Your SlideShare is downloading. ×
0
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
AWS101: London May 2014
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

AWS101: London May 2014

543

Published on

Slides from the AWS101 event that took place in London on the 14th of May 2014.

Slides from the AWS101 event that took place in London on the 14th of May 2014.

Published in: Technology, Business
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total Views
543
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
1
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • In this webinar I am going to introduce Amazon Web Services, also known as AWS, and some of the fundamental concepts behind the Amazon Cloud. ----- Meeting Notes (11/02/2014 10:02) -----Say HelloWelcome to this AWS 101Introduce myself and the rest of the AWS team (SAs)What will we cover?
  • Amazon Web Services is part of Amazon.com. Most of us at some point in time have used the online amazon retail store to buy books, cd's and gifts for friends and family. There are three parts to the amazon business: Our retail consumer business where amazon stocks and ships many thousands of different products, our seller business that enables retailers to sell through the same world class online store as amazon, and finally amazon web services, our IT infrastructure business.
  • We are often asked the question: how did Amazon get into cloud computing? Amazon is really good at providing an immense selection of products, and of shipping those products to customers efficiently. But behind that online capability lies years of experience in providing technical services to the business that ensures our online stores are secure, fast, always available and capable of meeting huge seasonal demand.
  • So in 2006 Amazon Web Services was born. It's mission was clear: to enable businesses and developers to use web services to scalable sophisticated applications. It's interesting to note that what we called Web Services, has now morphed into a common term 'the Cloud'. Amazon Web Services is and always has been a distinct and individual Amazon organisation.
  • As such let's dispel an urban myth
  • : AWS is not running on excess amazon.com server capacity. Come xmas and when Amazon.com is undergoing a seasonal spike in load, Amazon does not reclaim computing to finalise orders! There are hundreds of thousands of businesses running on Amazon Web Services ranging in size from the smallest startup to multi-national companies. Indeed, Amazon.com also uses AWS. It's a strategic business for Amazon.
  • And scale is something AWS is used to dealing with. The Amazon Simple Storage Service, S3, recently passed 1 trillion objects in storage, with a peak transaction rate of 750 thousand per second. That's a lot of objects, all stored with 11 9's of durability.
  • To help understand why Amazon Web Services and Cloud Computing are changing IT delivery, a nice comparison to make is that of a utility like electricity. When electricity was discovered businesses would generate their own, using steam generators to power factories. When electricity was brought together under a national system of supply, it was no longer necessary for everyone to generate their own and buy and maintain their generators, you could simply tap into the grid and use what you needed, paying only for what you did use, and be assured that the electricity you consumed was consistent and always available.
  • Utility computing brings those same benefits to the deliver of IT - the factories of many businesses.
  • By taking the services delivered from traditional data centers and wrapping them all in a consistent programming interface, or API,
  • services that are normally expensive to manage or difficult to use become available on-demand, in a uniform and available way, and only paid for when used. Just like electricity.This is what AWS does. It takes away the hard work from providing infrastructure IT services and makes them available to anyone on a pay as you go basis.
  • And just like an electricity grid, where you would not wire every factory to the same power station, the AWS infrastructure is global, with multiple regions around the globe from which services are available. This means you have control over things like where you applications run, where you data is stored, and where best to serve your customers from.
  • Let's take a quick look at what that means with a tangible example. Here, two commands are issued against AWS to create servers, or EC2 instances, in two zones in the EU. We're creating 8 instances of differing sizes, running geopgrahically distinct for availability purposes, all from 2 simple commands. Once booted, in a matter of a minute or two, those server instances are available to you to run your own applications on. Amazon has done the heavy lifting for you, so you can focus on using the compute resources available to you.
  • And of course, all of this functionality is available through a web console, so whether you want to drive the cloud by the click of a mouse or the call of an API, the power is at your disposal.
  • Traditional IT capacity planning, by the very nature of the logistics of acquiring hardware, installation, configuration and networking, has to take a forward looking view. Complex estimates of the utilisation of resources are made in order to handle the peaks you anticipate. Shown here in red is the level of resources a business needs to install in order to handle the peak needs of a service. Demand on that service might vary by the time of day, week, month or year, or be driven by exceptional demand driven by promotions or seasonal events.
