Now Open – AWS Asia Pacific (Hong Kong) Region

This post was originally published on this site

The AWS Region in Hong Kong SAR is now open and you can start using it today. The official name is Asia Pacific (Hong Kong) and the API name is ap-east-1. The AWS Asia Pacific (Hong Kong) Region is the eighth active AWS Region in Asia Pacific and mainland China along with Beijing, Mumbai, Ningxia, Seoul, Singapore, Sydney, and, Tokyo. With this launch, AWS now spans 64 Availability Zones within 21 geographic regions around the world. We have also announced plans for 12 more Availability Zones and four more AWS Regions in Bahrain, Cape Town, Jakarta, and Milan.

Instances and Services
Applications running in this 3-AZ region can use C5, C5d, D2, I3, M5, M5d, R5, R5d, and T3 instances, and can make use of a long list of AWS services including Amazon API Gateway, Application Auto Scaling, AWS Certificate Manager (ACM), AWS Artifact, AWS CloudFormation, Amazon CloudFront, AWS CloudTrail, Amazon CloudWatch, CloudWatch Events, Amazon CloudWatch Logs, AWS CodeDeploy, AWS Config, AWS Config Rules, AWS Database Migration Service, AWS Direct Connect, Amazon DynamoDB, EC2 Auto Scaling, EC2 Dedicated Hosts, Amazon Elastic Block Store (EBS), Amazon Elastic Compute Cloud (EC2), Elastic Container Registry, Amazon ECS, Application Load Balancers (Classic, Network, and Application), Amazon EMR, Amazon ElastiCache, Amazon Elasticsearch Service, Amazon Glacier, AWS Identity and Access Management (IAM), Amazon Kinesis Data Streams, AWS Key Management Service (KMS), AWS Lambda, AWS Marketplace, AWS Organizations, AWS Personal Health Dashboard, AWS Resource Groups, Amazon Redshift, Amazon Relational Database Service (RDS), Amazon Aurora, Amazon Route 53 (including Private DNS for VPCs), AWS Shield, AWS Server Migration Service, AWS Snowball, AWS Snowball Edge, Amazon Simple Notification Service (SNS), Amazon Simple Queue Service (SQS), Amazon Simple Storage Service (S3), Amazon Simple Workflow Service (SWF), AWS Step Functions, AWS Support API, Amazon EC2 Systems Manager (SSM), AWS Trusted Advisor, Amazon Virtual Private Cloud, and VM Import/Export.

AWS Elastic Beanstalk, Amazon Elastic Container Service for Kubernetes, and AWS X-Ray are scheduled for deployment next month, with other services to follow. We are also working to enable cross-region delivery from SNS topics hosted in other regions to SQS queues hosted in the new region.

Using the Asia Pacific (Hong Kong) Region
As we announced last month, you need to explicitly enable this region for your AWS account in order to be able to create and manage resources within it. Enabling or disabling a region requires the account:EnableRegion, account:DisableRegion, and account:ListRegions permissions. Here’s a sample IAM policy that grants these permissions for the new region:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "aws-portal:ViewAccount",
            "account:ListRegions"
         ],
         "Resource":"*"
      },
      {
         "Effect":"Allow",
         "Action":[
            "account:EnableRegion",
            "account:DisableRegion"
         ],
         "Resource":"*",
         "Condition":{
            "StringEquals":{
               "account:TargetRegion":"ap-east-1"
            }
         }
      }
   ]
}

Log in to the AWS Management Console as a user that has these appropriate permissions and click My Account:

Scroll down to the AWS Regions section, find the new region, and click Enable:

Then confirm your action by clicking Enable region:

The region is enabled immediately, and will be ready for use shortly thereafter.

You can also enable the region by selecting it from the menu:

And then confirming your action:

Connectivity, Edge Locations, and Latency
Hong Kong SAR is already home to three Amazon CloudFront edge locations (the first one opened way back in 2008). There are also more than thirty other edge locations and eleven regional edge caches in Asia; see the Amazon CloudFront Infrastructure page for a full list.

