Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS Tips for LAUNCHing Your Infrastructure in the Cloud


Published on

AWS Solutions Architect Chris Munns presented at the LAUNCH Festival. Thousands of startups attended the LAUNCH Festival in San Francisco, CA to launch their company and learn about building great startups.

Published in: Technology

AWS Tips for LAUNCHing Your Infrastructure in the Cloud

  1. 1. AWS Tips for LAUNCHing Your Infrastructure in the Cloud
  2. 2. Y-Hack 2013
  3. 3. LAUNCH Festival 2014 Chris Munns - @chrismunns Amazon Web Services Solutions Architect New Yorker Formerly Senior Operations @Etsy & @Meetup Little time at a Hedgefund and Xerox Rochester Institute of Technology: Applied Networking and Systems Administration ‘05 – Internet Geek – – – – –
  4. 4. What is AWS?
  5. 5.
  6. 6. What is AWS? Deployment & Administration Application Services Compute Storage Networking AWS Global Infrastructure Database
  7. 7. Regions US-WEST (Oregon) EU-WEST (Ireland) AWS GovCloud (US) ASIA PAC (Tokyo) US-EAST (Virginia) ASIA PAC (Sydney) US-WEST (N. California) SOUTH AMERICA (Sao Paulo) ASIA PAC (Singapore)
  8. 8. Availability Zones US-WEST (Oregon) EU-WEST (Ireland) AWS GovCloud (US) ASIA PAC (Tokyo) US-EAST (Virginia) ASIA PAC (Sydney) US-WEST (N. California) SOUTH AMERICA (Sao Paulo) ASIA PAC (Singapore)
  9. 9. Edge Locations
  10. 10. AWS OpsWorks Amazon SNS Amazon SES Amazon CloudSearch Amazon SWF Amazon SQS Amazon Amazon Elastic AWS AWS IAM CloudWatch Beanstalk CloudFormation Deployment & Administration Amazon EMR Amazon Elastic Transcoder Storage & Content Delivery Amazon Route 53 Database Amazon VPC AWS Direct Connect Amazon RDS Amazon DynamoDB Amazon RedShift Networking Amazon Kinesis Amazon ElastiCache App Services Compute Amazon EC2 AWS AWS Data CloudTrail Pipeline AWS Global Infrastructure Amazon S3 Amazon CloudFront AWS Storage Gateway Amazon Glacier
  11. 11. 4 Easy & Basic Areas to Focus • Security • Performance • Fault Tolerance and Scale • Cost
  12. 12. SECURITY
  13. 13. AWS Multi-Factor Authentication Helps prevent anyone with unauthorized knowledge of your email address and password from impersonating you • Integrated into – AWS Management Console – Key pages on the AWS Portal • Forums, Support Center, and Account/Usage Activity pages – S3 (Secure Delete) • Virtual MFA – App for Android – Google Authenticator (iOS, Android, and Blackberry)
  14. 14. Temporary Security Credentials (sessions) • Temporary security credentials containing    Identity for authentication Access Policy to control permissions Configurable Expiration (1 – 36 hours) • Supports   AWS Identities (including IAM Users) Federated Identities (users customers authenticate) • Scales to millions of users – No need to create an IAM identity for every user • Use Cases    Identity Federation to AWS APIs Mobile and browser-based applications Consumer applications with unlimited users
  15. 15. AWS Identity and Access Management (IAM) • • • • • • • • • Users and Groups within Accounts Roles for EC2 instances Unique security credentials • Access keys • Login/Password • optional MFA device Policies control access to AWS APIs Policies to restrict access to resources based on tags and other identifiers (subnet, class, AMI) API calls must be signed Deep integration into some Services • S3: policies on objects and buckets • Fine-Grained Access Control for DynamoDB AWS Management Console supports User log on Not for Operating Systems or Applications • use LDAP, Active Directory/ADFS, etc...
  16. 16. Multi-tier Security Approach Example Web Tier Application Tier Database Tier Ports 80 and 443 only open to the Internet Engineering staff have ssh access to the App Tier, which acts as Bastion Sync with on-premises database Amazon EC2 Security Group Firewall All other Internet ports blocked by default
  18. 18. Choose the right instance type • Over 25 instance types: • High CPU • High Memory • High Storage • High I/O • Bigger isn’t always better! • Going Horizontal isn’t always better either! • Don’t go with the cheapest instances because its cheapest. This laptop is several times more powerful than an m1.small
  19. 19. Choose the right storage
