SlideShare a Scribd company logo

Build on AWS: Delivering and Modernizing.

Amazon Web Services
Amazon Web Services

AWS presents 'Build on AWS: Delivering and Modernizing' at AWS TechShift, Sydney. Brent Maxwell, Partner Solutions Architect, AWS

1 of 34
Download to read offline
Build on AWS: Building & Modernizing Brent Maxwell Partner Solutions Architect, APAC, AWS
Be Agile: SaaS Reference Architecture Landscape
Modernising your applications • Go Service Oriented Architecture (& to microservices and beyond!) • Modernize with containers • Build with DevOps • Offload security considerations
UI Shipping Service UIShipping UI Shipping Service Order UI User UI Order Service Service Order UI Order UI User UI Order ServiceOrder Service Service Service Service ServiceUser Service Scaling on monolithic vs SOA applications
Characteristics of Service Oriented Architectures Do one thing wellIndependent Decentralized Black box Polyglot You build it, you run it
Containers are Natural for SOA • Simple to model • Any app, any language • Image is the version • Test & deploy same artifact • Stateless servers decrease change risk
Amazon ECS • Fully managed, elastic service – you don’t need to run anything, and the service scales as your microservices architecture grows • Shared state optimistic scheduling • Integration with Amazon CloudWatch for monitoring and logging • Integration with AWS DevOps services for continuous integration and delivery (CI/CD)
Deploying Containers on ECS – Choose a Scheduler Batch Jobs (Monthly reporting, consolidated shipping) ECS task scheduler Run tasks once Batch jobs RunTask (random) StartTask (placed) Long-Running Apps (CRM web interface, content management module) ECS service scheduler Health management Scale-up and scale-down AZ aware Grouped containers
Example Architecture on ECS Amazon ECR Amazon RDS Application Load Balancer ECS Cluster ECS Cluster IAM Amazon API Gateway* Amazon Route 53 Amazon CloudWatch
Automatic Service Scaling Publish metrics Auto Scaling ECS service Availability Zone A Availability Zone B Order Module Add/Remove ECS tasks Order Module ReportingScaling Policies Amazon CloudWatch Amazon ECS Application Load Balancer
Blue-Green Deployments TaskTask Route 53 record set with weighted routing policy 0% 100%
Service Discovery with Route 53 and Application Load Balancers Application Load Balancer i-aaa i-bbb i-ccc i-aaa i-bbb i-ccc oAuth Target Group 8080 8081 Portal Target Group Reporting Target Group 8090 8001 8002 8080 Amazon Route 53 ECS Cluster PandaCRM.com PandaCRM.com PandaCRM.com/report PandaCRM.com/order
What about DevOps?
The DevOps Stack Continuous Deployment Delivery Pipelines Deployment Automation Continuous Integration Automated Testing Configuration Management Agile Communication
DevOps Practices • Infrastructure as code • Application and Infrastructure version management • Test Automation • Monitoring and logging • Continuous Integration/Deployment
Release processes levels Source Build Test Production Continuous integration Continuous delivery Continuous deployment
DevOps Stack on AWS 17 MonitorProvisionDeployTestBuildCode AWS Elastic Beanstalk CloudWatchCloudFormationCodeDeploy CodeCommit CodePipeline AWS Opsworks AWS Elastic Container Service CodeBuild
Where do I go from here? • Collect Metrics. Graph anything that moves • Log everything, Centralize logging, Log Analytics • Infrastructure as Code • Automated configuration management • One click environment creation • CI-CD pipelines • Automated testing
We have a strong partner list, and it’s growing Source Build Test Deploy *beta
Continuous Deployment AWS CodeCommit AWS CodePipeline AWS CodeBuild Amazon ECR Amazon ECS instance Spot Instance AWS CloudFormation 1. Commit Code 2. Trigger Pipeline 3.Build Artifact 5.Update Stack 6. Update Service 4. Push Image
Don’t forget security Don’t forget security
Beyond the Front Door Injecting Tenant Context Security & Isolation Tenant Access Roles Tenant Provisioning
First, We Need A Tenant New Tenant On-Boarding Tenant Identity Broker Identity Provider Tenant Management Billing • User: bob@abc.com • TenantID: 491048735 • TenantID: 491048735 • Domain: abc.pandacrm.com • Tier: Platinum • Status: Active Domain Provisioning SSL Certificate IAM Policy
Key Tenant Provisioning Considerations • Find a seamless model for binding tenant to identities • Consider fault tolerance for 3rd Party integrations • Need to factor in tenant lifecycle management • Allow for tenant level variation in identity policies • Let identity providers do the heavy lifting • Lean on automation and repeatability
Identity & Isolation: Many Levels, One Goal Full Stack Isolation Web Tier App Tier Tenant 1 Web Tier App Tier Tenant 2 Resource-Level Isolation Tenant 1 Tenant 2 Tenant 1 Tenant 2 Tenant 1 Tenant 2 Application-Level Isolation Tenant1 Tenant2 Tenant1 Tenant2 Tenant1 Tenant3 Key
IAM Policies Scope Tenant Access Web Tier App Tier Tenant1 Access Policy CustomerTable Tenant2 Access Policy T1-Bucket T2-Bucket
Binding Policies to Tenants Web Application Tenant Identity Broker Identity Provider AWS cloud Identity resolved to AWS Security Token Services (STS) • Acquire token with tenant-scoped access • Leverage a temporary token • No need for separate AWS identity
Key Security & Isolation Considerations • Applying isolation may require a hybrid of AWS and application strategies • Avoid having separate IAM users for each tenant • Automate testing of isolation policies/strategy • Consider the scale, management, and automation impacts of managing access policies • Let IAM enforce your tenant level scoping
Applying Tenant Context Tenant Access Control Homepage Access Control Catalog Service Access Control Cart Service TenantContext { UserID: “bob@abc.com” Role: “Admin”, TenantID: “93194942” } JWT Token Authorization: Bearer<JWT> Authorization: Bearer<JWT> Authorization: Bearer<JWT> Access Control Auth ServiceTenant Service
SaaS Identity Flow Web Application Tenant Identity Broker Identity Provider Multi-Factor Authentication AWS cloud IAM Policy UserID: bob@abc.com TenantID: “93194942” Role: “Admin”
SaaS Identity Considerations • SaaS identity is bigger than authentication • Use identity broker pattern to decouple from identity providers • Leave the heavy lifting, risk, and innovation to someone else • Automate role and policy provisioning/management • Add tenant context to identity token to limit bottlenecks
Recap: Be Agile Elastic Container Services helps modernize applications in SOA. With DevOps and offloading identity, AWS services provide the agility needed in the SaaS world.
Takeaways • Modernize the app with SOA on ECS • DevOps with AWS Code* services for agility • Offload SaaS identity and focus on app innovation
THANK YOU