  • There are many patterns of usage that make capacity planning a complex science. From on and off usage patterns, where capacity is only needed at fixed times and not at others, fast growth where an online service becomes so successful that step changes in traditional capacity need to be added, variable peaks - where you just don't know what demand will be when and best guess applies, to predictable peaks such as during commute times as customers use mobile devices to access your service.
  • Each of these examples is typified by wasted IT resources. Where you planned correctly, the IT resources will be over provisioned so that services are not impacted and customers lost during high demand. In the worst cases, that capacity will not be enough, and customer dissatisfaction will result. Most businesses have a mix differing patterns at play, and much time and resource is dedicated to planning and management to ensure services are always available. And when a new online service is really successful, you often can't ship in new capacity fast enough. Some say that's a nice problem to have, but those that have lived through it will tell you otherwise!
  • You control how and when your service scales, so you can closely match increasing load in small increments, scale up fast when needed, and cool off and reduce the resources being used at any time of day. Even the most variable and complex demand patterns can be matched with the right amount of capacity - all automatically handled by AWS.
  • Elasticity works from just 1 EC2 instance to many thousands. Just dial up and down as required.
  • Back in 2008, they launched a Facebook application that lets people tell their friends when they've uploaded a video that includes that friend. When people saw the music videos their friends created when the application shared it with them, they wanted to go out and create their own videos. Shortly after launching their social networking modification, they were featured on Techcrunch. As you can imagine, this brought them a lot of unexpected traffic. In the course of 3 days, they went from running on 40 instances to 5,000 instances. Because they were using Amazon Web Services, they were able to handle all of this incoming traffic without having to do a thing. AWS managed it all for them.
  • Examining AWS, you’ll see that the same security isolations are employed as would be found in a traditional datacenter. These include physical datacentre security, separation of the network, isolation of the server hardware, and isolation of storage. AWS customers have control over their data: they own the data, not us; they can encrypt their data at rest and in motion, just as they would in their own datacenter.  Amazon Web Services provides the same, familiar approaches to security that companies have been using for decades. Importantly, it does this while also allowing the flexibility and low cost of cloud computing. There is nothing inherently at odds about providing on-demand infrastructure while also providing the security isolation companies have become accustomed to in their existing, privately-owned environments.AWS is a secure, durable technology platform with industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, HIPAA, SAS 70 Type II. Our services and data centers have multiple layers of operational and physical security designed to protect the integrity and safety of your data. Visit our Security Center to learn more http://aws.amazon.com/security/.Certifications and Accreditations: AWS has successfully completed a SAS70 Type II Audit, and will continue to obtain the appropriate security certifications and accreditations to demonstrate the security of our infrastructure and services. PCI DSS: We finalized our 2011 PCI compliance audit, publishing our extensive Report on Controls (ROC) with an expanded scope. Our new November 30, 2011 PCI Attestation of Compliance, a document from our auditor stating we are compliant with all 12 PCI security standard domains, is available now for customers considering or working on moving PCI systems to AWS. The new Attestation of Compliance document includes some key changes this year: This year we’ve added RDS, ELB, and IAM as in-scope services. The addition of these services is fantastic news for PCI customers since they can now leverage RDS to store cardholder and transaction data, use ELB to manage card transaction traffic, and rely on IAM features as validated control mechanisms that satisfy PCI security standard requirements. Consistent with last year, EC2, S3, EBS, and VPC continue to be in scope.  Physical Security: Amazon has many years of experience in designing, constructing, and operating large scale data centers. AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical barriers to prevent unauthorized access.Secure Services: Each of the services within the AWS cloud is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand. Data Privacy: AWS enables users to encrypt their personal or business data within the AWS cloud and publishes backup and redundancy procedures for services so that customers can gain greater understanding of how their data flows throughout AWS.“In essence, the security system of AWS’s platform has been added to our existing security systems. We now have a security posture consistent with that of a multi-billion dollar company.” - Jim Warren, CIO, Recovery Accountability and Transparency Board (RATB)
  • Transcript

    • 1. What is AWS? Ian Massingham - Technical Evangelist @IanMmmm
    • 2. Before we start… …we’d love your feedback!
