Best practices for getting   started with AWS       Ryan	  Shu)leworth	  –	  Technical	  Evangelist	                      ...
Agenda	         Amazon	  Web	  Services	  Background	         UBlity	  compuBng	  &	  ElasBcity	         	         Best	  ...
Your	  feedback	  is	  important	  Tell us:What’s good, what’s notWhat you want to see at theseeventsWhat you want AWS to ...
background
Consumer                  Seller"            IT Infrastructure  Business                Business               Business Te...
About	  Amazon	  Web	   How did Amazon…       Services	  Deep experience in building and operating global web      scale s...
Over 10 years in the makingEnablement of sellers on Amazon Internal need for scalable deployment environmentEarly forays p...
AWS	  Mission	                                                     	  Enable	  businesses	  and	  developers	  to	   use	 ...
Not excess capacity!
Each	  day	  AWS	  adds	  the	  equivalent	  server	  capacity	   to	  power	  Amazon	  when	  it	  was	  a	  global,	  $2...
Pace	  of	  innovaBon	  April	  2012:	  	                                                                 May	  2012:	  	 ...
Pace	  of	  innovaBon	  April	  2012:	  	                                                                 May	  2012:	  	 ...
Relational Database Service           Virtual Private Cloud                                                       Simple N...
Objects in S3                                                  1 Trillion 1000.000	    750.000	    500.000	    250.000	   ...
Utility computing
Utility computing       On demand    Pay as you go         Uniform       Available
Utility computing       On demand    Pay as you go         Uniform       Available
Utility computing
Utility computing       On demand                                    Pay as you go                          Compute	      ...
On	  a	  global	  footprint	                                                               Region  US-WEST (N. California)...
On	  a	  global	  footprint	                                       Availability Zone
On	  a	  global	  footprint	                                                                                              ...
At	  the	  end	  of	  a	  web	  service	  ec2-run-instances ami-b232d0db                          ec2-run-instances ami-b2...
At	  the	  end	  of	  a	  web	  service	                                                       ec2-run-instances ami-b232d...
At	  the	  end	  of	  a	  web	  service	                                                      as-create-auto-scaling-group...
and	  rich	  console	  services	  
Elasticity
ElasBc	  capacity	                      Traditional IT                                               capacityCapacity     ...
ElasBc	  capacity	         On	  and	  Off	       Fast	  Growth	         Variable	  peaks	     Predictable	  peaks	  
ElasBc	  capacity	                                                                             WASTE       On	  and	  Off	 ...
ElasBc	  capacity	  Capacity	                                                TradiBonal	  	                               ...
ElasBc	  capacity	         On	  and	  Off	       Fast	  Growth	         Variable	  peaks	     Predictable	  peaks	  
503     Service Temporarily UnavailableThe server is temporarily unable to serviceyour request due to maintenance downtime...
503     Service Temporarily UnavailableThe server is temporarily unable to serviceyour request due to maintenance downtime...
From	  one	  instance…	  
…to	  thousands	  
Time: +00h     <10 coresElastic Capacity
Time: +24h      >1500 coresElastic Capacity
Time: +72h          <10 coresElastic Capacity
Time: +120h                   >600 coresElastic Capacity
40	  servers	  to	  5000	  in	  3	  days	                                                                                E...
Best practices
1Choose your use   case well
Choose	  use	  case	  that	  suits	  you	   Low	  hanging	  fruit	  can	  be	  easiest	  way	  to	  ‘cut	  teeth’	  
Choose	  use	  case	  that	  suits	  you	           Dev	  &	  Test	  Spin	  environments	  up	  and	  down	               ...
Choose	  use	  case	  that	  suits	  you	           Dev	  &	  Test	                              Backup	  &	  DR	  Spin	  ...
Choose	  use	  case	  that	  suits	  you	           Dev	  &	  Test	                              Backup	  &	  DR	         ...
Choose	  use	  case	  that	  suits	  you	           Dev	  &	  Test	                              Backup	  &	  DR	         ...
Plan	  evoluBon	  &	  set	  goals	                                            PoC	                                        ...
Plan	  evoluBon	  &	  set	  goals	                                            PoC	                                        ...
2Organize your house
Organize	  your	  house	               AccountsCreate	  an	  account	  structure	       that	  makes	  sense	             ...
Organize	  your	  house	               Accounts                                                 BillingCreate	  an	  accou...
Enable CSV &Billing	  setngs	      Programmatic Access           Billing           Preferences
Billing	  setngs	                                                              Cost accounting in                         ...
Billing	  setngs	                    Dev	  1	                              Dev 1 reached $100                  Dev	  2	   ...
Organize	  your	  house	               Accounts                                                 BillingCreate	  an	  accou...
Organize	  your	  house	               Accounts                                                 Billing                   ...
Organize	  your	  house	               Accounts                                                 Billing                   ...
IdenBty	  &	  access	  management	                                              Account	                        Administra...
IdenBty	  &	  access	  management	                       Groups	                            Account	                      ...
IdenBty	  &	  access	  management	                       Groups	                            Account	                      ...
IAM	  policies	                                                                {                                          ...
3Think security
Shared	  responsibility	                                                                                  Customer	  Data	...
Leverage	  shared	  security	  model	   Understand your customer & form security stance
Leverage	  shared	  security	  model	   Understand your customer & form security stance                                   ...
Leverage	  shared	  security	  model	    Understand your customer & form security stance                                  ...
Leverage	  shared	  security	  model	    Understand your customer & form security stance                                  ...
Leverage	  shared	  security	  model	   Understand your customer & form security stance Engage with security assessors ear...
Leverage	  shared	  security	  model	     Understand your customer & form security stance   Engage with security assessors...
Leverage	  shared	  security	  model	   Understand your customer & form security stance Engage with security assessors ear...
