Join us for a short introductory keynote followed by the first session of the event! In this session you will dive deep into a new feature for fine-grained access control to AWS services based on token attributes from federated Open ID Connect (OIDC) tokens using Amazon Cognito Identity Pools. We will show you by example, how you can facilitate Amazon Cognito User Pools, Amazon Cognito Identity Pools and IAM Policies to establish an easy and dynamic access control to AWS services like S3. This simplifies your role and policy management for federated identities from Google, Facebook and Co.

Level: 300 | Advanced

Speakers: Merrit Baer, Principal, AWS Office of the CISO & Florian van Keulen, Specialist Solutions Architect, AWS

AWS Elastic Beanstalk gives developers a lot of options and flexibility to configure Elastic Beanstalk Environments. This confronts security departments with certain challenges: How do we make sure that the launched Elastic Beanstalk Environments are compliant? And how do we make sure that they stay in that way? In this session we discuss all the different ways how an Elastic Beanstalk Environment can be configured or changed and what guardrails or measures can be put into place to control the Environment configurations. We end this session with a demo of a vending machine for compliant Elastic Beanstalk Environments.

Level: 400 | Expert

Speaker: Michael Fuellbier, Associate Consultant Security, AWS

This session shows you how to identify and mitigate risks of modern application architectures. By example, we show you how to shift left with security in your development pipeline using CodeGuru and static source code scanning while deploying a single page web applications that integrates with Lambda functions. Next, we shift right by showing you how to use OpenTelemetry, AWS CloudWatch and Prometheus server to instrument and monitor your workload. We move on to demonstrate using PaloAlto Primsa for run time protection of the Serverless backend. Finally, we review how to document your architecture for security review by a security audience using AWS Perspective and Well Architected frameworks.

Level: 300 | Advanced

Speaker: Samuel Waymouth and Margo Cronin, Senior Specialist Solutions Architects, AWS

The concept of infrastructure as code, by using pipelines for continuous integration and delivery, is fundamental for the development of cloud infrastructure. Including code quality and vulnerability scans in the pipeline is essential for the security of this infrastructure as code. In this session, we will show you how you can integrate security checks in/out-band of the build process, on pull request, integrate with test reports and use Security Hub for the report. We will provide you pros and cons on every approach and code sample sources.

Level: 300 | Advanced

Speaker: Vesselin Tzvetkov, Senior Security Architect, AWS

As AWS continues to invest in OpenSource and native integrations, this session will focus on how you can leverage Ansible natively in AWS. In this session we will dive deep on how to use Ansible to build an organizational level compliance across all your compute services with Native Integration powered by AWS Systems Manager automating your compute fleet using Ansible.

Level: 300 | Advanced

Speaker: Louay Shaat, Senior Specialist Solutions Architect, Security, AWS