    • 3. background
    • 4. Consumer Business Tens of millions of active customer accounts 8 countries: US, UK, Germany, Japan, France, Canada, China, Italy Seller Business Sell on Amazon websites Use Amazon technology for your own retail website Leverage Amazon’s massive fulfillment center network IT Infrastructure Business Cloud computing infrastructure for hosting web-scale solutions Hundreds of thousands of registered customers in over 190 countries
    • 5. Deep experience in building and operating global web scale systems About Amazon Web Services ? …get into cloud computing? How did Amazon…
    • 6. AWS Mission Enable businesses and developers to use web services* to build scalable, sophisticated applications. *What people now call “the cloud”
    • 7. Not excess capacity!
    • 8. Powering the Most Popular Internet Businesses Find out more at : aws.amazon.com/solutions/case-studies
    • 9. Trusted by Enterprises Find out more at : aws.amazon.com/solutions/case-studies
    • 10. Each day AWS adds the equivalent server capacity to power Amazon when it was a global, $7B enterprise
    • 11. Objects in S3 Trillions of Objects (000,000,000,000s) Servicing over 2 million requests per Second
    • 12. utility computing
    • 13. On demand Pay as you go Uniform Available Utility computing
    • 14. Utility computing On demand Pay as you go AvailableUniform
    • 15. Utility computing
    • 16. Utility computing Compute Storage Security Scaling Database Networking Monitoring Messaging Workflow DNS Load Balancing BackupCDN On demand Pay as you go Uniform Available
    • 17. On a global footprint Region US-WEST (N. California) EU-WEST (Ireland) ASIA PAC (Tokyo) ASIA PAC (Singapore) US-WEST (Oregon) SOUTH AMERICA (Sao Paulo) US-EAST (Virginia) GOV CLOUD ASIA PAC (Sydney)
    • 18. At the end of a web service aws ec2 run-instances --image-id ami-a813fadf --count 3 --placement AvailabilityZone=eu-west-1a --instance-type m1.small aws ec2 run-instances --image-id ami-a813fadf --count 5 --placement AvailabilityZone=eu-west-1c --instance-type m1.medium
    • 19. and a rich Management Console
    • 20. elasticity
    • 21. Traditional IT capacity Elastic capacity Capacity Time Your IT needs
    • 22. On and Off Fast Growth Variable peaks Predictable peaks Elastic capacity
    • 23. Elastic capacity On and Off Fast Growth Predictable peaksVariable peaks WASTE CUSTOMER DISSATISFACTION
    • 24. Elastic capacity Fast GrowthOn and Off Predictable peaksVariable peaks
    • 25. From one instance…
    • 26. …to thousands
    • 27. and back…
    • 28. exploiting elasticity
    • 29. Sunday Monday Tuesday Wednesday Thursday Friday Saturday Typical weekly traffic to Amazon.com
    • 30. November traffic to Amazon.com November
    • 31. November traffic to Amazon.com Provisioned capacity November
    • 32. November traffic to Amazon.com 76% 24% Provisioned capacity November
    • 33. November 10th 2010 Turned off last physical web server of Amazon.com
    • 34. November 10th 2010 Turned off last physical web server of Amazon.com October 31st 2011 Turned off last web servers supporting European business
    • 35. November traffic to Amazon.com November
    • 36. NumberofEC2Instances 4/12/2008 4/14/2008 4/15/2008 4/16/2008 4/18/2008 4/19/2008 4/20/20084/17/20084/13/2008 40 servers to 5000 in 3 days EC2 scaled to peak of 5000 instances “Techcrunched” Launch of Facebook modification Steady state of ~40 instances
    • 37. Building a Top500 HPC Cluster on AWS
    • 38. the toolbox
    • 39. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Reference Model security
    • 40. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Global infrastructure Regions An independent collection of AWS resources in a defined geography A solid foundation for meeting location-dependent privacy and compliance requirements
    • 41. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Global infrastructure Availability Zones Designed as independent failure zones Physically separated within a typical metropolitan region
    • 42. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Global infrastructure Edge Locations To deliver content to end users with lower latency A global network of edge locations Supports global DNS infrastructure (Route53) and Cloud Front CDN Dallas(2) St.Louis Miami JacksonvilleLos Angeles (2) Palo Alto Seattle Ashburn(3) Newark New York (3) Dublin London(2) Amsterdam (2) Stockholm Frankfurt(2) Paris(2) Singapore(2) Hong Kong (2) Tokyo (2) Sao Paulo South Bend San Jose Osaka Milan Sydney Madrid Seoul Mumbai Chennai
    • 43. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Networking Direct Connect Dedicated connection to AWS VPN Connection Secure internet connection to AWS Virtual Private Cloud Private, isolated section of the AWS Cloud Route 53 Highly available and scalable Domain Name Service