Build	  upon	  AWS	  features	            Tiered Access                                       Security Groups             ...
4Architect to use cloud      strengths
Architect	  to	  use	  cloud	  strengths	                             Review	  applicaBon	  architectures	  early	  –	  as...
Architect	  to	  use	  cloud	  strengths	  Disposable	  compute	                                                          ...
Architect	  to	  use	  cloud	  strengths	  Disposable	  compute	  Flexible	  capacity	                                    ...
Architect	  to	  use	  cloud	  strengths	  Disposable	  compute	  Flexible	  capacity	                                    ...
Architect	  to	  use	  cloud	  strengths	  Disposable	  compute	  Flexible	  capacity	                                    ...
Bootstrapping	  –	  custom	  AMIs	                                                                                        ...
Bootstrapping	  –	  metadata	  service	                                                                                   ...
Bootstrapping	  –	  metadata	  service	                                                                                   ...
Bootstrapping	  –	  metadata	  service	                                                                                   ...
1.  Use multiple    availability zones
2.  Use RDS with replicas    and slaves
3.  Use auto-scaling    groups
4.  Use Elastic Load    Balancing
5.  Use Route53 to host    DNS zones
Architect	  to	  use	  cloud	  strengths	    Elastic Load Balancing                                          Route 53     ...
5Services not software
Services	  not	  soGware	            Use	  AWS	  services	              +	      	  Your	  technology	  skills	            ...
Services	  not	  soGware	                                                                 Relational Database ServiceUse R...
Services	  not	  soGware	  Processing results                                                        Amazon SQS           ...
Services	  not	  soGware	                                                                      DocumentDon’t install searc...
6Be elastic and cost    optimized
Be	  elasBc	  and	  cost	  opBmized	        Elastic Load Balancing                                           Auto-scaling ...
Auto-­‐scaling	  policies	                               Manually	                                           By	  Schedule...
Auto-­‐scaling	  policies	                               Manually	                                              By	  Sched...
Instance	  types	         On-demand instances                                                         Reserved instances  ...
Leverage	  all	  models	                 7000               6000                   Spot               5000               4...
Instance	  types	               Choose instance type that matches requirements                        Start	  with	  memor...
Summary
Cloud computing                      30%	                         70%	    On-­‐Premise	      Your	             Managing	  ...
Best Practices for Getting Started with AWS
Best Practices for Getting Started with AWS
Best Practices for Getting Started with AWS
Best Practices for Getting Started with AWS
Best Practices for Getting Started with AWS
Best Practices for Getting Started with AWS
Best Practices for Getting Started with AWS
Upcoming SlideShare
Loading in...5
×

Best Practices for Getting Started with AWS

2,068

Published on

Getting started with Amazon Web Services (AWS) is fast and simple. This complimentary webinar will outline best practice guidance from many customers and the Amazon Web Services team, helping you gain advantage as your implement your projects in AWS.

Published in: Technology, Business
0 Comments
10 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,068
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
10
Embeds 0
No embeds

No notes for slide

Best Practices for Getting Started with AWS

  1. 1. Best practices for getting started with AWS Ryan  Shu)leworth  –  Technical  Evangelist   @ryanAWS  
  2. 2. Agenda   Amazon  Web  Services  Background   UBlity  compuBng  &  ElasBcity     Best  pracBces    Choosing  your  use  case    Organizing  your  environments    Security    Architect  to  cloud  strengths    Services  not  soGware    Be  elasBc  &  cost  opBmized              
  3. 3. Your  feedback  is  important  Tell us:What’s good, what’s notWhat you want to see at theseeventsWhat you want AWS to deliver foryou
  4. 4. background
  5. 5. Consumer Seller" IT Infrastructure Business Business Business Tens of millions of Sell on Amazon Cloud computing active customer websites infrastructure for accounts hosting web-scale Use Amazon solutions technology for your own retail website Eight countries:" Hundreds of US, UK, Germany, Leverage Amazon’s thousands of Japan, France, massive fulfillment registeredCanada, China, Italy center network customers in over 190 countries
  6. 6. About  Amazon  Web   How did Amazon… Services  Deep experience in building and operating global web scale systems ? …get into cloud computing?
  7. 7. Over 10 years in the makingEnablement of sellers on Amazon Internal need for scalable deployment environmentEarly forays proved developers were hungry for more
  8. 8. AWS  Mission    Enable  businesses  and  developers  to   use  web  services*  to  build  scalable,   sophisBcated  applicaBons.         *What  people  now  call  “the  cloud”    
  9. 9. Not excess capacity!
