AWS 101 Lunch and Learn | London

AWS 101 Lunch & Learn Ryan Shuttleworth Chris EllemanTechnical Evangelist Solution Architect @ryanAWS Glen Robinson Alistair McLaurin Solution Architect Solution Architect @glenprobinson

Agenda12:00 - 12:45 Presentation – AWS 101 Introducing the concepts behind AWS such as utility computing and elasticity12:45 - 13:00 Working lunch13:00 - 13:45 Presentation and Demonstration Live demonstration and interactive walkthrough13:45 - 14:00 Q&A session

What we are going to cover Keypairs Amazon Machine Images Security groups S3 EC2 instances CloudFront Metadata service Elastic Load balancer EBS volumes RDS Feel free to follow along on your laptops

background

Consumer Seller IT Infrastructure Business Business Business Tens of millions of Sell on Amazon Cloud computing active customer websites infrastructure for accounts hosting web-scale Use Amazon solutions technology for your own retail website Eight countries: Hundreds of US, UK, Germany, Leverage Amazon’s thousands of Japan, France, massive fulfillment registeredCanada, China, Italy center network customers in over 190 countries

About AmazonHow did Amazon…Web Services Deep experience in building and ? operating global web scale systems …get into cloud computing?

Over 10 years in the makingEnablement of sellers on AmazonInternal need for scalable deployment environmentEarly forays proved developers were hungry for more

AWS Mission Enable businesses and developers to use webservices* to build scalable,sophisticated applications. *What people now call “the cloud”

Not excess capacity!

Each day AWS adds the equivalent server capacity to power Amazon when it was a global, $2.76B enterprise (circa 2000)

Objects in S3 1 Trillion1000.000 750.000 500.000 250.000 0.000 650k+ peak transactions per second

Utility computing

Utility computingOn demand Pay as you goUniform Available

Utility computing

Utility computingOn demand Pay as you go Compute Scaling Security CDN Backup DNS Database Storage Load Balancing Workflow Monitoring NetworkingUniform Messaging Available

On a global footprint Region US-WEST (N. California) EU-WEST (Ireland) GOV CLOUD ASIA PAC (Tokyo) US-EAST (Virginia)US-WEST (Oregon) ASIA PAC (Singapore) SOUTH AMERICA (Sao Paulo)

On a global footprint Availability Zone

On a global footprint Edge Locations London(2) Seattle South Bend New York (2) Amsterdam Newark Stockholm Dublin Palo Alto TokyoSan Jose Frankfurt(2) Paris(2) Ashburn(2) Milan Osaka Los Angeles (2) Jacksonville Dallas(2) Hong Kong St.Louis Miami Singapore(2) Sydney Sao Paulo

At the end of a web serviceec2-run-instances ami-b232d0db ec2-run-instances ami-b232d0db --instance-count 3 --instance-count 5 --availability-zone eu-west-1a --availability-zone eu-west-1c --instance-type m1.small --instance-type m1.medium

At the end of a web service ec2-run-instances ami-b232d0db --instance-count 2 --availability-zone eu-east-1d --instance-type m1.xlarge ec2-run-instances ami-b232d0db --instance-count 2 --availability-zone us-east-1b --instance-type m1.xlarge

At the end of a web service as-create-auto-scaling-group MyGroup ec2-authorize default -p 80 --launch-configuration MyConfig --availability-zones eu-west-1c --min-size 2 --max-size 200 elb-create-lb myLoadBalancer

and rich console services

Elasticity

Elastic capacity Traditional IT capacityCapacity Time Your IT needs

Elastic capacityOn and Off Fast GrowthVariable peaks Predictable peaks

Elastic capacity WASTEOn and Off Fast GrowthVariable peaks Predictable peaks CUSTOMER DISSATISFACTION

Elastic capacityCapacity Traditional IT capacity Elastic cloud capacity Time Your IT needs

Elastic capacityOn and Off Fast GrowthVariable peaks Predictable peaks

503Service Temporarily UnavailableThe server is temporarily unable to service your request due tomaintenance downtime or capacityproblems. Please try again later.

