Immersion Day

Boost your application availability with AIOps on AWS

October

28

,

2023

|

7:00PM

-

10:00PM

EDT

Join event

Instructions

This template is intended for the Activation Day program. Use the panel to the right to unhide the correct About Event Block that corresponds to the Activation Day topic. Then, delete or HIDE this "Instructions" element before publishing. Make sure an event QA is conducted using this template.

Centralized Security

Join AWS subject-matter experts for a deep dive into centralized security posture management on AWS using AWS Security Hub. Security Hub is a cloud security posture management service that performs security best practice checks, aggregates alerts, and supports automated remediation. You will get hands-on experience using Security Hub, along with Amazon GuardDuty and AWS Config, in AWS-provided sandbox accounts and will walk away knowing when, how, and why to set up the services, and the best practices when doing so.

During the event, we will demonstrate how to set up the services across multiple accounts using AWS Organizations. If you optionally choose to set up the service in your own account(s) during the event, determine in advance which of your accounts you want to enable the services in, and ensure that you have the appropriate access. The multi-account setup requires that AWS Organizations be set up in advance.

Who should attend

This event is designed for technical roles and builders interested in learning how to centralize and manage security and compliance on AWS. We also welcome anyone interested in Security Hub, GuardDuty, and AWS Config. This is a multi-customer event; therefore, we recommend reserving sensitive questions and conversations for a 1:1 meeting with your AWS account team. Please bring any other questions and discuss during the event to get the most out of it.

Agenda

Total agenda time: 5 hrs

>

Overview

Introduction to centralized security on AWS and an overview of the AWS services covered in the event.

>

Deep Dive: AWS Config and Amazon GuardDuty

AWS experts will dive deep into the functionality of AWS Config, Security Hub, and GuardDuty, including how the services work together, and considerations you should make when setting up and leveraging the services.

>

Break

>

AWS Security Hub workshop

Get hands-on experience using Security Hub to centralize, prioritize, and respond to security findings to help improve your security posture.

>

Multi-account architecture deployment

AWS subject-matter experts will walk through the steps to deploy AWS Config, Security Hub, and GuardDuty across multiple accounts. If you have AWS Organizations set up and access to your AWS Organizations management account, you may choose to follow along and activate the services for your organization.

>

Best practices, next steps, and Q&A

We'll take some time to review everything, answer your questions, and discuss next steps.

Container Security

Join AWS subject-matter experts for a deep dive into container security for Amazon Elastic Kubernetes Service (Amazon EKS). You will learn how to use AWS Config for configuration management, AWS Security Hub for cloud security posture management, AWS Secrets Manager for secure secrets management, Amazon GuardDuty for threat detection, Amazon Detective for simplifying the investigative process for security issues, and Amazon Inspector for scanning container images for software vulnerabilities. Along the way, we'll dive into Kubernetes security best practices. You will get hands-on experience using all of these services in AWS-provided sandbox accounts and will walk away knowing when, why, and how to set up and use the services.

During the event, we will demonstrate how to set up the services across multiple accounts using AWS Organizations. If you optionally choose to set up the service in your own account(s) during the event, determine in advance which of your accounts you want to enable the services in, and ensure that you have the appropriate access. The multi-account setup requires that AWS Organizations be set up in advance. Before you enable Amazon Detective, Amazon GuardDuty must be enabled for 48 hours. This is not required for attendance. For more information, consult the Amazon Detective Prerequisites.

Who should attend

This event was designed for technical roles and builders interested in learning how to approach container security at scale on AWS. We also welcome anyone interested in AWS Config, GuardDuty, Detective, Amazon Inspector, Security Hub, Secrets Manager, or general Kubernetes security. This is a multi-customer event; therefore, we recommend reserving sensitive questions and conversations for a 1:1 meeting with your AWS account team. Please bring any other questions and discuss during the event to get the most out of it.

Agenda

Total agenda time: 6 hrs

>

Overview

Introduction to container security on AWS for Amazon EKS and an overview of the AWS security services covered in the event.

>

Container security (Amazon EKS) workshop

You will get hands-on experience using AWS services for configuration management, cloud security posture management, secrets management, detective controls, and incident response for container workloads running on Amazon EKS.

