Your SlideShare is downloading. ×
AWS Tips for LAUNCHing
Your Infrastructure in the
Cloud
https://secure.flickr.com/photos/aloha75/6109626449
Y-Hack 2013

https://secure.flickr.com/photos/psd/4389135567/
LAUNCH Festival 2014
Chris Munns - @chrismunns
Amazon Web Services Solutions Architect
New Yorker
Formerly Senior Operatio...
What is AWS?
https://secure.flickr.com/photos/stevendepolo/5644838033/
What is AWS?
Deployment & Administration
Application Services

Compute

Storage
Networking

AWS Global Infrastructure

Dat...
Regions

US-WEST (Oregon)

EU-WEST (Ireland)
AWS GovCloud (US)

ASIA PAC (Tokyo)

US-EAST (Virginia)
ASIA PAC
(Sydney)
US-...
Availability Zones
US-WEST (Oregon)

EU-WEST (Ireland)
AWS GovCloud (US)

ASIA PAC (Tokyo)

US-EAST (Virginia)
ASIA PAC
(S...
Edge Locations
AWS
OpsWorks

Amazon
SNS

Amazon SES

Amazon
CloudSearch

Amazon SWF

Amazon SQS

Amazon
Amazon Elastic
AWS
AWS IAM
CloudW...
4 Easy & Basic Areas to Focus

• Security
• Performance
• Fault Tolerance and Scale
• Cost
SECURITY
AWS Multi-Factor Authentication
Helps prevent anyone with unauthorized knowledge of your email address and password from i...
Temporary Security Credentials (sessions)
• Temporary security credentials containing




Identity for authentication
A...
AWS Identity and Access Management (IAM)
•
•
•

•
•

•
•

•
•

Users and Groups within Accounts
Roles for EC2 instances
Un...
Multi-tier Security Approach Example
Web Tier

Application Tier
Database Tier
Ports 80 and 443 only
open to the Internet
E...
PERFORMANCE
Choose the right instance type
• Over 25 instance types:
• High CPU
• High Memory
• High Storage
• High I/O
• Bigger isn’t...
Choose the right storage
Choose the right storage
2 types of EC2 storage on AWS:
• Local(ephemeral/instance based)
– Regular disk
– SSD

• EBS
– St...
Choose the right storage
2 types of EC2 storage on AWS:
• Local(ephemeral/instance based)
– Not Persistent
– RAID for incr...
Choose the right storage
2 types of EC2 storage on AWS:
• Local(ephemeral/instance based)
– Local app/OS data
– Database d...
Amazon Simple Storage Service
•
•
•

•

Object based storage for the web
11 9s of durability
Good for things like:
– Stati...
Monitoring Performance
Measuring Performance
Use a CDN!

CDN for Static

CDN for Static &

Content

No CDN

Dynamic Content

•

Server
Load

Response Time

Server
Load...
FAULT TOLERANCE +
SCALE
Spot the Difference?
MULTIPLE
AVAILABILITY
ZONES
https://secure.flickr.com/photos/lakelou/6307404651
Your instances: Pets vs. Cattle

https://secure.flickr.com/photos/81015532@N00/2192612785 vs.
MOOOO IM AN INSTANCE
• No “pet” infrastructure, aka
resources you’d be heartbroken if
they went away
• Infrastructure shou...
Typical weekly traffic to Amazon.com

Sunday

Monday

Tuesday

Wednesday

Thursday

Friday

Saturday
Typical weekly traffic to Amazon.com
Provisioned capacity

Sunday

Monday

Tuesday

Wednesday

Thursday

Friday

Saturday
November traffic to Amazon.com

November
November traffic to Amazon.com
Provisioned capacity

November
November traffic to Amazon.com
76%

Provisioned capacity

November

24%
November traffic to Amazon.com

November
Auto-Scaling lets you do this!
Auto-Scaling
Trigger auto-scaling
policy

Amazon
CloudWatch

Automatic resizing of compute

clusters based on demand
Featu...
Leverage Elastic Load Balancing
Feature
Available

Details
Load balance across instances in
multiple Availability Zones

H...
COST
Understand Cost Models
Amazon
EC2

Amazo
n
EMR

• On
Demand
• Reserved
Instances
• Spot

Amazon Amazon Amazon
ElastiCache ...
console.aws.amazon.com/billing/
github.com/Netflix/ice
Billing Alerts
Turn things Off!
• Unused and forgotten EC2
instances
• Shrink disk space if you don’t
need it now
• Auto-Scaling to shrin...
Business Support starts at 100$/month
?
https://secure.flickr.com/photos/dullhunk/202872717/
Upcoming SlideShare
Loading in...5
×

AWS Tips for LAUNCHing Your Infrastructure in the Cloud

1,161

Published on

AWS Solutions Architect Chris Munns presented at the LAUNCH Festival. Thousands of startups attended the LAUNCH Festival in San Francisco, CA to launch their company and learn about building great startups.