Recommended

Build on AWS: Optimizing and Scaling.
Build on AWS: Optimizing and Scaling. Build on AWS: Optimizing and Scaling.
Build on AWS: Optimizing and Scaling. Amazon Web Services
 
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesAmazon Web Services
 
Getting Started with Amazon EC2 Container Service
Getting Started with Amazon EC2 Container ServiceGetting Started with Amazon EC2 Container Service
Getting Started with Amazon EC2 Container ServiceAmazon Web Services
 
Devops on AWS
Devops on AWSDevops on AWS
Devops on AWSAWS Riyadh User Group
 
HSBC and AWS Day - Security Identity and Access Management
HSBC and AWS Day - Security Identity and Access ManagementHSBC and AWS Day - Security Identity and Access Management
HSBC and AWS Day - Security Identity and Access ManagementAmazon Web Services
 
Jumpstart Your Digital Journey
Jumpstart Your Digital JourneyJumpstart Your Digital Journey
Jumpstart Your Digital JourneyAmazon Web Services
 
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Amazon Web Services
 
Amazon Cloudfront
Amazon CloudfrontAmazon Cloudfront
Amazon CloudfrontAmazon Web Services
 

Recommended

Build on AWS: Optimizing and Scaling.
Build on AWS: Optimizing and Scaling. Build on AWS: Optimizing and Scaling.
Build on AWS: Optimizing and Scaling. Amazon Web Services
 
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesAmazon Web Services
 
Getting Started with Amazon EC2 Container Service
Getting Started with Amazon EC2 Container ServiceGetting Started with Amazon EC2 Container Service
Getting Started with Amazon EC2 Container ServiceAmazon Web Services
 