From one instance…

…to thousands

Time: +00h <10 coresElastic Capacity

Time: +24h >1500 coresElastic Capacity

Time: +72h <10 coresElastic Capacity

Time: +120h >600 coresElastic Capacity

40 servers to 5000 in 3 days EC2 scaled to peak of 5000 instances Number of EC2 Instances “Techcrunched” Launch of Facebook modification Steady state of ~40 instances 4/12/2008 4/13/2008 4/14/2008 4/15/2008 4/16/2008 4/17/2008 4/18/2008 4/19/2008 4/20/2008

The Toolbox

Reference Model Deployment & Administration App Services Compute Storage Database Networking AWS Global Infrastructure

Global infrastructure Deployment & Administration App ServicesCompute Storage Database Regions An independent collection of AWS resources in a Networking defined geography A solid foundation for meeting location-dependent AWS Global Infrastructure privacy and compliance requirements

Global infrastructure Deployment & Administration App ServicesCompute Storage Database Availability Zones Designed as independent failure zones Networking Physically separated within a typical metropolitan region AWS Global Infrastructure

Global infrastructure Deployment & Administration App ServicesCompute Storage Database Edge Locations To deliver content to end users with lower latency Networking A global network of edge locations Supports global DNS infrastructure (Route53) and AWS Global Infrastructure Cloud Front CDN

Networking Deployment & Administration App ServicesCompute Storage Database Direct Connect Dedicated connection between your IT Networking infrastructure and the AWS datacenters Extend your network infrastructure and VLANs AWS Global Infrastructure into AWS

Networking Internet Deployment & Administration App ServicesCompute Storage Database VPN Connection A Hardware VPN connection connects amazon Networking environment to your datacenter Internet Protocol security (IPsec) VPN connection AWS Global Infrastructure Commonly used hardware supported

Networking Internet Deployment & Administration App ServicesCompute Storage Database Virtual Private Cloud Private, isolated section of the AWS Cloud Networking Launch resources in a virtual network that you define complete control over your virtual networking AWS Global Infrastructure environment

Networking Route 53 Highly available and scalable Domain Name System Extremely reliable and cost effective Feature Details Global Supported from AWS global edge locations for fast and reliable domain name resolution Scalable Automatically scales based upon query volumes Latency based routing Supports resolution of endpoints based upon latency, Deployment & Administration enabling multi-region application delivery Integrated Integrates with other AWS services allowing Route 53 to front load balancers, S3 and EC2 App Services Secure Integrates with IAM giving fine grained control over DNS record accessCompute Storage Database Networking AWS Global Infrastructure

Compute Vertical Elastic Compute Cloud (EC2) Scaling Basic unit of compute capacity From $0.02/hr Range of CPU, memory & local disk options 13 Instance types available, from micro to cluster compute Feature Details Flexible Run windows or linux distributions Deployment & Administration Scalable Wide range of instance types from micro to cluster compute App Services Machine Images Configurations can be saved as machine images (AMIs) from which new instances can be created Full control Full root or administrator rightsCompute Storage Database Secure Full firewall control via Security Groups Monitoring Publishes metrics to Cloud Watch Networking Inexpensive On-demand, Reserved and Spot instance types AWS Global Infrastructure VM Import/Export Import and export VM images to transfer configurations in and out of EC2

Compute Trigger auto- scaling policyas-create-auto-scaling-group MyGroup --launch-configuration MyConfig --availability-zones eu-west-1a --min-size 4 --max-size 200 Deployment & Administration Auto-scaling Automatic re-sizing of compute clusters based upon App Services demandCompute Storage Database Feature Details Control Define minimum and maximum instance pool sizes and when scaling and cool down occurs Networking Integrated to Use metrics gathered by CloudWatch to drive scaling CloudWatch Instance types Run auto scaling for on-demand instances and spot. Compatible with VPC AWS Global Infrastructure

ComputeElastic Load BalancingCreate highly scalable applicationsDistribute load across EC2 instances in multipleavailability zones Deployment & Administration Feature Details Auto-scaling Automatically scales to handle request colume App Services Available Load balance across instances in multiple availability zonesCompute Storage Database Health checks Automatically checks health of instances and takes them in or out of service Session stickiness Route requests to the same instance Networking Secure sockets layer Supports SSL offload from web and application servers with flexible cipher support Monitoring Publishes metrics to Cloud Watch AWS Global Infrastructure

Storage S3 - Durable storage, any object 99.999999999% durability of objects Unlimited storage of objects of any type Up to 5TBFeature object size per Details Flexible object store Buckets act like drives, folder structures within Access control Granular control over object permissions Deployment & Administration Server-side encryption 256bit AES encryption of objects Multi-part uploads Improved throughput & control App Services Object versioning Archive old objects and version new ones Object expiry Automatically remove old objectsCompute Storage Database Access logging Full audit log of bucket/object actions Networking Web content hosting Serve content as web site with built in page handling Notifications Receive notifications on key events AWS Global Infrastructure Import/Export Physical device import/export service

Storage Elastic Block Store High performance block storage device 1GB to 1TB in size Mount as drives to instances Feature Details High performance file Mount EBS as drives and format as required system Deployment & Administration Flexible size Volumes from 1GB to 1TB in size Secure Private to your instances App Services Available Replicated within an Availability ZoneCompute Storage Database Backups Volumes can be snapshotted for point in time restore Monitoring Detailed metrics captured via Cloud Watch Networking AWS Global Infrastructure