Published in: Technology

Transcript of "AWS Tips for LAUNCHing Your Infrastructure in the Cloud"

  1. 1. AWS Tips for LAUNCHing Your Infrastructure in the Cloud https://secure.flickr.com/photos/aloha75/6109626449
  2. 2. Y-Hack 2013 https://secure.flickr.com/photos/psd/4389135567/
  3. 3. LAUNCH Festival 2014 Chris Munns - @chrismunns Amazon Web Services Solutions Architect New Yorker Formerly Senior Operations @Etsy & @Meetup Little time at a Hedgefund and Xerox Rochester Institute of Technology: Applied Networking and Systems Administration ‘05 – Internet Geek – – – – –
  4. 4. What is AWS?
  5. 5. https://secure.flickr.com/photos/stevendepolo/5644838033/
  6. 6. What is AWS? Deployment & Administration Application Services Compute Storage Networking AWS Global Infrastructure Database
  7. 7. Regions US-WEST (Oregon) EU-WEST (Ireland) AWS GovCloud (US) ASIA PAC (Tokyo) US-EAST (Virginia) ASIA PAC (Sydney) US-WEST (N. California) SOUTH AMERICA (Sao Paulo) ASIA PAC (Singapore)
  8. 8. Availability Zones US-WEST (Oregon) EU-WEST (Ireland) AWS GovCloud (US) ASIA PAC (Tokyo) US-EAST (Virginia) ASIA PAC (Sydney) US-WEST (N. California) SOUTH AMERICA (Sao Paulo) ASIA PAC (Singapore)
  9. 9. Edge Locations
  10. 10. AWS OpsWorks Amazon SNS Amazon SES Amazon CloudSearch Amazon SWF Amazon SQS Amazon Amazon Elastic AWS AWS IAM CloudWatch Beanstalk CloudFormation Deployment & Administration Amazon EMR Amazon Elastic Transcoder Storage & Content Delivery Amazon Route 53 Database Amazon VPC AWS Direct Connect Amazon RDS Amazon DynamoDB Amazon RedShift Networking Amazon Kinesis Amazon ElastiCache App Services Compute Amazon EC2 AWS AWS Data CloudTrail Pipeline AWS Global Infrastructure Amazon S3 Amazon CloudFront AWS Storage Gateway Amazon Glacier
  11. 11. 4 Easy & Basic Areas to Focus • Security • Performance • Fault Tolerance and Scale • Cost
  12. 12. SECURITY
  13. 13. AWS Multi-Factor Authentication Helps prevent anyone with unauthorized knowledge of your email address and password from impersonating you • Integrated into – AWS Management Console – Key pages on the AWS Portal • Forums, Support Center, and Account/Usage Activity pages – S3 (Secure Delete) • Virtual MFA – App for Android – Google Authenticator (iOS, Android, and Blackberry)
  14. 14. Temporary Security Credentials (sessions) • Temporary security credentials containing    Identity for authentication Access Policy to control permissions Configurable Expiration (1 – 36 hours) • Supports   AWS Identities (including IAM Users) Federated Identities (users customers authenticate) • Scales to millions of users – No need to create an IAM identity for every user • Use Cases    Identity Federation to AWS APIs Mobile and browser-based applications Consumer applications with unlimited users
  15. 15. AWS Identity and Access Management (IAM) • • • • • • • • • Users and Groups within Accounts Roles for EC2 instances Unique security credentials • Access keys • Login/Password • optional MFA device Policies control access to AWS APIs Policies to restrict access to resources based on tags and other identifiers (subnet, class, AMI) API calls must be signed Deep integration into some Services • S3: policies on objects and buckets • Fine-Grained Access Control for DynamoDB AWS Management Console supports User log on Not for Operating Systems or Applications • use LDAP, Active Directory/ADFS, etc...
  16. 16. Multi-tier Security Approach Example Web Tier Application Tier Database Tier Ports 80 and 443 only open to the Internet Engineering staff have ssh access to the App Tier, which acts as Bastion Sync with on-premises database Amazon EC2 Security Group Firewall All other Internet ports blocked by default
  17. 17. PERFORMANCE
  18. 18. Choose the right instance type • Over 25 instance types: • High CPU • High Memory • High Storage • High I/O • Bigger isn’t always better! • Going Horizontal isn’t always better either! • Don’t go with the cheapest instances because its cheapest. This laptop is several times more powerful than an m1.small
  19. 19. Choose the right storage
  20. 20. Choose the right storage 2 types of EC2 storage on AWS: • Local(ephemeral/instance based) – Regular disk – SSD • EBS – Standard – PIOPs
  21. 21. Choose the right storage 2 types of EC2 storage on AWS: • Local(ephemeral/instance based) – Not Persistent – RAID for increased performance • EBS – – – – Persistent Snapshots Flexible size/performance tuned by you RAID for increased performance
  22. 22. Choose the right storage 2 types of EC2 storage on AWS: • Local(ephemeral/instance based) – Local app/OS data – Database data that is highly replicated • EBS – Database data less replicated – Important data for your apps
