Category: Education

Building a Cloud-Specific Incident Response Plan

In order for your organization to be prepared before a security event occurs, there are unique security visibility, and automation controls that AWS provides. Incident response does not only have to be reactive. With the cloud, your ability to proactively detect, react, and recover can be easier, faster, cheaper, and more effective.

What is an incident?

An incident is an unplanned interruption to an IT service or reduction in the quality of an IT service. Through tools such as AWS CloudTrail, Amazon CloudWatch, AWS Config, and AWS Config Rules, we track, monitor, analyze, and audit events. If these tools identify an event, which is analyzed and qualified as an incident, that “qualifying event” will raise an incident and trigger the incident management process and any appropriate response actions necessary to mitigate the incident.

Setup your AWS environment to prevent a security event

We will walk you through a hypothetical incident response (IR) managed on AWS with the Johns Hopkins University Applied Physics Laboratory (APL).

APL’s scientists, engineers, and analysts serve as trusted advisors and technical experts to the government, ensuring the reliability of complex technologies that safeguard our nation’s security and advance the frontiers of space. APL’s mission requires reliable and elastic infrastructure with agility, while maintaining security, governance, and compliance. APL’s IT cloud team works closely with APL mission areas to provide cloud computing services and infrastructure, and they create the structure for security and incident response monitoring.

Whether it is an IR-4 “Incident Handling” or IR-9 “Information Spillage Response,” the below incident response approach from APL applies to all types of IR.

  1. Preparation: The preparation step is critical. Train IR handlers to be able to respond to cloud-specific events. Ensure logging is enabled using Amazon Elastic Compute Cloud (Amazon EC2), AWS CloudTrail, and VPC Flow Logs, collect and aggregate the logs centrally for correlation and analysis, and use AWS Key Management Service (KMS) to encrypt sensitive data at rest. You should consider multiple AWS sub accounts for isolation with AWS Organizations. With Organizations, you can create separate accounts along business lines or mission areas which also limits the “blast radius” should a breach occur. For governance, you can apply policies to each of those sub accounts from the AWS master account.
  2. Identification: Also known as Detection, you use behavioral-based rules for identifying and detecting breaches or spills, or, you can be notified about which user accounts and systems need “cleaning up.” You should open up a case number with AWS Support for cross-validation.
  3. Containment: Use AWS Command Line Interface (CLI) or software development kits for quick containment using pre-defined restrictive security groups. Save the current security group of the host or instance, then isolate the host using restrictive ingress and egress security group rules.
  4. Investigation: Once isolated, determine and analyze the correlation, threat, and timeline.
  5. Eradication: Secure wipe-files. Response times may be faster with automation. After secure wipe, delete any KMS data keys, if used.
  6. Recovery: Restore network access to original state.
  7. Follow-up: Verify deletion of data keys (if KMS was used), cross-validate with Amazon Support, and report findings and response actions.

Watch the Incident Response in the Cloud session from the AWS Public Sector Summit in Washington, DC here for a more detailed discussion with Conrad Fernandes, Cloud Cyber Security Lead, Johns Hopkins University Applied Physics Lab (JHU APL).

Building the Population of Future Engineers with AWS and Girls Who Code

AWS has been working with Girls Who Code, helping support their Summer Immersion Program, a 7-week summer camp where 10-11th grade girls learn coding skills and get introduced to cloud technology.

Over the summer, AWS worked with this growing population of future engineers by hosting an introduction to AWS course and workshop at four Girls Who Code summer camps in San Ramon, Washington D.C, and two New York City locations.

The students were energetic and curious to learn about cloud computing, building applications in the cloud, and how AWS can help them power their summer projects. As part of the program, each student was given an AWS Educate Starter Account, which they can use to begin experimenting with AWS.

Their project was to build a static webpage and an application called Moviepedia. The students followed a series of steps to build their webpage hosted on Amazon Simple Storage Service (Amazon S3). Once they uploaded content and created the webpage, they integrated a chatbot into their webpage which automatically retrieves information about any movie. This bot has been written in NodeJS and utilizes TMDb for querying movies and returning desired results. The application architecture uses Amazon Lex, AWS Lambda, Amazon S3, and Amazon Cognito.

Best of luck to the participants in their journeys to become engineers. And thank you Girls Who Code for giving us this opportunity!

Learn more about the future of inclusive tech at #WePowerTech.

Kentucky Cloud Career Pathways and AWS Educate Prepare Students for Cloud Careers

To prepare students with the skills needed to address the massive growth and job opportunities in cloud, cyber security, and computer science, Amazon Web Services has collaborated with the Kentucky Education and Workforce Development Cabinet to create Kentucky Cloud Career Pathways.

This state-wide collaboration among government, education, nonprofit, and the private sector, provides blended learning and online learning, internships, apprenticeships, jobs, and other opportunities in cloud computing for Kentucky’s K-12 students and adult learners.

