This is the US Western region AWS community day.
This year the conference will be fully online.
Welcome back to another much-anticipated AWS Community Day - a free full-day conference. See what the rest of the AWS user community has been up to. Share what you have learned with them. Network with your peers to establish new relationships and strengthen old ones. And while you are there, meet our valued sponsors who offer cutting edge tools to enhance your AWS experience.
The AWS Community Day, like no other, allows people in a region to come together and connect with each other without the hustle and bustle of re:Invent and re:Inforce. In a typical year, this is a full day event with plenty of food and time between breakout sessions to walk around and network, or sit down around a table and discuss the finer points of serverless to your hearts content. But this year due to the novel corona virus, the conference will be online. But the networking opportunities still abound.
Its all online this year!
Thanks to the Covid-19 pandemic, we can participate right from home this year. The AWS Community Day Bay Area will be hosted on LoudSwarm.com. Here are some key highlights:
This will not be a simple zoom meeting. There will be three tracks of talks simultaneously (beginner, intermediate, advanced) and attendees can switch between them.
Attendees will all be required to be on slack. This gives you an opportunity to engage live with the sponsors and other attendees. Because of the asynchronous nature of slack, you can then continue these conversations over slack even after the event.
During the talks each track will have a sli.do where attendees can ask questions live. We will have volunteers monitoring the questions and asking them to the speakers right after or during the talk in real-time.
Just like in an in-person conference, where right after the talk the audience gets to ask questions in an informal aside, there will be a video call dedicated to the speaker and audience of each talk right after the talk at the click of a button.
Fifteen minutes after each talk is done, the video of the talk will be processed and available for you to watch if you had had to watch something else during the original live telecast.
If you arrive late for the talk, you will be able to join live and then rewind to the beginning or watch from any part as you wish.
You can chat with speakers and sponsors live via slack. And of course you can network via slack again in hallway tracks.
Call for papers is open
We plan to have 3 tracks - Beginner, Intermediate, and Advanced. The call for presentations is now open. Do you have a presentation you would like to give? Do you know someone who has a good presentation that is relevant to the AWS Community? Then please click here and submit your proposal for a talk. It can be 20,30, or 45 minutes long. Here is what we are looking for in the presentation/talk/session.
Every year this event is made possible by the generosity of our sponsors. It is a great opportunity for the sponsors to convey their message to the community as well as for the community to gain from our sponsors.
If you would like to be a sponsor, please fill out this form.
Please register directly on eventbrite
Creative Commons. No rights reserved.
Your message was sent.
If you have not registered yet, please register directly on eventbrite.
I'm a Principal Engineer at Intuit, an Adjunct Professor at ERAU, and I’m appointed to the advisory committee at the University of California, Irvine. Occasionally, I speak at conferences and user groups, on topics ranging from Embedded/Mobile Technology to Emotional Prosody and Voice and Conversational User Interfaces.
One AWS Lambda to Rule Them All
Whenever I got a new laptop, or was just (re-) installing Mac OS from scratch, a Java JDK, IntelliJ IDEA, and Tomcat, the "pure Java" HTTP web server environment, were always among the 1st things I installed. How times have changed. Now it's Docker, Python3, PyCharm, and AWS and SAM CLIs that go on first. I still do Java, quite a bit actually, but Python and AWS Lambda are on the rise. An AWS Lambda function can be simple but still quite powerful, doing many things I used to do with Tomcat.
This talk will show an AWS Lambda function, implemented in Python, performing things like:
Serving an HTML pageConsuming HTTP Post requests sent from that page HTML pageSecurely storing received information in a Dynamo DBSynthesizing text into speech, i.e. returning MP3 (digital audio)Calling others AWS Lambda functionsCalling native libraries or executable that were deployed with the lambda function .. and more.We will be using the AWS Web UI only very sparingly, but use a YAML file instead wherever it makes sense, like for declaring the DynamoDB.
Josh Stella is co-founder and CTO of Fugue, the company putting engineers in command of cloud security and compliance. Previously, Josh was a Principal Solutions Architect at Amazon Web Services (AWS), where he supported customers in the area of national security. Prior to Fugue, Josh served as CTO for a technology startup and in numerous other IT leadership and technical roles over the past 25 years.