  10. 10. Each  day  AWS  adds  the  equivalent  server  capacity   to  power  Amazon  when  it  was  a  global,  $2.76B   enterprise     (circa  2000)  
  11. 11. Pace  of  innovaBon  April  2012:     May  2012:     June  2012:          AWS  CloudFormaBon  Support  for  CreaBng  VPC  Resources   Amazon  ElasBc  MapReduce  Now  Supports  Hive  0.8.1   AWS  ElasBc  Beanstalk  Announces  Updated  Command  Line       Interface  Amazon  DynamoDB  Now  Available  in  Three  AddiBonal   Amazon  RDS  Announces  Oracle  Enterprise  Manager  Support    Regions     Amazon  SES  Announces  Bounce  and  Complaint  NoBficaBons     Announcing  VM  Export  for  Amazon  EC2    AWS  ElasBc  Beanstalk  Now  Available  in  the  Asia  Pacific     Cluster  Compute  Eight  Extra  Large  Instance  Type  Now  Available  in  (Tokyo)  Region   AWS  Console  Enhancements  for  ElasBc  Load  Balancing:  Listener,   EU-­‐West     CerBficate,  and  Cipher  Management    Amazon  DynamoDB  Announces  BatchWriteItem  Feature     AWS  CloudFormaBon  Supports  Amazon  DynamoDB  and  Amazon     Amazon  RDS  announces  support  for  MySQL  Read  Replica  in  Amazon   CloudFront  Dynamic  Content  Introducing  AWS  Marketplace   VPC         New  Sydney,  Australia  Edge  LocaBon  for  Amazon  CloudFront  &  AWS  Announces  The  Availability  of  the  MicrosoG  SharePoint   AWS  ElasBc  Beanstalk  Now  Available  in  the  EU  (Ireland)  Region   Amazon  Route  53  Server  on  AWS  Reference  Architecture  White  Paper         Amazon  Simple  Email  Service  Announces  Domain  VerificaBon   AWS  Support  Expands  Free  Tier,  Adds  New  Features,  Lowers  Prices  AWS  Announces  CloudSearch         Amazon  CloudFront  Now  Supports  Dynamic  Content   Amazon  ElasBc  MapReduce  Announces  Support  for  HBase  Announcing  the  Availability  of  Reserved  Cache  Nodes  for      Amazon  ElasBCache   Monitor  Your  AWS  Charges  with  Billing  Alerts  Using  Amazon   Amazon  RDS  MySQL  on  t1.micro,  starBng  at  just  $19  a  month     CloudWatch    Live  Smooth  Streaming  for  Amazon  CloudFront     Announcing  AWS  IdenBty  and  Access  Management  (IAM)  roles  for   Announcing  API  and  AWS  IdenBty  &  Access  Management  Support  for   EC2  instances   AWS  Storage  Gateway       Announcing  Internal  Load  Balancing  in  Amazon  Virtual  Private   New  Managed  Services  for  Windows  Developers  Worldwide   Cloud       New  and  Updated  MicrosoG  SQL  Server  Offerings  on  Amazon  EC2   Announcing  Spot  IntegraBon  with  Auto  Scaling  and     CloudFormaBon   New  Amazon  RDS  for  Oracle  CapabiliBes  and  MulB-­‐AZ  Enhancements     AWS  Billing  enables  enhanced  CSV  reports  and  programmaBc   access     Amazon  ElasBCache  Launches  Free  Trial  Program  
  12. 12. Pace  of  innovaBon  April  2012:     May  2012:     June  2012:          AWS  CloudFormaBon  Support  for  CreaBng  VPC  Resources   Amazon  ElasBc  MapReduce  Now  Supports  Hive  0.8.1   AWS  ElasBc  Beanstalk  Announces  Updated  Command  Line       Interface  Amazon  DynamoDB  Now  Available  in  Three  AddiBonal   Amazon  RDS  Announces  Oracle  Enterprise  Manager  Support    Regions`     Amazon  SES  Announces  Bounce  and  Complaint  NoBficaBons     Announcing  VM  Export  for  Amazon  EC2     Q2 2012AWS  ElasBc  Beanstalk  Now  Available  in  the  Asia  Pacific     Cluster  Compute  Eight  Extra  Large  Instance  Type  Now  Available  in  (Tokyo)  Region   AWS  Console  Enhancements  for  ElasBc  Load  Balancing:  Listener,   EU-­‐West     CerBficate,  and  Cipher  Management    Amazon  DynamoDB  Announces  BatchWriteItem  Feature     AWS  CloudFormaBon  Supports  Amazon  DynamoDB  and  Amazon     Amazon  RDS  announces  support  for  MySQL  Read  Replica  in  Amazon   CloudFront  Dynamic  Content   35Introducing  AWS  Marketplace   VPC         New  Sydney,  Australia  Edge  LocaBon  for  Amazon  CloudFront  &  AWS  Announces  The  Availability  of  the  MicrosoG  SharePoint   AWS  ElasBc  Beanstalk  Now  Available  in  the  EU  (Ireland)  Region   Amazon  Route  53  Server  on  AWS  Reference  Architecture  White  Paper         Amazon  Simple  Email  Service  Announces  Domain  VerificaBon   AWS  Support  Expands  Free  Tier,  Adds  New  Features,  Lowers  Prices  AWS  Announces  CloudSearch         Amazon  CloudFront  Now  Supports  Dynamic  Content   Amazon  ElasBc  MapReduce  Announces  Support  for  HBase  Announcing  the  Availability  of  Reserved  Cache  Nodes  for      Amazon  ElasBCache    Live  Smooth  Streaming  for  Amazon  CloudFront   CloudWatch     new features Monitor  Your  AWS  Charges  with  Billing  Alerts  Using  Amazon   Amazon  RDS  MySQL  on  t1.micro,  starBng  at  just  $19  a  month     Announcing  AWS  IdenBty  and  Access  Management  (IAM)  roles  for   Announcing  API  and  AWS  IdenBty  &  Access  Management  Support  for   EC2  instances   AWS  Storage  Gateway       Announcing  Internal  Load  Balancing  in  Amazon  Virtual  Private   New  Managed  Services  for  Windows  Developers  Worldwide   Cloud       New  and  Updated  MicrosoG  SQL  Server  Offerings  on  Amazon  EC2   Announcing  Spot  IntegraBon  with  Auto  Scaling  and     CloudFormaBon   New  Amazon  RDS  for  Oracle  CapabiliBes  and  MulB-­‐AZ  Enhancements     AWS  Billing  enables  enhanced  CSV  reports  and  programmaBc   access     Amazon  ElasBCache  Launches  Free  Trial  Program  
