Zaal 10

Sessions

ACD206

DDoS as a service: Running load tests in the Cloud for the Cloud

Room: Zaal 10 | Time: 11:00 | Duration: 60

Building applications on AWS comes with many potential advantages, such as less responsibility, reduction in costs, and ““infinite”” scaling to name a few. Because of this, we tend to rely completely on AWS when it comes to certain properties of our applications, such as performance and scalability. However, simply using AWS is not a guarantee that your AWS application will be able to handle the load as your business grows. How certain are you that your AWS application can handle 2x the current load on production?

Evertson Croes

Organising success via Luminis

ACD320

Affordable Alternatives: Breaking Appstream's limitations to replace AWS Workspaces

Room: Zaal 10 | Time: 13:00 | Duration: 30

AWS Workspaces and AWS Appstream are two examples of services that enable users to put their desktop interface on the cloud to offload their compute requirements. They do this however in two completely different manners (and as such, have completely different pricetags). We will be talking about a scenario we encountered in which we migrated 260 users to appstream, the challenges we encountered in that transistion and about our solution in overcoming a very big limiting factor in using Appstream at scale.

Bart Mommers

AWS Cloud Engineer

Yaika Zeeman

AWS Cloud Engineer

ACD207

Migration of a PCI DSS workload to AWS

Room: Zaal 10 | Time: 13:35 | Duration: 30

Summary of how CloudNation designed the architecture and migrated a mobility transaction provider platform that processes cardholder data with VISA to AWS. To adhere to the many requirements of PCI-DSS, we used a combination of Amazon Payment Cryptography, restricted networking in a hub-spoke setup, centralized governance with AWS Landing Zone Accelerator and several other security controls.

Speakers

Erik van Dijk , Tom Eigenraam , Christiaan Rakowski

Erik van Dijk

Tech Lead AWS / DevOps engineer at CloudNation

Tom Eigenraam

AWS Cloud Consultant at CloudNation

And 1 more speaker.

ACD226

Policy Perils: From Misconfigurations to Account Takeovers

Room: Zaal 10 | Time: 14:10 | Duration: 30

AWS IAM becomes complicated when dealing with permissions for resources spread across different policies, roles and accounts. This opens the door for dangerous mistakes that allow for privilege escalation. In this talk, we show you real-life cases on how innocent-looking permissions can lead to full AWS account takeovers, even hop to accounts that should be out of reach. The talk will include 2 case scenarios pertaining to privilege escalation through over-permissive policies and associated roles.

Sudharshan Kumar

Senior Security Specialist

Roy Stultiens

Senior Security Specialist

ACD314

More Network Security: Forward Proxy on AWS Network Firewall & Fargate

Room: Zaal 10 | Time: 15:30 | Duration: 60

We’ve crafted a robust, scalable forward proxy solution integrating AWS Network Firewall, Squid Proxy, Fluentbit, Dnsmasq, and Telegraf - all components in containers. 🌐 The AWS Network Firewall serves as a transparent proxy, applying stateful and stateless whitelist blocking rules. 🦑 Squid Proxy, operating as an explicit proxy, is deployed in an ECS container alongside Fluentbit, which forwards logs to AWS CloudWatch. 🔧 Dnsmasq, also in an ECS container, resolves DNS issues related to Let’s Encrypt, ensuring smooth SSL/TLS certificate management.

Michal Salanci

Senior DevOps Engineer in Deutsche Telekom Systems Solutions, Slovakia