. As a quick refresher each page on this site would look the same with a right sidebar with some definitions and descriptions, then…https://coldfusion.adobe.com/?p=11072 7/11/22 - Blog - Grae Desmond - ColdFusion Portal - Adding an Emergency Shutoff Switch to Your ApplicationsHave you ever been to a gas station and noticed the emergency shut off switch? It's usually near the door to go inside the gas station and bright red to grab your attention. That button is for emergencies, like say a fire, and will shut off all elect...https://coldfusion.adobe.com/?p=11117 7/12/22 - Blog - Charlie Arehart - What's new FusionReactor 8.8.0, just released?Good news for FusionReactor users: a new version, 8.8.0, has just been released. You can see a list of several bullet points about it in the release notes.TLDR: If it's enough for you to know that FR is now updated and those bullets may suffice, you now have what you need to know. :-) In this post, I want to expand on those to give more context. I have no inside info or advanced knowledge of the release: this comes from my own assessment of things as I just applied the update this morning. As such, I could be wrong on some points, or may need to come back to clarify something. But in the meantime, I hope this overview may help folks, as sometimes the single bullets in the release notes can leave you wondering. :-)https://www.carehart.org/blog/client/index.cfm/2022/7/12/whats_new_FusionReactor_8_8_0/ 7/11/22 - Tweet - James Moberg - New Monitoring ToolA #ColdFusion Taffy API was timing out due to 3rdparty MSSQL table locks. I started using @hyperjump_tech Monika to log performance every 60 seconds to expose impact. monika.hyperjump.tech #CFML Metrics are logged to SQLite DB. #opensource #portable #yaml #notificationshttps://twitter.com/gamesover/status/1546662581640876034https://twitter.com/gamesover 7/10/22 - Tweet - James Moberg - encodeForHTMLAttributeHey #ColdFusion & #CFML devs, what function do you use to safely repopulate an INPUT value attribute? I've used htmlEditFormat, but it's deprecated in CF11. Use encodeForHTMLAttribute? Docs state "use in HTML attribute, such as table width or image height". No mention of "value".https://twitter.com/gamesover/status/1546172791652745218https://twitter.com/gamesover 7/10/22 - Blog - Ales Nesetril - commandbox-jasper: the third partA few cool new things have been added thanks to Eric Peterson.It is easy to create a jasper site through the command line. Inside an empty directory, jasper init will create a scaffold of jasper-cli. Tip of the hat to Eric.https://kisdigital.com/post/commandbox-jasper-the-third-part Part 1 - Commandbox-jasper SSG generator - https://kisdigital.com/post/commandbox-jasper-ssg-generatorPart 2 - Commandbox-jasper Part Deux - https://kisdigital.com/post/commandbox-jasper-part-deux 7/10/22 - Tweet - Ben Nadel - Feature Flags for his BlogOver the last 2 weeks, been spending my free time building a Feature Flag system for my #ColdFusion blog. My blog doesn't really need it; but, heck if I don't love finding reasons to play with #CFML (and feature flags for that matter). Will post git repo when a bit more polished.https://twitter.com/BenNadel/status/1546125460840538114https://twitter.com/BenNadel 7/6/22 - Blog - James Moberg - Use Exiv2 to extract GPS data from Images using CFMLI mentioned Exiv2 on a blog post from 2 years ago regarding Supporting ColdFusion with Command Line Programs. Someone in the Adobe ColdFusion Forum recently inquired how to "use ImageGetEXIFMetaData to try to get gps coordinates of an image".https://dev.to/gamesover/use-exiv2-to-extract-gps-data-from-images-using-cfml-3maa 7/7/22 - Blog - Ben Nadel - Building-Up A Complex Objects Using A Multi-Step Form Workflow In ColdFusionEarlier this week, I looked at using form POST-backs to build up complex objects in ColdFusion. That technique allowed for deeply-nested data to be seamlessly updated using dot-delimited "object paths". My previous demo used a single page to render the form. As a fast-follow, I wanted to break the demo up into a multi-step form workflow in which each step manages only a portion of the complex object.https://www.bennadel.com/blog/4296-building-up-a-complex-objects-using-a-multi-step-form-workflow-in-coldfusion.htm CFML JobsSeveral positions available on https://www.getcfmljobs.com/Listing over 106 ColdFusion positions from 58 companies across 49 locations in 5 Countries.3 new jobs listedFull-Time - Senior ColdFusion Developer at Birmingham - United Kingdom Jul 12https://www.getcfmljobs.com/jobs/index.cfm/united-kingdom/Senior-ColdFusion-Developer-at-Birmingham/11493 Full-Time - Senior ColdFusion Developer at London - United Kingdom Jul 12https://www.getcfmljobs.com/jobs/index.cfm/united-kingdom/Senior-ColdFusion-Developer-at-London/11492 Full-Time - Frontend Software Developer-ColdFusion/Angular at Memphis, T.. - United States Jul 05https://www.getcfmljobs.com/jobs/index.cfm/united-states/Frontend-Software-DeveloperColdFusionAngular-at-Memphis-TN/11491 Other Job Links Ortus Solutions - https://www.ortussolutions.com/about-us/careers  John Hopkins University with Brian Klass - https://jobs.jhu.edu/job/Baltimore-Sr_-Programmer-Analyst-MD-21205/905668200/ More Information: https://twitter.com/brian_klaas/status/1544653220244590592  Clear Capital - Carol from Working Code Podcast - https://bit.ly/3Ocu5Zz  Nolan Erck - South of Shasta - Part-time CFML developer wantedSouth of Shasta is looking for a part-time mid to senior level developer that can assist with some projects for our clients over the next few months, possibly longer.https://southofshasta.com/blog/part-time-cfml-developer-wanted/  There is a jobs channel in the cfml slack team, and in the box team slack now too ForgeBox Module of the Weekcommandbox-jasperA static site generator implemented in CommandboxLast year I wrote a static site generator called Jasper. So far I have built Jasper using ColdBox as well as FW1. I am going to take things one step further and I will implement Jasper as a CommandBox module. Apparently I really enjoy writing SSGs.I decided to split the project into two main parts: the jasper-cli blog scaffold and the jasper command that handles generating the static site.Read more on the blog: https://kisdigital.com/post/how-i-use-commandbox-with-my-blog https://kisdigital.com/post/commandbox-jasper-ssg-generator https://www.forgebox.io/view/commandbox-jasper VS Code Hint Tips and Tricks of the WeekEmoji SnippetsEmoji Snippets helps developers to insert emoji on their files. You can use these emoji in PHP,HTML,JS,CSS,React and more !!!https://marketplace.visualstudio.com/items?itemName=devzstudio.emoji-snippetsThank you to all of our Patreon SupportersThese individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox. You can support us on Patreon here https://www.patreon.com/ortussolutionsDon't forget, we have Annual Memberships, pay for the year and save 10% - great for businesses.Bronze Packages and up, now get a ForgeBox Pro and CFCasts subscriptions as a perk for their Patreon Subscription.All Patreon supporters have a Profile badge on the Community WebsiteAll Patreon supporters have their own Private Forum access on the Community WebsiteAll Patreon supporters have their own Private Channel access BoxTeam SlackLive Stream Access to Koding with the Kiwi + Friendshttps://community.ortussolutions.com/ Patreons John Wilson - Synaptrix Brian Ghidinelli - Hagerty MotorsportReg   Jordan Clark Eric Hoffman Gary Knight Mario Rodrigues Giancarlo Gomez David Belanger Dan Card Jonathan Perret Jeffry McGee - Sunstar Media Dean Maunder Wil De Bruin Joseph Lamoree Don Bellamy Jan Jannek Laksma Tirtohadi Carl Von Stetten Jeremy Adams Didier Lesnicki Matthew Clemente Daniel Garcia Scott Steinbeck - Agri Tracking Systems Ben Nadel  Brett DeLine Kai Koenig Charlie Arehart Jonas Eriksson Jason Daiger Shawn Oden Matthew Darby Ross Phillips Edgardo Cabezas Patrick Flynn Stephany Monge John Whish Kevin Wright Peter Amiri You can see an up to date list of all sponsors on Ortus Solutions' Websitehttps://ortussolutions.com/about-us/sponsors ★ Support this podcast on Patreon ★

Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. You can register here: https://cloudposse.com/office-hoursJoin the conversation: https://slack.cloudposse.com/Find out how we can help your company:https://cloudposse.com/quizhttps://cloudposse.com/accelerate/Learn more about Cloud Posse:https://cloudposse.comhttps://github.com/cloudpossehttps://sweetops.com/https://newsletter.cloudposse.comhttps://podcast.cloudposse.com/[00:00:00] Intro[00:01:05] VSCode plugin that shows infracost data in terraform code as you develophttps://github.com/infracost/vscode-infracost[00:04:18] Least privilege AWS IAM Terraformerhttps://github.com/bridgecrewio/AirIAM[00:05:27] Open Cloud Vulnerability & Security Issue Databasehttps://www.cloudvulndb.org/[00:12:45] Announcing bare metal support for Amazon EKS Anywherehttps://aws.amazon.com/about-aws/whats-new/2022/06/bare-metal-support-amazon-eks-anywhere/[00:16:28] AWS SAM Accelerate is now generally available https://aws.amazon.com/about-aws/whats-new/2022/06/aws-sam-accelerate-test-code-against-cloud/[00:24:09] GitHub Achievement Badgeshttps://github.blog/2022-06-09-introducing-achievements-recognizing-the-many-stages-of-a-developers-coding-journey/[00:26:35] AWS Announced New Support Ticket Process[00:28:13] AWS Announced Larger Fargate Instance Sizes Coming Soon [00:33:15] What is Cloud Posse's opinion on Atlantis?  [00:45:13] AWS Identity and Access Management introduces IAM Roles Anywhere for workloads outside of AWShttps://aws.amazon.com/about-aws/whats-new/2022/07/aws-identity-access-management-iam-roles-anywhere-workloads-outside-aws/[00:48:26] Terraform 1.3.0-alpha just launched with “Optional attributes for object type constraints”https://github.com/hashicorp/terraform/releases/tag/v1.3.0-alpha20220706[00:50:30] Outro #officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#awsSupport the show