The region offers low-latency connections to other cities and AWS regions in the area. Here are the latest numbers:

There are now two Hong Kong AWS Direct Connect locations: the existing one at iAdvantage Mega-I and a new one at Equinix HK1. Both locations have direct connectivity to the Asia Pacific (Hong Kong) Region. If you already connect to AWS at iAdvantage, you can use your existing Direct Connect connection to access the new region via Direct Connect Gateway.

Investing in the Future
Before I wrap up I would like to tell you about some of work that we are doing to support startups and to educate developers:

AWS Activate – This global program provides startups with credits, training, and support so that they can build their businesses on AWS.

AWS Educate – This global program teaches students about cloud computing. It provides AWS credits to educators and students, along with discounts on training, access to curated content, personalized learning pathways, and collaboration tools. Dozens of Hong Kong universities and business schools are already participating.

AWS Academy – This global program is designed to bridge the gap between academia and industry by giving students the knowledge that they need to have in order to qualify for jobs that require cloud skills. The program is built around hands-on experience, and includes an AWS-authored curriculum, access to AWS certification, accreditation for educators.

Training and Certification – This global program helps developers to build cloud skills using digital or classroom training and to validate those skills by earning an industry-recognized credential. It includes learning paths for Cloud Practitioners, Architects, Developers, and Operations.

Jeff;

 

Analyst Webcast: Why Your Vulnerability Management Strategy Is Not Working and What to Do About It – April 24, 2019 10:30am US/Eastern

This post was originally published on this site

Speakers: Jake Williams and Eric Olson

Vulnerability management has become a critical component of a holistic information security program, yet enterprises continue to be breached, in part due to a lack response to known vulnerabilities, such as effective patching.

The state of attacks is changing and vulnerability management must change with it. While many organizations understand that annual scans aren’t enough, they still struggle with prioritizing resources to address vulnerabilities.

In this SANS webcast, certified instructor Jake Williams will address todays effective vulnerability management. Attendees will learn about:

  • Prioritizing the application of patches
  • Mapping security controls to assets
  • Threat modeling to understand attack chains
  • Gap analysis to prioritize new security controls

Register now and be among the first to receive the associated white paper written by Jake Williams.

Now Available – AMD EPYC-Powered Amazon EC2 T3a Instances

This post was originally published on this site

The AMD EPYC-powered T3a instances that I promised you last year are available now and you can start using them today! Like the recently announced M5ad and R5ad instances, the T3a instances are built on the AWS Nitro System and give you an opportunity to balance your instance mix based on cost and performance.

T3a Instances
These instances deliver burstable, cost-effective performance and are a great fit for workloads that do not need high sustained compute power but experience temporary spikes in usage. You get a generous and assured baseline amount of processing power and the ability to transparently scale up to full core performance when you need more processing power, for as long as necessary. To learn more about the burstable compute model common to the T3 and the T3a, read New T3 Instances – Burstable, Cost-Effective Performance.

You can launch T3a instances today in seven sizes in the US East (N. Virginia), US West (Oregon), Europe (Ireland), US East (Ohio), and Asia Pacific (Singapore) Regions in On-Demand, Spot, and Reserved Instance form. Here are the specs:

Instance Name vCPUs RAM EBS-Optimized Bandwidth Network Bandwidth
t3a.nano
2 0.5 GiB Up to 1.5 Gbps Up to 5 Gbps
t3a.micro
2 1 GiB Up to 1.5 Gbps Up to 5 Gbps
t3a.small
2 2 GiB Up to 1.5 Gbps Up to 5 Gbps
t3a.medium
2 4 GiB Up to 1.5 Gbps Up to 5 Gbps
t3a.large
2 8 GiB Up to 2.1 Gbps Up to 5 Gbps
t3a.xlarge
4 16 GiB Up to 2.1 Gbps Up to 5 Gbps
t3a.2xlarge
8 32 GiB Up to 2.1 Gbps Up to 5 Gbps

The T3 and the T3a instances are available in the same sizes and can use the same AMIs, making it easy for you to try both and find the one that is the best match for you application.

