Aws Re:invent 2017

Are you interested in learning how to control access to your AWS resources? Have you wondered how to best scope permissions to achieve least-privilege permissions access control? If your answer is "yes", this session is for you. We look at the AWS Identity and Access Management (IAM) policy language, starting with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. We explore policy variables, conditions, and tools to help you author least privilege policies. We cover common use cases, such as granting a user secure access to an Amazon S3 bucket or to launch an Amazon EC2 instance of a specific type.

As Coursera has grown, both in traffic and engineering team size, we've put much more emphasis on site performance, reliability, and developer productivity. Solving these problems is more complicated than just scaling up the number of EC2 instances though -- they've required rethinking approaches from the ground up and using better tools for the job.  In this session, Coursera's frontend infrastructure team will walk you through how we leveraged AWS services, including ECS, CodeBuild, and ALBs, to improve site performance by 30% and reduce build times by 80%, all while cutting costs in the process.

We've seen companies like fast-growing startups and large enterprises adopt and evolve strategies to optimize their application deployment to Amazon EC2. Some AWS customers perform in-place updates across their servers. Some perform blue-green deployments to newly provisioned servers. In this session, we'll share the advantages of each approach and talk about the scenarios in which you should choose one over the other. We will also demonstrate how to perform auto-scaling and auto-rollback for deployments.

In cloud migrations, the cloud's elastic nature is often touted as a critical capability in delivering on key business initiatives. However, you must account for it in your security and compliance plans or face some real challenges. Always counting on a virtual host to be running, for example, causes issues when that host is rebooted or retired. Managing security and compliance in the cloud is continuous, requiring forethought and automation. Learn how a leading, next generation managed cloud provider uses automation and cloud expertise to manage security and compliance at scale in an ever-changing environment. Through code examples and live demos, we show tools and automation to provide continuous compliance of your cloud infrastructure.   Session sponsored by 2nd Watch

Deep Learning continues to push the state of the art in domains such as computer vision, natural language understanding, and recommendation engines. In this session, we provide an overview of Deep Learning focusing on relevant application domains. We introduce popular Deep Learning frameworks such as TensorFlow and Apache MXNet, and we discuss how to select the right fit for your targeted use cases. We also walk you through other key considerations for optimizing Deep Learning training and inference, including setting up and scaling your infrastructure on AWS.

Continuous delivery (CD) enables teams to be more agile and quickens the pace of innovation. Too often, however, teams adopt CD without putting the right safety mechanisms in place. In this talk, we discuss opportunities for you to transform your software release process into a safer one. We explore various DevOps best practices, showcasing sample applications and code. We discuss how to set up delivery pipelines with nonproduction testing stages, failure cases, rollbacks, machine and Availability Zone redundancy, canary testing and deployments, and monitoring. We'll use AWS Lambda, AWS CloudFormation, AWS CodePipeline, AWS CodeDeploy, and both Amazon CloudWatch alarms and events.

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. In this session, we introduce the AWS CLI and how to use it to automate common administrative tasks in AWS. We cover several features and usage patterns including Amazon EBS snapshot management and Amazon S3 backups. We show how to combine AWS CLI features to create powerful tools for automation. See how to develop, debug, and deploy these examples in several live, end-to-end examples.

What do you do when leadership embraces what was called "shadow IT" as the new path forward? How do you onboard new accounts while simultaneously pushing policy to secure all existing accounts? This session walks through Cisco's journey consolidating over 700 existing accounts in the Cisco organization, while building and applying Cisco's new cloud policies. Learn valuable tips and hear about mechanisms used to automate the process. Gain insight into how Cisco integrates AWS's security and monitoring with Cisco's enterprise tools, Cisco SSO integration and continuous security auditability on Cisco's AWS account, and Cisco's CI/CD pipelines with AWS to ensure secure development.

Today, more teams are adopting continuous integration (CI) techniques to enable collaboration, increase agility, and deliver a high-quality product faster. Cloud-based development tools such as AWS CodeCommit and AWS CodeBuild can enable teams to easily adopt CI practices without the need to manage infrastructure. In this session, we showcase a Crawl, Walk, and Run approach to CI. In Crawl, we showcase how to use AWS CodeBuild with your master code branch for running a basic CI workflow. In Walk, we add team collaboration capabilities to the previously developed CI workflow and showcase feature branches and pull requests. In Run, we showcase how to optimize the CI workflow for speed and quality with caching, code analysis, and integration testing.

In this session, we dive into design paradigms and architectures that allow you to leverage the power of AWS AI services and Analytics to build intelligent AI systems. Going back to 2001, Washington County jail management system has archived hundred thousands of mugshots and by using Amazon Rekognition and other AWS services, they were able to build a powerful tool for identifying suspects.