Watch now: https://www.youtube.com/watch?v=7OW6rTsiL9Q&t=38s ✅Agenda of the Session ✔️What's AWS IAM(Identity and Access Management) ✔️Difference between Authentication and Authorization ✔️Root Account ✔️What is IAM Policies Facebook: https://www.facebook.com/Infosectrain/ Twitter: https://twitter.com/Infosec_Train LinkedIn: https://www.linkedin.com/company/infosec-train/ Instagram: https://www.instagram.com/infosectrain/ Telegram: https://t.me/infosectrains

On The Cloud Pod this week, the team finds out whose re:Invent 2021 crystal ball was most accurate. Also Graviton3 is announced, and Adam Selipsky gives his first re:Invent keynote.  A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located.  This week's highlights

Links: Cost of a Data Breach Report: https://securityintelligence.com/cost-of-data-breach-bottom-line/ Got its ass handed to it in a security breach last week: https://threatpost.com/Godaddys-latest-breach-customers/176530/ Millions of Brazilians: https://www.zdnet.com/article/millions-of-brazilians-exposed-in-wi-fi-management-software-firm-leak/ “You can now securely connect to your Amazon MSK clusters over the internet”: https://aws.amazon.com/about-aws/whats-new/2021/11/securely-connect-amazon-msk-clusters-over-internet/ “AWS Security Profiles: Megan O'Neil, Sr. Security Solutions Architect”: https://aws.amazon.com/blogs/security/aws-security-profiles-megan-oneil-sr-security-solutions-architect/ AWS Security Profiles: Merritt Baer, Principal in OCISO: https://aws.amazon.com/blogs/security/aws-security-profiles-merritt-baer-principal-in-ociso/ Super important things to know: https://github.com/SummitRoute/aws_breaking_changes/issues/56 Permissions.cloud: https://aws.permissions.cloud/ TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it's nobody in particular's job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Corey: This episode is sponsored in part by LaunchDarkly. Take a look at what it takes to get your code into production. I'm going to just guess that it's awful because it's always awful. No one loves their deployment process. What if launching new features didn't require you to do a full-on code and possibly infrastructure deploy? What if you could test on a small subset of users and then roll it back immediately if results aren't what you expect? LaunchDarkly does exactly this. To learn more, visit launchdarkly.com and tell them Corey sent you, and watch for the wince.Corey: “Security is Job Zero” according to AWS. Next week I'll have a fair bit on that I suspect, since this week is re:Invent. Let's see what happened before the storm hit.IBM put out its annual Cost of a Data Breach Report which is interesting, but personally I find it genius. This is how you pollute SEO for the search term ‘IBM Data Breach', which is surely just a matter of time if it hasn't already happened.Speaking of, GoDaddy effectively got its ass handed to it in a security breach last week. We found out of course via an SEC filing instead of GoDaddy doing the smart thing and proactively getting in front of it. Apparently they were breached for at least two-and-a-half months, nobody noticed, and 1.2 million people got their admin creds stolen. I can't stress enough that you should not be doing business with GoDaddy.And to complete the trifecta, ‘Millions of Brazilians' is a fun thing to say unless you're talking about who's been victimized by an S3 Bucket Negligence Award; then nobody's having fun at all.The AWS security blog had a few things to say. “You can now securely connect to your Amazon MSK clusters over the internet.” Wait, what? What the hell was going on before? Were you unable to access the clusters over the internet, or were you able to do so but it was insecurely? This is terrifying framing.“AWS Security Profiles: Megan O'Neil, Sr. Security Solutions Architect.” I really dig these! The problem is that the AWS security blog only really seems to put these out around major AWS conferences when there's a bunch of other announcements. I'd love it if more of the AWS blogs would do periodic “The faces, voices, and people that power AWS” profiles because I assure you, most of the people building the magic never take the stage at these conferences.There was another profile of Merritt Baer. Who is a principal in the office of the CISO, and she's an absolute delight. One of these days, post-pandemic, we're going to try and record some kind of video or other, just so we can name it “Quinn and Baer it.”Corey: This episode is sponsored in part by something new. Cloud Academy is a training platform built on two primary goals: having the highest quality content in tech and cloud skills, and building a good community that is rich and full of IT and engineering professionals. You wouldn't think those things go together, but sometimes they do. It's both useful for individuals and large enterprises, but here's what makes this something new—I don't use that term lightly—Cloud Academy invites you to showcase just how good your AWS skills are. For the next four weeks, you'll have a chance to prove yourself. Compete in four unique lab challenges where they'll be awarding more than $2,000 in cash and prizes. I'm not kidding: first place is a thousand bucks. Pre-register for the first challenge now, one that I picked out myself on Amazon SNS image resizing, by visiting cloudacademy.com/corey—C-O-R-E-Y. That's cloudacademy.com/corey. We're going to have some fun with this one.Corey: And of course, “Macie Classic alerts that derive from AWS CloudTrail global service events for AWS Identity and Access Management (IAM) and AWS Security Token Service (STS) API calls will be retired (no longer generated) in the us-west-2 (Oregon) AWS Region.” See, that's one of those super important things to know, and I hate how AWS buries it. That said, don't use Macie Classic because it is horrifyingly expensive compared to modern Macie.And from the tools and tricks area, I discovered permissions.cloud last week and it's great. The website uses a variety of information gathered within the IAM dataset and then exposes that information in a clean, easy-to-read format. It's there to provide an alternate community-driven source of truth for AWS identity. It's gorgeous as well, so you know it's not an official AWS product.And that's what happened in AWS security. Thank you for listening. I'll talk to you next week if I survive re:Invent.Corey: Thank you for listening to the AWS Morning Brief: Security Edition with the latest in AWS security that actually matters. Please follow AWS Morning Brief on Apple Podcast, Spotify, Overcast—or wherever the hell it is you find the dulcet tones of my voice—and be sure to sign up for the Last Week in AWS newsletter at lastweekinaws.com.Announcer: This has been a HumblePod production. Stay humble.

This is the first in a five-part series of conversations that Jeff had with fellow identity professionals at the FIDO Alliance Authenticate 2021 conference. Jeff talks with Arryn Crow, Senior Technical Program Manager for AWS Identity about how to make the IAM field more inclusive and accessible. Connect with Arryn Crow: https://www.linkedin.com/in/arynn-crow-821761103/ Learn more about the FIDO Alliance: https://fidoalliance.org/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show at www.IdentityAtTheCenter.comand follow @IDACPodcast on Twitter. Have a question for Jim and Jeff? Ask us here: https://anchor.fm/identity-at-the-center/message --- Send in a voice message: https://anchor.fm/identity-at-the-center/message

Jim and Jeff talk with Sarah Cecchetti, Principal Product Manager for AWS Identity and Co-founder, Board Member, and President of IDPro, about AWS Cognito and the new IDPRO Certified Identity Professional (CIDPRO) certification. Connect with Sarah on LinkedIn: https://www.linkedin.com/in/sarahcecchetti/ IDPro certification link: https://idpro.org/cidpro/ Learn more about AWS Cognito: https://aws.amazon.com/cognito/ Connect with Jim and Jeff on LinkedIn here: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show at www.IdentityAtTheCenter.comand follow @IDACPodcast on Twitter. Have a question for Jim and Jeff? Ask us here: https://anchor.fm/identity-at-the-center/message --- Send in a voice message: https://anchor.fm/identity-at-the-center/message

This week on The Cloud Pod, Yahoo is back and cheaper than ever. Just kidding, it's Ryan who is back and the team is curious as to how he managed to extricate himself out from under that kitten.   A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights Amazon has been doing yoga and the results are paying off. Google bought a hard hat and is getting into the construction business. If you need to get your kid to sleep, let them read this from Azure. General News: Yahoo's Renaissance Verizon dumps Yahoo-AOL for rock-bottom price. But they're not dead yet! Amazon posts record profits as AWS hits $54B annual run rate. That's pretty good! Microsoft beats Q3 revenue expectations, spurred by strong cloud sales. Get on the bandwagon, Azure. Alphabet announces first quarter results for 2021. It does include GCP and G-Suite revenue.    Cloud infrastructure spending grew 35% to $41.8B in Q1 2021. These numbers boggle our minds. JEDI: Just Keeps Getting Better Court snubs Microsoft and the U.S. government's request to throw out Amazon’s complaint against JEDI cloud contract decision. We can't wait to hear what Trump says under oath.  Amazon Web Services: Bring Your Own Talent AWS is launching Amazon FinSpace, a data management and analytics solution. Step one, invent the universe.  AWS Proton introduces customer-managed environments. We had to look up what Proton actually is.  AWS Proton allows adding and removing instances from an existing service. We're looking forward to some re:Invent sessions on this.    Amazon launches CloudFront Functions for the lowest possible latency. A great solution that can reduce your costs quite a bit.   Happy 10th birthday to AWS Identity and Access Management. Ten years on and still a pain in the ass. Introducing Amazon Nimble, a new service that creative studios can use to produce visual effects, animations and interactive content entirely in the cloud. More verticalization!   Google Cloud Platform: If You Hate Money Google wants customers to move their vSphere 5.5+ to Google Cloud VMware Engine. Taking the responsibility away from engineering teams.    Databricks on Google Cloud is now generally available. A good play by Google.   Google has released its Liquibase Cloud Spanner extension. In theory, you should be able to roll back…  Google Cloud and the DORA research team are excited to launch the 2021 state of DevOps survey. We highly recommend you check this out. Google announces the Google Kubernetes Engine Gateway Controller is now in preview. Check this out if you're tired of service mesh.     Google is here to tell you six more reasons GKE is the best K8 service. Stay tuned for more announcements from Kubecon EU 2021 next week.  Google Cloud announces a new region to support growing customer base in Israel. Although this is great, it hasn't told us when or where it will be built.    Azure: The Best We Could Do Azure is announcing the preview of Azure Web PubSub service for building real-time web applications with websockets. Welcome to the club — you're a little late, Microsoft. TCP Lightning Round Jonathan is winning with waffles and takes this week's point, leaving scores at Justin (7), Ryan (3), Jonathan (7).  Other headlines mentioned: Amazon Redshift announces support for hierarchical data queries with Recursive CTE Amazon Connect Customer Profiles launches Identity Resolution in Preview to detect and merge duplicate customer profiles Amazon Kinesis Data Analytics for Apache Flink introduces custom maintenance windows in preview Amazon ECS on AWS Fargate now allows you to configure the size of ephemeral storage for your Tasks Announcing support for linear interpolation in AWS IoT SiteWise Easily clean up unused resources in Amazon Forecast using hierarchical deletion   Amazon CloudWatch Monitoring Framework for Apache is generally available AWS Snow Family now enables you to order, track, and manage long-term pricing Snow jobs AWS Glue DataBrew announces native console integration with Amazon AppFlow to connect to data from SaaS (Software as a Service) applications and AWS services (in Preview) Introducing AWS for media and entertainment AWS Identity and Access Management (IAM) now makes it easier for you to manage permissions for AWS services accessing your resources General availability: Azure Site Recovery now supports cross-continental disaster recovery for 3 region pairs Google Introducing Open Saves: Open-source cloud-native storage for game  Things Coming Up Announcing Google Cloud 2021 Summits [frequently updated] Save the date: AWS Containers events in May AWS Regional Summits — May 10–19 AWS Summit Online Americas — May 12–13 Microsoft Build — May 19–21 (Digital) Google Financial Services Summit — May 27th  Harness Unscripted Conference — June 16–17 Google Cloud Next — Not announced yet (one site says Moscone is reserved June 28–30) Google Cloud Next 2021 — October 12–14, 2021 AWS re:Invent — November 29–December 3 — Las Vegas Oracle Open World (no details yet)