    • 44. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Compute Vertical Scaling From $0.02/hr Elastic Compute Cloud (EC2) Basic unit of compute capacity Range of CPU, memory & local disk options 13 Instance types available, from micro to cluster compute Feature Details Flexible Run windows or linux distributions Scalable Wide range of instance types from micro to cluster compute Machine Images Configurations can be saved as machine images (AMIs) from which new instances can be created Full control Full root or administrator rights Secure Full firewall control via Security Groups Monitoring Publishes metrics to Cloud Watch Inexpensive On-demand, Reserved and Spot instance types VM Import/Export Import and export VM images to transfer configurations in and out of EC2
    • 45. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Compute Auto-scaling Automatic provisioning of compute resources based upon demand, configuration or schedule Trigger auto- scaling policy Feature Details Control Define minimum and maximum instance pool sizes and when scaling and cool down occurs Integratedto CloudWatch Use metrics gathered by CloudWatch to drive scaling Instance types Run auto scaling for on-demand instances and spot. Compatible with VPC aws autoscaling create-auto-scaling-group --auto-scaling-group-name MyGroup --launch-configuration-name MyConfig --availability-zones eu-west-1a --min-size 4 --max-size 200
    • 46. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Compute Elastic Load Balancing Create highly scalable applications Distribute load across EC2 instances in multiple availability zones Feature Details Auto-scaling Automatically scales to handle request volume Available Load balance across instances in multiple availability zones Health checks Automatically checks health of instances and takes them in or out of service Session stickiness Route requests to the same instance Secure sockets layer Supports SSL offload from web and application servers with flexible cipher support Monitoring Publishes metrics to Cloud Watch
    • 47. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Storage S3 - Durable storage, any object 99.999999999% durability of objects Unlimited storage of objects of any type Up to 5TB size per object Feature Details Flexible object store Buckets act like drives, folder structures within Access control Granular control over object permissions Server-side encryption 256bit AES encryption of objects Multi-part uploads Improved throughput & control Object versioning Archive old objects and version new ones Object expiry Automatically remove old objects Access logging Full audit log of bucket/object actions Web content hosting Serve content as web site with built in page handling Notifications Receive notifications on key events Import/Export Physical device import/export service
    • 48. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Storage Elastic Block Store High performance block storage device 1GB to 1TB in size Mount as drives to instances Feature Details High performance file system Mount EBS as drives and format as required Flexible size Volumes from 1GB to 1TB in size Secure Private to your instances Available Replicated within an Availability Zone Backups Volumes can be snapshotted for point in time restore Monitoring Detailed metrics captured via Cloud Watch
    • 49. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Database Relational Database Service Database-as-a-Service No need to install or manage database instances Scalable and fault tolerant configurations Feature Details Platform support Create MySQL, PostgreSQL, Microsoft SQL Server and Oracle RDBMS Preconfigured Get started instantly with sensible default settings Automatedpatching Keep your database platform up to date automatically Backups Automatic backups and point in time recovery and full DB backups Backups Volumes can be snapshotted for point in time restore Failover Automated failover to slave hosts in event of a failure Replication Easily create read-replicas of your data and seamlessly replicate data across availability zones
    • 50. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Database Amazon Relational Database Service (Amazon RDS) databases stores forum threads, site content, and project configuration data. High availability Multi-AZ database deployment to handle live game metadata and user-generated content. Enterprise-grade fault tolerance for protecting customer data. By managing time-consuming database administration tasks, Amazon RDS allows SEGA to focus on business critical applications.