Pricing is 10% lower than the equivalent existing T3 instances; see the On-Demand, Spot, and Reserved Instance pricing pages for more info.

Jeff;

Special Webcast: Take Back Control of Your DNS Traffic – April 24, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Martin Walter, Dave Shackleford and Zoltan Deak

DNS is wide open for attackers. Security teams are under pressure to enforce consistent protections for millions of new malicious domains while keeping up with advanced tactics like DNS tunneling. How can you take back control of your DNS traffic and prevent these threats?

Join SANS and Palo Alto Networks experts to learn:

  • How real-world threats found by Unit 42 use DNS for command-and-control and data theft.
  • Challenges our customers face in addressing DNS-based attacks.
  • Best practices for protecting DNS traffic to keep your organization safe.

Youll also get your questions answered in our live Q&A when you join us for this interactive session. Learn what you should be doing to protect your DNS traffic todayand how to stay ahead of emerging tactics.

Amazon SageMaker Ground Truth keeps simplifying labeling workflows

This post was originally published on this site

Launched at AWS re:Invent 2018, Amazon SageMaker Ground Truth is a capability of Amazon SageMaker that makes it easy for customers to efficiently and accurately label the datasets required for training machine learning systems.

A quick recap on Amazon SageMaker Ground Truth

Amazon SageMaker Ground Truth helps you build highly accurate training datasets for machine learning quickly. SageMaker Ground Truth offers easy access to public and private human labelers and provides them with built-in workflows and interfaces for common labeling tasks. Additionally, SageMaker Ground Truth can lower your labeling costs by up to 70% using automatic labeling, which works by training Ground Truth from data labeled by humans so that the service learns to label data independently.

Amazon SageMaker Ground Truth helps you build datasets for:

  • Text classification.
  • Image classification, i.e categorizing images in specific classes.
  • Object detection, i.e. locating objects in images with bounding boxes.
  • Semantic segmentation, i.e. locating objects in images with pixel-level precision.
  • Custom user-defined tasks, that let customers annotate literally anything.

You can choose to use your team of labelers and route labeling requests directly to them. Alternatively, if you need to scale up, options are provided directly in the Amazon SageMaker Ground Truth console to work with labelers outside of your organization. You can access a public workforce of over 500,000 labelers via integration with Amazon Mechanical Turk. Alternatively, if your data requires confidentiality or special skills, you can use professional labeling companies pre-screened by Amazon, and listed on the AWS Marketplace.

Announcing new features

Since the service was launched, we gathered plenty of customer feedback (keep it coming!), from companies such as T-Mobile, Pinterest, Change Healthcare, GumGum, Automagi and many more. We used it to define what the next iteration of the service would look like, and just a few weeks ago, we launched two highly requested features:

  • Multi-category bounding boxes, allowing you to label multiple categories within an image simultaneously.
  • Three new UI templates for your custom workflows, for a total of fifteen different templates that help you quickly build annotation workflows for images, text, and audio datasets.

Today, we’re happy to announce another set of new features that keep simplifying the process of building and running cost-effective labeling workflows. Let’s look at each one of them.

Job chaining

Customers often want to run a subsequent labeling job using the output of a previous labeling job. Basically, they want to chain together labeling jobs using the outputted labeled dataset (and outputted ML model if automated data labeling was enabled). For example, they may run an initial job where they identify if humans exist in an image, and then they may want to run a subsequent job where they get bounding boxes drawn around the humans.

If active learning was used, customers may also want to use the ML model that was produced in order to bootstrap automated data labeling in a subsequent job. Setup couldn’t be easier: you can chain labeling jobs with just one click!

Job tracking

Customers want to be able to see the status of the progress of their labeling jobs. We now provide near real-time status for labeling jobs.

Long-lived jobs

Many customers use experts as labelers, and these individuals perform labeling on a periodic basis. For example, healthcare companies often use clinicians as their expert labelers, and they can only perform labeling occasionally during downtime. In these scenarios, labeling jobs need to run longer, sometimes for weeks or months. We now support extended task timeout windows where each batch of a labeling job can run for 10 days, meaning labeling jobs can extend for months.

