Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Best Partices for getting Started

235 views

Published on

Best Practices for getting started on AWS

Published in: Business
  • Be the first to comment

Best Partices for getting Started

  1. 1. Getting started with AWS adhorn@amazon.com @adhorn Adrian Hornsby — Technical Evangelist
  2. 2. Getting Started with AWS: Agenda Seven best practices you should focus on when getting started Resources you can use to learn more Getting Started with AWS
  3. 3. http://aws.amazon.com/getting-started/ Getting Started with AWS
  4. 4. Choose Your First Use Case Well 1
  5. 5. Chose Your First Use Case Well Make your first project a S.M.A.R.T one
  6. 6. Choose Your First Use Case Well Dev & Test Spin environments up and down on demand Decouple development and test environments from operations constraints Explore elasticity in a sandboxed environment Make your first project a S.M.A.R.T one
  7. 7. Chose Your First Use Case Well Dev & Test Spin environments up and down on demand Decouple development and test environments from operations constraints Explore elasticity in a sandboxed environment Backup & DR Take part of your data or business applications step- by-step into non- production DR use Understand cloud dynamics and test during controlled failover Make your first project a S.M.A.R.T one
  8. 8. Chose Your First Use Case Well Dev & Test Spin environments up and down on demand Decouple development and test environments from operations constraints Explore elasticity in a sandboxed environment Backup & DR Take part of your data or business applications step- by-step into non- production DR use Understand cloud dynamics and test during controlled failover Greenfield Project Embody best practice of cloud computing in unconstrained greenfield projects Self contained web projects, document archiving etc Make your first project a S.M.A.R.T one
  9. 9. Chose Your First Use Case Well Dev & Test Spin environments up and down on demand Decouple development and test environments from operations constraints Explore elasticity in a sandboxed environment Backup & DR Take part of your data or business applications step- by-step into non- production DR use Understand cloud dynamics and test during controlled failover Greenfield Project Embody best practice of cloud computing in unconstrained greenfield projects Self contained web projects, document archiving etc Pain point Move specific service aspects causing undue cost or management burden Workflows, search indexing, media streaming, document archiving, constrained databases Make your first project a S.M.A.R.T one
  10. 10. Plan Evolution and Set Goals Understand services Test performance Architect for scale Develop team capabilities Implement monitoring Change control and management Security management Scalability Automate corrective actions Auto-scaling Zero downtime deployments System backup and recovery Proof of Concept Production Automation SampleActivities
  11. 11. Lay Out Your Foundations 2
  12. 12. Accounts Create an account structure that makes sense Use accounts like environments where you need separation and control e.g. Dev Sandboxes Test Environments Business Units Products & Services Lay Out Your Foundations
  13. 13. BillingAccounts Create an account structure that makes sense Use accounts like environments where you need separation and control e.g. Dev Sandboxes Test Environments Business Units Products & Services Control access to billing information Use IAM users to keep billing information in the master account Consolidate billing into a single account Let one account pick up the bill for multiple ‘sub accounts’ Setup billing alerts and automated bill reporting Get CloudWatch notifications when billing reaches a point and output csv reports to S3 for analysis Lay Out Your Foundations
  14. 14. Enable delivery of billing reports with resources & tags Billing preferences Billing Settings
  15. 15. Billing Master Account aws.invoices@mycompany.com
  16. 16. Billing Consolidated Billing Relationship Master Account aws.invoices@mycompany.com Division B admin@divisionB.com User2 Dev2 Admin2 IAM
  17. 17. Billing Consolidated Billing Relationship Master Account aws.invoices@mycompany.com Division B admin@divisionB.com User2 Dev2 Admin2 IAM Tags: Own=Div Proj=P Tags: Own=Div Proj=Q Tags: Own=Div Proj=R Tags: (key-value) e.g Own=Div Proj=R
