SlideShare ist ein Scribd-Unternehmen logo

Don’t Sacrifice Performance for Security: Best Practices for Content Delivery

Amazon Web Services
Amazon Web Services

This document summarizes a presentation about using Amazon CloudFront and AWS WAF for securing and accelerating APIs. It discusses the challenges of delivering APIs, how CloudFront addresses these challenges through application acceleration, security features, and high availability. The presentation also provides a case study of how Slack migrated from using Elastic Load Balancing to using CloudFront to deliver their API, improving performance metrics. It concludes with a demonstration of automating protections using Lambda and discusses future plans for rate limiting and blocking malicious traffic.

Technologie
1 von 65
Secured API Acceleration June 23, 2016 Nihar Bihani Principal Product Manager, Amazon CloudFront Alex Graham Sr. Operations Engineer, Slack
Agenda Challenges with Delivering APIs CloudFront for API Delivery Customer Story: Slack @cloudfront
Delivering APIs @cloudfront
API Proliferation 2,418 10,302 0 2000 4000 6000 8000 10000 12000 Jun-05 Sep-05 Dec-05 Mar-06 Jun-06 Sep-06 Dec-06 Mar-07 Jun-07 Sep-07 Dec-07 Mar-08 Jun-08 Sep-08 Dec-08 Mar-09 Jun-09 Sep-09 Dec-09 Mar-10 Jun-10 Sep-10 Dec-10 Mar-11 Jun-11 Sep-11 Dec-11 Mar-12 Jun-12 Sep-12 Dec-12 Mar-13 Jun-13 Sep-13 * Data from ProgrammableWeb #ofpublishedAPIs @cloudfront
Challenges with Delivering APIs API Response Time APIs are often not cacheable Improving performance is non-trivial Security & DDoS Target Protect from DDoS attacks Block malicious activity Scaling & Availability Operational burden Availability risks @cloudfront
How can Amazon CloudFront help APIs @cloudfront
Amazon CloudFront  Global Content Delivery Network  Accelerate Web Applications and APIs  Also, Accelerate images, video etc. @cloudfront
CloudFront for API Delivery: Benefits Application Acceleration Network Optimizations Secured Delivery AWS WAF Inherent DDoS Protection Designed for High Availability Global Edge Network Intelligent Routing AWS WAF @cloudfront
Let’s Dive Deeper @cloudfront
API Delivery: App Acceleration Application Acceleration Network Optimizations AWS WAF @cloudfront
Behind the Scenes: Application Acceleration  CloudFront Latency Based Routing  TCP/IP Optimizations for the Network Path  Keep-Alive Connections to reduce RTT  AWS Backbone Network  SSL/TLS Optimizations @cloudfront
SSL/TLS Optimizations  SSL/TLS Termination close to viewers  OCSP Stapling  Caching Session Tickets CloudFront Edge location Caching Session tickets @cloudfront
API Delivery: Security Secured Delivery AWS WAF Inherent DDoS Protection AWS WAF @cloudfront
DDoS Protection for AWS Infrastructure  Inherent Protection You don’t have to enable anything Layer 3/4 attacks like SYN and UDP floods. Layer 7 attacks like Slowloris  Inline Detection & Mitigation Low MTTR Microsecond latencies  Proven DDoS Mitigation Techniques Targeted and heuristic mitigations virtual private cloud AWS global infrastructure DDoS attack Users AWS DDoS mitigation Amazon CloudFront Amazon Route 53 @cloudfront
DDoS Mitigation Techniques Basic Hygiene Automatically filters invalid Packets e.g., block any UDP destined to CloudFront Traffic ACLs Prioritize good vs bad traffic based on several factors - DNS Request validation - Source IP - Source ASN - Traffic Levels - Validated Sources Redundant High Capacity Network Paths Viewers always have a path to reach CloudFront @cloudfront
DDoS Mitigation No Impact to Availability even during DDoS Attack Sample Attack on CloudFront Customer @cloudfront
AWS WAF for Secured API Delivery @cloudfront
API Delivery: Availability Designed for High Availability Global Edge Network Intelligent Routing AWS WAF @cloudfront
Designed for High Availability DDoS Attacks Ensures DDoS attacks don’t cause outages Scale for Traffic Surge Load based dynamic routing Multiple transit providers Collapse forwarding Maintain buffer Operator Errors Fault tolerant deployment Mitigate the Top 3 Risks for Availability @cloudfront
Scalability Built to handle large scale events @cloudfront
Slack uses CloudFront for API Acceleration Amazon CloudFront
Alex Graham Sr. Operations Engineer
Secure API Acceleration using Amazon CloudFront
Agenda: 1. Slack API Overview 2. Why Amazon CloudFront? 3. Migration from ELB 4. Performance Metrics 5. Future Plans
Slack API Overview
● POSTs and GETs to an HTTPS endpoint Responses will come back as json objects ● All Slack clients are API consumers Mobile, Desktop and Web clients use our API ● Accelerated Globally using CloudFront Requests to slack.com and the HTTPS API are powered by CloudFront Web API
● Search for all files or messages containing the string “Hello” GET https://slack.com/api/search.all?token=xoxp-...&query=Hello ● List all channels along with their members GET https://slack.com/api/channels.list?token=xoxp-... ● Create a new channel called “#test” GET https://slack.com/api/channels.create?token=xoxp-...&name=test Web API Examples