>

Break

>

Container security (Amazon EKS) workshop, continued

>

Multi-account architecture deployment

AWS subject-matter experts will walk through the steps to deploy AWS Config, GuardDuty, Security Hub,
Amazon Inspector, Secrets Manager, and Detective across multiple accounts. If you have AWS Organizations set up and access to your AWS Organizations management account, you may choose to follow along and activate the services for your organization.

>

Best practices, next steps, and Q&A

We'll take some time to review everything, answer your questions, and discuss next steps.

About the event

With IT infrastructures consistently churning out record amounts of new data, ITOps teams are often challenged to manage and analyze with traditional tools. A new approach is needed to help IT shift from reactive to proactive management of incident resolution to boost application availability, save time to detect and resolve the most critical issues and, lower costs.

Join this virtual, hands-on workshop comprising of live presentations and interactive labs, to learn how you can leverage a fully managed AIOps solution from AWS to detect, diagnose and remedy anomalous application behavior in your infrastructure.

This session is also available in other regions and time zones: APJ | AMER

You will learn how to:

• Proactively monitor and optimize your infrastructure for performance bottlenecks and operational issues

• Easily detect and resolve the most critical issues with ML-powered insights

• Reduce time-to-resolve operational issues from days to minutes

Feature topics

Amazon DevOps Guru

Amazon CloudWatch

Amazon Aurora

AWS Lambda

Amazon DynamoDB

Amazon API Gateway

Who should attend

DevOps Engineers, Site Reliability Engineers, Developers, IT Operators, and Database admins interested in learning about AWS AIOps solutions and how to improve the availability of applications. It doesn't matter if you work at a small startup or a large, enterprise organization, this event is designed to help you leverage AIOps to identify operational issues long before they impact your customers. No prior cloud computing or ML experience is required!

Agenda

2:00PM - 2:15PM

Welcome and Introductions

2:15PM - 2:45PM

AIOps- Using AI for Observability in AWS

2:45PM - 4:45PM

Hands-on Lab- Gaining Operational Insights with AIOps using Amazon DevOps Guru

4:45PM - 5:00PM

Q&A, Closing Remarks

Data Discovery

Join AWS subject-matter experts for a deep dive into data discovery AWS using Amazon Macie to find sensitive data. The Data Discovery Activation Day provides organizations with a thorough understanding of data discovery principles, how to implement a data discovery program, as well as hands-on scenarios with Macie and deployment in your AWS accounts. Macie is a data security service that uses machine learning (ML) and pattern matching to discover and help protect your sensitive data. You will get hands-on experience using AWS-provided sandbox accounts and will walk away knowing when, how, and why to set up and use the service.

During the event, we will demonstrate how to set up the service across multiple accounts using AWS Organizations. If you optionally choose to set up the service in your own account(s) during the event, determine in advance which of your accounts you want to enable the services in, and ensure that you have the appropriate access. The multi-account setup requires that AWS Organizations be set up in advance. This is not required for attendance.

Who should attend

This event was designed for technical roles and builders interested in learning how to approach data discovery on AWS. We also welcome anyone interested in Macie. This is a multi-customer event; therefore, we recommend reserving sensitive questions and conversations for a 1:1 meeting with your AWS account team. Please bring any other questions and discuss during the event to get the most out of it.

Agenda

Total agenda time: 4 hrs

>

Overview

Introduction to data discovery on AWS, and an overview of the AWS services covered in the event.

>

Amazon Macie workshop

Get hands-on experience using Macie to discover your sensitive data at scale in Amazon S3 buckets.

>

Break

>

Amazon Macie workshop, continued

>

Multi-account architecture deployment

AWS subject-matter experts will walk through the steps to deploy Macie across multiple accounts. If you have AWS Organizations set up and access to your AWS Organizations management account, you may choose to follow along and activate the service for your organization.

>

Best practices, next steps, and Q&A

We'll take some time to review everything, answer your questions, and discuss next steps.

Data Encryption

AWS is committed to providing the ability to encrypt everything everywhere; we give customers features and controls to encrypt data, whether in transit, at rest, or in memory.

Join AWS subject-matter experts for a deep dive into securing your sensitive data on AWS, using AWS Private Certificate Authority (AWS Private CA), AWS Key Management Service (AWS KMS), and AWS CloudHSM. You will get hands-on experience in AWS-provided sandbox accounts and will walk away knowing when, how, and why to set up and use the services, and the best practices when doing so across multiple accounts and regions.