Devops on AWS
Devops on AWSDevops on AWS
Devops on AWSAWS Riyadh User Group
 
HSBC and AWS Day - Security Identity and Access Management
HSBC and AWS Day - Security Identity and Access ManagementHSBC and AWS Day - Security Identity and Access Management
HSBC and AWS Day - Security Identity and Access ManagementAmazon Web Services
 
Jumpstart Your Digital Journey
Jumpstart Your Digital JourneyJumpstart Your Digital Journey
Jumpstart Your Digital JourneyAmazon Web Services
 
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Amazon Web Services
 
Amazon Cloudfront
Amazon CloudfrontAmazon Cloudfront
Amazon CloudfrontAmazon Web Services
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWSAmazon Web Services
 
Best of re:Invent
Best of re:InventBest of re:Invent
Best of re:InventAmazon Web Services
 
AWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAmazon Web Services
 
Introduction to the Serverless Cloud
Introduction to the Serverless CloudIntroduction to the Serverless Cloud
Introduction to the Serverless CloudAmazon Web Services
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Amazon Web Services
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPTAmazon Web Services
 
The Best of re:invent 2016
The Best of re:invent 2016The Best of re:invent 2016
The Best of re:invent 2016Amazon Web Services
 
serverless_architecture_patterns_london_loft.pdf
serverless_architecture_patterns_london_loft.pdfserverless_architecture_patterns_london_loft.pdf
serverless_architecture_patterns_london_loft.pdfAmazon Web Services
 
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...Amazon Web Services
 
Sony MCS Cloud
Sony MCS CloudSony MCS Cloud
Sony MCS CloudAmazon Web Services
 
Microservizi e container Docker in produzione: strumenti e consigli
Microservizi e container Docker in produzione: strumenti e consigliMicroservizi e container Docker in produzione: strumenti e consigli
Microservizi e container Docker in produzione: strumenti e consigliAmazon Web Services
 
AWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification MasterclassAWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification MasterclassAmazon Web Services
 
Serverless - State Of the Union
Serverless - State Of the UnionServerless - State Of the Union
Serverless - State Of the UnionAmazon Web Services
 
GPSWKS409_GPS Accelerating Your Portfolio Migration to AWS Using AWS Migratio...
GPSWKS409_GPS Accelerating Your Portfolio Migration to AWS Using AWS Migratio...GPSWKS409_GPS Accelerating Your Portfolio Migration to AWS Using AWS Migratio...
GPSWKS409_GPS Accelerating Your Portfolio Migration to AWS Using AWS Migratio...Amazon Web Services
 
Systems Operations for Windows Workloads
Systems Operations for Windows WorkloadsSystems Operations for Windows Workloads
Systems Operations for Windows WorkloadsAmazon Web Services
 
Hands on Lab: Deploy .NET Code to AWS from Visual Studio - AWS Online Tech Talks
Hands on Lab: Deploy .NET Code to AWS from Visual Studio - AWS Online Tech TalksHands on Lab: Deploy .NET Code to AWS from Visual Studio - AWS Online Tech Talks
Hands on Lab: Deploy .NET Code to AWS from Visual Studio - AWS Online Tech TalksAmazon Web Services
 
Creative content storage in the AWS Cloud
Creative content storage in the AWS CloudCreative content storage in the AWS Cloud
Creative content storage in the AWS CloudAmazon Web Services
 
S/4HANA on AWS-SAPPHIRE NOW 2016
S/4HANA on AWS-SAPPHIRE NOW 2016S/4HANA on AWS-SAPPHIRE NOW 2016
S/4HANA on AWS-SAPPHIRE NOW 2016Amazon Web Services
 
Running Enterprise Workloads on AWS
Running Enterprise Workloads on AWSRunning Enterprise Workloads on AWS
Running Enterprise Workloads on AWSAmazon Web Services
 
GitHub Enterprise 及運用 Codedeploy 實現自動化
GitHub Enterprise 及運用 Codedeploy 實現自動化GitHub Enterprise 及運用 Codedeploy 實現自動化
GitHub Enterprise 及運用 Codedeploy 實現自動化Amazon Web Services
 
Continuous delivery and deployment on AWS
Continuous delivery and deployment on AWSContinuous delivery and deployment on AWS
Continuous delivery and deployment on AWSShiva Narayanaswamy
 