  13. 13. Relational Database Service Virtual Private Cloud Simple Notification Service Elastic Map Reduce Route 53 Auto Scaling RDS Multi-AZ Reserved Instances Singapore Region Elastic Load Balancer 2009 2010 Identity Access Management 48 61 Cluster Instances Elastic Beanstalk Simple Email Service CloudFormation 2008 RDS for Oracle ElastiCache 24 SimpleDB CloudFront H1 2012 2011 63 82 EBS Availability Zones Elastic IPs20079 Amazon FPS Red Hat EC2 DynamoDB Simple Workflow CloudSearch Storage Gateway Route 53 Latency Based Routing number of released features, sample services described
  14. 14. Objects in S3 1 Trillion 1000.000   750.000   500.000   250.000   0.000   750k+ peak transactions per second
  15. 15. Utility computing
  16. 16. Utility computing On demand Pay as you go Uniform Available
  17. 17. Utility computing On demand Pay as you go Uniform Available
  18. 18. Utility computing
  19. 19. Utility computing On demand Pay as you go Compute   Scaling   Security   CDN   Backup   DNS   Database   Storage   Load  Balancing   Workflow   Monitoring   Networking   Uniform Messaging   Available
  20. 20. On  a  global  footprint   Region US-WEST (N. California) EU-WEST (Ireland) GOV CLOUD ASIA PAC (Tokyo) US-EAST (Virginia)US-WEST (Oregon) ASIA PAC (Singapore) SOUTH AMERICA (Sao Paulo)
  21. 21. On  a  global  footprint   Availability Zone
  22. 22. On  a  global  footprint   Edge Locations London(2) Seattle South Bend New York (2) Amsterdam Newark Stockholm Dublin Palo Alto TokyoSan Jose Frankfurt(2) Paris(2) Ashburn(2) Milan Osaka Los Angeles (2) Jacksonville Dallas(2) Hong Kong St.Louis Miami Singapore(2) Sydney Sao Paulo
  23. 23. At  the  end  of  a  web  service  ec2-run-instances ami-b232d0db ec2-run-instances ami-b232d0db --instance-count 3 --instance-count 5 --availability-zone eu-west-1a --availability-zone eu-west-1c --instance-type m1.small --instance-type m1.medium
  24. 24. At  the  end  of  a  web  service   ec2-run-instances ami-b232d0db --instance-count 2 --availability-zone eu-east-1d --instance-type m1.xlargeec2-run-instances ami-b232d0db --instance-count 2 --availability-zone us-east-1b --instance-type m1.xlarge
  25. 25. At  the  end  of  a  web  service   as-create-auto-scaling-group MyGroup ec2-authorize default -p 80 --launch-configuration MyConfig --availability-zones eu-west-1c --min-size 2 --max-size 200 elb-create-lb myLoadBalancer
  26. 26. and  rich  console  services  
  27. 27. Elasticity
  28. 28. ElasBc  capacity   Traditional IT capacityCapacity Time Your IT needs
  29. 29. ElasBc  capacity   On  and  Off   Fast  Growth   Variable  peaks   Predictable  peaks  
  30. 30. ElasBc  capacity   WASTE On  and  Off   Fast  Growth   Variable  peaks   Predictable  peaks   CUSTOMER DISSATISFACTION
  31. 31. ElasBc  capacity  Capacity   TradiBonal     IT  capacity   ElasBc  cloud  capacity   Time   Your  IT  needs  
  32. 32. ElasBc  capacity   On  and  Off   Fast  Growth   Variable  peaks   Predictable  peaks  
  33. 33. 503 Service Temporarily UnavailableThe server is temporarily unable to serviceyour request due to maintenance downtime orcapacity problems. Please try again later.
  34. 34. 503 Service Temporarily UnavailableThe server is temporarily unable to serviceyour request due to maintenance downtime orcapacity problems. Please try again later.
  35. 35. From  one  instance…  
  36. 36. …to  thousands  
  37. 37. Time: +00h <10 coresElastic Capacity
  38. 38. Time: +24h >1500 coresElastic Capacity
  39. 39. Time: +72h <10 coresElastic Capacity
  40. 40. Time: +120h >600 coresElastic Capacity
  41. 41. 40  servers  to  5000  in  3  days   EC2 scaled to peak of 5000 Number of EC2 Instances instances “Techcrunched” Launch of Facebook modification Steady state of ~40 instances 4/12/2008 4/13/2008 4/14/2008 4/15/2008 4/16/2008 4/17/2008 4/18/2008 4/19/2008 4/20/2008
  42. 42. Best practices
  43. 43. 1Choose your use case well
  44. 44. Choose  use  case  that  suits  you   Low  hanging  fruit  can  be  easiest  way  to  ‘cut  teeth’  
  45. 45. Choose  use  case  that  suits  you   Dev  &  Test  Spin  environments  up  and  down   on  demand  Decouple  development  and  test   environments  from  operaBons   constraints  Explore  elasBcity  in  a  sandboxed   environment   Low  hanging  fruit  can  be  easiest  way  to  ‘cut  teeth’  
  46. 46. Choose  use  case  that  suits  you   Dev  &  Test   Backup  &  DR  Spin  environments  up  and  down   Take  part  of  your  data  or   on  demand   business  applicaBons  step-­‐  by-­‐ step  into  non-­‐producBon  DR  use  Decouple  development  and  test   environments  from  operaBons   Understand  cloud  dynamics  and   constraints   test  during  controlled  failovers  Explore  elasBcity  in  a  sandboxed   environment   Low  hanging  fruit  can  be  easiest  way  to  ‘cut  teeth’  
  47. 47. Choose  use  case  that  suits  you   Dev  &  Test   Backup  &  DR   Greenfield  Project  Spin  environments  up  and  down   Take  part  of  your  data  or   Embody  best  pracBce  of  cloud   on  demand   business  applicaBons  step-­‐  by-­‐ compuBng  in  unconstrained   step  into  non-­‐producBon  DR  use   greenfield  projects  Decouple  development  and  test   environments  from  operaBons   Understand  cloud  dynamics  and   Self  contained  web  projects,   constraints   test  during  controlled  failovers   document  archiving  etc  Explore  elasBcity  in  a  sandboxed   environment   Low  hanging  fruit  can  be  easiest  way  to  ‘cut  teeth’  