3 Million Daily Active Users Each user is making API calls all day. 1.5 Billion Total Requests Per Day Over 10 Billion per week! 52% of those are API requests Over 5 Billion API requests per week! 👤 🚀 📈 Web API Stats
Why Amazon CloudFront?
DDoS Protection & Security Benefits Amazon has some tricks up their sleeve. Network Infrastructure AWS Global Network Backbone Performance and Reliability CloudFront is designed for high volumes of traffic. 🔒 📈 📡 Benefits with Amazon CloudFront
● Flexibility and ability to customize No magic switches, everything can be configured. ● Outperformed all other DDoS and CDN providers CloudFront stability was better than the other providers we tested. ● Pairs nicely with existing AWS technology CloudFront is easy to configure with ELB and S3. Why We Chose Amazon CloudFront
Migration from ELB
Caching Disabled All API responses are dynamic so nothing is cached. Forward all headers, cookies and query strings to origin Forward all the things! S3 bucket with static HTML error pages If the origin is not responding we will still serve an error page from S3. 💥 📉 Amazon CloudFront Configuration
Slack API Before Amazon CloudFront
Slack API During Migration to Amazon CloudFront
Slack API Today
Performance Metrics
Average latency around the world to slack.com dropped from 90ms to 15ms. Network Latency
Average response time around the world to slack.com dropped from 480ms to 200ms. Response Time
Connection Breakdown Amazon CloudFrontus-east-1 ELB
● Less affected by internet outages and route leaks. Traffic enters the AWS backbone closer to the client. ● Slack loads more quickly all around the world. The client spends less time waiting for API calls. ● Automatic DDoS protection We let AWS deal with DDoS attacks without waking up the ops team. Direct Benefits for Slack
Future Plans
● Pushing Rate Limits to the edge. Less infrastructure to maintain means less time and money. ● Limiting unauthenticated requests at the edge. Stop high layer DDoS attacks early by setting per IP request limits. ● Alerting or posting to Slack when rate limits are tripped. We want to know about this, it might be an attack or misconfiguration. Rate Limiting
● Manually adding rules to mitigate an attack If our infrastructure is overwhelmed we can block at the edge. ● Blocking known bad IPs Block known botnets using IP Blacklists. ● Using Lambda and WAF to block based on rule sets Determine safe limits and temporarily block offenders. Blocking Malicious Traffic
Thanks!
We are Hiring! slack.com/jobs
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Nathan Dye AWS WAF Software Development Manager June 23, 2016 Automating Content Protection at the Edge
Agenda • Brief WAF Overview • Demos • Conclusion
Why use a WAF? Application Vulnerabilities Good users Bad guys Web server Database Exploit code
Use case for a WAF Content Abuse Good users Bad guys Web server Database
Another use case for a WAF Application DDoS Good users Bad guys Web server Database
What is AWS WAF? Edge Location AWS WAF Amazon CloudFront Elastic Load Balancing Amazon EC2 Amazon RDS
What is AWS WAF?
Customer case study Customer: Magazine Luiza • Large eCommerce platform in Brazil > than 700 stores Requirements: • Wanted protection days before Black Friday • Needed APIs for automation • Needed fast rule updates • Needed high-scale blocking
Customer categories for AWS WAF Ready-to-use Protection  SQLi  XSS Customizable Protection  Flexible Rules Engine  Size Constraint Rules, Body Inspection
Customer categories for AWS WAF Ready-to-use Protection  SQLi  XSS  Easy Automated Setup with Cloud Formation Templates  Setup Time: ~1 min Customizable Protection  Flexible Rules Engine  Size Constraint Rules, Body Inspection  Lambda Based Protection  Open Source GitHub Repository Automated Protections
Demo 1: Easy automated setup Protection Against Common Attacks  SQL injection attacks  Cross-site scripting attacks  IP Blacklist Edge Location Amazon CloudFront Elastic Load Balancing Amazon RDS Amazon EC2 AWS CloudFormationAWS WAF
Demo 1: Easy Automated Setup
Demo 2: Lambda based automated protection • Problem: HTTP Requesters Overwhelm Web Servers or Database Servers • Solution: Count Number of requests in CloudFront access logs and block offenders Attackers HTTP Floods (Rate Based Blacklisting)
Demo 2: Lambda based automated protection HTTP Floods (Rate Based Blacklisting) Good users (allowed on src ip) Bad users (blocked on src ip) Amazon CloudFront Elastic Load Balancing Amazon EC2 Amazon RDS AWS WAF CloudFront Logs in S3 AWS Lambda Amazon CloudWatch 1 3 2 4 AWS CloudFormation Stack
Demo 2: Lambda Based Automated Protection
More Lambda based automated protection HTTP floods Scans & probesIP reputation lists Bots & scrapers Attackers • Ready to use as-is • And Customizable
Session Takeaways CloudFront In Front of your Websites and APIs  TLS/SSL Acceleration  Improve Application performance without caching  Inherent DDoS Protection AWS WAF for Automated Protection  Easy Setup. Get started within minutes https://aws.amazon.com/waf/pr econfiguredrules/  Customizable Automated Protection. https://github.com/awslabs/aws -waf-sample
Thank you! @cloudfront https://aws.amazon.com/waf/ CloudFront.com

