Streamlining Compliance: Leveraging Open-Source Terraform AWS modules [Advanced]

Are you navigating the complexities of compliance frameworks like SOC2, CIS, and HIPAA and seeking a more efficient path? This talk breaks down these frameworks simply and shows you a time-saving trick, making it perfect for anyone wanting to make their organization's compliance journey much easier. I'll start by outlining the basics of these frameworks and highlighting the challenges businesses face in implementing them. As the creator and maintainer of the terraform-aws-modules projects, I'll be excited to share how using these open-source Terraform AWS modules can streamline the compliance process. I'll walk you through real-life examples showing how such solutions significantly reduce the effort and time required for compliance. At the end of the talk, attendees will get actionable insights on using Terraform AWS modules for efficient compliance management.

AWS Security for Front End Devs [Intermediate]

Application Development is very complex due to the many layers from libraries and frameworks, to APIs and IAM. With so many things to keep track of, it's very easy to make critical security mistakes, particularly when deploying apps on complex public cloud platforms like AWS. In this talk we'll cover: * Security best practices * Common mistakes and how to avoid them * How to implement least privilege using Amazon Cognito * Implementing access controls in AWS Amplify Gen2 Security continues to evolve while our codebases age. Our goal is to ensure everyone makes security a priority during each phase of the software development lifecycle. Even if only for review, we hope you'll walk away with renewed knowledge that will make your applications more secure.

Security Considerations for MLOps Infrastructure on AWS [Advanced]

The rapid adoption of MLOps has unlocked new levels of innovation, allowing organizations to build, deploy, and maintain machine learning models efficiently. However, these advantages come with security challenges that are often underestimated, leading to risks such as data breaches, model theft, and unauthorized access. Securing MLOps infrastructure on AWS requires a holistic approach, extending beyond traditional cloud security practices to address the unique needs of machine learning workflows. In this session, we'll explore often overlooked but critical security considerations for MLOps environments.

Build-time to runtime: Automated security testing in your pipeline [Advanced]

Discover how to implement comprehensive security testing throughout your CI/CD pipeline. This session demonstrates how to integrate static analysis with Amazon CodeGuru Reviewer, dependency scanning with Amazon Inspector, and container security with Amazon ECR scanning. Learn to orchestrate security gates using AWS CodePipeline, implement software composition analysis, and automate vulnerability remediation with Amazon Q Developer. Walk away with practical patterns for embedding security testing at every stage of your delivery pipeline while maintaining development velocity.

Securing Large Language Models: Best Practices for Prompt Engineering and Mitigating Prompt Injection Attacks [Beginner]

The rapid adoption of large language models (LLMs) in enterprise IT environments has introduced new challenges in security, responsible AI, and privacy. One critical risk is the vulnerability to prompt injection attacks, where malicious actors manipulate input prompts to influence the LLM's outputs and introduce biases or harmful outcomes. This guide outlines security guardrails for mitigating prompt engineering and prompt injection attacks. The authors present a comprehensive approach to enhancing the prompt-level security of LLM-powered applications, including robust authentication mechanisms, encryption protocols, and optimized prompt designs. These measures aim to significantly improve the reliability and trustworthiness of AI-generated outputs, while maintaining high accuracy for non-malicious queries. The proposed security guardrails are compatible with various model providers and prompt templates, but require additional customization for specific models. By implementing these best practices, organizations can instill higher trust and credibility in the use of generative AI-based solutions, maintain uninterrupted system operations, and enable in-house data scientists and prompt engineers to uphold responsible AI practices.

Amazon Security Lake: Centralized Data Management for Cloud Native Ops [Advanced]

Amazon Security Lake stands as a paradigm shift in security data management. This service centralizes security data, significantly simplifying its management. Our talk will detail how Security Lake ingests data from a myriad of sources, converts it to the unified schema OCSF, and stores it, ready to be queried using AWS Athena for in-depth insights. Amazon Security Lake's robust architecture, combined with the power of AWS Athena, facilitates a more comprehensive understanding of the security landscape, bringing valuable insights to light. We will present a live demo and provide practical examples to illustrate how AWS Security Lake can seamlessly integrate with your DevSecOps toolchain, enhancing its functionality and efficiency. Attendees will gain a deep understanding of Amazon Security Lake's capabilities, exploring how its features can revolutionize their approach to cybersecurity, promoting a more secure and resilient digital environment.

Security Workshop

In this workshop, you will learn practical techniques for protecting your web application from the most common threats, without needing to change any code. These techniques can be applied directly against your own AWS environments with minimal time and effort. You will be provided an AWS Account running the OWASP Juice Shop, and perform an attack to exfiltrate its credentials. You will then leverage Amazon GuardDuty to detect and respond to the attack, AWS Web Application Firewall (AWS WAF) to create a virtual patch to stop the exploit, and VPC Endpoint Policies to prevent illicit use of the stolen credentials. You'll also see how AWS WAF can be used to block other exploits using its managed rules. Using these and similar techniques to detect and respond to attacks will let you build fast AND stay secure.