Come learn all about AWS Cloud9, AWS's newly announced integrated development environment (IDE) in the cloud. In this session, we'll give an overview of Cloud9 and do a live demo of exciting features and use cases.   With Cloud9 you can write, run, and debug code with just a browser. It includes a code editor, debugger, and terminal. Cloud9 comes pre-packaged with essential tools for popular programming languages including JavaScript, Python, PHP, and more, so you don't need to install files or configure your development machine to start new projects. Since your Cloud9 IDE is cloud-based, you can work on your projects from your office, home, or anywhere using an internet-connected machine. Cloud9 also provides a seamless experience for developing serverless applications allowing you to easily define resources, debug, and switch between local and remote execution of serverless applications. With Cloud9, you can quickly share your development environment with your team, allowing you to pair program and track ea

As Chick-fil-A became a cloud-first organization, their security team didn't want to become the bottleneck for agility. But the security team also wanted to raise the bar for their security posture on AWS. Robert Davis, security architect at Chick-fil-A, provides an overview about how he and his team recognized that writing code was the best way for their security policies to scale across the many AWS accounts that Chick-fil-A operates. The use of DevSecOps within Chick-fil-A led to the creation of a set of account bootstrapping tools, auditing capabilities, and event-based policy enforcement. This session goes over these tools and how they were built on AWS.

Over the last decade AWS has launched more than 90 services. Even today, we continue to innovate at a rapid pace and are adding new features and services. We see backwards compatibility not as a goal to strive for, but as a necessity to maintain our most important asset: customer trust. It's not just the service API that needs to be backwards compatible, client-side libraries need to be able to handle service changes as well. Over the years we've learned how to design API's in a way that preserves backwards compatibility, while continuing to evolve. In this session you will learn: ·       What backwards compatibility means and what forms it may take ·       What impact breaking changes may have on consumers of an API or library ·       How to design to prevent breaking changes while allowing for future enhancements Through this session, you will also pick-up concrete design patterns that you can use and anti-patterns that you can recognize so that your service API or library can continue to grow without b

Managing Infrastructure as Code (IaC) successfully within an organization is a challenge. Regardless of team size, it can turn into a patchwork of solutions causing difficulties collaborating among individuals and teams. Intuit has faced and learned from these challenges, while coordinating among different teams running workloads that provide solutions for different business units.  We developed a system that improved our development process for IaC using AWS CloudFormation. In this session, we demonstrate how to move away from an inconsistent development of infrastructure by complementing common development practices with a solution using the serverless technologies from AWS. We walk through our journey and help you discover an approach to assemble a similar solution for your organization.

This talk dives deep on how to build end-to-end security capabilities using AWS. Our goal is orchestrating AWS Security services with other AWS building blocks to deliver enhanced security. We cover working with AWS CloudWatch Events as a queueing mechanism for processing security events, using Amazon DynamoDB to provide a stateful layer to provide tailored response to events and other ancillary functions, using DynamoDB as an attack signature engine, and the use of analytics to derive tailored signatures for detection with AWS Lambda. Log sources include available AWS sources and also more traditional logs, such as syslog. The talk aims to keep slides to a minimum and demo live as much as possible. The demos come together to demonstrate an end-to-end architecture for SecOps. You'll get a toolkit consisting of code and templates so you can hit the ground running.

AWS CloudFormation enables software and DevOps engineers to harness the power of infrastructure as code. As organizations automate the modeling and provisioning of applications and workloads with CloudFormation, repeatable processes and reliable deployments become more critical.  This session guides you through various techniques to improve your infrastructure automation, including protecting your AWS resources and stacks with safety guardrails while monitoring infrastructure changes.  In addition, we'll cover efficient ways to provision resources across accounts and regions, as show you how to test and improve the reliability of your deployments.

Given the increasing popularity of natural language interfaces such as Voice as User technology or conversational artificial intelligence (AI), Ally® Bank was looking to interact with customers by enabling direct transactions through conversation or voice. They also needed to develop a capability that allows third parties to connect to the bank securely for information sharing and exchange, using oAuth, an authentication protocol seen as the future of secure banking technology. Cognizant's Architecture team partnered with Ally Bank's Enterprise Architecture group and identified the right product for oAuth integration with Amazon Alexa and third-party technologies. In this session, we discuss how building products with conversational AI helps Ally Bank offer an innovative customer experience; increase retention through improved data-driven personalization; increase the efficiency and convenience of customer service; and gain deep insights into customer needs through data analysis and predictive analytics to of

AWS Lambda has emerged as a powerful and cost-effective way for enterprises to quickly deploy services without the need to provision and manage virtual servers. This session includes a hands-on demo of how to use GitHub as the core of a DevOps toolchain. Learn how to leverage AWS integrations with Jenkins, the AWS CLI, and open source software to build, test, and deploy a service to AWS Lambda. We also explore key product updates to GitHub and GitHub Enterprise that are designed to make serverless development easier and more efficient. Session sponsored by GitHub, Inc.

“Infrastructure as Code” has changed not only how we think about configuring infrastructure, but about the infrastructure itself. AWS has been at the core of this movement, enabling your infrastructure teams to benefit from software engineering best practices such as CI/CD, automated testing, and repeatable deployments. Now that you have mastered the art of managing your infrastructure as code, it's time to leverage these same lessons for monitoring and metrics. In this session, we dive into how you can leverage tooling such as AWS, Terraform, and Datadog to programmatically define your monitoring so that you that you can scale your organizational observability along with your infrastructure, and attain consistency from local development all the way through production. Session sponsored by Datadog, Inc.

Every journey to the AWS Cloud is unique. Some customers are migrating existing applications, while others are building new applications using cloud-native services. Along each of these journeys, identity and access management helps customers protect their applications and resources. In this session, you will learn how AWS' Identity Services provide you a secure, flexible, and easy solution for managing identities and access on the AWS Cloud. With AWS' Identity Services, you do not have to adapt to AWS. Instead, you have a choice of services designed to meet you anywhere along your journey to the AWS Cloud.