    • 51. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Database DynamoDB Provisioned throughput NoSQL database Fast, predictable performance Fully distributed, fault tolerant architecture Feature Details Provisioned throughput Dial up or down provisioned read/write capacity Predictable performance Average single digit millisecond latencies from SSD backed infrastructure Strong consistency Be sure you are reading the most up to date values Fault tolerant Data replicated across availability zones Monitoring Integrated to Cloud Watch Secure Integrates with AWS Identity and Access Management (IAM) Elastic MapReduce Integrates with Elastic MapReduce for complex analytics on large datasets
    • 52. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Database Redshift Managed Massively Parallel Petabyte Scale Data Warehouse Streaming Backup/Restore to S3 Extensive Security 2 TB -> 1.6 PB RDS Dynamo DB Redshift
    • 53. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Application Services CloudFront World-wide content distribution network Easily distribute content to end users with low latency, high data transfer speeds, and no commitments. Feature Details Fast Multiple world-wide edge locations to serve content as close to your users as possible Integrated with other services Works seamlessly with S3 and EC2 origin servers Dynamic content Supports static and dynamic content from origin servers Streaming Supports rtmp from S3 and includes support for live streaming from Adobe FMS and Microsoft Media Server London Paris NY Served from S3 /images/* 3 Served from EC2 *.php 2 Single CNAME www.mysite.com 1
    • 54. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Application Services Amazon SQS Processing task/processing trig Processing results Amazon SQS Reliable, highly scalable, queue service for storing messages as they travel between instances Feature Details Reliable Messages stored redundantly across multiple availability zones Simple Simple APIs to send and receive messages Scalable Unlimited number of messages Secure Authentication of queues to ensure controlled access
    • 55. Task A Task B (Auto-scaling) Task C 2 3 1 Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Application Services Feature Details Process state Maintain application state across complex workflows in a reliable and available manner Tracking Tracks executions and log process for audit purposes Consistency Ensures processing tasks are executed and duplicity of events does not occur Simple Simple Decider and Task programming model for rapid integration Simple Workflow Reliably coordinate processing steps across applications Integrate AWS and non-AWS resources Manage distributed state in complex systems
    • 56. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Deployment & Admin Elastic Beanstalk One-click deployment from Eclipse, Visual Studio and Git Rapid deployment of applications All AWS resources automatically created Feature Details Platform support Containers for Java, .net and PHP Resource creation Creates load balancer, instances, autoscaling and monitoring automatically Monitoring & Logs Integrated with Cloud Watch and consolidates server logs Versioning Manage versions of applications and easily rollback deployments Notifications Receive alerts on key events Full resource access Access all underlying AWS resources as necessary
    • 57. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Deployment & Admin OpsWorks DevOps focused managed application stacks Underlying Chef recipes allow for complete customisation Feature Details Platform support Chef recipes allows for community expansion for platform components such as Solr, NgniX etc Resource creation Customizable deployments, rollback, partial deployments, patch management, automatic instance scaling, and auto healing Layered Manage logical application layers and combine into stacks.
    • 58. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Cloud Formation Automate creation of ‘stacks’ in a repeatable way Scripting framework for AWS resource creation Feature Details Platform support Support for AWS resources from EC2 to IAM Resource creation Creates AWS resources behind the scenes and reports on progress Declarative Specify stacks in JSON format and source control your environments Customizable Drive stack creation with parameters Deployment & Admin
    • 59. Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Deployment & Admin Identity & Access Management Granular control of user rights with AWS Automated granting of EC2 service rights Software Developer Kits Comprehensive support of programming models for using AWS services
    • 60. + others Cloud Search Simple Email Service Simple Notification Service ElastiCache (Memcache & Redis) Elastic MapReduce CloudWatch …and more to come!
    • 61. security & compliance
    • 62. Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Amazon Shared responsibility
    • 63. Foundation Services Compute Storage Database Networking Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer Data Amazon Shared responsibility You AWS Global Infrastructure Regions Availability Zones Edge Locations
    • 64. Certifications SOC 1 Type 2 (formerly SAS- 70) ISO 27001 PCI DSS for EC2, S3, EBS, VPC, RDS, ELB, IAM FISMA Moderate Compliant Controls HIPAA & ITAR Compliant Architecture Physical Security Datacenters in nondescript facilities Physical access strictly controlled Must pass two-factor authentication at least twice for floor access Physical access logged and audited HW, SW, Network Systematic change management Phased updates deployment Safe storage decommission Automated monitoring and self- audit Advanced network protection Security standards http://aws.amazon.com/security
    • 65. So what are we going to build today?
