Monday, December 8, 2014

Amazon AWS re:invent 2014 highlights

Videos from AWS re:invent worth watching:

Must to know:

Advance Usage of AWS CLI:
https://www.youtube.com/watch?v=vP56l7qThNs


Architecture:

Deploy High Availability & DR with AWS:
http://bit.ly/1BKo4fu

Infrastructure as a code:
http://bit.ly/11p59ag

From One to Many: Evolving VPC Design:
http://bit.ly/1Hb1Cwk

Security:

Intrusion detection in the Cloud
http://bit.ly/1xjXWUJ

Delegating Acccess to you AWS environment
http://bit.ly/1xV6MZ9

DevSecOps
http://bit.ly/1H31W0d


Network:

Creating Your virtual Data Center(VPC)
http://bit.ly/1uBuWqY

Black-Belt Networking for the cloud Ninja:
http://bit.ly/1wZmqPd

Amazon VPC Deep Dive
http://bit.ly/1oYAElI

Amazon EC2 Networking Deep Dive and Best Practices:
https://www.youtube.com/watch?v=JUw8y_pqD_Y

Elastic Load Balancing Deep Dive
http://bit.ly/1y4nW4S

Performance:

Maximizing Amazon S3 performance:
http://bit.ly/1y4novI


Monitoring:

Amazon CloudWatch Deep Dive:
http://bit.ly/1yavmac


BigData:

Lessons Learned and the best Practices for running Hadoop on AWS:
http://bit.ly/1vn8OTd

Amazon EMR Deep Dive and Best Practices:
http://bit.ly/1BKl8jg


Need more? Sure!

Bunch of other videos to explore on AWS Youtube channel :
https://amazonwebservices.thismoment.com/us-en/youtube/reinvent20142

And on aws blog:
http://aws.amazon.com/blogs/aws/online-content-from-reinvent-2014/

Amazon AWS re:invent 2014. Cloud security for Enterprise

Amazon AWS re:invent 2014 from infosec point of view in one sentence:
 Giant step towards  Enterprise market and by adding following services.

- AWS Directory Service:  
             "AWS Directory Service is a managed service that allows you to connect your AWS resources with an existing on-premises Microsoft Active Directory or to set up a new, stand-alone directory in the AWS Cloud." 

- AWS Key Management Service
      " AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys."
Nor forget about AWS CloudHSMservice: http://aws.amazon.com/cloudhsm/

- AWS Config
Finaly! - configuration management for AWS. "WS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance."

- AWS Service Catalog
 Narrow variety of AWS services to the list of services your company use and present this as a cusom portal for your employee. " AWS Service Catalog is a service that allows administrators to create and manage approved catalogs of resources that end users can then access via a personalized portal."

The following two services allows you to build centralized log collectors with kind very primitive  SIEM (Cloudwatch alarms) in AWS:
Amazon CloudWatch Logs : "You can now use Amazon CloudWatch to monitor and troubleshoot your systems and applications using your existing system, application, and custom log files. You can send your existing log files to CloudWatch Logs and monitor these logs in near real-time."
AWS CloudTrail integration with CloudWatch:  "This integration enables you to receive SNS notifications from CloudWatch, triggered by specific API activity captured by CloudTrail. With SNS notifications, you can take immediate action when a pattern of interest is detected."

Encryption on any storage:
S3 data encryption 
RDS (Relationship Database service) encryption:
1. Using EBS built-in encryption
2. Use DB specific encryption: 

Infosec certifications: SAS70, ISO27001, PCI DSS, DoD CSM