Empfohlen

Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...
When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...
When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...confluent
 
Advanced API Security
Advanced API SecurityAdvanced API Security
Advanced API SecurityPrabath Siriwardena
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - PowerpointThierry Matusiak
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Service Catalog
AWS Service CatalogAWS Service Catalog
AWS Service CatalogAmazon Web Services
 

Empfohlen

Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...
When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...
When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...confluent
 
Advanced API Security
Advanced API SecurityAdvanced API Security
Advanced API SecurityPrabath Siriwardena
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - PowerpointThierry Matusiak
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Service Catalog
AWS Service CatalogAWS Service Catalog
AWS Service CatalogAmazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubAmazon Web Services
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower securityShiu-Fun Poon
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksAmazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiBuilding the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiDataWorks Summit
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)Shiu-Fun Poon
 
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API ManagerWSO2
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS SecurityAmazon Web Services
 
Introduction to Amazon Elastic File System (EFS)
Introduction to Amazon Elastic File System (EFS)Introduction to Amazon Elastic File System (EFS)
Introduction to Amazon Elastic File System (EFS)Amazon Web Services
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best PracticesAmazon Web Services
 
Running and Managing Mule Applications
Running and Managing Mule ApplicationsRunning and Managing Mule Applications
Running and Managing Mule ApplicationsMuleSoft
 
Aws organizations
Aws organizationsAws organizations
Aws organizationsOlaf Conijn
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS OrganizationsAmazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS Amazon Web Services
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWSIan Massingham
 
Imperva SecureSphere For AWS Configuration Guide
Imperva SecureSphere For AWS Configuration GuideImperva SecureSphere For AWS Configuration Guide
Imperva SecureSphere For AWS Configuration GuideSECURE SOFT CORPORATION
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture ApproachMaganathin Veeraragaloo
 
Aws+cloud+practitioner+exam+cram
Aws+cloud+practitioner+exam+cramAws+cloud+practitioner+exam+cram
Aws+cloud+practitioner+exam+cramVishnu Sure
 
AWS Lambda
AWS LambdaAWS Lambda
AWS LambdaScott Leberknight
 
Secured API Acceleration with Engineers from Amazon CloudFront and Slack
Secured API Acceleration with Engineers from Amazon CloudFront and SlackSecured API Acceleration with Engineers from Amazon CloudFront and Slack
Secured API Acceleration with Engineers from Amazon CloudFront and SlackAmazon Web Services
 
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower securityShiu-Fun Poon
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksAmazon Web Services
 
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiBuilding the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiDataWorks Summit
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)Shiu-Fun Poon
 