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...Amazon Web Services
 

More Related Content

What's hot

AWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAmazon Web Services
 
Introduction to the Serverless Cloud
Introduction to the Serverless CloudIntroduction to the Serverless Cloud
Introduction to the Serverless CloudAmazon Web Services
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Amazon Web Services
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPTAmazon Web Services
 
serverless_architecture_patterns_london_loft.pdf
serverless_architecture_patterns_london_loft.pdfserverless_architecture_patterns_london_loft.pdf
serverless_architecture_patterns_london_loft.pdfAmazon Web Services
 
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...Amazon Web Services
 
Microservizi e container Docker in produzione: strumenti e consigli
Microservizi e container Docker in produzione: strumenti e consigliMicroservizi e container Docker in produzione: strumenti e consigli
Microservizi e container Docker in produzione: strumenti e consigliAmazon Web Services
 
AWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification MasterclassAWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification MasterclassAmazon Web Services
 
GPSWKS409_GPS Accelerating Your Portfolio Migration to AWS Using AWS Migratio...
GPSWKS409_GPS Accelerating Your Portfolio Migration to AWS Using AWS Migratio...GPSWKS409_GPS Accelerating Your Portfolio Migration to AWS Using AWS Migratio...
GPSWKS409_GPS Accelerating Your Portfolio Migration to AWS Using AWS Migratio...Amazon Web Services
 
Systems Operations for Windows Workloads
Systems Operations for Windows WorkloadsSystems Operations for Windows Workloads
Systems Operations for Windows WorkloadsAmazon Web Services
 
Hands on Lab: Deploy .NET Code to AWS from Visual Studio - AWS Online Tech Talks
Hands on Lab: Deploy .NET Code to AWS from Visual Studio - AWS Online Tech TalksHands on Lab: Deploy .NET Code to AWS from Visual Studio - AWS Online Tech Talks
Hands on Lab: Deploy .NET Code to AWS from Visual Studio - AWS Online Tech TalksAmazon Web Services
 
Creative content storage in the AWS Cloud
Creative content storage in the AWS CloudCreative content storage in the AWS Cloud
Creative content storage in the AWS CloudAmazon Web Services
 
S/4HANA on AWS-SAPPHIRE NOW 2016
S/4HANA on AWS-SAPPHIRE NOW 2016S/4HANA on AWS-SAPPHIRE NOW 2016
S/4HANA on AWS-SAPPHIRE NOW 2016Amazon Web Services
 
Running Enterprise Workloads on AWS
Running Enterprise Workloads on AWSRunning Enterprise Workloads on AWS
Running Enterprise Workloads on AWSAmazon Web Services
 
GitHub Enterprise 及運用 Codedeploy 實現自動化
GitHub Enterprise 及運用 Codedeploy 實現自動化GitHub Enterprise 及運用 Codedeploy 實現自動化
GitHub Enterprise 及運用 Codedeploy 實現自動化Amazon Web Services
 

What's hot (20)

Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWS
 
Best of re:Invent
Best of re:InventBest of re:Invent
Best of re:Invent
 
AWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman Shakeel
 
Introduction to the Serverless Cloud
Introduction to the Serverless CloudIntroduction to the Serverless Cloud
Introduction to the Serverless Cloud
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT
 
The Best of re:invent 2016
The Best of re:invent 2016The Best of re:invent 2016
The Best of re:invent 2016
 
serverless_architecture_patterns_london_loft.pdf
serverless_architecture_patterns_london_loft.pdfserverless_architecture_patterns_london_loft.pdf
serverless_architecture_patterns_london_loft.pdf
 
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
Edge Services as a Critical AWS Infrastructure Component - August 2017 AWS On...
 
Sony MCS Cloud
Sony MCS CloudSony MCS Cloud
Sony MCS Cloud
 
Microservizi e container Docker in produzione: strumenti e consigli
Microservizi e container Docker in produzione: strumenti e consigliMicroservizi e container Docker in produzione: strumenti e consigli
Microservizi e container Docker in produzione: strumenti e consigli
 
AWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification MasterclassAWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification Masterclass
 
Serverless - State Of the Union
Serverless - State Of the UnionServerless - State Of the Union
Serverless - State Of the Union
 
GPSWKS409_GPS Accelerating Your Portfolio Migration to AWS Using AWS Migratio...
GPSWKS409_GPS Accelerating Your Portfolio Migration to AWS Using AWS Migratio...GPSWKS409_GPS Accelerating Your Portfolio Migration to AWS Using AWS Migratio...
GPSWKS409_GPS Accelerating Your Portfolio Migration to AWS Using AWS Migratio...
 