  23. 23. Amazon Simple Storage Service • • • • Object based storage for the web 11 9s of durability Good for things like: – Static assets ( css, js, images, videos ) – Backups – Logs – Ingest of files for processing “Infinitely scalable” 5 • • • • • • • Supports fine grained permission control Ties in well with CloudFront Ties in with EMR Acts as a logging endpoint for S3/CloudFront/Billing Supports Encryption at transit and at rest Reduced Redundancy 1/3 cheaper Glacier for super long term storage 3
  24. 24. Monitoring Performance
  25. 25. Measuring Performance
  26. 26. Use a CDN! CDN for Static CDN for Static & Content No CDN Dynamic Content • Server Load Response Time Server Load Response Time Server Load • • • • • • • Cache static content at the edge for faster delivery Helps lower load on origin infrastructure Dynamic and Static Content Streaming Video Zone Apex support Custom SSL certificates Low TTLs ( as short as 0 seconds ) Lower costs for origin fetches ( between S3/EC2 and CloudFront ) Optimized to work with EC2, S3, ELB, and Route53 Volume of Data Delivered (Gbps) • Response Time Amazon CloudFront is a web service for scalable content delivery. 80 70 60 50 40 30 20 10 0 8:00 AM 9:00 AM 10:00 11:00 12:00 AM AM PM 1:00 PM 2:00 PM 3:00 PM 4:00 PM 5:00 PM 6:00 PM 7:00 PM 8:00 PM 9:00 PM
  27. 27. FAULT TOLERANCE + SCALE
  28. 28. Spot the Difference?
  29. 29. MULTIPLE AVAILABILITY ZONES https://secure.flickr.com/photos/lakelou/6307404651
  30. 30. Your instances: Pets vs. Cattle https://secure.flickr.com/photos/81015532@N00/2192612785 vs.
  31. 31. MOOOO IM AN INSTANCE • No “pet” infrastructure, aka resources you’d be heartbroken if they went away • Infrastructure should be tolerable of handling failed/lost components • Have no “golden eggs” • 2+ of EVERYTHING • Automate bootstrapping + deployment • Make this painless and notification-less for your team https://secure.flickr.com/photos/anemoneprojectors/9374133369 MOOOOOOOOOOOOO….
  32. 32. Typical weekly traffic to Amazon.com Sunday Monday Tuesday Wednesday Thursday Friday Saturday
  33. 33. Typical weekly traffic to Amazon.com Provisioned capacity Sunday Monday Tuesday Wednesday Thursday Friday Saturday
  34. 34. November traffic to Amazon.com November
  35. 35. November traffic to Amazon.com Provisioned capacity November
  36. 36. November traffic to Amazon.com 76% Provisioned capacity November 24%
  37. 37. November traffic to Amazon.com November
  38. 38. Auto-Scaling lets you do this!
  39. 39. Auto-Scaling Trigger auto-scaling policy Amazon CloudWatch Automatic resizing of compute clusters based on demand Feature Details Control Define minimum and maximum instance pool sizes and when scaling and cool down occurs. Integrated to Amazon CloudWatch Use metrics gathered by CloudWatch to drive scaling. Instance types Run Auto Scaling for On-Demand and Spot Instances. Compatible with VPC. aws autoscaling create-auto-scaling-group --auto-scaling-group-name MyGroup --launch-configuration-name MyConfig --min-size 4 --max-size 200 --availability-zones us-west-2c
  40. 40. Leverage Elastic Load Balancing Feature Available Details Load balance across instances in multiple Availability Zones Health checks Automatically checks health of instances and takes them in or out of service Session stickiness Route requests to the same instance Elastic Load Balancer • Create highly scalable applications • Secure sockets layer Distribute load across EC2 instances in multiple availability zones • Little to no administration necessary • Automatically attach instances on bootup via API or via Auto-Scaling Monitoring Supports SSL offload from web and application servers with flexible cipher support Publishes metrics to CloudWatch
  41. 41. COST
  42. 42. Understand Cost Models Amazon EC2 Amazo n EMR • On Demand • Reserved Instances • Spot Amazon Amazon Amazon ElastiCache RedShift RDS Amazon CloudFront • Price Classes Amazon S3 • Standard • Reduced Redundancy • Glacier* Amazon DynamoDB • Provisioned Capacity • Reserved Capacity • On Demand • Reserved Instances *Glacier isn’t a pricing model for S3, but another service part of the Storage family of services
  43. 43. console.aws.amazon.com/billing/
  44. 44. github.com/Netflix/ice
  45. 45. Billing Alerts
  46. 46. Turn things Off! • Unused and forgotten EC2 instances • Shrink disk space if you don’t need it now • Auto-Scaling to shrink tiers during lower traffic periods • Dev/Test environments during nights • Use smaller instances if resource usage is always low (see CloudWatch data) https://secure.flickr.com/photos/93307674@N03/8548071813/
  47. 47. Business Support starts at 100$/month
  48. 48. ? https://secure.flickr.com/photos/dullhunk/202872717/

×