Simplify Security Events Log Analysis with Amazon Q [Advanced]

Discover how to build security-focused applications with Amazon Q to analyze AWS accounts for compliance and vulnerabilities. Use automation to centralize security logs and events from AWS services, partner solutions, and open-source tools, and analyze using an intuitive chatbot interface. Through practical examples, explore how Generative AI enhances security analysis, delivering a richer experience with queries in natural language.

Use IAM Roles Anywhere to reduce the use of static IAM keys [Advanced]

Exposed static IAM keys are one of the most common security risks for AWS accounts. Avoiding the use of static keys is a best practice that can be hard to achieve in hybrid cloud environments where access needs to be given to external systems. IAM Roles Anywhere is a service that helps mitigate this risk. In this talk, I detail the problems and risks associated with static keys, how IAM Roles Anywhere can solve this problem, and walk through how to set up the complete solution.

Establish a Secured and Resilient Architecture [Business Focused]

I will demonstrate how to build a secured multi-tier architecture. You are tasked with creating a foundational multi-tier architecture in AWS, which includes a Web Tier, Application Tier, and Database Tier. The goal is to build each tier incrementally, ensuring each layer functions correctly before moving on to the next.

Optimizing GPU Usage in Amazon EKS: Improving Performance and Security in Kubernetes [Advanced]

My talk will be covering how to optimize GPU usage in Amazon EKS for both performance and security. I will go over setting up GPU-enabled EC2 instances, managing resource requests for GPU workloads, and allocating GPUs to meet workload demands. I’ll also cover security practices specific to GPU workloads, e.g.: how to use RBAC to limit access to GPU resources, network policies to isolate sensitive GPU workloads from non-critical ones, and IAM roles to control who can provision and access GPU-powered instances. I hope my talk helps you get started with optimizing and securing GPU workloads in EKS.

Securing Large Language Models: Best Practices for Prompt Engineering and Mitigating Prompt Injection Attacks [Beginner]

The rapid adoption of large language models (LLMs) in enterprise IT environments has introduced new challenges in security, responsible AI, and privacy. One critical risk is the vulnerability to prompt injection attacks, where malicious actors manipulate input prompts to influence the LLM's outputs and introduce biases or harmful outcomes. This guide outlines security guardrails for mitigating prompt engineering and prompt injection attacks. The authors present a comprehensive approach to enhancing the prompt-level security of LLM-powered applications, including robust authentication mechanisms, encryption protocols, and optimized prompt designs. These measures aim to significantly improve the reliability and trustworthiness of AI-generated outputs, while maintaining high accuracy for non-malicious queries. The proposed security guardrails are compatible with various model providers and prompt templates, but require additional customization for specific models. By implementing these best practices, organizations can instill higher trust and credibility in the use of generative AI-based solutions, maintain uninterrupted system operations, and enable in-house data scientists and prompt engineers to uphold responsible AI practices.

Everything you didn't want to know about IAM [Beginner]

If you have used AWS, you have seen an error message stating "x is not authorized to perform y". This is a annoying fact. But how do you solve these? In this talk, Peter will walk though how IAM is designed, different types of policies and when they are useful. You will leave with techniques for understanding and debugging those access issues you wish didn't exist.

Simplify Security Events Log Analysis with Amazon Q [Advanced]

Discover how to build security-focused applications with Amazon Q to analyze AWS accounts for compliance and vulnerabilities. Use automation to centralize security logs and events from AWS services, partner solutions, and open-source tools, and analyze using an intuitive chatbot interface. Through practical examples, explore how Generative AI enhances security analysis, delivering a richer experience with queries in natural language.

Securing Generative AI applications using AWS Services [Business Focused]

Securing generative AI applications using AWS services involves implementing robust strategies to protect data, models, and infrastructure. This presentation explores how AWS tools like Identity and Access Management (IAM), AWS Key Management Service (KMS), and Amazon SageMaker enable secure model development, training, and deployment. Topics include safeguarding sensitive data with encryption, ensuring network security through Virtual Private Clouds (VPCs), and mitigating threats using services like AWS Shield and AWS WAF. Best practices for monitoring AI workloads with Amazon CloudWatch and addressing compliance requirements through AWS Audit Manager will also be discussed. Attendees will gain actionable insights to build and maintain secure, scalable, and resilient generative AI applications on AWS.

Builder cards [Intermediate]

AWS BuilderCards, is a fun and educational deckbuilding card game, designed to teach how different AWS services work together to build well-architected workloads, while having fun with other attendees.

Securing SaaS Applications with Amazon Verified Permissions: From Theory to Practice [Beginner]

As SaaS applications grow more complex, managing authorization can quickly become a bottleneck. Traditional inline authorization approaches often result in security weaknesses, greater development overhead, and maintenance challenges. Amazon Verified Permissions offers a streamlined, centralized approach to authorization, enabling scalable, policy-based access control that evolves independently of your application code. In this session, we’ll explore how to implement Verified Permissions in multi-tenant SaaS environments. We’ll discuss different architectural patterns, weigh their trade-offs, and demonstrate how Verified Permissions can simplify tenant-specific policy management while maintaining strict security boundaries. Attendees will gain practical insights and see live examples of using JWT tokens and other strategies to integrate Verified Permissions into their own SaaS applications.