Building a Highly Secure Amazon S3 Bucket
Amazon S3 probably gets a lot of use at your company—the object storage service was one of the first cloud services offered by AWS way back in 2006. It’s ease of use, reliability, and scalability have proven incredibly popular over the years.
But S3 security isn’t so simple—it’s easy to get wrong and think you got it right. Recent high-profile cloud-based data breaches that involved S3 cannot be chalked up to simple customer mistakes. Rather, advanced cloud misconfiguration attacks exploit S3 buckets that otherwise appear to be configured securely.
In this talk, Fugue CTO Josh Stella will dig into the complex layers of S3 security to help you think critically about security for your unique AWS use cases. You’ll understand how other AWS services such as IAM and EC2 can create S3 vulnerabilities you may not be seeing—and how malicious actors exploit them.
Robert Statsinger has worked in Application Security for the past few years. His prior experience includes Applications Performance Management and its impact on DevOps, Intelligent Device Management, Enterprise Applications Integration, and developer tools and middleware. Robert holds a Masters Degree in Computer Science from the University of Southern California.
Security Observability for Cloud-Based Applications
You can't control what you can't see. Security observability is an intrinsic attribute of an application that provides direct observation of software vulnerabilities and attempted exploits as they happen, in order to allow rapid proactive remediation and prevention. Security Observability can be achieved by taking an instrumentation based approach that provides continuous visibility and exposure of vulnerabilities and threats and their context from within the software itself. This approach is particularly appropriate for cloud-based and hybridized distributed environments, because the instrumentation is agnostic to deployment methodologies and runtime environments. A demonstration will be provided that demonstrates the benefits of this approach for both custom code and open source dependencies, as well as across the software development lifecycle, showing both the rapid pinpointing of line-of-code level vulnerabilities for developers, and realtime exploit prevention in production.
More than 15 years experience building teams, delivering disruptive technology and creating internet-scale software products. 5 years mentoring venture backed and pre-VC founders on technology and business strategy. Passionate to solve next-gen distributed problems; wireless electricity, edge computing and unbiased AI.
Foundational contributions to Amazon HoneyCode, AWS Fargate, and SAP HANA. Publications in domain journals including IEEE, multiple patents, and contributions to Linux System Administrator Handbook.
Building a Data Fabric
In this talk we will cover the end to end story of how to enable a machine learning platform starting from data identification to deploying ml models in production.
Roland Lee head up products at Heimdall Data. His background is also in application networking, focused on improving web and SQL performance.
Reduce Amazon RDS costs up to 50% with Proxies
Amazon RDS is one of the more expensive line items in an AWS bill. In this session, we will discuss techniques to offload SQL for improved performance while reducing database costs. Features include:
Query caching into Amazon ElastiCacheRead/Write split
We will go over customer case studies on how they were able to drive down costs while scaling out.
Erik Brandsberg is CTO at Heimdall Data. He specializes in application-networking technologies for web and backend data (e.g. TCP/DNS, HTTP, SQL). His diverse experience at Alteon, Citrix, and Juniper Networks gives him a solid understanding of operational complexities in a modern infrastructure.
Using Database Proxies to Scale-out Amazon RDS
To get optimal scale and performance from Amazon RDS requires application changes. What if you can optimize connection handling without code changes? In this session, we will discuss how a Database Proxy intelligently manages connections going to RDS.
We will cover various solutions in the marketplace (Heimdall Proxy, ProxySQL, Amazon RDS Proxy, Pg-bouncer), and cover key features to help boost your performance. Features include query caching, read/write split, and connection pooling. We will go over uses cases, view a demo, followed by Q&A.
Gunnar is a Senior Developer Advocate at Amazon Web Services (AWS) based in Sweden. With a focus on building reliable and robust serverless applications, Gunnar has been one of the driving forces in creating techniques and tools for using chaos engineering in serverless. He regularly and passionately speaks at events on these and other serverless topics around the world.
Continuous Verification for Serverless Applications
The transition into more complex systems is accelerating and the granularity in serverless applications makes even smaller systems complex and highly distributed. Chaos engineering draws from the rich history of empirical experimentation to proactively discover vulnerabilities in these complex systems and help us verify whether or not the system behaves as expected under adverse conditions. Join as we raise the bar for how chaos engineering can be used with serverless applications and help us to continuously verify the output of the system through automation and the advantages established by CI/CD.
