1. SEC401: AWS Identity and Access Management (IAM) policy evaluation in action

Presented by: Matt Luttrell & Roberto Migli

In this workshop, dive deep into the logic of AWS Identity and Access Management (IAM) policy evaluation. Gain experience with hands-on labs that walk through IAM use cases and learn how different policies interact with each other. Using identity- and resource-based policies within single- and cross-account scenarios, learn about the evaluation logic that you can apply in your own environment. You must bring your laptop to participate.

Date and Time: Monday, November 28 from 10:00 AM – 12:00 PM

Job role: IT Executive, IT Professional or Technical Manager, Developer / Engineer

Services: AWS Identity and Access Management (IAM), AWS Identity & Access Management

Details: Session in AWS Events Portal

Bonus Resources

Learn how AWS security policies are evaluated (Effective IAM).

 

2. SEC328: Learn to create continuous detective security controls using AWS services

Presented by: Patrick Palmer & Esteban Hernandez

A risk owner needs to ensure that no matter what your organization is building in the cloud, certain security invariants are in place. While preventive controls are great, they are not always sufficient. Deploying detective controls to enable early identification of configuration issues or availability problems not only adds defense in depth, but can also help detect changes in security posture as your workloads evolve. In this chalk talk, learn how to use services like AWS Security Hub, AWS Config, and Amazon CloudWatch Synthetics to deploy canaries and perform continuous checks.

Date and Time: Monday, November 28 from 1:45 PM – 2:45 PM

Job role: IT Executive, IT Professional or Technical Manager, Developer / Engineer

Services: AWS Config, AWS Security Hub, Amazon CloudWatch

Details: Session in AWS Events Portal

Bonus Resources

Secure AWS IAM continuously (Effective IAM)

3. COP206: Build a complete DevSecOps pipeline on AWS

Presented by: George Rolston & Brian T.

Organizations want to deliver applications that prioritize security and governance. In this workshop, learn to build a DevSecOps CI/CD pipeline with security and compliance testing integrated into the development process. Discover how you can create a CI/CD pipeline that delivers tested and secure infrastructure as code using a Git branching strategy for your AWS accounts. Learn to use GitHub Actions to integrate AWS CloudFormation Guard (cfn-guard) to run policy validations and ensure that pipeline deployments are consistent and that they meet your organization’s compliance standards.

Date and Time: Monday, November 28 from 10:45 AM – 12:45 PM

Job role: IT Professional or Technical Manager, Solution or Systems Architect, IT Executive

Services: AWS Control Tower

Details: Session in AWS Events Portal

Bonus Resources

Simplify AWS IAM by using the best parts (Effective IAM)

Understand what your policies actually do (Effective IAM)

4. SEC330: Harness the power of temporary credentials with IAM Roles Anywhere

Presented by: Liam Wadman & Mohamed Keshk

In this chalk talk, get an introduction to AWS Identity and Access Management (IAM) Roles Anywhere, and dive deep into how you can use IAM Roles Anywhere to access AWS services from outside of AWS. Learn how IAM Roles Anywhere securely delivers temporary AWS credentials to your workloads. Discover the different use cases that IAM Roles Anywhere is designed to address as well as best practices for using it.

Date and Time: Monday, November 28 from 12:15 PM – 1:15 PM

Job role: IT Executive, IT Professional or Technical Manager, Developer / Engineer

Services: AWS Identity and Access Management (IAM)

Details: Session in AWS Events Portal

5. SEC327: Zero-privilege operations: Running services without access to data

Presented by: Colm MacCárthaigh

AWS works with organizations and regulators to host some of the most sensitive workloads in industry and government. In this session, learn how AWS secures data, even from trusted AWS operators and services. Explore the AWS Nitro System and how it provides confidential computing and a trusted runtime environment, and dive deep into the cryptographic chains of custody that are built into AWS Identity and Access Management (IAM). Finally, hear how encryption is used to provide defense in depth and why we focus on verified isolation and customer transparency at AWS.

Date and Time: Monday, November 28 from 10:45 AM – 11:45 AM

Job role: IT Executive, IT Professional or Technical Manager, Developer / Engineer

Services: AWS Identity and Access Management (IAM)

Details: Session in AWS Events Portal

6. BOA204: When security, safety, and urgency all matter: Handling Log4Shell

Presented by: Abby Fuller

On December 9, 2021, there was a report of a potential remote code execution issue in the widely used open-source Apache logging library Log4j. This issue allowed a user to use Java Naming and Directory Interface (JNDI) and LDAP endpoints to execute arbitrary code on a system. Over the next 10 days, 5 additional common vulnerabilities and exposures affecting Log4j were made public. This event as is now referred to as Log4Shell. In this session, learn about the response to Log4Shell, from initial notification to hot patch, fleet scanning, and customer

Date and Time: Friday, December 2 from 10:00 AM – 11:00 AM

Job role: Developer / Engineer, Solution or Systems Architect

Services: Amazon EC2

Details: Session in AWS Events Portal