“Cloud computing provides not only the opportunity to create new companies with little or no capital needed, but also new career pathways for citizens,” said Teresa Carlson, Vice President Worldwide Public Sector, AWS. “Since launching our AWS Educate program, which helps educators and students use real-world technology in the classroom to prepare students to enter the cloud workforce, we’ve seen students around the world jump at the opportunity to get hands-on cloud experience. We are thrilled to be a part of Kentucky’s drive to develop cloud-enabled workforce, and hope that other states look to this model as an inspiration.”

As part of the program, AWS Educate will steer Kentucky students to private sector employers through the AWS Educate Job Board, which includes computer science jobs and internships from top technology companies.

AWS Educate is also working in partnership with Project Lead the Way (PLTW) to provide new cloud-based curriculum for schools and short videos for students showcasing various cloud computing careers. For teachers and faculty, new professional development opportunities will be provided starting in summer 2018 to help teachers bring cloud computing skills to their students.

Learn more about AWS Educate and how students, veterans, educators and hiring companies can access cloud content, training, collaboration tools, the job board, and AWS technology.


AWS EdStart Fueling the EdTech Startup Community

To help startups build innovative teaching and learning solutions using the AWS Cloud, AWS, along with the National Science Foundation (NSF), Education Technology Industry Netwrk (ETIN), and AT&T, sponsored the Start-up Pavilion and Pitch Fest at ISTE 2017. The Edtech Start-up Pavilion and Pitch Fest offers up-and-coming companies the opportunity to participate at ISTE. Pitch Fest contestants and winners received AWS Promotional Credits to accelerate their businesses and enhance the education industry.

AWS EdStart is an AWS program committed to the growth of educational technology (EdTech) companies who are building the next generation of online learning, analytics, and campus management solutions on the AWS Cloud.

Congratulations to the winners of the Pitch Fest: BrainCo and CodeSpark.

BrainCo: BrianCo’s Focus EDU product is an integrated classroom system that improves education outcomes through real-time attention level reports. BrainCo’s devices detect brain waves and use the AWS Cloud to host the data from these IoT wearables with the aim of building the world’s largest brain wave database. Their product allows educators to quantify student engagement in real-time. With this information, they can create strategies to increase classroom engagement, identify students who need extra attention, track improvements over time, and increase student attention.

“BrainCo specializes in Brain Machine Interface (BMI) wearables and our products are changing the way we interact with the world,” said Max Newlon, research scientist, BrainCo.

BrainCo will use AWS to enhance its platform’s ability to use Machine Learning (ML) and also to scale globally as BrainCo sees an increase in demand for their product and solutions in international markets.

CodeSpark: CodeSpark introduces kids as young as four to fundamental computer science and coding concepts. Their app, codeSpark Academy with The Foos, uses a “no words” interface to turn programing into play. With fresh content added every month, kid coders can stretch the limits of their creativity and sharpen their skills.

“AWS is where all of our crucial customer data, progress, and creative output is stored. Since kids are designing and coding thousands of games a day on our platform in every country in the world, it’s critical that our backend infrastructure be reliable, fast, and easy to deploy. AWS is a critical component of our tech stack and allows a small team to have global ambitions,” said Grant Hosford, Founder, CodeSpark.

CodeSpark will use their AWS Promotional Credits to host their player database, website, and app data for millions of players worldwide.

Startups and established EdTechs, like Remind, Instructure, Desire2Learn (D2L), and Ellucian, are not only scaling on AWS but also accelerating their market share through the AWS Education Competency program. Learn more.

Unlocking Healthcare and Life Sciences Research with AWS

From introductory material to in-depth architectures, the AWS Public Sector Summit featured sessions relevant to healthcare and life science researchers.

The full set of session videos are located here, along with slides to match, but in this post, we will recap healthcare and life sciences sessions with a focus on our customers, such as the American Heart Association, the NIH National Institute for Allergy and Infectious Diseases, and the National Marrow Donor Program, and how they use the AWS Cloud to unlock the value of data and share insights.

Harmonize, Search, Analyze, and Share Scientific Datasets on AWS

Cardiovascular researchers face a challenge: how to make multi-generational clinical research studies more broadly accessible for discovery and analysis than they are today. Many datasets have been created by different people at different times and don’t conform to a common standard. With varying naming conventions, units of measurement, and categories, datasets can have data quality issues.

To support dataset harmonization, search, analysis, and sharing of results and insights, the American Heart Association created the AHA Precision Medicine Platform using a combination of managed and serverless services such as Jupyter Notebooks and Apache Spark on Amazon EMR, Amazon Elasticsearch, Amazon S3, Amazon Athena, and Amazon Quicksight. AHA and AWS have worked together to implement these techniques to bring together researchers and practitioners from around the globe to access, analyze, and share volumes of cardiovascular and stroke data. They are working to accelerate research and generate evidence around the care of patients at risk of cardiovascular disease – the number one killer in the United States and a leading global health threat.