Severely delayed once again, but Arjen, Jean-Manuel, and Guy did discuss the news of March once again. An episode full of good names, bad names, and complaints about services while there was also plenty to love. So, a fairly typical month. News Finally in Sydney AWS Snowcone is now available in the AWS Asia Pacific (Sydney) Region in Australia AWS Client VPN announces expanded presence inside six AWS Regions Amazon EMR on EKS is now available in US West (N. California), US East (Ohio), Canada (Central), EU (Frankfurt and London), Asia Pacific (Mumbai, Seoul, Singapore, Sydney, and Tokyo) regions Amazon EC2 D3 instances with dense local HDD storage now available in Asia Pacific (Singapore, Sydney and Tokyo), and Europe (Frankfurt) regions Get to know the first new AWS Heroes of 2021! | AWS News Blog(Community Hero Zainab Maleki from Perth) Serverless Lambda Introducing Amazon S3 Object Lambda – Use Your Code to Process Data as It Is Being Retrieved from S3 | AWS News Blog The AWS Lambda console now features a new navigation design AWS Lambda adds four Trusted Advisor checks Step Functions AWS Step Functions adds tooling support for YAML Announcing AWS Step Functions' integration with Amazon EMR on EKS EventBridge Amazon EventBridge introduces support for API Destinations Containers ECS Amazon ECS now allows you to execute commands in a container running on Amazon EC2 or AWS Fargate AWS - Session Manager and ECS Exec | ig.nore.me AWS Copilot launches v1.4 with support for ECS exec and more EKS Amazon EKS reduces control plane creation time for EKS clusters by 40% Amazon EKS now supports adding KMS envelope encryption to existing clusters to enhance security for secrets Amazon EKS now supports creation and management of add-ons using AWS CloudFormation Amazon EKS now supports P4d instances Amazon EKS now supports Elastic Fabric Adapter Amazon EFS CSI driver now supports dynamic provisioning Other AWS Cloud Map now supports API-only services in namespaces configured with DNS resolution Red Hat OpenShift Service on AWS Now GA | AWS News Blog EC2 & VPC EC2 Troubleshoot Boot and Networking Issues with New EC2 Serial Console | AWS News Blog Announcing new Amazon EC2 X2gd instances powered by AWS Graviton2 processors Amazon EC2 Auto Scaling adds support for local time zones for scheduled scaling Amazon EC2 Auto Scaling Instance Refresh now supports phased deployments Amazon EMR now supports Amazon EC2 Instance Metadata Service v2 VPC Amazon VPC Flow Logs now reflects AWS Service name, Traffic Path and Flow Direction Amazon Timestream now supports Amazon VPC endpoints Dev & Ops CICD AWS CodePipeline now supports 1000 pipelines per account AWS Proton now supports services without pipelines AWS Proton introduces deletion protection for in-use templates AWS Proton makes new fields available for Jinja parametrization Systems Manager AWS Systems Manager OpsCenter now displays an aggregated view of all operational issues for a specified resource AWS Systems Manager Change Manager now supports multi-level approvals Other Now available AWS SSO credential profile support in the AWS Toolkit for VS Code Amazon EventBridge now supports propagation of X-Ray trace context Announcing Kotlin-centric developer experience in Amplify Android Announcing the General Availability of Amazon Corretto 16 AWS announces Developer Preview release of opinionated deployment tool for .NET CLI Security Security Hub AWS Security Hub adds 25 new controls to its Foundational Security Best Practices standard AWS Security Hub integrates with Amazon Macie to automatically ingest sensitive data findings for improved centralized security posture management Config AWS Config Adds 3 New Config Rules for Amazon Secrets Manager AWS Config adds pagination support for advanced queries that contain aggregate functions WAF AWS Shield Advanced now supports resource tagging AWS WAF adds support for Custom Responses AWS WAF adds support for Request Header Insertion Other AWS CloudTrail Adds Logging of Data Events for Amazon DynamoDB AWS Certificate Manager now provides certificate expiry monitoring through Amazon CloudWatch AWS Secrets Manager now provides support to replicate secrets in AWS Secrets Manager to multiple AWS Regions IAM Access Analyzer Update – Policy Validation | AWS News Blog New AWS SSO gallery app simplifies Azure AD set-up with AWS AWS Audit Manager now supports CIS AWS Foundations Benchmark v1.3.0, Level 1 and 2 as a new standard framework Data Storage & Processing S3 Amazon S3 Glacier Price Reduction | AWS News Blog AWS CloudFormation now supports Amazon S3 on Outposts Databases Achieve up to 35% better price/performance with Amazon Aurora using new Graviton2 instances Amazon Aurora PostgreSQL-Compatible edition supports simultaneous authentication with both Microsoft Active Directory (AD) and AWS Identity and Access Management (IAM) AWS Backup adds support for continuous backup and point-in-time recovery of Amazon RDS instances Amazon RDS for PostgreSQL supports managed disaster recovery (DR) with Cross-Region Automated Backups Amazon RDS for MySQL now supports rollback protection for database major version upgrades Amazon RDS Proxy adds read-only endpoints for Amazon Aurora Replicas Amazon RDS Proxy now supports database connectivity from multiple Amazon VPCs Announcing General Availability of Amazon Redshift Cross-database queries Announcing General Availability of Amazon Redshift Data Sharing Amazon DocumentDB (with MongoDB compatibility) now supports Event Subscriptions Other New – Lower Cost Storage Classes for Amazon Elastic File System | AWS News Blog Amazon Elasticsearch Service announces Auto-Tune feature for improved performance and application availability Amazon Elasticsearch Service now publishes events to Amazon CloudWatch and Amazon EventBridge for service software updates AWS Glue Studio now supports transforms defined in SQL AWS Backup adds support for bulk deletion of recovery points AWS Data Exchange providers can now copy product metadata from their existing products to a new product AI & ML SageMaker Announcing support for multiple containers on Amazon SageMaker Inference endpoints, leading to cost savings of up to 80% Leverage state of the art Natural Language Processing with Hugging Face and Amazon SageMaker Amazon SageMaker now supports private Docker registry authentication Amazon SageMaker Autopilot adds Model Explainability Other Detect anomalies in your metrics, and diagnose issues quickly with Amazon Lookout for Metrics – now generally available Announcing General Availability of AWS IoT Device Defender ML Detect Introducing a new API allowing you to stop in-progress workflows in Amazon Forecast Amazon Transcribe supports word-level confidence scores for streaming transcription Other Cool Stuff Regions AWS Asia Pacific (Osaka) Region Now Open to All, with Three AZs and More Services | AWS News Blog Connect Amazon Connect Customer Profiles now supports data sources from Amazon S3 Amazon Connect now supports 15 minute intervals for historical metric reporting Amazon Connect now provides an out-of-the-box chat user interface for your website Other Services/Features AWS Fault Injection Simulator – Use Controlled Experiments to Boost Resilience | AWS News Blog Announcing General Availability of Ethereum on Amazon Managed Blockchain Bundle Management APIs now generally available for Amazon WorkSpaces AWS announces General Availability of Amazon GameLift Queue notifications The Nanos AWS Fargate updates platform version 1.4.0 to be the LATEST version(Arjen) AWS Client VPN announces expanded presence inside six AWS Regions(Jean-Manuel) Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions DoIT International

最新情報を "ながら" でキャッチアップ！ ラジオ感覚放送 「毎日AWS」 おはようございます、木曜日担当パーソナリティの小林です。 今日は 4/14 に出たアップデートをピックアップしてご紹介。 感想は Twitter にて「#サバワ」をつけて投稿してください！ ■ トークスクリプト https://blog.serverworks.co.jp/aws-update-2021-04-14 ■ UPDATE PICKUP  AWS Identity and Access Management（IAM）でIAM RoleのアクティビティをソースIDとして取得できるように  AWS CloudFormationモジュールで、YAMLと区切り文字をサポート  AWS BatchでEC2のスケーリングのパフォーマンスとジョブ実行速度の向上  Amazon CloudWatchにAmazon Interactive Video Serviceのメトリクスが追加 ■ サーバーワークスSNS Twitter / Facebook ■ サーバーワークスブログ サーバーワークスエンジニアブログ