I work as a Software Engineer at Cisco SDWAN group. I work deeply on system level with focus on cloud, hashing, encryption and kernel.
Who Broke My Crypto
Usually we launch hundreds of instances in AWS for day to day work. As long as they are accessible from our hosts (probably a RHEL or Ubuntu or your own mac), we are good to go. But there are some instances where you might get a patch from IT for your host. Once you apply the patch, you realize that you are unable to access your AWS instances anymore. And your IT team doesn't have any clue on what happened. You contact, AWS support, and they say it all looks good. So how do you proceed from this scenario. Where to start and what to do. This talk goes through all the steps starting with most basic checks all the way to updating the crypto key exchange algorithms on your host.
Chris Short has been a proponent of open source solutions throughout his over two decades in various IT disciplines including systems, security, networks, and DevOps engineering and advocacy across the public and private sectors. He currently works at Red Hat. Chris is a disabled US Air Force veteran living with his wife and son in Greater Metro Detroit. Chris writes about DevOps and other topics at chrisshort.net. He also runs the DevOps, Cloud Native, and open source focused newsletter DevOps’ish.
Lessons Learned from Cloud Migrations: Planning is Everything
"Migrating to the cloud saves money!” “Not running your own infrastructure reduces your bottom line!” “Lift and shift is a legitimate first step towards moving to the cloud!” These are all potential pitfalls if you’re not careful. Proper planning prevents piss poor performance. Using a real chaotic cloud migration as a guide, we’ll walk through the pitfalls of cloud migrations and how to avoid them and the terrifying vendor lock-in (when it makes sense).
Fernando Medina Corey
Fernando Medina Corey is a Lead Cloud Architect at Witekio where he helps clients use cloud services to enhance their IoT and embedded software projects. He has also authored over a dozen courses on cloud technologies ranging from AWS Lambda to Python fundamentals.
What do you do when your dog keeps eyeing your lunch? Build an IoT monitoring system to make sure you get a text message every time she gets close to nabbing your sandwich! In this presentation, you’ll learn the basics of connecting a Raspberry Pi device with a PIR sensor to AWS IoT. You’ll see how to:
Secure the connection between the device and AWS IoTLeverage services like AWS Lambda to act on MQTT events that come from the deviceBuild a web portal to keep track of past alertsAnd send yourself text notifications whenever your sandwich is at riskAfter the presentation, you'll have access to all the code used and other resources on getting started with using a Raspberry Pi and AWS IoT.
Rustem Feyzkhanov is a machine learning engineer at Instrumental, where he works on analytical models for the manufacturing industry, and AWS Machine Learning Hero. Rustem is passionate about serverless infrastructure (and AI deployments on it) and is the author of the courses "Serverless Deep Learning with TensorFlow and AWS Lambda" and "Practical Deep Learning on the Cloud". Also, he is the main contributor to open source repository for serverless packages https://github.com/ryfeus/lambda-packs.
Building Scalable end-to-end Deep Learning Pipelines in the Cloud
One of the main issues with ML and DL deployment is finding the right way to train and operationalize the model within the company. Serverless approach for deep learning provides simple, scalable, affordable yet reliable architecture. The challenge of this approach is to keep in mind certain limitations in CPU, GPU and RAM, and organize training and inference of your model.
My presentation will show how to utilize services like Amazon SageMaker, AWS Batch, AWS Fargate, AWS Lambda and AWS Step Functions to organize deep learning workflows.
My talk will be beneficial for machine learning engineers and data scientists.
Husband, father, friend & problem solver. Better at whistling than at tabla. Love anything with mangoes.
Leveraging AWS Cloudfront & S3 Services to Deliver Static Assets of a SPA
Most new SAAS are structured as a SPA (single page applications). In this presentation we will discuss how to reduce the load on your application servers by serving the static assets of your applications from the S3 service by leveraging the Cloudfront service.
From Berkeley, love open source, long-time trier of unfinished AWS services
Building a real-world IoT application from start to finish with AWS
A look at setting up an ARM device to run with AWS Lambda, IoT Core and Greengrass. Covers building an OS image, Greengrass topics, messaging and monitoring.