During the event, we will demonstrate how to set up the services across multiple accounts. If you optionally choose to set up the service in your own account(s) during the event, determine in advance which of your accounts you want to enable the services in, and ensure that you have the appropriate access. The multi-account setup requires that AWS Organizations be set up in advance. If you choose to follow along in your own account, you will leave the event with a fully operational CA hierarchy hosted in AWS Private CA.

Who should attend

This event is designed for technical roles and builders interested in data encryption and key management on AWS. We welcome anyone interested in AWS Private CA, AWS KMS or CloudHSM. This is a multi-customer event; therefore, we recommend reserving sensitive questions and conversations for a 1:1 meeting with your AWS account team. Please bring any other questions and discuss during the event to get the most out of it.

Agenda

Total agenda time: 5:45 hrs

>

Overview

Introduction to data encryption on AWS and an overview of the AWS services covered in the event.

>

Workshop: Activating AWS Private CA for data-in-transit encryption

Get hands-on experience securing, scaling, and managing private CAs and certificates using AWS Private CA. The workshop will cover how to build an effective CA hierarchy that is secure, scalable, and cost-optimized, how to issue certificates, best practices around monitoring and administering your PKI, and how to effectively use different types of certificate templates to meet your requirements for encryption, code signing, and more.

>

Break

>

Deep Dive: AWS KMS

Subject matter experts will walk through how to use AWS KMS to encrypt data in AWS using services like Amazon S3, Amazon Relational Database Service (RDS), and Amazon DynamoDB.

>

Deep Dive: AWS CloudHSM and AWS KMS

We will provide an overview of CloudHSM, how it differs from AWS KMS, and we will help attendees understand the considerations around when to use these services for different use cases.

>

Break

>

Multi-account, multi-Region deployment for data encryption

AWS subject-matter experts will walk through the steps to begin securing your data using AWS KMS, AWS Private CA, and CloudHSM for customers who operate in multiple accounts and multiple regions.

>

Best practices, next steps, and Q&A

We'll take some time to review everything, answer your questions, and discuss next steps.

Secrets Management

Join AWS subject-matter experts for a deep dive into secrets management on AWS using AWS Secrets Manager to securely store, retrieve, and rotate database credentials and other types of application secrets. You will get hands-on experience using AWS-provided sandbox accounts and will walk away knowing when, how, and why to set up and use the service.

During the event, we will demonstrate how to set up the service across multiple accounts. If you optionally choose to set up the service in your own account(s) during the event, determine in advance which of your accounts you want to enable the service in, and ensure that you have the appropriate access.

Who should attend

This event was designed for technical roles and builders interested in learning how to approach secrets management at scale on AWS. We also welcome anyone interested in learning more about Secrets Manager. This is a multi-customer event; therefore, we recommend reserving sensitive questions and conversations for a 1:1 meeting with your AWS account team. Please bring any other questions and discuss during the event to get the most out of it.

Agenda

Total agenda time: 5:45 hrs

>

Welcome

Introduction to secrets management and an overview of AWS Secrets Manager

>

Workshop: Store, retrieve, and manage sensitive credentials in Secrets Manager

Discover how to integrate Secrets Manager in your development platform backed by Serverless applications. You will work through a sample application and use Secrets Manager to retrieve the credentials from your application. You will store and control access to the secrets in Secrets Manager. You will also learn how to use Secrets Manager integrated with services like AWS Key Management Service (AWS KMS), AWS Config, Amazon EventBridge and AWS CloudTrail. At the end of the workshop you will implement incident response workflows for managing secrets in Secrets Manager.

>

Break

>

Secrets lifecycle management at scale

Learn how to use Secrets Manager to manage, monitor, and securely retrieve application secrets in an enterprise environment. AWS subject-matter experts will demonstrate how to programmatically retrieve database credentials, and use services like AWS Config to monitor the compliance status of application secrets.

>

Secret rotation deep dive

AWS subject-matter experts will provide an in-depth explanation of how automatic rotation of secrets is performed using AWS Secrets Manager. Learn how Secrets Manager enables the rotation of secrets with no application downtime, and how to utilize and/or customize pre-built AWS Lambda functions for rotation of secrets.

>

Break

>

Controlling access to secrets

Learn how to appropriately protect application secrets using access controls and encryption. AWS subject-matter experts will provide recommended practices for writing least-privilege resource policies to control access to secrets stored in Secrets Manager, and explain how Secrets Manager uses AWS KMS to encrypt secrets.