Systems Operations for Windows Workloads
Systems Operations for Windows WorkloadsSystems Operations for Windows Workloads
Systems Operations for Windows Workloads
 
Hands on Lab: Deploy .NET Code to AWS from Visual Studio - AWS Online Tech Talks
Hands on Lab: Deploy .NET Code to AWS from Visual Studio - AWS Online Tech TalksHands on Lab: Deploy .NET Code to AWS from Visual Studio - AWS Online Tech Talks
Hands on Lab: Deploy .NET Code to AWS from Visual Studio - AWS Online Tech Talks
 
Creative content storage in the AWS Cloud
Creative content storage in the AWS CloudCreative content storage in the AWS Cloud
Creative content storage in the AWS Cloud
 
S/4HANA on AWS-SAPPHIRE NOW 2016
S/4HANA on AWS-SAPPHIRE NOW 2016S/4HANA on AWS-SAPPHIRE NOW 2016
S/4HANA on AWS-SAPPHIRE NOW 2016
 
Running Enterprise Workloads on AWS
Running Enterprise Workloads on AWSRunning Enterprise Workloads on AWS
Running Enterprise Workloads on AWS
 
GitHub Enterprise 及運用 Codedeploy 實現自動化
GitHub Enterprise 及運用 Codedeploy 實現自動化GitHub Enterprise 及運用 Codedeploy 實現自動化
GitHub Enterprise 及運用 Codedeploy 實現自動化
 

Similar to Build on AWS: Delivering and Modernizing.

Continuous delivery and deployment on AWS
Continuous delivery and deployment on AWSContinuous delivery and deployment on AWS
Continuous delivery and deployment on AWSShiva Narayanaswamy
 
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...Amazon Web Services
 
AWS re:Invent 2016: Running Microservices on Amazon ECS (CON309)
AWS re:Invent 2016: Running Microservices on Amazon ECS (CON309)AWS re:Invent 2016: Running Microservices on Amazon ECS (CON309)
AWS re:Invent 2016: Running Microservices on Amazon ECS (CON309)Amazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016Amazon Web Services
 
HSBC and AWS Day - Microservices and Serverless
HSBC and AWS Day - Microservices and ServerlessHSBC and AWS Day - Microservices and Serverless
HSBC and AWS Day - Microservices and ServerlessAmazon Web Services
 
AWS Summit Singapore - More Containers, Less Operations
AWS Summit Singapore - More Containers, Less OperationsAWS Summit Singapore - More Containers, Less Operations
AWS Summit Singapore - More Containers, Less OperationsAmazon Web Services
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationAmazon Web Services
 
Microservices: Architecting for Innovation - Level 300
Microservices: Architecting for Innovation - Level 300Microservices: Architecting for Innovation - Level 300
Microservices: Architecting for Innovation - Level 300Amazon Web Services
 
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Amazon Web Services
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS SecurityAmazon Web Services
 
Introduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code ServicesIntroduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code ServicesAmazon Web Services
 
AWS Summit Singapore Webinar Edition | More Containers, Less Operations & Mig...
AWS Summit Singapore Webinar Edition | More Containers, Less Operations & Mig...AWS Summit Singapore Webinar Edition | More Containers, Less Operations & Mig...
AWS Summit Singapore Webinar Edition | More Containers, Less Operations & Mig...Amazon Web Services
 
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyPragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyAmazon Web Services
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial ServicesAmazon Web Services
 
Continuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWSContinuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWSAmazon Web Services
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineAmazon Web Services
 
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...Amazon Web Services
 

Similar to Build on AWS: Delivering and Modernizing. (20)

Continuous delivery and deployment on AWS
Continuous delivery and deployment on AWSContinuous delivery and deployment on AWS
Continuous delivery and deployment on AWS
 
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...
 