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API ManagerWSO2
 
Introduction to Amazon Elastic File System (EFS)
Introduction to Amazon Elastic File System (EFS)Introduction to Amazon Elastic File System (EFS)
Introduction to Amazon Elastic File System (EFS)Amazon Web Services
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best PracticesAmazon Web Services
 
Running and Managing Mule Applications
Running and Managing Mule ApplicationsRunning and Managing Mule Applications
Running and Managing Mule ApplicationsMuleSoft
 
Aws organizations
Aws organizationsAws organizations
Aws organizationsOlaf Conijn
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS OrganizationsAmazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS Amazon Web Services
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWSIan Massingham
 
Imperva SecureSphere For AWS Configuration Guide
Imperva SecureSphere For AWS Configuration GuideImperva SecureSphere For AWS Configuration Guide
Imperva SecureSphere For AWS Configuration GuideSECURE SOFT CORPORATION
 
Aws+cloud+practitioner+exam+cram
Aws+cloud+practitioner+exam+cramAws+cloud+practitioner+exam+cram
Aws+cloud+practitioner+exam+cramVishnu Sure
 

Was ist angesagt? (20)

AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
 
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiBuilding the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)
 
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
Introduction to Amazon Elastic File System (EFS)
Introduction to Amazon Elastic File System (EFS)Introduction to Amazon Elastic File System (EFS)
Introduction to Amazon Elastic File System (EFS)
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
 
Running and Managing Mule Applications
Running and Managing Mule ApplicationsRunning and Managing Mule Applications
Running and Managing Mule Applications
 
Aws organizations
Aws organizationsAws organizations
Aws organizations
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS Organizations
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWS
 
Imperva SecureSphere For AWS Configuration Guide
Imperva SecureSphere For AWS Configuration GuideImperva SecureSphere For AWS Configuration Guide
Imperva SecureSphere For AWS Configuration Guide
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
 
Aws+cloud+practitioner+exam+cram
Aws+cloud+practitioner+exam+cramAws+cloud+practitioner+exam+cram
Aws+cloud+practitioner+exam+cram
 
AWS Lambda
AWS LambdaAWS Lambda
AWS Lambda
 

Andere mochten auch

Secured API Acceleration with Engineers from Amazon CloudFront and Slack
Secured API Acceleration with Engineers from Amazon CloudFront and SlackSecured API Acceleration with Engineers from Amazon CloudFront and Slack
Secured API Acceleration with Engineers from Amazon CloudFront and SlackAmazon Web Services
 
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Amazon Web Services
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day Amazon Web Services
 
AWS Shared Responsibility Model - AWS Symposium 2014 - Washington D.C.
AWS Shared Responsibility Model - AWS Symposium 2014 - Washington D.C. AWS Shared Responsibility Model - AWS Symposium 2014 - Washington D.C.
AWS Shared Responsibility Model - AWS Symposium 2014 - Washington D.C. Amazon Web Services
 
Enhanced Security and Compliance with AWS
Enhanced Security and Compliance with AWSEnhanced Security and Compliance with AWS
Enhanced Security and Compliance with AWSAmazon Web Services
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
 
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPASecurity & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPAAmazon Web Services
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS SecurityAmazon Web Services
 
Automating Compliance in the Cloud
Automating Compliance in the CloudAutomating Compliance in the Cloud
Automating Compliance in the CloudAmazon Web Services
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
ケーズホールディングス 経営の特徴「がんばらない経営」
ケーズホールディングス 経営の特徴「がんばらない経営」ケーズホールディングス 経営の特徴「がんばらない経営」
ケーズホールディングス 経営の特徴「がんばらない経営」Hikaru GOTO
 
Sex And The Samurai Done2
Sex And The Samurai Done2Sex And The Samurai Done2
Sex And The Samurai Done2Demonassassin88
 
Miller's Moments
Miller's MomentsMiller's Moments
Miller's Momentskmiller210
 
Giovanna Stumpo, L’ESERCIZIO DELLA PROFESSIONE DI AVVOCATO
Giovanna Stumpo, L’ESERCIZIO DELLA PROFESSIONE DI AVVOCATOGiovanna Stumpo, L’ESERCIZIO DELLA PROFESSIONE DI AVVOCATO
Giovanna Stumpo, L’ESERCIZIO DELLA PROFESSIONE DI AVVOCATOAndrea Rossetti
 
Conte el collaret de la veritat
Conte el collaret de la veritatConte el collaret de la veritat
Conte el collaret de la veritatmarblocs
 