I am cloud and devops enthusiast. I am passionate about Cloud, DevOps and Big Data. Experience: Over 10 year in various roles and working in AWS Cloud since last 4 years. I am currently holding 2XAWS Certifications and currently in Sydney for AWS work assignment at client site. Along with Architecture, Design and Implementation experience of cloud apps, serverless solutions, big data lakes, and ML solutions. I am also a Technical Speaker and blogger who loves learning as well sharing the knowledge to wide community.
Eagerness to learn, share what I know, and an awesome team player.
Intelligent Serverless and Scalable Real-Time Data Pipeline using Kinesis, Fargate and CFN
This session is about real case study of intelligent serverless real time data pipeline. This is implemented for a big digital media client and session will cover about business problem, approach to cater the problem, architecture, implemented solution and value created out from implemented solution. I designed this solution on client site in Sydney and also productionized the solution. The solution is based on adoption of AWS serverless approach in highly scalable manner following all 5 well architect principles.
Dr. Steffen Gebert
Steffen is responsible for the cloud infrastructure at EMnify, a Germany-based (Berlin / Würzburg) platform provider for cellular IoT connectivity. He received his PhD from the University of Würzburg on the topic of software-based networking. At EMnify, he helps to build and run a software-based mobile core network running on AWS - with all its amenities and challenges. Steffen frequently dives deep into AWS networking and holds six AWS certifications.
Serverless Networking - How We Provide Cloud-Native Connectivity for IoT Devices
In serverless, the network is taken for granted. But what if the network is the product? Is there a routerless? Does it still have a CLI?
Interconnecting networks on AWS - most of us think of VPCs here - felt limited to something like pulling a cable from A to B. Deeper control - for those who miss their big fat routers - required own deployments in EC2 instances.
With AWS Transit Gateway, more complex networking architectures can finally be implemented in a serverless - sorry, routerless - fashion.
At EMnify, we run a connectivity platform for the Internet of Things based on cellular connectivity. Our customers' IoT devices often do not require access to the Internet, but are restricted to customer-owned networks reachable through VPN for security purposes.
Using AWS Transit Gateway (TGW), we are now able to wire customer VPCs securely with their IoT devices. By sharing the TGW with their AWS accounts, customer VPCs can be attached, while being isolated from other customers through in routing domains.
The provisioning process is triggered by the customer through an API call and starts the execution of an AWS Step Functions workflow. The state machine ensures correct order of calls towards AWS APIs for creating resource shares, waiting up to 7 days for acceptance, and finally setting up routing in the TGW.
With such state machines, not only the happy path is handled serverless - and also humanless, but also error cases are caught to ensure failed provisionings do not leave stale resources behind.
Overall, serverless networking and serverless orchestration allowed us at EMnify to build our new Cloud-Native Connectivity features not only within short time, but with nearly no long-term maintenance efforts.
Infrastructure and DevOps nerd turned monitoring and observability advocate at Datadog. Previously focused on network automation at Juniper Networks and Puppet - I have worked to bring DevOps culture and practices to more traditional infrastructure teams.
Bridging Operations and Development with Observability
Monitoring and observability are often viewed as post-deployment tools focused on operations. But development done in isolation limits visibility to the system as a whole, and issues tend to manifest only in production.
In this talk I will show:
How to leverage Infrastructure as Code (Terraform) to manage AWS ECS/EC2 and Datadog across development and production environments
How introducing monitoring and observability earlier provides greater visibility for both developers and operations.
* Strategies to segment development and production environments within ECS and Datadog
Nitin Ashok & Rodrigo Balan
Nitin Ashok is a Technical Account Manager at Amazon Web Services based out of New York. Before joining AWS he was with Deloitte consulting helping customers with their cloud transformation initiatives. He has an MS in Electrical Engineering from NYU-Polytechnic School of Engineering and holds industry certifications in cloud and networking.
Rodrigo Balan is a Technical Account Manager at Amazon Web Services based out of California. Before joining AWS he was the Director of Operations at Integral helping them with their cloud-based infrastructure. He has an MBA in Technology Innovation in Networking & Communication from Polytechnic School of Sao Paulo and holds industry certifications in cloud and networking.