Database Relational Database Service Database-as-a-Service No need to install or manage database instances Scalable and fault tolerant configurations Deployment & Administration Feature Details Platform support Create MySQL, SQL Server and Oracle RDBMS App Services Preconfigured Get started instantly with sensible default settings Automated patching Keep your database platform up to date automaticallyCompute Storage Database Backups Automatic backups and point in time recovery and full DB backups Backups Volumes can be snapshotted for point in time restore Networking Failover Automated failover to slave hosts in event of a failure AWS Global Infrastructure Replication Easily create read-replicas of your data and seamlessly replicate data across availability zones

Database DynamoDB Provisioned throughput NoSQL database Fast, predictable performance Fully distributed, fault tolerant architecture Feature Details Deployment & Administration Provisioned throughput Dial up or down provisioned read/write capacity Predictable Average single digit millisecond latencies from SSD performance backed infrastructure App Services Strong consistency Be sure you are reading the most up to date values Fault tolerant Data replicated across availability zonesCompute Storage Database Monitoring Integrated to Cloud Watch Networking Secure Integrates with AWS Identity and Access Management (IAM) Elastic MapReduce Integrates with Elastic MapReduce for complex analytics on large datasets AWS Global Infrastructure

Application ServicesAmazon SQS Processing resultsReliable, highly scalable, queueservice for storing messages as they Amazon SQStravel between instances Deployment & Administration Processing task/processing trig App Services Feature DetailsCompute Storage Database Reliable Messages stored redundantly across multiple availability zones Simple Simple APIs to send and receive messages Networking Scalable Unlimited number of messages Secure Authentication of queues to ensure controlled access AWS Global Infrastructure

Application ServicesSimple Workflow 1Reliably coordinate processing stepsacross applications Task A 2Integrate AWS and non-AWS resourcesManage distributed state in complexsystems Task B 3 (Auto-scaling) Deployment & Administration Task C App Services Feature Details Process state Maintain application state across complex workflows in a reliable and available mannerCompute Storage Database Tracking Tracks executions and log process for audit purposes Consistency Ensures processing tasks are executed and duplicity of Networking events does not occur Simple Simple Decider and Task programming model for rapid integration AWS Global Infrastructure

Application Services DocumentCloud Search ServerElastic search engine based uponAmazon A9 search engineFully managed service withsophisticated feature set SearchScales automatically Server Deployment & Administration Results App Services Feature Details Auto-scaling Automatically scales based upon request volumes and data volumesCompute Storage Database High performance In memory operation means consistently low latency for search results Sophisticated features Support for faceting, stemming, synonyms, stop Networking words and custom rank expressions Low cost Elastic service, pay for what you use AWS Global Infrastructure

Application ServicesCloudFront 3 Served from S3 /images/*World-wide content distributionnetworkEasily distribute content to end userswith low latency, high data transferspeeds, and no commitments. London 2 Served from EC2 *.php Paris Deployment & Administration 1 Single CNAME NY www.mysite.com App Services Feature DetailsCompute Storage Database Fast Multiple world-wide edge locations to serve content as close to your users as possible Integrated with other Works seamlessly with S3 and EC2 origin servers services Networking Dynamic content Supports static and dynamic content from origin servers Streaming Supports rtmp from S3 and includes support for live AWS Global Infrastructure streaming from Adobe FMS and Microsoft Media Server

Deployment & Admin Elastic Beanstalk One-click deployment from Eclipse, Visual Studio and Git Rapid deployment of applications All AWS resources automatically created Deployment & Administration Feature Details Platform support Containers for Java, .net and PHP App Services Resource creation Creates load balancer, instances, autoscaling and monitoring automaticallyCompute Storage Database Monitoring & Logs Integrated with Cloud Watch and consolidates server logs Versioning Manage versions of applications and easily rollback deployments Networking Notifications Receive alerts on key events Full resource access Access all underlying AWS resources as necessary AWS Global Infrastructure

Deployment & Admin Cloud Formation Automate creation of ‘stacks’ in a repeatable way Scripting framework for AWS resource creation Deployment & Administration Feature Details Platform support Support for AWS resources from EC2 to IAM App Services Resource creation Creates AWS resources behind the scenes and reports on progressCompute Storage Database Declarative Specify stacks in JSON format and source control your environments Customizable Drive stack creation with paramaters Networking AWS Global Infrastructure

Deployment & Admin Identity & Access Management Granular control of user rights with AWS Automated granting of EC2 service rights Software Developer Kits Comprehensive support of programming models for Deployment & Administration using AWS services App ServicesCompute Storage Database Networking AWS Global Infrastructure