Using Callidus TrueAnalytics to Drive Sales Plan Effectiveness
Using Callidus TrueAnalytics to Drive Sales Plan EffectivenessUsing Callidus TrueAnalytics to Drive Sales Plan Effectiveness
Using Callidus TrueAnalytics to Drive Sales Plan EffectivenessCallidus Software
 
AWS November Webinar Series - Get Started with Automated Mobile Application T...
AWS November Webinar Series - Get Started with Automated Mobile Application T...AWS November Webinar Series - Get Started with Automated Mobile Application T...
AWS November Webinar Series - Get Started with Automated Mobile Application T...Amazon Web Services
 

Andere mochten auch (20)

Secured API Acceleration with Engineers from Amazon CloudFront and Slack
Secured API Acceleration with Engineers from Amazon CloudFront and SlackSecured API Acceleration with Engineers from Amazon CloudFront and Slack
Secured API Acceleration with Engineers from Amazon CloudFront and Slack
 
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day
 
AWS Shared Responsibility Model - AWS Symposium 2014 - Washington D.C.
AWS Shared Responsibility Model - AWS Symposium 2014 - Washington D.C. AWS Shared Responsibility Model - AWS Symposium 2014 - Washington D.C.
AWS Shared Responsibility Model - AWS Symposium 2014 - Washington D.C.
 
Enhanced Security and Compliance with AWS
Enhanced Security and Compliance with AWSEnhanced Security and Compliance with AWS
Enhanced Security and Compliance with AWS
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAF
 
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPASecurity & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
 
Trends in AML Compliance
Trends in AML ComplianceTrends in AML Compliance
Trends in AML Compliance
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
Automating Compliance in the Cloud
Automating Compliance in the CloudAutomating Compliance in the Cloud
Automating Compliance in the Cloud
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWS
 
ケーズホールディングス 経営の特徴「がんばらない経営」
ケーズホールディングス 経営の特徴「がんばらない経営」ケーズホールディングス 経営の特徴「がんばらない経営」
ケーズホールディングス 経営の特徴「がんばらない経営」
 
Sex And The Samurai Done2
Sex And The Samurai Done2Sex And The Samurai Done2
Sex And The Samurai Done2
 
Miller's Moments
Miller's MomentsMiller's Moments
Miller's Moments
 
Kansas City Advertising
Kansas City AdvertisingKansas City Advertising
Kansas City Advertising
 
Giovanna Stumpo, L’ESERCIZIO DELLA PROFESSIONE DI AVVOCATO
Giovanna Stumpo, L’ESERCIZIO DELLA PROFESSIONE DI AVVOCATOGiovanna Stumpo, L’ESERCIZIO DELLA PROFESSIONE DI AVVOCATO
Giovanna Stumpo, L’ESERCIZIO DELLA PROFESSIONE DI AVVOCATO
 
Who we are
Who we areWho we are
Who we are
 
Conte el collaret de la veritat
Conte el collaret de la veritatConte el collaret de la veritat
Conte el collaret de la veritat
 
Using Callidus TrueAnalytics to Drive Sales Plan Effectiveness
Using Callidus TrueAnalytics to Drive Sales Plan EffectivenessUsing Callidus TrueAnalytics to Drive Sales Plan Effectiveness
Using Callidus TrueAnalytics to Drive Sales Plan Effectiveness
 
AWS November Webinar Series - Get Started with Automated Mobile Application T...
AWS November Webinar Series - Get Started with Automated Mobile Application T...AWS November Webinar Series - Get Started with Automated Mobile Application T...
AWS November Webinar Series - Get Started with Automated Mobile Application T...
 

Ähnlich wie Don’t Sacrifice Performance for Security: Best Practices for Content Delivery

Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...Amazon Web Services
 
Secure your critical workload on AWS
Secure your critical workload on AWSSecure your critical workload on AWS
Secure your critical workload on AWSAmazon Web Services
 
Build a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million UsersBuild a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million UsersAmazon Web Services
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersAmazon Web Services
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersAmazon Web Services
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersAmazon Web Services
 
Build an app on aws for your first 10 million users (2)
Build an app on aws for your first 10 million users (2)Build an app on aws for your first 10 million users (2)
Build an app on aws for your first 10 million users (2)AWS Vietnam Community
 