  18. 18. Billing Consolidated Billing Relationships Master Account aws.invoices@mycompany.com Business Unit C admin@busUnitC.com User3 Dev3 Admin3 IAM Tags: Own=BusC Proj=X Tags: Own=BusC Proj=Y Tags: Own=BusC Proj=Z Division B admin@divisionB.com User2 Dev2 Admin2 IAM Tags: Own=Div Proj=P Tags: Own=Div Proj=Q Tags: Own=Div Proj=R Operating Co. A admin@opcoA.com User1 Dev1 Admin1 IAM Tags: Own=OpCo Proj=A Tags: Own=OpCo Proj=B Tags: Own=OpCo Proj=C
  19. 19. Billing Consolidated Billing Relationships Master Account aws.invoices@mycompany.com Business Unit C admin@busUnitC.com User3 Dev3 Admin3 IAM Tags: Own=BusC Proj=X Tags: Own=BusC Proj=Y Tags: Own=BusC Proj=Z Division B admin@divisionB.com User2 Dev2 Admin2 IAM Tags: Own=Div Proj=P Tags: Own=Div Proj=Q Tags: Own=Div Proj=R Operating Co. A admin@opcoA.com User1 Dev1 Admin1 IAM Tags: Own=OpCo Proj=A Tags: Own=OpCo Proj=B Tags: Own=OpCo Proj=C Alert: Reached $500 Alert: Reached $3500 Alert: Reached $1250
  20. 20. S3CSV Billing ANALYSIS Programmatic Billing Access Consolidated Billing Relationships Master Account aws.invoices@mycompany.com Business Unit C admin@busUnitC.com User3 Dev3 Admin3 IAM Tags: Own=BusC Proj=X Tags: Own=BusC Proj=Y Tags: Own=BusC Proj=Z Division B admin@divisionB.com User2 Dev2 Admin2 IAM Tags: Own=Div Proj=P Tags: Own=Div Proj=Q Tags: Own=Div Proj=R Operating Co. A admin@opcoA.com User1 Dev1 Admin1 IAM Tags: Own=OpCo Proj=A Tags: Own=OpCo Proj=B Tags: Own=OpCo Proj=C
  21. 21. 3rd Party Cost Management Tools
  22. 22. Access KeysBillingAccounts Create an account structure that makes sense Use accounts like environments where you need separation and control e.g. Dev Sandboxes Test Environments Business Units Products & Services Control access to billing information Use IAM users to keep billing information in the master account Consolidate billing into a single account Let one account pick up the bill for multiple ‘sub accounts’ Setup billing alerts and automated bill reporting Get CloudWatch notifications when billing reaches a point and output csv reports to S3 for analysis Decide upon a key management strategy Control access to EC2 instances via SSH and embedded public key: e.g. EC2 Key Pair per group of instances, EC2 Key Pair per account Consider SSH key rotation & automation Limit exposure to private key compromise by rotating keys and replacing authorized_keys listings on running instances Consider bootstrap automation to grant developer access with developer unique keypairs Lay Out Your Foundations
  23. 23. Groups & RolesAccess KeysBillingAccounts Create an account structure that makes sense Use accounts like environments where you need separation and control e.g. Dev Sandboxes Test Environments Business Units Products & Services Control access to billing information Use IAM users to keep billing information in the master account Consolidate billing into a single account Let one account pick up the bill for multiple ‘sub accounts’ Setup billing alerts and automated bill reporting Get CloudWatch notifications when billing reaches a point and output csv reports to S3 for analysis Decide upon a key management strategy Control access to EC2 instances via SSH and embedded public key: e.g. EC2 Key Pair per group of instances, EC2 Key Pair per account Consider SSH key rotation & automation Limit exposure to private key compromise by rotating keys and replacing authorized_keys listings on running instances Consider bootstrap automation to grant developer access with developer unique keypairs Use IAM Groups to manage console users and API access Provide developers with IAM user login and unique API access credentials Control & restrict what IAM users can do by placing them in groups with associated policies Assign EC2 Instances IAM roles Let AWS manage API access credentials on running instances by assigning a system entitlement to an instance e.g. instance can only read S3 bucket Lay Out Your Foundations
  24. 24. Identity & Access Management - IAM Account ApplicationsAdministrators Developers Laura Gavin Steve Nigel Stephen Ingest Console Reporting
  25. 25. Identity & Access Management - IAM Account ApplicationsAdministrators Developers Laura Gavin Steve Nigel Stephen Ingest Console Reporting Groups Multi-factor Authentication
  26. 26. Identity & Access Management - IAM Account ApplicationsAdministrators Developers Laura Gavin Steve Nigel Stephen Ingest Console Reporting Groups Roles Multi-factor Authentication AWS API Credentials