Jesse Trucks is the Minister of Magic at Splunk, where he consults on security and compliance program designs and develops Splunk architectures for security use cases, among other things. He brings more than 20 years of experience in tech to this role, having previously worked as director of security and compliance at Peak Hosting, a staff member at freenode, a cybersecurity engineer at Oak Ridge National Laboratory, and a systems engineer at D.E. Shaw Research, among several other positions. Of course, Jesse is also the host of Meanwhile in Security, the podcast about better cloud security you're about to listen to.Links: aws.amazon.com/compliance aws.training docs.microsoft.com/asure/security TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Announcer: If you have several PostgreSQL databases running behind NAT, check out Teleport, an open-source identity-aware access proxy. Teleport provides secure access to anything running behind NAT, such as SSH servers or Kubernetes clusters and—new in this release—PostgreSQL instances, including AWS RDS. Teleport gives users superpowers like authenticating via SSO with multi-factor, listing and seeing all database instances, getting instant access to them using popular CLI tools or web UIs. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. Download Teleport at goteleport.com. That's goteleport.com.Jesse: Trilogy of Threes and a New Mantra. Trilogy of Threes. Good security practices and good security programs are built on three separate but intertwined principles, each of which has three parts. Simon Sinek's Golden Circle framework lays the foundation for why you have a security program, which is a balance of risks to critical assets and services, and business objectives. The next part of how you apply the Golden Circle to your security program is about how you accomplish meeting these objectives and mitigating your risk through the People, Process, and Technology framework.The PPT method helps you define the roles are needed to implement your security program, the overview of processes or actions within your security program, and the types of technology that supports your security program. The final part of how you apply the Golden Circle encompasses what specific things you do to implement your security program using the Holy Trinity of Security: confidentiality, integrity, and availability, or the CIA triad. In your security program, you should define who should be allowed access to any data or service, how you monitor and protect any data or services, and how you keep data or services available for users. Although understanding how to build a security program from nothing is incredibly important, most of us are already operating within an existing security program. Many of us will have influence only on the specific implementation of tools for the Holy Trinity, CIA. All this theory is crucial to understand, but you still have a job to do. So, let's get practical.Where to start today. Searching online for ‘Top X for AWS Security' returns an expected long list of pages and there are shed-loads of fantastic tips in the results. However, reading through many of them, including AWS's own blog entry on the topic, shows that proper cloud security involves large projects and possibly fully re-architecting your entire environment. As is often the case in these things, all the best security advice in the cloud has to do right security from the very beginning. Yet this is like discovering a new love of playing the piano late in life like I did, [laugh] but someone telling you the right way to learn to play the piano is to take lessons as a child. This isn't so useful advice, now is it? Of course, it's too late to become a child piano prodigy, but it's not too late to take up the piano and do well.Fundamentals. In traditional non-cloud environments, physical security for everything leading up to touching a machine is usually the purview of a different part of the organization, or an entirely different organization than the security team or group responsible for system network and application security. Generally, most information or cybersecurity starts with accessing the software-based systems on a physical device's console or through a network connection. This, of course, includes accessing the network through some software path, usually a TCP or UDP-based protocol. In cloud environments, the cloud providers, such as Amazon Web Services—or AWS—Microsoft Azure, or Google Cloud Platform—GCP—maintains and is wholly responsible for all the physical environment and the virtual platform or platforms made available to their customers, including all security and availability required for protecting the buildings and hardware, up through the hypervisors presenting services allowing customers to run systems.All security above the hypervisor is the customer's responsibility, from the operating system or OS through applications and services running on these systems. For example, if you run Windows systems for Active Directory Services, and Linux systems for organizations' online presence, then you own all things in the Windows and Linux OSes, services running on those systems, and the data on those systems. This is called the shared responsibility model. AWS provides details on their compliance site aws.amazon.com/compliance as well as in a short video on their training and certification site aws.training.Microsoft describes their model on their documentation site docs.microsoft.com/asure/security. Google has lots of information in various places on their Google Cloud Platform GCP site, including a guided tour of their physical security for their data centers, but finding a simple explanation like the other two major services have available eluded me. Google does have a detailed explanation of their shared responsibility matrix, as they call it, which is an 87-page PDF. Luckily, given the overwhelming popularity over the other cloud providers, I tend to focus mostly on AWS. I didn't read the whole GCP document.Announcer: If your mean time to WTF for a security alert is more than a minute, it's time to look at Lacework. Lacework will help you get your security act together for everything from compliance service configurations to container app relationships, all without the need for PhDs in AWS to write the rules. If you're building a secure business on AWS with compliance requirements, you don't really have time to choose between antivirus or firewall companies to help you secure your stack. That's why Lacework is built from the ground up for the Cloud: low effort, high visibility, and detection. To learn more, visit lacework.com. That's lacework.com.Jesse: basic AWS training. Amazon provides ample training and online tutorials on all things AWS. This includes AWS basics through advanced AWS architecture and various specialty areas like machine learning and security, among others. I encourage everyone who touches anything in AWS to go through their training courses online at aws.training.If you are new to AWS or cloud in general, go take AWS Cloud Practitioner Essentials, and then take some primers in AWS security: AWS Security Fundamentals; Introduction to AWS Identity and Access Management, or IAM; and AWS Foundations: Securing Your AWS Cloud. These are all eLearning-based and free. This will be some of the best nine to ten hours you can spend to build a foundation for securing your AWS infrastructure.Learning is great; doing is better. Whether you've taken the relevant AWS training or just want to dive in and make your AWS security better today, you'll want to go make a difference in your risk and exposure as quickly as possible. After all, unless you're listening to this as a seasoned security professional, you're probably here to learn how to make your security better as quickly and easily as possible. Anyone looking at the list of courses I've suggested and considering my fundamental approach might be trying to discern which first principles of good security I'll talk about first. If you're thinking along those lines, you might miss some of the very basics.As with all things in the tech world, there are some basics that can't be repeated often enough. The most simple and blatantly obvious advice is to secure your S3 buckets. Let's cover that again so nobody misses the point. Secure. Your. S3. Buckets. Now, repeat that 27 times every morning while you get ready for work before you touch your keyboard.This is the cloud version of securing FTP, meaning FTP isn't too bad protocol, but it's notorious for being misconfigured and allowing anonymous FTP uploads and downloads. If you want to fall into a hole learning everything there is to this, go read the Security Best Practices for Amazon S3 portion of the S3 User Guide. If you don't have time or energy for wading through that lengthy but valuable tome, check some basics for your maximum ROI for minimal effort. If you allow public access to S3 files directly, you should seriously reconsider your solution. There are dozens of ways to provide access to files that aren't as risky as opening direct access to data storage.You should block public access at the account level by going to the S3 services section in the AWS Management Console. And in the menu on the left, select ‘Block Public Access Settings for this Account.' If you can't do this immediately, go lockdown all buckets that don't have this insane requirement to be open to the public. Do this by selecting the bucket, and block access in the permissions tab.You should always be thinking of the fundamentals of great security, and you should always be learning and improving your skills, of course. You should also continually make little changes and review the basics. Some new project will go live and some S3 bucket will have horrible permission settings, or some other fundamental violation of security best practices will occur. We should always be looking out for violations of the basics, even while we work on the larger projects with greater apparent impact. I repeated my mantra 27 times today. Have you?Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.

In this episode, we talked about AWS Identity & Access Management (IAM)

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM is a feature of your AWS account offered at no additional charge. Link: https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

ゆっけさん、ぺいさんとre:Invent 2019の話を中心に、サーバレスアーキテクチャパターン、pre:Invent、AWS Lambdaのアップデート、Amazon CodeGuru、SageMaker、API Gatewayのアップデート、AQUA、Timestreamでない問題などについて話しました。 ajitofm 19: Beyond my Understanding ajitofm 24: Generating Code is Fun AWS re:Invent AWS GameDay What Is IAM Access Analyzer? - AWS Identity and Access Management 実戦で使える AWS Lambda, SNS, Kinesis 等を使ったサーバーレス設計パターン #reinvent #reinvent2019 - Timers Tech Blog GitHub - aws-samples/aws-serverless-airline-booking: Airline Booking is a complete web application that provides Flight Search, Flight Payment, Flight Booking, Flight Preferences and Loyalty points including end-to-end testing, GraphQL and CI/CD. This web application is the theme of Build on Serverless Season 2 on AWS Twitch running from April 24th until end of July. AWS Lambda Supports Failure-Handling Features for Kinesis and DynamoDB Event Sources OnFailure - AWS Lambda Running AWS commands from Slack using AWS Chatbot | AWS DevOps Blog AWS Lambda Supports Parallelization Factor for Kinesis and DynamoDB Event Sources Amazon RDS Proxy - Amazon Web Services Amazon CodeGuru - Amazon Web Services Re-imagining developer productivity with AI-assisted tools | Visual Studio Blog Amazon Braket –量子コンピューティングを開始しましょう | Amazon Web Services ブログ Amazon Braket Hardware Providers - Amazon Web Services Amazon SageMaker Studio: 機械学習のための初の統合開発環境 | Amazon Web Services ブログ Amazon SageMaker Experiments – 機械学習モデルの整理、追跡、比較、評価 | Amazon Web Services ブログ Amazon SageMaker Autopilot – Automatically Create High-Quality Machine Learning Models With Full Control And Visibility | AWS News Blog AWS DeepComposer バッハからジャズまでオリジナル曲を瞬時に作るMuseNet | TechCrunch Japan Announcing HTTP APIs for Amazon API Gateway | AWS Compute Blog Choosing Between HTTP APIs and REST APIs - Amazon API Gateway 新機能 – 加重ターゲットグループの使用によって Application Load Balancer がデプロイメントをシンプルに | Amazon Web Services ブログ Amazon Managed Apache Cassandra Service - Amazon Web Services 時系列データベースという概念をクラウドの技で再構築する - ゆううきブログ [レポート] (ANT230) [NEW LAUNCH!] Amazon Redshift の再設計: RA3 と AQUA #reinvent2019 ｜ Developers.IO Amazon DynamoDB Accelerator (DAX) – Fully managed in-memory cache for DynamoDB Business Intelligence and Big Data Analytics Software スタートアップのためのコンテナ入門 – Kubernetes 編 | AWS Startup ブログ AWS Wavelength - Amazon Web Services フィードバックもお待ちしております！ #ajitofm までどうぞ。 本年もご愛聴どうもありがとうございました。良いお年を！

In this demo, learn how to upgrade to use AWS Lake Formation permissions. We start with a simple data lake that has fine-grained access control on the AWS Glue Data Catalog using AWS Identity and Access Management policies. We then upgrade to using Lake Formation permissions.

