2018

Fender/Riffstation

80 Announcements

50,000+ attendees

3000+ Sessions/Activities

10 Storage

7 CDN

1 Robotics

2 Security, Identity, & Compliance

16 Machine Learning

1 Mobile Services

7 Internet of Things

2 AWS Marketplace

3 AWS Partner Network (APN)

7 Databases

4 Management & Governance

5 Analytics

3 Developer Tools

1 Sattelite

1 Media Services

Best sessions we attended to

  2. AWS, I Choose you: Pokemon's Battle against the Bots

3. Advanced Continuous Delivery Best Practices

1. How Nubank Automates Fine-Grained Security with IAM, AWS Lambda, & CI/CD FSV325

Best sessions we attended to

How Nubank Automates Fine-Grained Security with IAM, AWS Lambda, & CI/CD FSV325

NuBank is a Brazilian digital bank, just like N26. They managed to automate their security policies grants with AWS Lambda and an internal cli, called nucli.

On nucli, a user can't grant permissions to himself. Every permission granted has a life time and if any change on the security policy is made, a Lambda function is triggered and will delete it straight away.

Every single change made to any type of permission will trigger a notification to a Slack channel and will let all team members know about that change.

Best sessions we attended to

Pokémon Go is a highly played mobile game, being downloaded over 800 million times. However, malicious bots were also "playing" the game and then selling levelled up accounts.

WAF Logs + Kinesis Data Analytics + Kinesis Stream + SQS + Lambda + DynamoDB to automatically analyse and blacklist malicious IPs.

At first, they were getting the IPs manually and blacklisting them in a Confluence page.

 AWS, I Choose you: Pokémon's Battle against the Bots

Best sessions we attended to

Use minimum healthy hosts for all deployments, rollback when deploy fails, Blue Green deployments.

Canary deployment. Canary host should be participating in production but with it's own metrics.

Break production environment in segments, e.g. by AZ or by region.

Advanced Continuous Delivery Best Practices

Approval to promote deployment from QA to Blue Green.

Interesting new releases

Lots of new Lambda features: Sharing common code between functions, support to multiple languages

DynamoDB I/O on demand: Instead of setting specific I/O, now you can let AWS provision it for you

AWS Toolkit for PyCharm: Open Source plugin to deploy Python apps in AWS

AWS Control Tower: Groups multi-account and resources control in only one place 

Firecracker: Lightweight Virtualisation for Serverless Computing

Next steps

Toolkit for PyCharm can be used by our developers to facilitate the development and testing in AWS environment

Try DynamoDB on demand I/O for new applications

Control our policies through AWS Control Tower

POC for Firecracker to see if it fits our needs

Create pipeline to promote deploys from QA to production

Create nucli like tool to manage permissions

Introduce canary host concept in our pipelines

Final thoughts

Weight gained =~ 2kg

T-shirt count: 30+

Casino losses: $100

After the closing ceremony  

Sticker count: buffer overflow

Rondi's cry count: 3x

Gluten intake: 1.5kg / day