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...Amazon Web Services
 
AWS를 활용한 웹, 모바일, 소셜 애플리케이션 구축 방법
AWS를 활용한 웹, 모바일, 소셜 애플리케이션 구축 방법AWS를 활용한 웹, 모바일, 소셜 애플리케이션 구축 방법
AWS를 활용한 웹, 모바일, 소셜 애플리케이션 구축 방법Amazon Web Services Korea
 
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...Daniel Zivkovic
 
Amazon CloudFront Office Hour, “Using Amazon CloudFront with Amazon S3 & AWS ...
Amazon CloudFront Office Hour, “Using Amazon CloudFront with Amazon S3 & AWS ...Amazon CloudFront Office Hour, “Using Amazon CloudFront with Amazon S3 & AWS ...
Amazon CloudFront Office Hour, “Using Amazon CloudFront with Amazon S3 & AWS ...Amazon Web Services
 
Build a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million UsersBuild a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million UsersAmazon Web Services
 
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Amazon Web Services
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
WIN401_Migrating Microsoft Applications to AWS
WIN401_Migrating Microsoft Applications to AWSWIN401_Migrating Microsoft Applications to AWS
WIN401_Migrating Microsoft Applications to AWSAmazon Web Services
 
Scalable web apps on AWS - Hebrew Webinar September 2017
Scalable web apps on AWS - Hebrew Webinar September 2017Scalable web apps on AWS - Hebrew Webinar September 2017
Scalable web apps on AWS - Hebrew Webinar September 2017Boaz Ziniman
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 

Ähnlich wie Don’t Sacrifice Performance for Security: Best Practices for Content Delivery (20)

Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
 
Secure your critical workload on AWS
Secure your critical workload on AWSSecure your critical workload on AWS
Secure your critical workload on AWS
 
Build a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million UsersBuild a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million Users
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million Users
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million Users
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million Users
 
Build an app on aws for your first 10 million users (2)
Build an app on aws for your first 10 million users (2)Build an app on aws for your first 10 million users (2)
Build an app on aws for your first 10 million users (2)
 
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
 
AWS를 활용한 웹, 모바일, 소셜 애플리케이션 구축 방법
AWS를 활용한 웹, 모바일, 소셜 애플리케이션 구축 방법AWS를 활용한 웹, 모바일, 소셜 애플리케이션 구축 방법
AWS를 활용한 웹, 모바일, 소셜 애플리케이션 구축 방법
 
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
Serverless is not Cloudless - Serverless Security in AWS & AWS funds for Star...
 
Amazon CloudFront Office Hour, “Using Amazon CloudFront with Amazon S3 & AWS ...
Amazon CloudFront Office Hour, “Using Amazon CloudFront with Amazon S3 & AWS ...Amazon CloudFront Office Hour, “Using Amazon CloudFront with Amazon S3 & AWS ...
Amazon CloudFront Office Hour, “Using Amazon CloudFront with Amazon S3 & AWS ...
 
Build a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million UsersBuild a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million Users
 
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...
 
Build an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million UsersBuild an App on AWS for Your First 10 Million Users
Build an App on AWS for Your First 10 Million Users
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
WIN401_Migrating Microsoft Applications to AWS
WIN401_Migrating Microsoft Applications to AWSWIN401_Migrating Microsoft Applications to AWS
WIN401_Migrating Microsoft Applications to AWS
 
Scalable web apps on AWS - Hebrew Webinar September 2017
Scalable web apps on AWS - Hebrew Webinar September 2017Scalable web apps on AWS - Hebrew Webinar September 2017
Scalable web apps on AWS - Hebrew Webinar September 2017
 
Serverless: State Of the Union
Serverless: State Of the UnionServerless: State Of the Union
Serverless: State Of the Union
 
Serverless - State Of the Union
Serverless - State Of the UnionServerless - State Of the Union
Serverless - State Of the Union
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWS
 

Kürzlich hochgeladen

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Kürzlich hochgeladen (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