Security is paramount at Coinbase, and this includes its serverless applications. However, Coinbase doesn't want security to get in the way of its developers' productive and smooth serverless experience. Come learn how to use the AWS Serverless Application Model (AWS SAM) to develop serverless applications in a security-conscious organization. See how understanding features of AWS Lambda, AWS CloudFormation, and AWS Identity and Access Management (IAM) helps you provide a secure way to take your serverless ideas to production. We also go over our open-source tool Fenrir, which has reduced time and friction in the deployment of serverless applications while maintaining high security standards. This presentation is brought to you by Coinbase, an APN Partner.

In this session, you learn how to use Cisco Container Platform (part of the Cisco Hybrid Solution for Kubernetes on AWS) to set up and configure Kubernetes clusters in your data center and on AWS. We demonstrate installing and configuring Cisco Container Platform, setting up clusters on top of VMware infrastructure, and leveraging AWS Identity and Access Management (IAM) credentials to set up clusters in Amazon Elastic Kubernetes Service (Amazon EKS). This presentation is brought to you by Cisco, an APN Partner.

In this session, we walk through what you need to do to be prepared to respond to security incidents in your AWS environments. We start off with planning best practices, move through the configurations that will help deliver protective and detective controls, then finally show you how you can improve your response capability. Learn how AWS Organizations, AWS Identity and Access Management (IAM), Amazon GuardDuty, AWS Security Hub, AWS Lambda, AWS WAF, AWS Systems Manager, and AWS Key Management Service (AWS KMS) can help take you from protect and detect to respond and recover.

AWS Identity and Access Management Access Analyzer is a new capability for security teams and administrators to validate that resource policies only provide the intended public and cross-account access. IAM Access Analyzer uses automated reasoning, which applies logic and mathematical inference to inspect resource policies. We will demonstrate how to use IAM Access Analyzer to identify resource policies that don't comply with your organization's security requirements and then proactively protect resources from unintended access. Learn how Millennium Management uses IAM Access Analyzer across their company to analyze policies associated with Amazon S3 buckets, AWS KMS keys, and more.

The number, range, and breadth of AWS services are large, but the set of techniques that you, as a builder in the cloud, will use to secure them is not. Your cloud journey starts with this breakout session, in which we get you up to speed quickly on the practical fundamentals to do identity and authorization right in AWS.

Digital identity is one of the fastest growing and fastest changing parts of the cloud. Zero-trust networks, GDPR concerns, and new IoT opportunities have been dominating cloud news coverage. In this session, learn about significant industry changes that will affect the way AWS approaches identity for both workforce and consumer customers. We announce new features, discuss our participation in open standards and industry groups, and explain how we're making identity, access control, and resource management easier for you every day.

AWS's rich set of features enable running high-security workloads on Amazon Elastic Kubernetes Service (Amazon EKS). In this session, we explore solutions with the real-life example of how HSBC's cloud services team built a secure multi-tenant platform for the company's application teams to run mission-critical containerized applications on Amazon EKS. Amazon EKS and HSBC engineers discuss security features, best practices, and lessons learned from operating secure Amazon EKS clusters. Topics include network security, Linux host security, AWS Identity and Access Management (IAM)integrations, IAM for service accounts, Kubernetes RBAC and Namespaces, and integrating logging and monitoring of the Kubernetes control-plane and worker nodes.

It’s the re:Invent episode! We also have digressions/delights on why Oracle is so sticky despite (rival vendors tell us) how much people want to leave it. And, since it’s that time of year, Sinterklaas. Sometime in December we’ll do a listener questions (and our answers) episode. Send us your questions in Slack or in Twitter or whatever with by tagging them with hashbrowns #asksdt. Mood board: #asksdt “Where are you thought-lording us to?” Pepernoot (https://en.wikipedia.org/wiki/Pepernoot). Always pack a back-up croissant. Here’s the thing with bread. I thought he hated the swans. Dogs clearly rank as humanities number one friend. Then it’s bread/alcohol. Everyone knows when Bastille Day is Coté. Halloween in London grocery stores: not this shit again. They got a pee-jug back there? Relevant to your interests AWS re:Invent AWS Launches & Previews at re:Invent 2019 – Sunday, December 1st (https://aws.amazon.com/blogs/aws/aws-launches-previews-at-reinvent-2019-sunday-december-1st/) AWS DeepRacer Update – New Features & New Racing Opportunities (https://aws.amazon.com/blogs/aws/aws-deepracer-update-new-features-new-racing-opportunities/) AWS DeepComposer – Compose Music with Generative Machine Learning Models (https://aws.amazon.com/blogs/aws/aws-deepcomposer-compose-music-with-generative-machine-learning-models/) AWS End-of-Support Migration Program for Windows Server (https://aws.amazon.com/blogs/aws/new-program-to-future-proof-windows-server-applications/) Amazon Transcribe Medical – Real-Time Automatic Speech Recognition for Healthcare Customers (http://feedproxy.google.com/~r/AmazonWebServicesBlog/~3/ikfP6jz4tHY/) Automate OS Image Build Pipelines with EC2 Image Builder (https://aws.amazon.com/blogs/aws/automate-os-image-build-pipelines-with-ec2-image-builder/) No Monday blog post with announcements? AWS Launches & Previews at re:Invent 2019 – Tuesday, December 3rd (https://aws.amazon.com/blogs/aws/aws-launches-previews-at-reinvent-2019-tuesday-december-3rd/) AWS Outposts brings hybrid cloud support – but only for Amazon (https://searchaws.techtarget.com/news/252474945/AWS-Outposts-brings-hybrid-cloud-support-but-only-for-Amazon) Amazon EKS on AWS Fargate Now Generally Available (https://aws.amazon.com/blogs/aws/amazon-eks-on-aws-fargate-now-generally-available/) Coming Soon – Graviton2-Powered General Purpose, Compute-Optimized, & Memory-Optimized EC2 Instances (https://aws.amazon.com/blogs/aws/coming-soon-graviton2-powered-general-purpose-compute-optimized-memory-optimized-ec2-instances/) Amazon SageMaker Processing – Fully Managed Data Processing and Model Evaluation (https://aws.amazon.com/blogs/aws/amazon-sagemaker-processing-fully-managed-data-processing-and-model-evaluation/) Amazon Managed Apache Cassandra Service (MCS) (https://aws.amazon.com/blogs/aws/new-amazon-managed-apache-cassandra-service-mcs/) Easily Manage Shared Data Sets with Amazon S3 Access Points (https://aws.amazon.com/blogs/aws/easily-manage-shared-data-sets-with-amazon-s3-access-points/) Amazon Redshift Update – Next-Generation Compute Instances and Managed, Analytics-Optimized Storage (https://aws.amazon.com/blogs/aws/amazon-redshift-update-next-generation-compute-instances-and-managed-analytics-optimized-storage/) AWS Launches & Previews at re:Invent 2019 – Wednesday, December 4th (https://aws.amazon.com/blogs/aws/aws-launches-previews-at-reinvent-2019-wednesday-december-4th/) Amazon Braket – Get Started with Quantum Computing (https://aws.amazon.com/blogs/aws/amazon-braket-get-started-with-quantum-computing/) Announcing UltraWarm (Preview) for Amazon Elasticsearch Service (https://aws.amazon.com/blogs/aws/announcing-ultrawarm-preview-for-amazon-elasticsearch-service/) Identify Unintended Resource Access with AWS Identity and Access Management (IAM) Access Analyzer (https://aws.amazon.com/blogs/aws/identify-unintended-resource-access-with-aws-identity-and-access-management-iam-access-analyzer/) Amazon Kendra AI search tool indexes enterprise data (https://aws.amazon.com/kendra/) Oxid (https://oxide.computer/)e (https://oxide.computer/) - nice cake! John Chambers and a star team of ex-Cisco engineers have finally launched Pensando Systems, a startup with $278 million in funding, to take on Amazon — and Cisco (https://www.businessinsider.com/john-chambers-pensando-systems-cisco-stars-amazon-2019-10). A letter from Larry and Sergey (https://blog.google/inside-google/alphabet/letter-from-larry-and-sergey). Nonsense Costco Pays Dearly for Shopping SNAFU (https://www.newser.com/story/283702/costco-pays-dearly-for-shopping-snafu.html) The Taco Cleanse Is a Real Diet — and Involves Eating Tacos All Day (https://people.com/food/taco-cleanse-we-tried-it/) United Changes it Frequent Flyer Program (https://mileageplusupdates.com/mileageplus/english/upgrades/) The Effort to Make Everyone Look Less Awful on Video Conference Calls (https://slate.com/human-interest/2019/12/video-conferencing-is-the-worst.html) (https://mileageplusupdates.com/mileageplus/english/upgrades/) Sponsors SolarWinds: To try it FREE for 14 days, just go to http://loggly.com/sdt. If it logs, it can log to Loggly. PagerDuty: To see how companies like GE, Vodafone, Box and American Eagle Outfitters rely on PagerDuty to continuously improve their digital operations visit https://pagerduty.com. . Conferences, et. al. December 12-13 2019 - Kubernetes Forum Sydney (https://events.linuxfoundation.org/events/kubernetes-summit-sydney-2019/) NO-SSH-JJ wants you go to DeliveryConf (https://www.deliveryconf.com/) in Seattle on Jan 21st & 22nd (https://www.deliveryconf.com/), Use promo code: SDT10 to get 10% off. JJ wants you to read about Delivery Conf Format too (https://www.deliveryconf.com/format). June 1-4: ChefConf 2020 (https://chefconf.chef.io/) Jordi wants you to go to GitLab Commit (https://about.gitlab.com/events/commit/) Jan. 14th SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/) or LinkedIn (https://www.linkedin.com/company/software-defined-talk/) Listen to the Software Defined Interviews Podcast (https://www.softwaredefinedinterviews.com/). Check out the back catalog (http://cote.coffee/howtotech/). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté’s book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Recommendations Matt: SysAdvent 2019 (https://sysadvent.blogspot.com/2019/) Brandon: The Irishmen (https://www.netflix.com/title/80175798); Venture Capital and Control with Dave Teare (https://rework.fm/venture-capital-and-control-with-david-teare/). Coté: Pivot (https://podcasts.apple.com/us/podcast/pivot/id1073226719) podcast; Art as Therapy (https://www.goodreads.com/book/show/17899481-art-as-therapy?from_search=true&qid=98oDN0EKI0&rank=1) book.