AWS re:Invent 2016: Running Microservices on Amazon ECS (CON309)
AWS re:Invent 2016: Running Microservices on Amazon ECS (CON309)AWS re:Invent 2016: Running Microservices on Amazon ECS (CON309)
AWS re:Invent 2016: Running Microservices on Amazon ECS (CON309)
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
 
HSBC and AWS Day - Microservices and Serverless
HSBC and AWS Day - Microservices and ServerlessHSBC and AWS Day - Microservices and Serverless
HSBC and AWS Day - Microservices and Serverless
 
AWS Summit Singapore - More Containers, Less Operations
AWS Summit Singapore - More Containers, Less OperationsAWS Summit Singapore - More Containers, Less Operations
AWS Summit Singapore - More Containers, Less Operations
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
 
Microservices: Architecting for Innovation - Level 300
Microservices: Architecting for Innovation - Level 300Microservices: Architecting for Innovation - Level 300
Microservices: Architecting for Innovation - Level 300
 
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
Introduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code ServicesIntroduction to DevOps and the AWS Code Services
Introduction to DevOps and the AWS Code Services
 
Managing Your Cloud Assets
Managing Your Cloud AssetsManaging Your Cloud Assets
Managing Your Cloud Assets
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
AWS Summit Singapore Webinar Edition | More Containers, Less Operations & Mig...
AWS Summit Singapore Webinar Edition | More Containers, Less Operations & Mig...AWS Summit Singapore Webinar Edition | More Containers, Less Operations & Mig...
AWS Summit Singapore Webinar Edition | More Containers, Less Operations & Mig...
 
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyPragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
Continuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWSContinuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWS
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security Baseline
 
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...
Managing Your Application Lifecycle on AWS: Continuous Integration and Deploy...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Build on AWS: Delivering and Modernizing.