Don’t Sacrifice Performance for Security: Best Practices for Content Delivery

  • 1. Secured API Acceleration June 23, 2016 Nihar Bihani Principal Product Manager, Amazon CloudFront Alex Graham Sr. Operations Engineer, Slack
  • 2. Agenda Challenges with Delivering APIs CloudFront for API Delivery Customer Story: Slack @cloudfront
  • 5. Challenges with Delivering APIs API Response Time APIs are often not cacheable Improving performance is non-trivial Security & DDoS Target Protect from DDoS attacks Block malicious activity Scaling & Availability Operational burden Availability risks @cloudfront
  • 6. How can Amazon CloudFront help APIs @cloudfront
  • 7. Amazon CloudFront  Global Content Delivery Network  Accelerate Web Applications and APIs  Also, Accelerate images, video etc. @cloudfront
  • 8. CloudFront for API Delivery: Benefits Application Acceleration Network Optimizations Secured Delivery AWS WAF Inherent DDoS Protection Designed for High Availability Global Edge Network Intelligent Routing AWS WAF @cloudfront
  • 10. API Delivery: App Acceleration Application Acceleration Network Optimizations AWS WAF @cloudfront
  • 11. Behind the Scenes: Application Acceleration  CloudFront Latency Based Routing  TCP/IP Optimizations for the Network Path  Keep-Alive Connections to reduce RTT  AWS Backbone Network  SSL/TLS Optimizations @cloudfront
  • 12. SSL/TLS Optimizations  SSL/TLS Termination close to viewers  OCSP Stapling  Caching Session Tickets CloudFront Edge location Caching Session tickets @cloudfront
  • 13. API Delivery: Security Secured Delivery AWS WAF Inherent DDoS Protection AWS WAF @cloudfront
  • 14. DDoS Protection for AWS Infrastructure  Inherent Protection You don’t have to enable anything Layer 3/4 attacks like SYN and UDP floods. Layer 7 attacks like Slowloris  Inline Detection & Mitigation Low MTTR Microsecond latencies  Proven DDoS Mitigation Techniques Targeted and heuristic mitigations virtual private cloud AWS global infrastructure DDoS attack Users AWS DDoS mitigation Amazon CloudFront Amazon Route 53 @cloudfront
  • 15. DDoS Mitigation Techniques Basic Hygiene Automatically filters invalid Packets e.g., block any UDP destined to CloudFront Traffic ACLs Prioritize good vs bad traffic based on several factors - DNS Request validation - Source IP - Source ASN - Traffic Levels - Validated Sources Redundant High Capacity Network Paths Viewers always have a path to reach CloudFront @cloudfront
  • 16. DDoS Mitigation No Impact to Availability even during DDoS Attack Sample Attack on CloudFront Customer @cloudfront
  • 17. AWS WAF for Secured API Delivery @cloudfront
  • 18. API Delivery: Availability Designed for High Availability Global Edge Network Intelligent Routing AWS WAF @cloudfront
  • 19. Designed for High Availability DDoS Attacks Ensures DDoS attacks don’t cause outages Scale for Traffic Surge Load based dynamic routing Multiple transit providers Collapse forwarding Maintain buffer Operator Errors Fault tolerant deployment Mitigate the Top 3 Risks for Availability @cloudfront
  • 20. Scalability Built to handle large scale events @cloudfront
  • 21. Slack uses CloudFront for API Acceleration Amazon CloudFront
  • 23. Secure API Acceleration using Amazon CloudFront
  • 24. Agenda: 1. Slack API Overview 2. Why Amazon CloudFront? 3. Migration from ELB 4. Performance Metrics 5. Future Plans
  • 26. ● POSTs and GETs to an HTTPS endpoint Responses will come back as json objects ● All Slack clients are API consumers Mobile, Desktop and Web clients use our API ● Accelerated Globally using CloudFront Requests to slack.com and the HTTPS API are powered by CloudFront Web API
  • 27. ● Search for all files or messages containing the string “Hello” GET https://slack.com/api/search.all?token=xoxp-...&query=Hello ● List all channels along with their members GET https://slack.com/api/channels.list?token=xoxp-... ● Create a new channel called “#test” GET https://slack.com/api/channels.create?token=xoxp-...&name=test Web API Examples
  • 28. 3 Million Daily Active Users Each user is making API calls all day. 1.5 Billion Total Requests Per Day Over 10 Billion per week! 52% of those are API requests Over 5 Billion API requests per week! 👤 🚀 📈 Web API Stats
  • 30. DDoS Protection & Security Benefits Amazon has some tricks up their sleeve. Network Infrastructure AWS Global Network Backbone Performance and Reliability CloudFront is designed for high volumes of traffic. 🔒 📈 📡 Benefits with Amazon CloudFront