# S01 E12: Nuevos proyectos en CNCF - Conducido por @domix-4 y @markomo - 10-Noviembre-2019 ## Revisión de las noticias * [CNCF announces Vitess Graduation](https://www.cncf.io/announcement/2019/11/05/cloud-native-computing-foundation-announces-vitess-graduation/) * [Kubernetes Documentation Survey](https://kubernetes.io/blog/2019/10/29/kubernetes-documentation-end-user-survey/) * [Serverless Specification CloudEvents Reaches Version 1.0](https://www.cncf.io/announcement/2019/10/28/serverless-specification-cloudevents-reaches-version-1-0/) * [Container Usage Report: New Kubernetes and security insights](https://sysdig.com/blog/sysdig-2019-container-usage-report/) * []() ## Twitter! * [Migrating AWS Lambda's front end from Java 8 to Java 11](https://twitter.com/nconnaughton/status/1190012822790520848) * [PTES (Penetration testing execution standard) document :](https://twitter.com/binitamshah/status/1193426606355824640) * [The open source Jaeger distributed tracing platform has officially graduated into the top tier of projects being stewarded by the CNCF.](https://twitter.com/devopsdotcom/status/1193150263231680512) * [AWS App Mesh launches HTTP2 and gRPC support!](https://twitter.com/_shubha/status/1192598521024663553) * []() ## Referencias y Recursos * [VisualVM](https://visualvm.github.io/) * Micronaut 1.2.6 * [What's new](https://docs.micronaut.io/1.2.6/guide/index.html#whatsNew) * [Micronaut Kubernetes](https://micronaut-projects.github.io/micronaut-kubernetes/1.0.0/guide/) * [Knative = Kubernetes Networking++](https://ahmet.im/blog/knative-better-kubernetes-networking/) * [Use your own keys to protect your data on GKE](https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-use-your-own-keys-to-protect-your-data-on-gke) ## Repos chingones de código * kubectl plugins * [https://github.com/kubernetes-sigs/krew/] * [https://github.com/kubernetes-sigs/krew-index/blob/master/plugins.md] * [wttr.in](https://github.com/chubin/wttr.in) * [curl es.wttr.in/Mexico+city](http://es.wttr.in/Mexico+city) * [curl wttr.in/Los+Angeles](http://wttr.in/Los+Angeles) * [curl wttr.in/Moon](http://wttr.in/Moon) * [curl wttr.in/Moon@2019-12-25](http://wttr.in/Moon@2019-12-25) * [cheat.sh](https://github.com/chubin/cheat.sh) * [curl cht.sh/:list](http://cht.sh/:list) * [curl cheat.sh/kubectl](http://cheat.sh/kubectl) * [curl cheat.sh/go/Pointers](http://cheat.sh/go/Pointers) * [curl cheat.sh/rust/:learn](http://cheat.sh/rust/:learn) * [curl http://cheat.sh/latency # Latency](http://cheat.sh/latency) * [rate.sx](https://github.com/chubin/rate.sx) * [curl rate.sx/](http://rate.sx/) * [curl rate.sx/btc # bitcoin for last 24hrs](http://rate.sx/btc) * [curl rate.sx/btc@2w #bitcoin for last 2 weeks](http://rate.sx/btc@2w) * [curl mxn.rate.sx/btc@2w # bitcoin price for last 2 weeks in Mexican peso](http://mxn.rate.sx/btc@2w) ## Eventos * Re:Invent 2019 * [Guide to AWS Identity sessions, workshops, and chalk talks](https://aws.amazon.com/blogs/security/aws-reinvent-2019-guide-to-aws-identity-sessions-workshops-chalk-talks/) * [Guide to AWS storage: How to maximize your time in Vegas!](https://aws.amazon.com/blogs/storage/your-aws-storage-guide-to-reinvent-2019-how-to-maximize-your-time-in-vegas/) * [Guide to AWS Mobile, Web and Front end](https://aws.amazon.com/blogs/mobile/amplify-reinvent-2019-guide/) * [Guide AWS Security](https://aws.amazon.com/blogs/security/aws-reinvent-2019-security-guide-sessions-workshops-and-chalk-talks/) * [Guide to AWS Artificial Intelligence and Machine Learning](https://aws.amazon.com/blogs/machine-learning/your-guide-to-artificial-intelligence-and-machine-learning-at-reinvent-2019/)

In this monster episode of AWS TechChat, Shane and Tom (yes he is back) come at you with a raft of short sharp and important updates that occurred in the month of July in the year 2019. They started the show with two Amazon CloudWatch updates. Amazon CloudWatch Anomaly Detection, which applies machine learning to continuously analyze a specific CloudWatch metrics determines a nominal baseline, and surfaces anomalies, all without user intervention before introducing you to Amazon CloudWatch Container Insights and as the sticker says, is a fully managed service to help monitor and troubleshoot containers. Both of these additions are not GA but get your hands dirty and have a play. They then pivoted by introducing you to a new service, Amazon EventBridge, which is a serverless event bus that routes real-time data streams from your applications and services to targets like AWS Lambda. EventBridge facilitates event-driven application development by simplifying the process of ingesting and delivering events across your application architecture, and by providing built-in security and error handling. What's more, there are built-in integrations from the likes of ZenDesk, Pager Duty, and more. On the Amazon Relational Database Service (RDS) front, we spoke of four updates. 1. Amazon RDS for Oracle Supports Oracle Application Express (APEX) Version 19.1 2. Amazon Aurora PostgreSQL Serverless has gone GA. 3. Amazon RDS for PostgreSQL supports new minor versions. 4. Amazon RDS introduces Compatibility Checks for Upgrades from MySQL 5.7 to MySQL 8.0. Another new feature - Amazon EC2 Instance Connect, introduces that ability to control Secure Shell (SSH) access to your instances using AWS Identity and Access Management (IAM) policies, plus with AWS CloudTrail events giving you a centralized way to audit your SSH connections. Finally, Tom snuck in some last-minute updates around Amazon AppStream 2.0 and Amazon WorkSpaces. Amazon AppStream 2.0 adding in support for Windows Server 2016 and Windows Server 2019 base images. Amazon WorkSpaces is now allowing you to copy your Amazon WorkSpaces Images across AWS regions. Speakers: Shane Baldacchino - Solutions Architect, ANZ, AWS Tom McMeekin - Solutions Architect, AWS Resources: Amazon CloudWatch https://aws.amazon.com/cloudwatch/ Amazon CloudWatch Anomaly Detection https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-amazon-cloudwatch-anomaly-detection-now-in-preview/ Amazon CloudWatch Container Insights https://aws.amazon.com/about-aws/whats-new/2019/05/cloudwatch-container-insights-for-eks-and-kubernetes-preview/ Amazon EventBridge https://aws.amazon.com/eventbridge/ Amazon RDS for Oracle Supports Oracle Application Express (APEX) Version 19.1 https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-rds-oracle-supports-oracle-application-express-version-191/ Amazon Aurora with PostgreSQL Compatibility Supports Serverless https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-aurora-with-postgresql-compatibility-supports-serverless/ Amazon RDS for PostgreSQL supports new minor versions https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-rds-postgresql-supports-minor-version-112/ Amazon RDS introduces Compatibility Checks https://aws.amazon.com/about-aws/whats-new/2019/07/amazon_rds_introduces_compatibility_checks/ Introducing Amazon EC2 Instance Connect https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-amazon-ec2-instance-connect/ AWS Identity and Access Management (IAM) https://aws.amazon.com/iam/ AWS CloudTrail https://aws.amazon.com/cloudtrail/ Amazon AppStream 2.0 adds support for Windows Server 2016 and Windows Server 2019 https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-appstream-20-adds-support-for-windows-server-2016-and-windows-server-2019/ Amazon WorkSpaces now supports copying Images across AWS Regions https://aws.amazon.com/about-aws/whats-new/2019/06/amazon_workspaces_now_supports_copying_images_across_aws_regions/