+ others Simple Email ServiceSimple Notification Service ElastiCache Elastic MapReduce CloudWatch …

Security &Compliance

Shared responsibility Foundation ServicesAmazon Compute Storage Database Networking Availability Zones AWS Global Edge Locations Infrastructure Regions

Shared responsibility Customer Data Platform, Applications, Identity & Access ManagementYou Operating System, Network & Firewall Configuration Client-side Data Encryption & Data Server-side Encryption Network Traffic Protection Integrity Authentication (File System and/or Data) (Encryption/Integrity/Identity) Foundation ServicesAmazon Compute Storage Database Networking Availability Zones AWS Global Edge Locations Infrastructure Regions

Security standards Certifications Physical Security HW, SW, NetworkSOC 1 Type 2 (formerly Datacenters in Systematic change SAS-70) nondescript facilities management ISO 27001 Physical access strictly Phased updates controlled deployment PCI DSS for EC2, S3, EBS, VPC, RDS, ELB, Must pass two-factor Safe storage IAM authentication at least decommission twice for floor access FISMA Moderate Automated monitoring Compliant Controls Physical access logged and self-audit and audited HIPAA & ITAR Advanced networkCompliant Architecture protection http://aws.amazon.com/security

Putting itTogether

How do make myapplication…

Available? Scalable? How do make my application… Fault Elastic?tolerant?

1. Use multiple availability zones

2. Use RDS with replicas and slaves

3. Use auto-scaling groups

4. Use Elastic Load Balancing

5. Use Route53 to host DNS zones

Available? Scalable? Multiple availability zones Route 53 DNS Elastic load balancing Auto-scaling groups RDS slave & replicas Fault Elastic?tolerant?

Got get some lunch Be back in 15 mins

Let’s build some stuff

But before that…

EC2 terminology EC2 EC2 Instance VPC VPC AMI EBS EBS EBS EBS EBS EBS AZ Availability ZoneAmazon Machine Running or Image Stopped machine EBS S3 Buckets Snapshots S3 Region

Details of EC2One or more ephemeral One or more EBS EBS snapshots (temporary) drives (persistent) drives (backup images) (instance storage) VM Workspace Network I/O EBS snapshot Hypervisor EC2 EBS S3

Instance key pairs Public KeyStandard SSH RSA Key pair Inserted by Amazon into each EC2 instance that youPublic/Private Keys launchPublic key provided by AWS to EC2 instance forsecure, personalized, initial, non-generic accessSupports NIST and other security standards forproviding non-default user access EC2 Instance Comms secured with private keyPrivate keys are not Private Key Downloaded and stored bystored by AWS you

Security groups Name Description Port 22 Security Group Protocol (SSH) Port range IP Address, range, or another security groupPort 80(HTTP) Public EC2 VPC (virtual private cloud) Inbound only Inbound and outbound TCP, UDP, ICMP Any protocol instance only Assigned at launch Assigned at launch or when stopped Modify anytime Modify anytime

BootstrappingMetadata service contains wealth of information about an instancehttp://169.254.169.254/latest/meta-dataami-id local-hostnameami-launch-index local-ipv4ami-manifest-path macblock-device-mapping networkhostname placementinstance-action profileinstance-id public-hostname InstancInstance-type public-ipv4 ekernel-id public-keys AMI reservation-id Standard machine image Receive custom Metadata data to drive Service bootstrapping

BootstrappingMetadata service contains wealth of information about an instancehttp://169.254.169.254/latest/meta-data+ user dataScripts in user-data field of metadata will be executed on launche.g.#!/bin/shyum -y install httpdchkconfig httpd on Instanc/etc/init.d/httpd start e AMIOr: Standard machine image<powershell> … Receive custom Metadata</powershell> data to drive Service bootstrapping

Now we’re good to go…

Summary

Cloud computing 30% 70% On-Premise Your Managing All of theInfrastructure Business “Undifferentiated Heavy Lifting”

Cloud computing 30% 70% On-Premise Your Managing All of theInfrastructure Business “Undifferentiated Heavy Lifting” AWS Configuring More Time to Focus on Cloud-Based Your Cloud Your BusinessInfrastructure Assets 70% 30%

Agility

Faster time to market No need Higherfor CapEx availability CloudLarge cost savings Focus on core competency

Amazon Web Services

aws.amazon.com get started with the free tier

https://twitter.com	15
http://kred.com	3
http://twitter.com	2

AWS 101 Lunch and Learn | London

by Amazon Web Services on Nov 02, 2012

Accessibility

Categories

Upload Details

Usage Rights

3 Embeds 20

Statistics

AWS 101 Lunch and Learn | London Presentation Transcript