  • 31. ● Flexibility and ability to customize No magic switches, everything can be configured. ● Outperformed all other DDoS and CDN providers CloudFront stability was better than the other providers we tested. ● Pairs nicely with existing AWS technology CloudFront is easy to configure with ELB and S3. Why We Chose Amazon CloudFront
  • 33. Caching Disabled All API responses are dynamic so nothing is cached. Forward all headers, cookies and query strings to origin Forward all the things! S3 bucket with static HTML error pages If the origin is not responding we will still serve an error page from S3. 💥 📉 Amazon CloudFront Configuration
  • 34. Slack API Before Amazon CloudFront
  • 35. Slack API During Migration to Amazon CloudFront
  • 38. Average latency around the world to slack.com dropped from 90ms to 15ms. Network Latency
  • 39. Average response time around the world to slack.com dropped from 480ms to 200ms. Response Time
  • 41.
  • 42. ● Less affected by internet outages and route leaks. Traffic enters the AWS backbone closer to the client. ● Slack loads more quickly all around the world. The client spends less time waiting for API calls. ● Automatic DDoS protection We let AWS deal with DDoS attacks without waking up the ops team. Direct Benefits for Slack
  • 44. ● Pushing Rate Limits to the edge. Less infrastructure to maintain means less time and money. ● Limiting unauthenticated requests at the edge. Stop high layer DDoS attacks early by setting per IP request limits. ● Alerting or posting to Slack when rate limits are tripped. We want to know about this, it might be an attack or misconfiguration. Rate Limiting
  • 45. ● Manually adding rules to mitigate an attack If our infrastructure is overwhelmed we can block at the edge. ● Blocking known bad IPs Block known botnets using IP Blacklists. ● Using Lambda and WAF to block based on rule sets Determine safe limits and temporarily block offenders. Blocking Malicious Traffic
  • 48. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Nathan Dye AWS WAF Software Development Manager June 23, 2016 Automating Content Protection at the Edge
  • 49. Agenda • Brief WAF Overview • Demos • Conclusion
  • 50. Why use a WAF? Application Vulnerabilities Good users Bad guys Web server Database Exploit code
  • 51. Use case for a WAF Content Abuse Good users Bad guys Web server Database
  • 52. Another use case for a WAF Application DDoS Good users Bad guys Web server Database
  • 53. What is AWS WAF? Edge Location AWS WAF Amazon CloudFront Elastic Load Balancing Amazon EC2 Amazon RDS
  • 54. What is AWS WAF?
  • 55. Customer case study Customer: Magazine Luiza • Large eCommerce platform in Brazil > than 700 stores Requirements: • Wanted protection days before Black Friday • Needed APIs for automation • Needed fast rule updates • Needed high-scale blocking
  • 56. Customer categories for AWS WAF Ready-to-use Protection  SQLi  XSS Customizable Protection  Flexible Rules Engine  Size Constraint Rules, Body Inspection
  • 57. Customer categories for AWS WAF Ready-to-use Protection  SQLi  XSS  Easy Automated Setup with Cloud Formation Templates  Setup Time: ~1 min Customizable Protection  Flexible Rules Engine  Size Constraint Rules, Body Inspection  Lambda Based Protection  Open Source GitHub Repository Automated Protections
  • 58. Demo 1: Easy automated setup Protection Against Common Attacks  SQL injection attacks  Cross-site scripting attacks  IP Blacklist Edge Location Amazon CloudFront Elastic Load Balancing Amazon RDS Amazon EC2 AWS CloudFormationAWS WAF
  • 59. Demo 1: Easy Automated Setup
  • 60. Demo 2: Lambda based automated protection • Problem: HTTP Requesters Overwhelm Web Servers or Database Servers • Solution: Count Number of requests in CloudFront access logs and block offenders Attackers HTTP Floods (Rate Based Blacklisting)
  • 61. Demo 2: Lambda based automated protection HTTP Floods (Rate Based Blacklisting) Good users (allowed on src ip) Bad users (blocked on src ip) Amazon CloudFront Elastic Load Balancing Amazon EC2 Amazon RDS AWS WAF CloudFront Logs in S3 AWS Lambda Amazon CloudWatch 1 3 2 4 AWS CloudFormation Stack
  • 62. Demo 2: Lambda Based Automated Protection
  • 63. More Lambda based automated protection HTTP floods Scans & probesIP reputation lists Bots & scrapers Attackers • Ready to use as-is • And Customizable
  • 64. Session Takeaways CloudFront In Front of your Websites and APIs  TLS/SSL Acceleration  Improve Application performance without caching  Inherent DDoS Protection AWS WAF for Automated Protection  Easy Setup. Get started within minutes https://aws.amazon.com/waf/pr econfiguredrules/  Customizable Automated Protection. https://github.com/awslabs/aws -waf-sample