Simon hosts an update show with lots of great new features and capabilities! Chapters: Developer Tools 0:26 Storage 3:02 Compute 5:10 Database 10:31 Networking 13:41 Analytics 16:38 IoT 18:23 End User Computing 20:19 Machine Learning 21:12 Application Integration 24:02 Management and Governance 24:23 Migration 26:05 Security 26:56 Training and Certification 29:57 Blockchain 30:27 Quickstarts 31:06 Shownotes: Topic || Developer Tools Announcing AWS X-Ray Analytics – An Interactive approach to Trace Analysis | https://aws.amazon.com/about-aws/whats-new/2019/04/aws_x_ray_interactive_approach_analyze_traces/ Quickly Search for Resources across Services in the AWS Developer Tools Console | https://aws.amazon.com/about-aws/whats-new/2019/05/search-resources-across-services-developer-tools-console/ AWS Amplify Console adds support for Incoming Webhooks | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-amplify-console-adds-support-for-incoming-webhooks/ AWS Amplify launches an online community for fullstack serverless app developers | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-amplify-launches-an-online-community-for-fullstack-serverless-app-developers/ AWS AppSync Now Enables More Visibility into Performance and Health of GraphQL Operations | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-appsync-now-enables-more-visibility-into-performance-and-hea/ AWS AppSync Now Supports Configuring Multiple Authorization Types for GraphQL APIs | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-appsync-now-supports-configuring-multiple-authorization-type/ Topic || Storage Amazon S3 Introduces S3 Batch Operations for Object Management | https://aws.amazon.com/about-aws/whats-new/2019/04/Amazon-S3-Introduces-S3-Batch-Operations-for-Object-Management/ AWS Snowball Edge adds block storage – Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-snowball-edge-adds-block-storage-for-edge-computing-workload/ Amazon FSx for Windows File Server Adds Support for File System Monitoring with Amazon CloudWatch | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-fsx-for-windows-file-server-adds-support-for-cloudwatch/ AWS Storage Gateway enhances access control for SMB shares to store and access objects in Amazon S3 buckets | https://aws.amazon.com/about-aws/whats-new/2019/05/AWS-Storage-Gateway-enhances-access-control-for-SMB-shares-to-access-objects-in-Amazon-s3/ Topic || Compute AWS Lambda adds support for Node.js v10 | https://aws.amazon.com/about-aws/whats-new/2019/05/aws_lambda_adds_support_for_node_js_v10/ AWS Serverless Application Model (SAM) supports IAM permissions and custom responses for Amazon API Gateway | https://aws.amazon.com/about-aws/whats-new/2019/aws_serverless_application_Model_support_IAM/ AWS Step Functions Adds Support for Workflow Execution Events | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-step-functions-adds-support-for-workflow-execution-events/ Amazon EC2 I3en instances, offering up to 60 TB of NVMe SSD instance storage, are now generally available | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-ec2-i3en-instances-are-now-generally-available/ Now Create Amazon EC2 On-Demand Capacity Reservations Through AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/04/now-create-amazon-ec2-on-demand-capacity-reservations-through-aws-cloudformation/ Share encrypted AMIs across accounts to launch instances in a single step | https://aws.amazon.com/about-aws/whats-new/2019/05/share-encrypted-amis-across-accounts-to-launch-instances-in-a-single-step/ Launch encrypted EBS backed EC2 instances from unencrypted AMIs in a single step | https://aws.amazon.com/about-aws/whats-new/2019/05/launch-encrypted-ebs-backed-ec2-instances-from-unencrypted-amis-in-a-single-step/ Amazon EKS Releases Deep Learning Benchmarking Utility | https://aws.amazon.com/about-aws/whats-new/2019/05/-amazon-eks-releases-deep-learning-benchmarking-utility-/ Amazon EKS Adds Support for Public IP Addresses Within Cluster VPCs | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-eks-adds-support-for-public-ip-addresses-within-cluster-v/ Amazon EKS Simplifies Kubernetes Cluster Authentication | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-eks-simplifies-kubernetes-cluster-authentication/ Amazon ECS Console support for ECS-optimized Amazon Linux 2 AMI and Amazon EC2 A1 instance family now available | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-ecs-console-support-for-ecs-optimized-amazon-linux-2-ami-/ AWS Fargate PV1.3 now supports the Splunk log driver | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-fargate-pv1-3-now-supports-the-splunk-log-driver/ Topic || Databases Amazon Aurora Serverless Supports Capacity of 1 Unit and a New Scaling Option | https://aws.amazon.com/about-aws/whats-new/2019/04/amazon_aurora_serverless_now_supports_a_minimum_capacity_of_1_unit_and_a_new_scaling_option/ Aurora Global Database Expands Availability to 14 AWS Regions | https://aws.amazon.com/about-aws/whats-new/2019/05/Aurora_Global_Database_Expands_Availability_to_14_AWS_Regions/ Amazon DocumentDB (with MongoDB compatibility) now supports per-second billing | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-documentdb-now-supports-per-second-billing/ Performance Insights is Generally Available on Amazon Aurora MySQL 5.7 | https://aws.amazon.com/about-aws/whats-new/2019/05/Performance-Insights-GA-Aurora-MySQL-57/ Performance Insights Supports Counter Metrics on Amazon RDS for Oracle | https://aws.amazon.com/about-aws/whats-new/2019/05/performance-insights-countermetrics-on-oracle/ Performance Insights Supports Amazon Aurora Global Database | https://aws.amazon.com/about-aws/whats-new/2019/05/performance-insights-global-datatabase/ Amazon ElastiCache for Redis adds support for Redis 5.0.4 | https://aws.amazon.com/about-aws/whats-new/2019/05/elasticache-redis-5-0-4/ Amazon RDS for MySQL Supports Password Validation | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-rds-for-mysql-supports-password-validation/ Amazon RDS for PostgreSQL Supports New Minor Versions 11.2, 10.7, 9.6.12, 9.5.16, and 9.4.21 | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-rds-postgresql-supports-minor-version-112/ Amazon RDS for Oracle now supports April Oracle Patch Set Updates (PSU) and Release Updates (RU) | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-rds-for-oracle-now-supports-april-oracle-patch-set-updates-psu-and-release-updates-ru/ Topic || Networking Elastic Fabric Adapter Is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/04/elastic-fabric-adapter-is-now-generally-available/ Migrate Your AWS Site-to-Site VPN Connections from a Virtual Private Gateway to an AWS Transit Gateway | https://aws.amazon.com/about-aws/whats-new/2019/04/migrate-your-aws-site-to-site-vpn-connections-from-a-virtual-private-gateway-to-an-aws-transit-gateway/ Announcing AWS Direct Connect Support for AWS Transit Gateway | https://aws.amazon.com/about-aws/whats-new/2019/04/announcing-aws-direct-connect-support-for-aws-transit-gateway/ Amazon CloudFront announces 11 new Edge locations in India, Japan, and the United States | https://aws.amazon.com/about-aws/whats-new/2019/05/cloudfront-11locations-7may2019/ Amazon VPC Endpoints Now Support Tagging for Gateway Endpoints, Interface Endpoints, and Endpoint Services | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-vpc-endpoints-now-support-tagging-for-gateway-endpoints-interface-endpoints-and-endpoint-services/ Topic || Analytics Amazon EMR announces Support for Multiple Master nodes to enable High Availability for EMR applications | https://aws.amazon.com/about-aws/whats-new/2019/04/amazon-emr-announces-support-for-multiple-master-nodes-to-enable-high-availability-for-EMR-applications/ Amazon EMR now supports Multiple Master nodes to enable High Availability for HBase clusters | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-emr-now-supports-multiple-master-nodes-to-enable-high-availability-for-hbase-clusters/ Amazon EMR announces Support for Reconfiguring Applications on Running EMR Clusters | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-emr-announces-support-for-reconfiguring-applications-on-running-emr-clusters/ Amazon Kinesis Data Analytics now allows you to assign AWS resource tags to your real-time applications | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon_kinesis_data_analytics_now_allows_you_to_assign_aws_resource_tags_to_your_real_time_applications/ AWS Glue crawlers now support existing Data Catalog tables as sources | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-glue-crawlers-now-support-existing-data-catalog-tables-as-sources/ Topic || IoT AWS IoT Analytics Now Supports Faster SQL Data Set Refresh Intervals | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-iot-analytics-now-supports-faster-sql-data-set-refresh-intervals/ AWS IoT Greengrass Adds Support for Python 3.7, Node v8.10.0, and Expands Support for Elliptic-Curve Cryptography | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-iot-greengrass-adds-support-python-3-7-node-v-8-10-0-and-expands-support-elliptic-curve-cryptography/ AWS Releases Additional Preconfigured Examples for FreeRTOS on Armv8-M | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-releases-additional-freertos-preconfigured-examples-armv8m/ AWS IoT Device Defender supports monitoring behavior of unregistered devices | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-iot-device-defender-supports-monitoring-behavior-of-unregistered-devices/ AWS IoT Analytics Now Supports Data Set Content Delivery to Amazon S3 | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-iot-analytics-now-supports-data-set-content-delivery-to-amaz/ Topic || End User Computing Amazon AppStream 2.0 adds configurable timeouts for idle sessions | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-appstream-2-0-adds-configurable-timeouts-for-idle-session/ Monitor Emails in Your Workmail Organization Using Cloudwatch Metrics and Logs | https://aws.amazon.com/about-aws/whats-new/2019/05/monitor-emails-in-your-workmail-organization-using-cloudwatch-me/ You can now use custom chat bots with Amazon Chime | https://aws.amazon.com/about-aws/whats-new/2019/05/you-can-now-use-custom-chat-bots-with-amazon-chime/ Topic || Machine Learning Developers, start your engines! The AWS DeepRacer Virtual League kicks off today. | https://aws.amazon.com/about-aws/whats-new/2019/04/AWSDeepRacerVirtualLeague/ Amazon SageMaker announces new features to the built-in Object2Vec algorithm | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-sagemaker-announces-new-features-to-the-built-in-object2v/ Amazon SageMaker Ground Truth Now Supports Automated Email Notifications for Manual Data Labeling | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-sagemaker-ground-truth-now-supports-automated-email-notif/ Amazon Translate Adds Support for Hindi, Farsi, Malay, and Norwegian | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon_translate_support_hindi_farsi_malay_norwegian/ Amazon Transcribe now supports Hindi and Indian-accented English | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-transcribe-supports-hindi-indian-accented-english/ Amazon Comprehend batch jobs now supports Amazon Virtual Private Cloud | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-comprehend-batch-jobs-now-supports-amazon-virtual-private-cloud/ New in AWS Deep Learning AMIs: PyTorch 1.1, Chainer 5.4, and CUDA 10 support for MXNet | https://aws.amazon.com/about-aws/whats-new/2019/05/new-in-aws-deep-learning-amis-pytorch-1-1-chainer-5-4-cuda10-for-mxnet/ Topic || Application Integration Amazon MQ Now Supports Resource-Level and Tag-Based Permissions | https://aws.amazon.com/about-aws/whats-new/2019/04/amazon-mq-now-supports-resource-level-and-tag-based-permissions/ Amazon SNS Adds Support for Cost Allocation Tags | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-sns-adds-support-for-cost-allocation-tags/ Topic || Management and Governance Reservation Expiration Alerts Now Available in AWS Cost Explorer | https://aws.amazon.com/about-aws/whats-new/2019/05/reservation-expiration-alerts-now-available-in-aws-cost-explorer/ AWS Systems Manager Patch Manager Supports Microsoft Application Patching | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-systems-manager-patch-manager-supports-microsoft-application-patching/ AWS OpsWorks for Chef Automate now supports Chef Automate 2 | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-opsworks-for-chef-automate-now-supports-chef-automate-2/ AWS Service Catalog Connector for ServiceNow supports CloudFormation StackSets | https://aws.amazon.com/about-aws/whats-new/2019/05/service-catalog-servicenow-connector-now-supports-stacksets/ Topic || Migration AWS Migration Hub EC2 Recommendations | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-migration-hub-ec2-recommendations/ Topic || Security Amazon GuardDuty Adds Two New Threat Detections | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-guardduty-adds-two-new-threat-detections/ AWS Security Token Service (STS) now supports enabling the global STS endpoint to issue session tokens compatible with all AWS Regions | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-security-token-service-sts-now-supports-enabling-the-global-sts-endpoint-to-issue-session-tokens-compatible-with-all-aws-regions/ AWS WAF Security Automations Now Supports Log Analysis | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-waf-security-automations-now-supports-log-analysis/ AWS Certificate Manager Private Certificate Authority Increases Certificate Limit To One Million | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-certificate-manager-private-certificate-authority-increases-certificate-limit-to-one-million/ Amazon Cognito launches enhanced user password reset API for administrators | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-cognito-launches-enhanced-user-password-reset-api-for-administrators/ AWS Secrets Manager supports more client-side caching libraries to improve secrets availability and reduce cost | https://aws.amazon.com/about-aws/whats-new/2019/05/Secrets-Manager-Client-Side-Caching-Libraries-in-Python-NET-Go/ Create fine-grained session permissions using AWS Identity and Access Management (IAM) managed policies | https://aws.amazon.com/about-aws/whats-new/2019/05/session-permissions/ Topic || Training and Certification New VMware Cloud on AWS Navigate Track | https://aws.amazon.com/about-aws/whats-new/2019/04/vmware-navigate-track/ Topic || Blockchain Amazon Managed Blockchain What's New | https://aws.amazon.com/about-aws/whats-new/2019/04/introducing-amazon-managed-blockchain/ Topic || Quick Starts New Quick Start deploys SAP S/4HANA on AWS | https://aws.amazon.com/about-aws/whats-new/2019/05/new-quick-start-deploys-sap-s4-hana-on-aws/