>

Multi-account architecture patterns

AWS subject-matter experts will walk through recommended architecture patterns to effectively utilize Secrets Manager in multiple AWS accounts. You will also learn the tradeoffs and considerations when deciding to store secrets in a single, centralized account, versus storing secrets in a decentralized manner (i.e., in the same account as the workload utilizing the secret).

>

Best practices, next steps, and Q&A

We'll take some time to review everything, answer your questions, and discuss next steps.

Threat Detection & Response

Join AWS subject-matter experts for a deep dive into threat detection and response on AWS using Amazon
GuardDuty, Amazon Detective, and AWS Security Hub to analyze, investigate, and respond to potential security issues or suspicious activities in your environment. GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity. Detective simplifies the investigative process and helps security teams conduct faster and more effective investigations. You will get hands-on experience using AWS-provided sandbox accounts and will walk away knowing when, how, and why to set up and use the services.

During the event, we will demonstrate how to set up the services across multiple accounts using AWS Organizations. If you optionally choose to set up the service in your own account(s) during the event, determine in advance which of your accounts you want to enable the services in, and ensure that you have the appropriate access. The multi-account setup requires that AWS Organizations be set up in advance. Before you enable Detective, GuardDuty must be enabled for 48 hours. This is not required for attendance. For more information, see Amazon Detective prerequisites.

Who should attend

This event was designed for technical roles and builders interested in learning how to approach threat detection and response at scale on AWS. We also welcome anyone interested in GuardDuty, Detective, or Security Hub. This is a multi-customer event; therefore, we recommend reserving sensitive questions and conversations for a 1:1 meeting with your AWS account team. Please bring any other questions and discuss during the event to get the most out of it.

Agenda

Total agenda time: 4:45 hrs

>

Overview

Introduction to threat detection and response on AWS and an overview of the AWS services covered in the event.

>

Threat detection and response workshop

You will get hands-on experience using AWS security services to identify, investigate, and remediate threats in your environment. We will demonstrate how to set up notifications, automated response, and add additional protections to improve the security posture of your environment.

>

Break

>

Threat detection and response workshop (continued)

>

Multi-account architecture deployment

AWS subject-matter experts will walk through the steps to deploy GuardDuty, Security Hub, and Detective across multiple accounts. If you have AWS Organizations set up and access to your AWS Organizations management account, you may choose to follow along and activate the services for your organization.

>

Best practices, next steps, and Q&A

We'll take some time to review everything, answer your questions, and discuss next steps.

Vulnerability Management

Join AWS subject-matter experts for a deep dive into vulnerability management on AWS using Amazon Inspector and AWS Systems Manager Patch Manager. Amazon Inspector is an automated vulnerability management service that continually scans Amazon Elastic Compute Cloud (EC2), Serverless, and container workloads for software vulnerabilities and unintended network exposure. AWS Systems Manager Patch Manager is used to automate the process of patching managed EC2 instances with both security-related and other types of updates. You will get hands-on experience using Amazon Inspector and AWS Systems Manager in AWS-provided sandbox accounts and will walk away knowing when, how, and why to set up the services, and the best practices when doing so.

During the event, we will demonstrate how to set up Amazon Inspector across multiple accounts using AWS Organizations. If you optionally choose to set up the service in your own account(s) during the event, determine in advance which of your accounts you want to enable the services in, and ensure that you have the appropriate access. The multi-account setup requires that AWS Organizations be set up in advance.

Who should attend

This event was designed for technical roles and builders interested in learning how to approach vulnerability management at scale on AWS. We also welcome anyone interested in Amazon Inspector or Patch Manager. This is a multi-customer event; therefore, we recommend reserving sensitive questions and conversations for 1:1 meetings with your AWS account team. Please bring any other questions and discuss during the event to get the most out of it.

Agenda

Total agenda time: 4 hrs

>

Overview

Introduction to vulnerability management on AWS and an overview of the AWS services covered in the event.

>

Vulnerability management workshop

You will get hands-on experience using Amazon Inspector to scan Amazon EC2 instances for software vulnerabilities. We'll walk through how to prioritize, suppress, and remediate findings, including how to set up patch management.