Watch the Harmonize, Search, Analyze, and Share Scientific Datasets on AWS video with Dr. Taha Kass-Hout, representing the American Heart Association (AHA), to learn more about datasets on AWS and this video on how AHA leveraged Amazon Alexa and Lex chat bots as part of a new initiative to engage communities and individuals to promote better heart health by easy voice-enabled tracking of activities and diet.

Next-Generation Medical Analysis

The NIH National Institute for Allergy and Infectious Diseases is working to make microbial genetics data available to microbiome researchers. They developed Nephele, a platform that allows researchers to perform large-scale analysis of data. Nephele uses standard infrastructure services, such as Amazon EC2 and Amazon S3, but also integrates serverless technologies like AWS Lambda for a cost-effective control-plane and resource provisioning.

Similarly, Dr. Caleb Kennedy from the National Marrow Donor Program defined a system for collecting vital information across a diverse set of participating clinics using standard data formats. They are looking to transform transplantation healthcare by integrating even more data into the system.

Watch the Next-Generation Medical Analysis video here to learn about how technology is enabling disruptive innovation in biomedical research and care.

IoT and AI Services in Healthcare

To help support the healthcare industry, AWS has Artificial Intelligence (AI) and Internet of Things (IoT) services enabling transformative new capabilities in healthcare. Learn more about IoT and AI Services in Healthcare and how these services can be applied in different scenarios. For instance, one AWS-savvy father is using Amazon Polly, Lex, and IoT buttons to create a verbal assistant for his autistic son.

Watch more of our sessions from the AWS Public Sector Summit here and learn more about genomics in the cloud at:

AWS Joins the U.S. Department of State and the Unreasonable Group to Support the UN Sustainable Development Goals

World leaders at the United Nations agreed on a universal set of goals and indicators that would bring government, civil society, and the private sector together to end extreme poverty, inequality, and climate change by 2030.

Technology and cloud-based solutions will be a critical part of achieving the Global Goals for Sustainable Development (SDGs). AWS has teamed up with the Unreasonable Group and the U.S. Department of State’s Office of Global Partnerships to support the first cohort of startups participating in the Unreasonable Goals Sustainable Development Goals Accelerator program.

This program is focused on accelerating the achievement of the SDGs by bringing together 16 innovators from around the world who have developed highly scalable entrepreneurial solutions, each one positioned to solve one of the Global Goals.

With a commitment to making the world a better place, AWS experts spent three days on-site at the Aspen Institute’s Wye River resort with a team of corporate innovators, government influencers, and entrepreneurs. AWS advised and coached these business leaders on a range of topics including:

Participating businesses in the Accelerator will be enrolled in the AWS Activate program for startups, which includes $15,000 in AWS Promotional Credits as well as access to training.

Prince George’s County Teaches Students to Develop Apps Using Amazon Alexa

Prince George’s County created a summer internship for 20+ underserved high school and college students, focused on teaching the students how to develop apps using Amazon Alexa, Amazon Lex, Echo Dot, and Echo Show.

The program is being led by the Prince George’s County IT Department as part of the Tech Prince George’s initiative focused on the development of a career pipeline and interceptive strategies to improve student matriculation and eventual career success in technology fields. AWS is collaborating with Prince George’s County to help build a pipeline of technical talent and expose more students to emerging technologies from Amazon.

Starting this week, the 24 interns will work in teams of six to develop an application based on Amazon Alexa, Echo, Dot, and Show, utilizing AWS Lambda and other AWS cloud services. The applications will address challenges faced by some public school students, such as reading impairments. The teams will be led by six college students (all computer science majors) acting as mentors and advisors.

The teams will have five weeks to develop the program with the goal to roll the winning app out in schools within the county. This is a competition-based internship, with the winning application selected by a panel including the County Executive, County CAO, a School Board Member, an AWS representative, and others. The winning team will also have the opportunity to publish the skills on the Amazon Alexa site.

“This is the best part of my job working with the young adults and watching the light bulb come on and seeing the growth in them as well as confidence as professionals. The fact that we are using a concept that they can personally connect with is a winning strategy. When I shared with the teams that the device was the Amazon Alexa this year, they were so excited and that same day the brainstorming process was in motion. I can’t wait for everyone to see how amazing my students are and what creative ideas come from these future IT Professionals,” said Sandra Longs Hasty, Program Director, Prince George’s County.

AWS Educate, Amazon’s global initiative to provide students and educators with the resources needed to accelerate cloud-related learning endeavors, is offering developer account credits and online education accounts through mentors for the interns as part of the program.