Dynamic custom workflows

When setting up custom workflows, customers want to insert or use additional context in addition to the source data. For example, a customer may want to display the specific weather conditions above each image in the tasks they send to labelers; this information can help labelers better perform the task at-hand. Specifically, this feature allows customers to inject output from previous labeling jobs or other custom content into the custom workflow. This information is passed into a pre-processing Lambda function using the augmented manifest file that includes the source data and additional context. The customer can also use the additional context to dynamically adjust the workflow.

New service providers and new languages

We are listing two new data labeling service providers onto the AWS Marketplace: Vivetic and SmartOne. With the addition of these two vendors, Amazon SageMaker Ground Truth will add support for data labeling in French, German, and Spanish.

Regional expansion

In addition to US-East (Virginia), US-Central (Ohio), US-West (Oregon), Europe (Ireland), and Asia Pacific (Tokyo), Amazon SageMaker Ground Truth is now available in Asia Pacific (Sydney).

Customer case study: ZipRecruiter

ZipRecruiter is helping people find great jobs, and helping employers build great companies. They’ve been using Amazon SageMaker since launch. Says ZipRecruiter CTO Craig Ogg: “ZipRecruiter’s AI-powered algorithm learns what each employer is looking for and provides a personalized, curated set of highly relevant candidates. On the other side of the marketplace, the company’s technology matches job seekers with the most pertinent jobs. And to do all that efficiently, we needed a Machine Learning model to extract relevant data automatically from uploaded resumes”.

Of course, building datasets is a critical part of the machine learning process, and it’s often expensive and extremely time-consuming. To solve both problems, ZipRecruiter turned to Ground Truth and one of our labeling partners, iMerit.

As Craig puts it: “Amazon SageMaker Ground Truth will significantly help us reduce the time and effort required to create datasets for training. Due to the confidential nature of the data, we initially considered using one of our teams but it would take time away from their regular tasks and it would take months to collect the data we needed. Using Amazon SageMaker Ground Truth, we engaged iMerit, a professional labeling company that has been pre-screened by Amazon, to assist with the custom annotation project. With their assistance we were able to collect thousands of annotations in a fraction of the time it would have taken using our own team.”

Getting started

I hope that this post was informative, and that the new features will let you build even faster. Please try Amazon SageMaker Ground Truth, let us know what you think, and help us build the next iteration of this cool service!

Julien

Analyst Webcast: Increasing Visibility with Ixias Vision ONE – April 24, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Serge Borso and Taran Singh

Visibility into network structures and endpoints is vital to security and intelligence operations. Ixia’s Vision ONE is a device that enables organizations to gain visibility into threats and manage security operations within a single platform.

In this webcast, SANS Analyst Serge Borso reviews the platform and how it provides enhanced security through a single platform. Specifically, attendees will learn about the products ability to:

  • Use packet brokers to capture, filter and aggregate L2-L7 monitoring data for better and faster analysis
  • Maximize the efficiency of your inline security tools
  • Deploy application-level intelligence to turn data into actionable information
  • Reduce operational costs with easy management from a single pane of glass

Register for this webinar today and you will be among the first to receive the associated whitepaper written by SANS Analyst and product reviewer Serge Borso.

Analyst Webcast: Increasing Visibility with Ixias Vision ONE™ – April 24, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Serge Borso and Taran Singh

Visibility into network structures and endpoints is vital to security and intelligence operations. Ixias Vision ONE is a device that enables organizations to gain visibility into threats and manage security operations within a single platform.

In this webcast, SANS Analyst Serge Borso reviews the platform and how it provides enhanced security through a single platform. Specifically, attendees will learn about the products ability to:

  • Use packet brokers to capture, filter and aggregate L2-L7 monitoring data for better and faster analysis
  • Maximize the efficiency of your inline security tools
  • Deploy application-level intelligence to turn data into actionable information
  • Reduce operational costs with easy management from a single pane of glass

Register for this webinar today and you will be among the first to receive the associated whitepaper written by SANS Analyst and product reviewer Serge Borso.