  48. 48. Choose  use  case  that  suits  you   Dev  &  Test   Backup  &  DR   Greenfield  Project   Pain  point  Spin  environments  up  and  down   Take  part  of  your  data  or   Embody  best  pracBce  of  cloud   Move  specific  service  aspects   on  demand   business  applicaBons  step-­‐  by-­‐ compuBng  in  unconstrained   causing  undue  cost  or   step  into  non-­‐producBon  DR  use   greenfield  projects   management  burden  Decouple  development  and  test   environments  from  operaBons   Understand  cloud  dynamics  and   Self  contained  web  projects,   Workflows,  search  indexing,   constraints   test  during  controlled  failovers   document  archiving  etc   media  streaming,  document   archiving,  constrained  databases  Explore  elasBcity  in  a  sandboxed   environment   Low  hanging  fruit  can  be  easiest  way  to  ‘cut  teeth’  
  49. 49. Plan  evoluBon  &  set  goals   PoC   ProducBon   AutomaBon   Understand  services   Implement  monitoring   Automate  correcBve  measures  Examples   Test  performance   Change  control  and  management   Auto-­‐scaling   Architect  for  scale   Security  management   Zero  downBme  deployments   Build  cross  funcBonal  team  capabiliBes   Scalability   System  backup  and  recovery  
  50. 50. Plan  evoluBon  &  set  goals   PoC   ProducBon   AutomaBon   Understand  services   Implement  monitoring   Automate  correcBve  measures  Examples   Test  performance   Change  control  and  management   Auto-­‐scaling   Architect  for  scale   Security  management   Zero  downBme  deployments   Build  cross  funcBonal  team  capabiliBes   Scalability   System  backup  and  recovery   Beanstalk   APIs   Cloud  FormaBon   Beanstalk   CLI   Cloud  Watch   Auto  scaling   IAM  
  51. 51. 2Organize your house
  52. 52. Organize  your  house   AccountsCreate  an  account  structure   that  makes  sense     Use  accounts  like  environments   where  you  need  separaBon  and   control     e.g   Dev  Sandboxes   Test  Environments   Business  Units   Products  &  Services    
  53. 53. Organize  your  house   Accounts BillingCreate  an  account  structure   Control  access  to  billing   that  makes  sense   informaBon       Use  accounts  like  environments   Use  IAM  users  to  keep  billing   where  you  need  separaBon  and   informaBon  in  the  master  account   control       Consolidate  billing  into  a   e.g   single  account   Dev  Sandboxes     Let  one  account  pick  up  the  bill  for   Test  Environments   mulBple  ‘sub  accounts’   Business  Units     Products  &  Services   Setup  billing  alerts  and     automated  bill  reporBng     Get  CloudWatch  noBficaBons  when   billing  reaches  a  point  and  output   csv  reports  to  S3  for  analysis  
  54. 54. Enable CSV &Billing  setngs   Programmatic Access Billing Preferences
  55. 55. Billing  setngs   Cost accounting in favorite package Billing Alerts Bill reached $x Dev  1   Dev  2   Test     Master  Account   ProducBon   Data labeled by source in S3 Internal   Systems   Consolidated Billing
  56. 56. Billing  setngs   Dev  1   Dev 1 reached $100 Dev  2   Dev 2 reached $250 Test     Master  Account   Test reached $1,000 ProducBon   Prod reached $1,200 Internal   Systems   Internal reached $400
  57. 57. Organize  your  house   Accounts BillingCreate  an  account  structure   Control  access  to  billing   that  makes  sense   informaBon       Use  accounts  like  environments   Use  IAM  users  to  keep  billing   where  you  need  separaBon  and   informaBon  in  the  master  account   control       Consolidate  billing  into  a   e.g   single  account   Dev  Sandboxes     Let  one  account  pick  up  the  bill  for   Test  Environments   mulBple  ‘sub  accounts’   Business  Units     Products  &  Services   Setup  billing  alerts  and     automated  bill  reporBng     Get  CloudWatch  noBficaBons  when   billing  reaches  a  point  and  output   csv  reports  to  S3  for  analysis  
  58. 58. Organize  your  house   Accounts Billing Access KeysCreate  an  account  structure   Control  access  to  billing   Decide  upon  a  key   that  makes  sense   informaBon   management  strategy         Use  accounts  like  environments   Use  IAM  users  to  keep  billing   Control  access  to  EC2  instances  via   where  you  need  separaBon  and   informaBon  in  the  master  account   SSH  and  embedded  public  key:   control     e.g.  EC2  Key  Pair  per  group  of     instances,  EC2  Key  Pair  per  account   Consolidate  billing  into  a   e.g   single  account     Dev  Sandboxes     Consider  SSH  key  rotaBon  &   Let  one  account  pick  up  the  bill  for   Test  Environments   mulBple  ‘sub  accounts’   automaBon     Business  Units     Limit  exposure  to  private  key   Products  &  Services   compromise  by  rotaBng  keys  and   Setup  billing  alerts  and   replacing  authorized_keys     automated  bill  reporBng     lisBngs  on  running  instances     Get  CloudWatch  noBficaBons  when   Consider  bootstrap  automaBon  to   billing  reaches  a  point  and  output   grant  developer  access  with   csv  reports  to  S3  for  analysis   developer  unique  keypairs    