  27. 27. IAM Policies { "Statement": [ { "Effect": "Allow", "Action": [ "elasticbeanstalk:*", "ec2:*", "elasticloadbalancing:*", "autoscaling:*", "cloudwatch:*", "s3:*", "sns:*" ], "Resource": "*" } ] } Create a policy to assign permissions to a user, group, role or resource. Policies are created using JSON. A policy consists of one or more statements, each of which describes one set of permissions. Policies control access to AWS APIs
  28. 28. Identity and Access Management - IAM For more details on IAM, visit: aws.amazon.com/iam
  29. 29. Think Security 3
  30. 30. Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer Data AmazonYou Shared Security Responsibility
  31. 31. Understand your customer & determine your security stance Leverage AWS Security External Audience Regulatory Audience Internal Audience Architecture Administration IAM Certifications White Papers QSA Process Your Processes Your Certifications Penetration Test Results
  32. 32. Understand your customer & determine your security stance Engage with security assessors early in your adoption cycle Leverage AWS Security Don’t fear assessment – AWS meets high standards (PCI DSS, ISO27001) Security assessments take time, so allow for this in your planning Undertake architecture reviews early in your design/deployment process
  33. 33. Understand your customer & determine your security stance Engage with security assessors early in your adoption cycle Use comprehensive materials and certifications provided by AWS Leverage AWS Security For more details on AWS Security, visit: aws.amazon.com/security Risk and compliance white paper AWS security processes white paper CSA consensus assessments initiative questionnaire (requires NDA)
  34. 34. Services not Software 4
  35. 35. AWS Cloud
 Infrastructure & Services Your
 Business More Time to Focus on
 Your Business Configuring Cloud Services 70% 30%70% Self Managed Software & Infrastructure 30% Managing All of the 
 “Undifferentiated Heavy Lifting” Services Not Software
  36. 36. Relational Database Service Easy to set up, operate, and scale Handles time-consuming database management tasks, such as backups, patch management, and replication Supports MySQL, MariaDB, Oracle, Microsoft SQL Server, PostgreSQL & Amazon Aurora NoSQL Database Service Fast, predictable performance Supports document & key-value data models Fully distributed, fault tolerant architecture Amazon RDS Amazon DynamoDB Services Not Software
  37. 37. Amazon SQS Processing task/ processing trigger Processing results Simple Queue Service Fast, reliable, scalable, fully managed message queuing service Transmit any volume of data, at any level of throughput Amazon SQS Amazon EMR Elastic MapReduce Uses Hadoop, an open source framework, to distribute your data and processing across EC2 instances Integrates with other AWS services, such S3 & DynamoDB Supports the broad Hadoop tools ecosystem Services Not Software
  38. 38. Optimise Your Costs 5
  39. 39. Use the Right Instance Types Use Auto Scaling Turn Off Unused Instances Use Reserved Instances 1 2 3 4 Use Spot Instances5 Use Storage Classes6 Offload Your Architecture7 Use Services, Not Software8 Use Consolidated Billing9 Use Cost Management Tools10
  40. 40. Use Tools & Frameworks 6
  41. 41. Access everything via CLI, API or Console Use one of 9 (soon to be 10) fully supported SDKs to create or make use of existing AWS resources within your own code Leverage a broad ecosystem of open source, free and commercially licensed tools to work with AWS Services Achieve the highest levels of automation to support continuous deployment, define your infrastructure-as-code or automate your development, operations or DevOps processes Find out more at: aws.amazon.com/developers/getting-started/ Everything is Programmable
  42. 42. AWS Deployment & Management Tools AWS Elastic Beanstalk AWS OpsWorks AWS CloudFormation AWS CodeDeploy
  43. 43. Get Supported 7
  44. 44. Get Supported: AWS Support Options Four Support Tiers are Available. Chose from: Basic Developer Business Enterprise For more details on AWS Support, visit: aws.amazon.com/premiumsupport Greater of $29- or -3% of monthlyAWS usage Greater of $100- or -a minimum 10% ofmonthlyAWS usage Greater of #15,000- or -10% of monthlyAWS usage
  45. 45. Get Supported: Trusted Advisor
  46. 46. Resources You Can Use to Learn More aws.amazon.com/getting-started/ aws.amazon.com/premiumsupport aws.amazon.com/architecture aws.amazon.com/security aws.amazon.com/campaigns/emea-getting-started
  47. 47. @AWScloud for Global AWS News & Announcements @adhorn Adrian Hornsby — Technical Evangelist

×