New – Query for AWS Regions, Endpoints, and More Using AWS Systems Manager Parameter Store

This post was originally published on this site

In response to requests from AWS customers, I have been asking our service teams to find ways to make information about our regions and services available programmatically. Today I am happy to announce that this information is available in the AWS Systems Manager Parameter Store, and that you can easily access it from your scripts and your code. You can get a full list of active regions, find out which services are available with them, and much more.

Running Queries
I’ll use the AWS Command Line Interface (CLI) for most of my examples; you can also use the AWS Tools for Windows PowerShell or any of the AWS SDKs. As is the case with all of the CLI commands, you can request output in JSON, tab-delimited text, or table format. I’ll use JSON, and will make liberal use of the jq utility to show the more relevant part of the output from each query.

Here’s how to query for the list of active regions:

$ aws ssm get-parameters-by-path 
  --path /aws/service/global-infrastructure/regions --output json | 
  jq .Parameters[].Name
"/aws/service/global-infrastructure/regions/ap-northeast-1"
"/aws/service/global-infrastructure/regions/eu-central-1"
"/aws/service/global-infrastructure/regions/eu-north-1"
"/aws/service/global-infrastructure/regions/eu-west-1"
"/aws/service/global-infrastructure/regions/eu-west-3"
"/aws/service/global-infrastructure/regions/sa-east-1"
"/aws/service/global-infrastructure/regions/us-east-2"
"/aws/service/global-infrastructure/regions/us-gov-east-1"
"/aws/service/global-infrastructure/regions/us-gov-west-1"
"/aws/service/global-infrastructure/regions/us-west-1"
"/aws/service/global-infrastructure/regions/ap-northeast-2"
"/aws/service/global-infrastructure/regions/ap-northeast-3"
"/aws/service/global-infrastructure/regions/ap-south-1"
"/aws/service/global-infrastructure/regions/ap-southeast-1"
"/aws/service/global-infrastructure/regions/ap-southeast-2"
"/aws/service/global-infrastructure/regions/ca-central-1"
"/aws/service/global-infrastructure/regions/cn-north-1"
"/aws/service/global-infrastructure/regions/cn-northwest-1"
"/aws/service/global-infrastructure/regions/eu-west-2"
"/aws/service/global-infrastructure/regions/us-west-2"
"/aws/service/global-infrastructure/regions/us-east-1"

Here’s how to display a complete list of all available AWS services, sort them into alphabetical order, and display the first 10 (out of 155, as I write this):

$ aws ssm get-parameters-by-path 
  --path /aws/service/global-infrastructure/services --output json | 
  jq .Parameters[].Name | sort | head -10
"/aws/service/global-infrastructure/services/acm"
"/aws/service/global-infrastructure/services/acm-pca"
"/aws/service/global-infrastructure/services/alexaforbusiness"
"/aws/service/global-infrastructure/services/apigateway"
"/aws/service/global-infrastructure/services/application-autoscaling"
"/aws/service/global-infrastructure/services/appmesh"
"/aws/service/global-infrastructure/services/appstream"
"/aws/service/global-infrastructure/services/appsync"
"/aws/service/global-infrastructure/services/athena"
"/aws/service/global-infrastructure/services/autoscaling"

Here’s how to get the list of services that are available in a given region (again, first 10, sorted):

$ aws ssm get-parameters-by-path 
  --path /aws/service/global-infrastructure/regions/us-east-1/services --output json | 
  jq .Parameters[].Name | sort | head -10
"/aws/service/global-infrastructure/regions/us-east-1/services/acm"
"/aws/service/global-infrastructure/regions/us-east-1/services/acm-pca"
"/aws/service/global-infrastructure/regions/us-east-1/services/alexaforbusiness"
"/aws/service/global-infrastructure/regions/us-east-1/services/apigateway"
"/aws/service/global-infrastructure/regions/us-east-1/services/application-autoscaling"
"/aws/service/global-infrastructure/regions/us-east-1/services/appmesh"
"/aws/service/global-infrastructure/regions/us-east-1/services/appstream"
"/aws/service/global-infrastructure/regions/us-east-1/services/appsync"
"/aws/service/global-infrastructure/regions/us-east-1/services/athena"
"/aws/service/global-infrastructure/regions/us-east-1/services/autoscaling"