  59. 59. Organize  your  house   Accounts Billing Access Keys Groups & RolesCreate  an  account  structure   Control  access  to  billing   Decide  upon  a  key   Use  IAM  Groups  to  manage   that  makes  sense   informaBon   management  strategy     console  users  and  API  access         Use  accounts  like  environments   Use  IAM  users  to  keep  billing   Control  access  to  EC2  instances  via   Provide  developers  with  IAM  user   where  you  need  separaBon  and   informaBon  in  the  master  account   SSH  and  embedded  public  key:   login  and  unique  API  access   control     e.g.  EC2  Key  Pair  per  group  of   credenBals       instances,  EC2  Key  Pair  per  account   Consolidate  billing  into  a   Control  &  restrict  what  IAM  users   e.g   single  account     can  do  by  placing  them  in  groups   Dev  Sandboxes     Consider  SSH  key  rotaBon  &   with  policies   Let  one  account  pick  up  the  bill  for     Test  Environments   mulBple  ‘sub  accounts’   automaBon   Business  Units     Limit  exposure  to  private  key   Assign  EC2  Instances  IAM     Products  &  Services   compromise  by  rotaBng  keys  and   roles   Setup  billing  alerts  and     replacing  authorized_keys   Let  AWS  manage  API  access     automated  bill  reporBng     lisBngs  on  running  instances   credenBals  on  running  instances  by     Get  CloudWatch  noBficaBons  when   Consider  bootstrap  automaBon  to   assigning  a  system  enBtlement  to  an   billing  reaches  a  point  and  output   grant  developer  access  with   instance   csv  reports  to  S3  for  analysis   developer  unique  keypairs   e.g  instance  can  only  read  S3  bucket    
  60. 60. IdenBty  &  access  management   Account   Administrators   Developers   ApplicaBons   Jim   Brad   ReporBng   Bob   Mark   Console   Susan   Tomcat   Kevin  
  61. 61. IdenBty  &  access  management   Groups   Account   Administrators   Developers   ApplicaBons   Jim   Brad   ReporBng   Bob   Mark   Console   Susan   Tomcat   Kevin   MulB-­‐factor  authenBcaBon  
  62. 62. IdenBty  &  access  management   Groups   Account   Roles   Administrators   Developers   ApplicaBons   Jim   Brad   ReporBng   Bob   Mark   Console   Susan   Tomcat   Kevin   MulB-­‐factor  authenBcaBon   AWS  system  enBtlements    
  63. 63. IAM  policies   { "Statement": [ { "Effect": "Allow", "Action": [ "elasticbeanstalk:*",Policy  driven     "ec2:*", "elasticloadbalancing:*",Declara:ve  defini:on  of  rights  for  groups   "autoscaling:*", "cloudwatch:*",Policies  control  access  to  AWS  APIs   "s3:*", "sns:*" ], "Resource": "*" } ] }
  64. 64. 3Think security
  65. 65. Shared  responsibility   Customer  Data   You   Playorm,  ApplicaBons,  IdenBty  &  Access  Management   OperaBng  System,  Network  &  Firewall  ConfiguraBon   Client-­‐side  Data  EncrypBon  &  Data   Server-­‐side  EncrypBon     Network  Traffic  ProtecBon   Integrity  AuthenBcaBon   (File  System  and/or  Data)   (EncrypBon/Integrity/IdenBty)   FoundaBon  Services   Amazon   Compute   Storage   Database   Networking   Availability  Zones   AWS  Global   Edge  LocaBons   Infrastructure   Regions  
  66. 66. Leverage  shared  security  model   Understand your customer & form security stance
  67. 67. Leverage  shared  security  model   Understand your customer & form security stance PenetraBon  test  requests   Your  cerBficaBons   Your  processes   External   audience  
  68. 68. Leverage  shared  security  model   Understand your customer & form security stance PenetraBon  test  requests   Your  cerBficaBons   Your  processes   External   audience   IAM   Internal  AdministraBon   audience   Architecture  
  69. 69. Leverage  shared  security  model   Understand your customer & form security stance PenetraBon  test  requests   Your  cerBficaBons   Your  processes   External   audience   IAM   AWS  CerBficaBons   Internal   Regulated  AdministraBon   AWS  White  Papers   audience   audience   Architecture   AWS  QSA  Process  
  70. 70. Leverage  shared  security  model   Understand your customer & form security stance Engage with security assessors early in adoption cycle Don’t  fear  assessment  –  AWS  meets  high  standards  (PCI,  ISO27001,  SOC1…)   As  with  any  infrastructure  provider,  security  assessments  take  Bme   Derive  value  from  architecture  reviews  early  in  deployment  cycle      
  71. 71. Leverage  shared  security  model   Understand your customer & form security stance Engage with security assessors early in adoption cycle Use comprehensive materials and certifications provided by AWS h)p://aws.amazon.com/security/     Risk  and  compliance  paper   AWS  security  processes  paper   NEW!  CSA  consensus  assessments   iniBaBve  quesBonnaire  
  72. 72. Leverage  shared  security  model   Understand your customer & form security stance Engage with security assessors early in adoption cycle Use comprehensive materials and certifications provided by AWS Build upon features of AWS and implement a ‘security by design’ environment
  73. 73. Build  upon  AWS  features   Tiered Access Security Groups VPC Direct Connect & VPN IAM   Instance  firewalls   Subnet  control   Private  connecBons  to  VPC           Control  users  and  allow  AWS  to   Use  IAM  users  to  keep  billing   Create  low  level  networking   Secured  access  to  resources  in  AWS   manage  credenBals  in  running   informaBon  in  the  master  account   constraints  for  resource  access,  such   over  soGware  or  hardware  VPN  and   instances  for  service  access     as  public  and  private  subnets,   dedicated  network  links   (allocaBon,  rotaBon)   CLIs  and  APIs   internet  gateways  and  NATs             Instantly  audit  your  enBre  AWS   APIs  vs  Instance   infrastructure  from  scriptable  APIs  –   BasBon  hosts      Provide  developer  API  credenBals   generate  an  on-­‐demand  IT  inventory   Only  allow  access  for  management   and  control  access  to  SSH  keys   enabled  by  programmaBc  nature  of   of  producBon  resources  from  a     AWS   basBon  host.  Turn  off  when  not   needed   Temporary  CredenBals      Provide  developer  API  credenBals   and  control  access  to  SSH  keys    