Serverless architecture and a microservices approach has changed the way we develop applications. Increased composability doesn't have to mean decreased auditability or security. In this talk, we discuss the security model for applications based on AWS Lambda functions and Amazon API Gateway. Learn about the security and compliance that comes with Lambda right out of the box and with no extra charge or management. We also cover services like AWS Config, AWS Identity and Access Management (IAM), Amazon Cognito, and AWS Secrets Manager available on the platform to help manage application security.

Most workloads on AWS resemble a finely crafted cake, with delight at every layer. In this session, we help you master identity at each layer of deliciousness: from platform, to infrastructure, to applications, using services like AWS Identity and Access Management (IAM), AWS Directory Service, Amazon Cognito, and many more. Leave with a firm mental model for how identity works both harmoniously and independently throughout these layers, and with ready-to-use reference architectures and sample code. We keep things fun and lively along the way with lots of demos, which will hopefully make up for our decided lack of anything resembling the sweet confections we'll be talking so much about!

Traditional solutions for using Microsoft Active Directory across on-premises and AWS Cloud Windows workloads can require complex networking or synching identities across multiple systems. AWS Directory Service for Microsoft Active Directory, also known as AWS Managed AD, offers you actual Microsoft Active Directory on the AWS Cloud as a managed service. In this session, you learn how Capital One uses AWS Managed AD to provide highly available authentication and authorization services for its Windows workloads, such as Amazon RDS for SQL Server. We detail how Capital One uses Lambda, Python, and PowerShell with cross-account AWS Identity and Access Management (IAM) roles to automate directory deployment across AWS accounts. We also cover best practices for integrating AWS Managed AD with your on-premises domain securely, and show you how to automate the joining of AWS resources to your managed domain.

Learn best practices for Amazon Simple Storage Service (Amazon S3) performance optimization, security, data protection, storage management, and much more. Learn how to optimize key naming to increase throughput, apply the appropriate AWS Identity and Access Management (IAM) and encryption configurations, and leverage object tagging and other features to enhance security.

Are you interested in learning how to control access to your AWS resources? Have you wondered how to best scope permissions to achieve least-privilege permissions access control? If your answer is "yes", this session is for you. We look at the AWS Identity and Access Management (IAM) policy language, starting with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. We explore policy variables, conditions, and tools to help you author least privilege policies. We cover common use cases, such as granting a user secure access to an Amazon S3 bucket or to launch an Amazon EC2 instance of a specific type.

To help prevent unexpected access to your AWS resources, it is critical to maintain strong identity and access policies and track, effectively detect, and react to changes. In this session you will learn how to use AWS Identity and Access Management (IAM) to control access to AWS resources and integrate your existing authentication system with IAM. We will cover how to deploy and control AWS infrastructure using code templates, including change management policies with AWS CloudFormation. Further, effectively detecting and reacting to changes in posture or adverse actions requires the ability to monitor and process events. There are several services within AWS that enable this kind of monitoring such as CloudTrail, CloudWatch Events, and the AWS service APIs. We learn how Netflix utilizes a combination of these services to operationalize monitoring of their deployments at scale, and discuss changes made as Netflix's deployment has grown over the years.

For Vanguard, managing the creation of AWS Identity and Access Management (IAM) objects is key to balancing developer velocity and compliance. In this session, you will learn how Vanguard designs IAM roles to control the blast radius of AWS resources and maintain simplicity for developers. Vanguard will also share best practices to help you manage governance and improve your visibility across your AWS resources.

AWS Identity and Access Management (IAM) is the foundation that all AWS services require to function and perform any action. Mastering IAM is the skill set you need in your arsenal so that you can provide best-in-breed services through your application or services to your customers. This session shows you best practices for IAM, the latest service additions, and advanced automation techniques to become a certified IAM ninja.

Manufacturing companies collect vast troves of process data for tracking purposes. Using this data with advanced analytics can optimize operations, saving time and money. In this session, we explore the latest analytics capabilities to support your goals for optimizing the manufacturing plant floor. Learn how to build dashboards that connect to prediction models driven by sensors across manufacturing processes. Learn how to build a data lake on AWS, using services and techniques such as AWS CloudFormation, Amazon EC2, Amazon S3, AWS Identity and Access Management, and AWS Lambda. We also review a reference architecture that supports data ingestion, event rules, analytics, and the use of machine learning for manufacturing analytics.

Today's Datanauts episode explores how to set up Identity and Access Management (IAM) policies in AWS. Our guest is Cole Morrison. The post Datanauts 086: AWS Identity & Access Management Policies appeared first on Packet Pushers.

Today's Datanauts episode explores how to set up Identity and Access Management (IAM) policies in AWS. Our guest is Cole Morrison. The post Datanauts 086: AWS Identity & Access Management Policies appeared first on Packet Pushers.

Today's Datanauts episode explores how to set up Identity and Access Management (IAM) policies in AWS. Our guest is Cole Morrison. The post Datanauts 086: AWS Identity & Access Management Policies appeared first on Packet Pushers.

As the global leader of live entertainment, Live Nation promotes and produces over 22,000 events annually, operates out of 37 countries, and cultivates over 530 million fans globally. To focus on the growth of the business and shed increasing infrastructure costs, the company made the strategic decision to get out of the data center business and go all in with the cloud. Using instrumental services like AWS Import/Export Snowball, VM Import/Export, AWS CloudFormation and AWS Identity and Access Management, VP Cloud Services Jake Burns quickly and efficiently migrated priority business and operational applications, allowing for immediate cost efficiencies. Learn how AWS offerings like Snowball played a decisive role in Live Nation's ability to easily migrate data and enable end users to quickly access applications to minimize operational impact.

With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and will cover solutions for account structure, user configuration, provisioning, networking and operation automation. This solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and Amazon Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations. Additionally, Philips will explain their cloud journey and how they have applied their guiding principles when building their landing zone.

AWS CloudTrail, Amazon CloudWatch Events, AWS Identity & Access Management (IAM), Trusted Advisor, AWS Config Rules, other services? In this session, we will help you use existing and recently launched services to automate configuration governance so that security is embedded in the development process. We outline four easy steps (Control, Monitor, Fix, and Audit) and demonstrate how different services can be used to meet your governance needs. We will showcase real-life examples and you can take home a blog post with code examples and the full source code for scripts and tooling that AWS professional services have built using these services.

Are you interested in learning how to control access to your AWS resources? Have you ever wondered how to best scope down permissions to achieve least privilege permissions access control? If your answer to these questions is 'yes', this session is for you. We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket or to launch an Amazon EC2 instance of a specific type.

This session covers AWS Identity and Access Management (IAM) best practices that can help improve your security posture. We cover how to manage users and their security credentials. We also explain why you should delete your root access keys—or at the very least, rotate them regularly. Using common use cases, we demonstrate when to choose between using IAM users and IAM roles. Finally, we explore how to set permissions to grant least privilege access control in one or more of your AWS accounts.