Here’s how to get the list of regions where a service (Amazon Athena, in this case) is available:

$ aws ssm get-parameters-by-path 
  --path /aws/service/global-infrastructure/services/athena/regions --output json | 
  jq .Parameters[].Value
"ap-northeast-2"
"ap-south-1"
"ap-southeast-2"
"ca-central-1"
"eu-central-1"
"eu-west-1"
"eu-west-2"
"us-east-1"
"us-east-2"
"us-gov-west-1"
"ap-northeast-1"
"ap-southeast-1"
"us-west-2"

Here’s how to use the path to get the name of a service:

$ aws ssm get-parameters-by-path 
  --path /aws/service/global-infrastructure/services/athena --output json | 
  jq .Parameters[].Value
"Amazon Athena"

And here’s how you can find the regional endpoint for a given service, again using the path:

$ aws ssm get-parameter 
  --name /aws/service/global-infrastructure/regions/us-west-1/services/s3/endpoint 
  --output json | 
  jq .Parameter.Value
"s3.us-west-1.amazonaws.com"

Available Now
This data is available now and you can start using it today at no charge.

Jeff;

PS – Special thanks to my colleagues Blake Copenhaver and Phil Cali for their help with this post!

 

AWS re:Inforce 2019 – Security, Identity, and Compliance

This post was originally published on this site

AWS re:Inforce, our new conference dedicated to cloud security, opens in Boston on June 25th. We’re expecting about 8,000 attendees, making this bigger than the first re:Invent! Just like re:Invent, re:Inforce is a learning conference for builders.

With over 300 breakout sessions (intermediate, advanced, and expert) spanning four tracks and a virtual Capture The Flag event, attendees will walk away knowing how to use cloud-based infrastructure in a secure and compliant manner. The re:Inforce agenda also includes a healthy collection of bootcamps, chalk talks, workshops, full-day hands-on labs, builder sessions, leadership sessions, and the Security Jam.

Diving deeper into the session offerings, a wide range of services will be considered – including (to name a few) AWS WAF, AWS Firewall Manager, AWS KMS, AWS Secrets Manager, AWS Lambda, AWS Control Tower, Amazon SageMaker, Amazon GuardDuty, AWS CloudTrail, Amazon Macie, Amazon RDS, Amazon Aurora, AWS Identity and Access Management, Amazon EKS, and Amazon Inspector. You will have the opportunity to learn about a broad variety of important topics including building secure APIs, encryption, privileged access, auditing the cloud, open source, DevSecOps, building a security culture, hiring/staffing, and privacy by design as well as specific compliance regimes such as PCI, NIST, SOC, FedRAMP, and HIPAA.

To learn more about re:Inforce, read the FAQ, check out the Venue & Hotel info, and review the Code of Conduct.

Register Now & Save $100
If you register now and use code RFSAL19, you can save $100, while supplies last.

Jeff;

 

 

Analyst Webcast: SANS Top New Attacks and Threat Report – April 19, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: John Pescatore

Each year, the annual RSA Conference in San Francisco features top SANS instructors presenting their look at the new attack techniques currently in use and their projections for future exploits. This fast-paced panel–moderated by Alan Paller and featuring James Lyne, Ed Skoudis and Johannes Ullrich–is one of the highest-rated keynote sessions at the conference.

In this webcast, SANS Director of Emerging Technologies John Pescatore will highlight:

  • The top new attacks and threats as defined in that presentation
  • Deeper insight into overall cybersecurity trends on both the offensive and defensive sides
  • Advice from SANS on the steps enterprises must take to evolve critical skills, processes and controls to mitigate current and future risks

Be among the first to receive the associated whitepaper written by John Pescatore, SANS Director of Emerging Technologies.