  74. 74. 4Architect to use cloud strengths
  75. 75. Architect  to  use  cloud  strengths   Review  applicaBon  architectures  early  –  assess  fit  for  cloud   ?   e.g.  variable  capacity  requirements,  ‘standard’  technology  stacks,  reference  architectures*   Can  cloud  benefits  be  leveraged  with  minimum  effort  outlay?   ?   e.g.  Applica:on  performance  improvement  by  migra:on  of  sta:c  content  to  S3/CloudFront   Will  cloud  yield  cost  savings  &  agility  improvements?   ?   e.g.  Faster  development  cycles  for  dev/test,  reduced  cap-­‐ex  for  applica:on  environments   Can  automaBon  lead  to  a  more  agile  &  secure  service?     ?   e.g.  fully  scripted  deployments,  IAM  &  EC2  instance  roles,  rolling  deployments   *hLp://aws.amazon.com/architecture  
  76. 76. Architect  to  use  cloud  strengths  Disposable  compute   Design  systems  that  can  suffer   ✓   ✓   instance  loss     Dispose  of  compute  when  it  is  not   ✓   ✓   required  
  77. 77. Architect  to  use  cloud  strengths  Disposable  compute  Flexible  capacity   ✓   ✓   ✓   Design  for  systems  that  potenBally  scale   from  zero  instances  to  hundreds   Use  Auto-­‐scaling  (events,  schedules  etc)  to   ✓   ✓   ✓   drive  capacity  availability  
  78. 78. Architect  to  use  cloud  strengths  Disposable  compute  Flexible  capacity   ✓   ✓   ✓   UBlize  99.999999999%  durability  of  objects   in  S3   Scale  databases  with  RDS  and  use  Cost  effecBve  &  reliable  storage   ✓   ✓   ✓   DynamoDB  for  high  throughput  NoSQL    
  79. 79. Architect  to  use  cloud  strengths  Disposable  compute  Flexible  capacity   ✓   ✓   ✓   Automate  everything  from  scaling  to   instance  recovery  from  failure  Cost  effecBve  storage  AutomaBon  and  control  
  80. 80. Bootstrapping  –  custom  AMIs   Instance   AMI  1   Create  instance  for  your  OS  choice   Custom  machine   image  2   Configure  environment   Auto-­‐scaling   Manual  deployments  3   Install  soGware   Programma:c  deployments  4   Create  AMI  from  instance  5   Launch  fully  configured  instances  from  AMI  
  81. 81. Bootstrapping  –  metadata  service   Instance  Metadata  service  contains  wealth  of  informaBon  about  an  instance   AMI  h)p://169.254.169.254/latest/meta-­‐data   Custom  or  standard   machine  image  ami-­‐id   local-­‐hostname   Receive  custom   Metadata data  to  drive  ami-­‐launch-­‐index   local-­‐ipv4   Service bootstrapping  ami-­‐manifest-­‐path   mac  block-­‐device-­‐mapping   network  hostname   placement  instance-­‐ac:on   profile  instance-­‐id   public-­‐hostname  Instance-­‐type   public-­‐ipv4  kernel-­‐id   public-­‐keys   reserva:on-­‐id  
  82. 82. Bootstrapping  –  metadata  service   Instance  Metadata  service  contains  wealth  of  informaBon  about  an  instance   AMI  h)p://169.254.169.254/latest/meta-­‐data   Custom  or  standard   machine  image  +  user  data   Receive  custom   data  to  drive   Metadata Service bootstrapping  Scripts  in  user-­‐data  field  of  metadata  will  be  executed  on  launch  e.g.   #!/bin/sh yum -y install httpd chkconfig httpd on /etc/init.d/httpd startOr:   <powershell> … </powershell>
  83. 83. Bootstrapping  –  metadata  service   Instance  Metadata  service  contains  wealth  of  informaBon  about  an  instance   AMI  h)p://169.254.169.254/latest/meta-­‐data   Custom  or  standard   machine  image  +  user  data   Receive  custom   data  to  drive   Metadata Service bootstrapping  Scripts  in  user-­‐data  field  of  metadata  will  be  executed  on  launch   Install  soGware  e.g.  web  server,  app  server,  proxy   Pull  data  and  applicaBon  packages  from  S3   Publish  metadata  for  instance  to  other  systems  e.g.  monitoring  systems   Setup  security  profile  of  instance  based  upon  intended  use  e.g.  pull  latest  config  
  84. 84. 1.  Use multiple availability zones
  85. 85. 2.  Use RDS with replicas and slaves
  86. 86. 3.  Use auto-scaling groups
  87. 87. 4.  Use Elastic Load Balancing
  88. 88. 5.  Use Route53 to host DNS zones
  89. 89. Architect  to  use  cloud  strengths   Elastic Load Balancing Route 53 RDS Auto-scaling Use  at  regional  level   Leverage  SLA   Scale  databases  without   Dynamically  scale  resources  &       Combined  with  autoscaling  will   Improve  applicaBon  reliability  with   admin  overhead   control  costs       balance  requests  and  resource   Route  53’s  SLA  on  requests  served   Choose  instance  size  for  databases   Only  provision  the  resources  that   capacity  across  availability  zones     and  scale  up  over  Bme   are  required  with  scale  up  and  cool     Weighted  rouBng     down  policies  that  match  demand   Within  VPC     Perform  A/B  analysis,  and  staged   Add  high  availability  from     Use  to  loadbalance  between   applicaBon  roll-­‐outs  by  moving  a   management  console     applicaBon  Bers  within  an   porBon  of  traffic  to  new   Create  master-­‐slave  configuraBons   availability  zone   infrastructure   and  read-­‐replicas.  AWS  takes  care  of       the  failover  and  recreaBon  of  a  new   Instance  migraBons   Control  TTLs  and  updates   slave  in  event  of  master  DB  loss       Easily  move  instances  from  dev   Take  absolute  control  of  DNS  environments  to  test  environments   updates  for  more  decisive  system   by  moving  between  ELBs   updates      