Good luck to all of the interns!

Learn more about AWS Educate here and how we work to build skills, get engaged with the community, and inspire the next generation here.

Call for Proposals for the Amazon Research Awards

Amazon has opened a call for proposals for the 2017 round of Amazon Research Awards (ARA) in a number of areas, including machine translation, natural language understanding, search, robotics, and more. The program is open to faculty members at academic institutions in North America and Europe and awards up to 80,000 USD in cash and 20,000 USD in AWS promotional credits. ARA aims to fund projects leading to a PhD degree or conducted as a part of post-doctoral work. Check our Call for Proposals page for a list of focus areas supported this year. Proposal submissions are accepted until September 15, 2017.

AWS is working with ARA to help researchers process complex workloads by providing the cost-effective, scalable and secure compute, storage and database capabilities needed to accelerate time-to-science.

From Open Earth Observation to the Human Genome project to studying social media sentiment, researchers have used the AWS Cloud for their groundbreaking research. With AWS, scientists can quickly analyze massive data pipelines, store petabytes of data and share their results with collaborators around the world, focusing on science not servers. Learn more about AWS for research here.

For ARA call for proposal details and to apply, visit or contact

Ten Considerations for a Cloud Procurement

Cloud procurement presents an opportunity to reevaluate existing procurement strategies so you can create a flexible acquisition process that enables your public sector organization to extract the full benefits of the cloud. Download the whitepaper for “10 Considerations for a Cloud Procurement” for the public sector.

Are you ready to move to the cloud but looking for practical guidance? The following are key components to help streamline your cloud procurement strategy. Take a look at the tips below and download the full whitepaper here for more details.

  1. Understand why cloud computing is different
  2. Plan early to extract the full benefit of the cloud
  3. Avoid overly prescriptive requirements
  4. Separate cloud infrastructure (unmanaged services) from managed services
  5. Incorporate a utility pricing model
  6. Leverage third-party accreditations for security, privacy, and auditing
  7. Understand that security is a shared responsibility
  8. Design and implement cloud data governance
  9. Specify commercial item terms
  10. Define cloud evaluation criteria

Thousands of public sector customers use AWS to quickly launch services using an efficient cloud-centric procurement process. Keeping these steps in mind will help you deliver more quickly on citizen-, student-, and mission-focused outcomes.

For more detail, visit the AWS “How to Buy” page for the details you need to get started. Check out the latest procurement sessions from the AWS Public Sector Summit in Washington, DC: So You’ve Decided to Buy Cloud, Now What? and Get Started Today with Cloud-Ready Contracts for practical insights that will help you along your path.

Serverless Application: Walking into the Cloud at the University of Georgia

We have seen a push for innovation in distance learning across higher education in recent years. The University of Georgia’s virtual exercise course is one example of a university addressing this challenge. The goal of the online course is for students to learn to manage heart rate activity during exercise for optimal fitness results.

Initially, students had to manually export the data from their fitness tracker, then send it to the instructor. But this approach wasn’t ideal. “As a student, this process could be confusing because there were multiple reports and file types to choose from when downloading the data. With the wrong report or the wrong format, the data could be unusable. For some students, data management became a barrier to learning,” said James Castle, Lead Instructional Designer, University of Georgia Office of Online Learning.

To alleviate the burden on the students, James worked with a student majoring in computer science to develop an alternate solution. The team looked to Amazon Web Services (AWS) for an inexpensive way to run the application and seamlessly collect the data. They needed to make the data collection and analysis easier for both the students and the professor.

“I had to look up a lot of the documentation for AWS. I watched a lot of videos and it was fun learning about it,” said Chuma Atunzu, a junior at the University of Georgia majoring in computer science. “Starting with little experience with these technologies, I was able to build a modern, serverless application using many different AWS services.”

With AWS, they designed a serverless application that uses AWS Lambda, Amazon DynamoDB, Amazon API Gateway, Amazon Simple Storage Service (Amazon S3), and Amazon Simple Email Service (Amazon SES) along with Desire2Learn (D2L) and Fitbit. In anticipation of the start of the summer semester, they tested the application last month and received a bill of $0.01.

Now, students give access to the instructor once with a single click at the beginning of the semester—that’s it. And then, they walk. For professors, once given permission, they can request the data after each module and do the necessary analysis for the course.

The online fitness course is now live with Fitbit and the new serverless application monitoring the heart rate data of University of Georgia students across the globe, from Switzerland and South Korea to Mt. Kilimanjaro in Tanzania. “So far it all seems to be working smoothly,” said James. “Our students are able to earn the physical education credit they need from almost anywhere on earth.”

Two workloads were built (for just a penny!) – one for students and one for professors.

Figure 1: Student workflow

Figure 2: Professor workflow

Learn more about the AWS Cloud for higher education here.