  • 1. Build on AWS: Building & Modernizing Brent Maxwell Partner Solutions Architect, APAC, AWS
  • 2. Be Agile: SaaS Reference Architecture Landscape
  • 3. Modernising your applications • Go Service Oriented Architecture (& to microservices and beyond!) • Modernize with containers • Build with DevOps • Offload security considerations
  • 4. UI Shipping Service UIShipping UI Shipping Service Order UI User UI Order Service Service Order UI Order UI User UI Order ServiceOrder Service Service Service Service ServiceUser Service Scaling on monolithic vs SOA applications
  • 5. Characteristics of Service Oriented Architectures Do one thing wellIndependent Decentralized Black box Polyglot You build it, you run it
  • 6. Containers are Natural for SOA • Simple to model • Any app, any language • Image is the version • Test & deploy same artifact • Stateless servers decrease change risk
  • 7. Amazon ECS • Fully managed, elastic service – you don’t need to run anything, and the service scales as your microservices architecture grows • Shared state optimistic scheduling • Integration with Amazon CloudWatch for monitoring and logging • Integration with AWS DevOps services for continuous integration and delivery (CI/CD)
  • 8. Deploying Containers on ECS – Choose a Scheduler Batch Jobs (Monthly reporting, consolidated shipping) ECS task scheduler Run tasks once Batch jobs RunTask (random) StartTask (placed) Long-Running Apps (CRM web interface, content management module) ECS service scheduler Health management Scale-up and scale-down AZ aware Grouped containers
  • 9. Example Architecture on ECS Amazon ECR Amazon RDS Application Load Balancer ECS Cluster ECS Cluster IAM Amazon API Gateway* Amazon Route 53 Amazon CloudWatch
  • 10. Automatic Service Scaling Publish metrics Auto Scaling ECS service Availability Zone A Availability Zone B Order Module Add/Remove ECS tasks Order Module ReportingScaling Policies Amazon CloudWatch Amazon ECS Application Load Balancer
  • 11. Blue-Green Deployments TaskTask Route 53 record set with weighted routing policy 0% 100%
  • 12. Service Discovery with Route 53 and Application Load Balancers Application Load Balancer i-aaa i-bbb i-ccc i-aaa i-bbb i-ccc oAuth Target Group 8080 8081 Portal Target Group Reporting Target Group 8090 8001 8002 8080 Amazon Route 53 ECS Cluster PandaCRM.com PandaCRM.com PandaCRM.com/report PandaCRM.com/order
  • 14. The DevOps Stack Continuous Deployment Delivery Pipelines Deployment Automation Continuous Integration Automated Testing Configuration Management Agile Communication
  • 15. DevOps Practices • Infrastructure as code • Application and Infrastructure version management • Test Automation • Monitoring and logging • Continuous Integration/Deployment
  • 16. Release processes levels Source Build Test Production Continuous integration Continuous delivery Continuous deployment
  • 17. DevOps Stack on AWS 17 MonitorProvisionDeployTestBuildCode AWS Elastic Beanstalk CloudWatchCloudFormationCodeDeploy CodeCommit CodePipeline AWS Opsworks AWS Elastic Container Service CodeBuild
  • 18. Where do I go from here? • Collect Metrics. Graph anything that moves • Log everything, Centralize logging, Log Analytics • Infrastructure as Code • Automated configuration management • One click environment creation • CI-CD pipelines • Automated testing
  • 19. We have a strong partner list, and it’s growing Source Build Test Deploy *beta
  • 20. Continuous Deployment AWS CodeCommit AWS CodePipeline AWS CodeBuild Amazon ECR Amazon ECS instance Spot Instance AWS CloudFormation 1. Commit Code 2. Trigger Pipeline 3.Build Artifact 5.Update Stack 6. Update Service 4. Push Image
  • 22. Beyond the Front Door Injecting Tenant Context Security & Isolation Tenant Access Roles Tenant Provisioning
  • 23. First, We Need A Tenant New Tenant On-Boarding Tenant Identity Broker Identity Provider Tenant Management Billing • User: bob@abc.com • TenantID: 491048735 • TenantID: 491048735 • Domain: abc.pandacrm.com • Tier: Platinum • Status: Active Domain Provisioning SSL Certificate IAM Policy
  • 24. Key Tenant Provisioning Considerations • Find a seamless model for binding tenant to identities • Consider fault tolerance for 3rd Party integrations • Need to factor in tenant lifecycle management • Allow for tenant level variation in identity policies • Let identity providers do the heavy lifting • Lean on automation and repeatability
  • 25. Identity & Isolation: Many Levels, One Goal Full Stack Isolation Web Tier App Tier Tenant 1 Web Tier App Tier Tenant 2 Resource-Level Isolation Tenant 1 Tenant 2 Tenant 1 Tenant 2 Tenant 1 Tenant 2 Application-Level Isolation Tenant1 Tenant2 Tenant1 Tenant2 Tenant1 Tenant3 Key
  • 26. IAM Policies Scope Tenant Access Web Tier App Tier Tenant1 Access Policy CustomerTable Tenant2 Access Policy T1-Bucket T2-Bucket
  • 27. Binding Policies to Tenants Web Application Tenant Identity Broker Identity Provider AWS cloud Identity resolved to AWS Security Token Services (STS) • Acquire token with tenant-scoped access • Leverage a temporary token • No need for separate AWS identity
  • 28. Key Security & Isolation Considerations • Applying isolation may require a hybrid of AWS and application strategies • Avoid having separate IAM users for each tenant • Automate testing of isolation policies/strategy • Consider the scale, management, and automation impacts of managing access policies • Let IAM enforce your tenant level scoping
  • 29. Applying Tenant Context Tenant Access Control Homepage Access Control Catalog Service Access Control Cart Service TenantContext { UserID: “bob@abc.com” Role: “Admin”, TenantID: “93194942” } JWT Token Authorization: Bearer<JWT> Authorization: Bearer<JWT> Authorization: Bearer<JWT> Access Control Auth ServiceTenant Service
  • 30. SaaS Identity Flow Web Application Tenant Identity Broker Identity Provider Multi-Factor Authentication AWS cloud IAM Policy UserID: bob@abc.com TenantID: “93194942” Role: “Admin”
  • 31. SaaS Identity Considerations • SaaS identity is bigger than authentication • Use identity broker pattern to decouple from identity providers • Leave the heavy lifting, risk, and innovation to someone else • Automate role and policy provisioning/management • Add tenant context to identity token to limit bottlenecks
  • 32. Recap: Be Agile Elastic Container Services helps modernize applications in SOA. With DevOps and offloading identity, AWS services provide the agility needed in the SaaS world.
  • 33. Takeaways • Modernize the app with SOA on ECS • DevOps with AWS Code* services for agility • Offload SaaS identity and focus on app innovation