  90. 90. 5Services not software
  91. 91. Services  not  soGware   Use  AWS  services   +    Your  technology  skills   =   Less  Bme  managing  and  installing  soGware   More  Bme  focused  on  business  applicaBons     let  AWS  do  the  heavy  liGing  
  92. 92. Services  not  soGware   Relational Database ServiceUse RDS for Database-as-a-Servicedatabases No need to install or manage database instances Scalable and fault tolerant configurations DynamoDB Use DynamoDB for Provisioned throughput NoSQL database high performance Fast, predictable performance key-value DB Fully distributed, fault tolerant architecture
  93. 93. Services  not  soGware  Processing results Amazon SQS Reliable message Reliable, highly scalable, queue Amazon SQS queuing without service for storing messages as they travel between instances additional software Processing task/ processing trigger 1 2 Push inter-process Simple Workflow Task A workflows into the Reliably coordinate processing steps Task B 3 across applications cloud with SWF (Auto-scaling) Integrate AWS and non-AWS resources Manage distributed state in complex systems Task C
  94. 94. Services  not  soGware   DocumentDon’t install search Cloud Search Server Elastic search engine based uponsoftware, use Amazon A9 search engineCloudSearch Fully managed service with sophisticated feature set Search Scales automatically Server Results Elastic MapReduce Elastic Hadoop cluster Process large Integrates with S3 & DynamoDB volumes of data cost Leverage Hive & Pig analytics scripts effectively with EMR Integrates with instance types such as spot
  95. 95. 6Be elastic and cost optimized
  96. 96. Be  elasBc  and  cost  opBmized   Elastic Load Balancing Auto-scaling policies Scalability   Cost  OpBmizaBon   Availability   Instance types and sizes
  97. 97. Auto-­‐scaling  policies   Manually   By  Schedule       Send  an  API  call  or  use  CLI  to   Scale  up/down  based  on  date   launch/terminate  instances  –   and  Bme   Only  need  to  specify  capacity   change  (+/-­‐)     By  Policy   Auto-­‐Rebalance       Scale  in  response  to  changing   Instances  are  automaBcally   condiBons,  based  on  user   launched/terminated  to   configured  real-­‐Bme   ensure  the  applicaBon  is   monitoring  and  alerts   balanced  across  mulBple  Azs        
  98. 98. Auto-­‐scaling  policies   Manually   By  Schedule       Send  an  API  cmanual  scaling   PreempBve   all  or  use  CLI  to   Scale  up/down  based  on  own   Regular  scaling  up  and  d date   of  capacity   launch/terminate  instances  –     of  instances   and  Bme     Only  efore  a  mo  specify  capacity   e.g.  b need  t arke:ng  event  add  10   e.g.  scale  from  0  to  2  to  process  SQS   more  instances   messages  every  night  or  double   change  (+/-­‐)   capacity  on  a  Friday  night     By  Policy   Auto-­‐Rebalance       Scale  in  response  to  changing   Instances  are  automaBcally   Dynamic  scale  based  upon   condiBons,  based  on  user   Maintain  capacity  across   launched/terminated  to   custom  metrics   configured  real-­‐Bme     availability  zones   ensure  the  applicaBon  is     e.g.  SQS  queue  depth,  Average  CPU   e.g.  Instance  availability  maintained  in   monitoring  and  alerts   load,  ELB  latency   balanced  Z  becoming  unavailable   event  of  A across  mulBple  Azs        
  99. 99. Instance  types   On-demand instances Reserved instances Spot instancesUnix/Linux  instances  start  at  $0.02/ 1-­‐  or  3-­‐year  terms   Bid  on  unused  EC2  capacity     hour         Pay  low  up-­‐front  fee,  receive  significant  hourly   Spot  Price  based  on  supply/demand,   Pay  as  you  go  for  compute  power   discount   determined  automaBcally         Low  cost  and  flexibility     Low  Cost  /  Predictability   Cost  /  Large  Scale,  dynamic  workload  handling         Pay  only  for  what  you  use,  no  up-­‐front   Helps  ensure  compute  capacity  is  available     commitments  or  long-­‐term  contracts   when  needed         Use  Cases:   Use  Cases:         Use  Cases:   Applica:ons  with  flexible  start  and  end  :mes   Applica:ons  with  short  term,  spiky,  or       unpredictable  workloads;   Applica:ons  with  steady  state  or  predictable   Applica:ons  only  feasible  at  very  low  compute     usage   prices   Applica:on  development  or  tes:ng         Applica:ons  that  require  reserved  capacity,   including  disaster  recovery  
  100. 100. Leverage  all  models   7000 6000 Spot 5000 4000 On Demand 3000 2000 Reserved Instances 1000 0
  101. 101. Instance  types   Choose instance type that matches requirements Start  with  memory  requirements  and  architecture  type  (32bit  or  64-­‐bit)   Then  choose  the  closest  number  of  virtual  cores  required   Scale across availability zones Smaller  sizes  give  more  granularity  for  deploying  to  mulBple  AZs   Start with on-demand and then assess utilization for RIs Instances  that  are  always  running  –  heavy  uBlizaBon  RIs   Instances  occasionally  used  in  auto-­‐scaling  –  light  uBlizaBon  RIs  
  102. 102. Summary
  103. 103. Cloud computing 30%   70%   On-­‐Premise   Your   Managing  All €

×