    • 66. Availability Zone Region Instance
    • 67. Availability Zone Region Instance S3
    • 68. Availability Zone Region Instance S3 Cloud Front
    • 69. Availability Zone Region Instance S3 Cloud Front RDS
    • 70. Availability Zone Region Instance Instance Elastic Load Balancer Cloud Front S3 RDS
    • 71. Availability Zone Region Instance Instance Elastic Load Balancer Cloud Front S3 Auto scaling Group RDS
    • 72. Time for a break, but come back at 11:00, and we’ll build it
    • 73. @AWS_UKI for local AWS events & news @AWScloud for Global AWS News and Announcements ©Amazon.com, Inc. and its affiliates. All rights reserved. #AWS101
    • 74. Ask questions (it will fill time when we wait for things to launch) There will be a recording of this demo on YouTube, so don’t worry if you miss anything
    • 75. Availability Zone Region Instance
    • 76. EC2 launch an instance
    • 77. bootstrapping passing data to an instance
    • 78. Instance request User data
    • 79. Instance request User data Meta-data service
    • 80. Instance request User data Instance Meta-data service
    • 81. Script executed on launch: <script> ipconfig /all > c:ipconfig.txt netstat > c:netstat.txt </script>
    • 82. Script executed on launch: #!/bin/sh yum -y install httpd php php-mysql chkconfig httpd on /etc/init.d/httpd start
    • 83. security groups instance firewalling
    • 84. Security Group instance Port 80 (HTTP) Port 22 (SSH) Name Description Protocol Port range IP Address, range, or another security group
    • 85. key pairs secure access
    • 86. Public Key Inserted by Amazon into each EC2 instance that you launch Private Key Downloaded and stored by you EC2 Instance Comms secured with private key
    • 87. index.php Reads instance meta-data
    • 88. Some php code that gets the data <?php // get the instance id $url = "http://169.254.169.254/latest/meta-data/instance-id"; $instance_id = file_get_contents($url); // get the AZ where the instance is running $url = "http://169.254.169.254/latest/meta-data/placement/availability-zone"; $zone = file_get_contents($url); // get the security group it is in $url = "http://169.254.169.254/latest/meta-data/security-groups"; $group = file_get_contents($url); // get the public DNS name $url = "http://169.254.169.254/latest/meta-data/public-hostname"; $hostname = file_get_contents($url); ?>
    • 89. And displays it Instance ID: <?php echo $instance_id; ?> Availability Zone: <?php echo $zone; ?> Security Group: <?php echo $group; ?>
    • 90. S3 For Static Website Hosting
    • 91. Availability Zone Region Instance S3
    • 92. CloudFront Global CDN
    • 93. Availability Zone Region Instance S3 Cloud Front
    • 94. Amazon RDS Managed Relational DB
    • 95. Availability Zone Region Instance S3 Cloud Front RDS
    • 96. ELB elastic load balancer
    • 97. Availability Zone Region Instance Elastic Load Balancer Cloud Front S3 RDS
    • 98. Availability Zone Availability Zone Region Availability Zone Instance Instance Instance Instance Instance Instance Elastic Load Balancer
    • 99. Availability Zone Region Instance Instance Elastic Load Balancer Cloud Front S3 Auto scaling Group RDS
    • 100. auto-scaling elastic server pool
    • 101. Describes what Auto Scaling will create when adding Instances AMI Instance Type Security Group Instance Key Pair Only one active launch configuration at a time Auto Scaling will terminate instances with old launch configuration first rolling update Auto Scaling managed grouping of EC2 instances Automatic health check to maintain pool size Automatically scale the number of instances by policy – Min, Max, Desired Automatic Integration with ELB Automatic distribution & balancing across AZs Parameters for performing an Auto Scaling action Scale Up/Down and by how much ChangeInCapacity (+/- #) ExactCapacity (#) ChangeInPercent (+/- %) Cool Down (seconds) Policy can be triggered by CloudWatch events Launch Configuration Auto-Scaling Group Auto-Scaling Policy
    • 102. Availability Zone Region Instance Instance Elastic Load Balancer Cloud Front S3 Auto scaling Group RDS
    • 103. We’d love your feedback!
    • 104. Ian Massingham – Technical Evangelist @IanMmmm @AWS_UKI for local AWS events & news @AWScloud for Global AWS News and Announcements ©Amazon.com, Inc. and its affiliates. All rights reserved. #AWS101

    ×