AWS Transit Gateway - Benefits and Best Practices
Managing connectivity between many Amazon Virtual Private Clouds (VPCs) and on-premises networks can be operationally complex and costly. In this tech talk, we will discuss how AWS transit gateway simplifies network architecture, reduces operational costs and improves security.We will also discuss best practices for designing and monitoring a global network using AWS transit gateway and Network Manager
I'm a software engineer with over 10 years of experience, mostly in Python and on Linux. The vast majority of my professional career has seen me writing, testing, deploying, and operating software on baremetal servers. Only recently have I learned to embrace the cloud, and I've found it at once overwhelming and exhilarating.
Embarking on the Cloud: A Journey from Cloud-Naïve to Cloud-Native
Even with a lot of software experience, coming to the cloud for the first time can be daunting. Have you seen the number of services AWS offers? That panel in the web console isn't much help: it just presents everything to you all at once. It's easy to feel lost at sea amidst the options. And the acronyms? EC2? RDS? VPC? SNS? I mean who even chooses these names?
Searching the web for guidance these days isn't much more help. So many articles are aimed at a junior audience or offer toy examples, which are seldom much help when facing the complex problems and subtle intricacies of a real-life production environment. So where is one to go to find these answers?
I recently joined a cloud shop as a Senior Engineer, with the expectation that I would be selecting new technologies and driving changes. So I had to figure this stuff out, and fast! In this talk, I hope to not only share my cloud immersion journey with you, but to help shed some light on the assumptions many of us take for granted, and to answer some important questions about learning new technologies in general:
What are good ways to quickly pick up knowledge in unfamiliar domains?Which are really the fundamentals of AWS? You know: the kinda stuff that everyone needs to know.How do you sift through the hype for real knowledge when it comes to cloud technologies?What anti-patterns pervade cloud technology, and how do we avoid them?How can we do a better job onboarding people to the cloud?
Jonathan is a Security Consultant at F-Secure Consulting where he delivers offensive and defensive security engagements with a focus on helping clients secure their AWS estates. Prior to joining F-Secure, Jonathan designed and implemented cloud-native infrastructure on AWS for venture-backed U.S. startups.
Exfiltration Paths in Isolated Environments using VPC Endpoints
In environments where sensitive workloads and data reside it is undesirable to allow arbitrary traffic to leave the controlled environment. When building isolated environments in AWS, network level controls such as security groups and network access control lists are not sufficient to limit communications in and out of an environment. Access to the control plane must also be considered, as it is shared by all AWS customers and may expose an environment if not configured appropriately.
This talk will focus on how isolation can be achieved with VPC endpoints and include real-world demonstrations of attack paths that show how misconfigurations have been leveraged by F-Secure to exfiltrate data from a locked-down environment.
Brandon has been working with AWS infrastructure for over five years, which is long enough to still have nightmares about EC2 Classic. While awake, he is the manager of Cloud Security at Twilio, where the challenge of real-time cloud communications requires thinking about security in new and exciting ways. While asleep, he is LEGO Batman.
Brandon's goal is to replace himself with a collection of equally poorly named micro-services and APIs; until Machine Learning has advanced enough to do that, but not so advanced as to become Skynet. While waiting for the future, you can find him teaching anyone who will listen that they can be a "security person" too.
What I Wished I Knew Before Going Multi-Account
There has been a long-standing debate around ""multi-account"" and if it's something worth pursuing as a strategy, a debate which is finally beginning to coalesce around the answer: "Yes"
I have some news for you, and it's the first thing I wish I would have known — your organization already has multiple accounts. You just might not know about them.
There are a variety of reasons this strategy is one to officially support and encourage. In this talk, I will cover each of them. More accounts can make your organization more secure, more resilient, grant better control over data and encryption keys which are subject to multiple and increasing compliance regimes, and more. All of these reasons are good ones from a security practitioners perspective, but none of the previous reasons are necessarily good enough to convince the rest of your organization. I wished someone had told me budgetary controls and growth planning were more convincing, if less exciting, arguments to push for a multi-account strategy.
I have made a number of mistakes in this journey, some of which I will cover in this talk, including the reasons why you need to adopt a multi-account strategy, how to convince others to join you, the benefits you get from having multiple accounts both security and not, and the technical concerns that will need to be addressed along the way to keep everything functioning. All of these things and more I wished someone had told me before embarking on my current multi-account journey. Now, I'm ready to share my experience with others so you don't have to make the same mistakes.