>

Break

>

Vulnerability management workshop (continued)

>

Multi-account architecture aeployment

AWS subject-matter experts will walk through the steps to deploy Amazon Inspector across multiple accounts. If you have AWS Organizations set up and access to your AWS Organizations management account, you may choose to follow along and activate the services for your organization.

>

Best practices, next steps, and Q&A

We'll take some time to review everything, answer your questions, and discuss next steps.

Web Application Protection

Join AWS subject-matter experts for a deep dive into protecting web applications on AWS using AWS WAF and AWS Shield. AWS WAF helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources. AWS Shield is a managed DDoS protection service that safeguards applications running on AWS. You will get hands-on experience in AWS-provided sandbox accounts and will walk away knowing when, how, and why to set up the services, and the best practices when doing so.

During the event, we will demonstrate how to set up AWS WAF. You may optionally choose to follow along in one of your own accounts during the event. Determine in advance which of your accounts you want to enable the services in, and ensure that you have the appropriate access.

Who should attend

This event is designed for technical roles and builders interested in learning how to protect web applications on AWS. We welcome anyone interested in AWS WAF, AWS Shield Advanced, and AWS Bot Control. This is a multi-customer event; therefore, we recommend reserving sensitive questions and conversations for a 1:1 meeting with your AWS account team. Please bring any other questions and discuss during the event to get the most out of it.

Agenda

Total agenda time: 6 hrs

>

Overview

Introduction to web application protection on AWS and an overview of the AWS services covered in the event.

>

Workshop: Strengthen your web application defenses with AWS WAF

Get hands-on experience using AWS WAF to build an effective set of controls around your web application, and to perform monitoring. The workshop will cover how to mitigate common attack vectors against web applications, advanced protections, and how to use WAF logging, query logs with Amazon Athena, and build near real-time dashboards to analyze requests inspected by AWS WAF.

>

Break

>

Deep Dive: AWS Bot Control & AWS Shield Advanced

Subject-matter experts will dive deep into the functionality of AWS Bot Control with AWS WAF and Shield, including how the services work, considerations you should make when setting up and leveraging the services, and the additional benefits of Shield Advanced over Shield.

>

Break

>

AWS WAF deployment

AWS subject-matter experts will walk through the steps to deploy AWS WAF in your environment. You may choose to follow along and activate the service in your account(s).

>

Best practices, next steps, and Q&A

We'll take some time to review everything, answer your questions, and discuss next steps.

The Final Countdown!

Time left for the event days hours minutes seconds

The countdown doesn't work if the event start date is set to TBD

Agenda

9:00AM - 10:00AM

Breakfast

Breakfast. Registration will take place five minutes before breakfast.

10:00AM - 11:00AM

The Horizon of AI

The Emerging World of Artifical Intelligence and Machine Learning by Matthew Hartman and Partner, Betaworks.

11:00AM - 12:00PM

Startup Evangelist of the Month

Welcome Mackenzie Kosut, AWS Startup Evangelist

1:00PM - 2:00PM

Breakout Session 1

In this project, you will learn how to deploy and host Jenkins, an open-source automation software predominantly used for CI/CD

3:00PM - 4:00PM

Breakout Session 2

In this project, you will learn how to deploy and host WordPress, an open-source blogging tool and content management system

Jonathan Vogel

Jonathan is a Developer Advocate at AWS. He was a DevOps Specialist Solutions Architect at AWS for two years prior to taking on the Developer Advocate role. Prior to AWS, he practiced professional software development for over a decade. Jonathan enjoys music, birding and climbing rocks.

Iris Kraja

Iris is a Cloud Application Architect at AWS Professional Services. She is passionate about helping customers design and build modern AWS cloud native solutions, with a keen interest in serverless technology, event-driven architectures and DevOps. Outside of work, she enjoys hiking and spending as much time as possible in nature.

Omar Kahil

Omar is a DevOps Lead at AWS Professional Services based in UK. Working at AWS for 4 years, focusing on Enterprise customers. He holds 5 AWS certificates and an AWS SME in areas like Containers, DevOps and Landing Zone.

Chirantan Saha

Chirantan Saha is based in Singapore and has over 22 years of experience in DevOps and Cloud Architecture. At AWS, he works with the professional services team to help global financial customers modernize, migrate and automate workloads on the AWS Cloud. When not working, Chirantan is an avid runner and enjoys participating in marathon races.

Agenda Navigation Anchor.