  20. 20. Choose the right storage 2 types of EC2 storage on AWS: • Local(ephemeral/instance based) – Regular disk – SSD • EBS – Standard – PIOPs
  21. 21. Choose the right storage 2 types of EC2 storage on AWS: • Local(ephemeral/instance based) – Not Persistent – RAID for increased performance • EBS – – – – Persistent Snapshots Flexible size/performance tuned by you RAID for increased performance
  22. 22. Choose the right storage 2 types of EC2 storage on AWS: • Local(ephemeral/instance based) – Local app/OS data – Database data that is highly replicated • EBS – Database data less replicated – Important data for your apps
  23. 23. Amazon Simple Storage Service • • • • Object based storage for the web 11 9s of durability Good for things like: – Static assets ( css, js, images, videos ) – Backups – Logs – Ingest of files for processing “Infinitely scalable” 5 • • • • • • • Supports fine grained permission control Ties in well with CloudFront Ties in with EMR Acts as a logging endpoint for S3/CloudFront/Billing Supports Encryption at transit and at rest Reduced Redundancy 1/3 cheaper Glacier for super long term storage 3
  24. 24. Monitoring Performance
  25. 25. Measuring Performance
  26. 26. Use a CDN! CDN for Static CDN for Static & Content No CDN Dynamic Content • Server Load Response Time Server Load Response Time Server Load • • • • • • • Cache static content at the edge for faster delivery Helps lower load on origin infrastructure Dynamic and Static Content Streaming Video Zone Apex support Custom SSL certificates Low TTLs ( as short as 0 seconds ) Lower costs for origin fetches ( between S3/EC2 and CloudFront ) Optimized to work with EC2, S3, ELB, and Route53 Volume of Data Delivered (Gbps) • Response Time Amazon CloudFront is a web service for scalable content delivery. 80 70 60 50 40 30 20 10 0 8:00 AM 9:00 AM 10:00 11:00 12:00 AM AM PM 1:00 PM 2:00 PM 3:00 PM 4:00 PM 5:00 PM 6:00 PM 7:00 PM 8:00 PM 9:00 PM
  28. 28. Spot the Difference?
  30. 30. Your instances: Pets vs. Cattle vs.
  31. 31. MOOOO IM AN INSTANCE • No “pet” infrastructure, aka resources you’d be heartbroken if they went away • Infrastructure should be tolerable of handling failed/lost components • Have no “golden eggs” • 2+ of EVERYTHING • Automate bootstrapping + deployment • Make this painless and notification-less for your team MOOOOOOOOOOOOO….
  32. 32. Typical weekly traffic to Sunday Monday Tuesday Wednesday Thursday Friday Saturday
  33. 33. Typical weekly traffic to Provisioned capacity Sunday Monday Tuesday Wednesday Thursday Friday Saturday
  34. 34. November traffic to November
  35. 35. November traffic to Provisioned capacity November
  36. 36. November traffic to 76% Provisioned capacity November 24%
  37. 37. November traffic to November
  38. 38. Auto-Scaling lets you do this!
  39. 39. Auto-Scaling Trigger auto-scaling policy Amazon CloudWatch Automatic resizing of compute clusters based on demand Feature Details Control Define minimum and maximum instance pool sizes and when scaling and cool down occurs. Integrated to Amazon CloudWatch Use metrics gathered by CloudWatch to drive scaling. Instance types Run Auto Scaling for On-Demand and Spot Instances. Compatible with VPC. aws autoscaling create-auto-scaling-group --auto-scaling-group-name MyGroup --launch-configuration-name MyConfig --min-size 4 --max-size 200 --availability-zones us-west-2c
  40. 40. Leverage Elastic Load Balancing Feature Available Details Load balance across instances in multiple Availability Zones Health checks Automatically checks health of instances and takes them in or out of service Session stickiness Route requests to the same instance Elastic Load Balancer • Create highly scalable applications • Secure sockets layer Distribute load across EC2 instances in multiple availability zones • Little to no administration necessary • Automatically attach instances on bootup via API or via Auto-Scaling Monitoring Supports SSL offload from web and application servers with flexible cipher support Publishes metrics to CloudWatch
  41. 41. COST
  42. 42. Understand Cost Models Amazon EC2 Amazo n EMR • On Demand • Reserved Instances • Spot Amazon Amazon Amazon ElastiCache RedShift RDS Amazon CloudFront • Price Classes Amazon S3 • Standard • Reduced Redundancy • Glacier* Amazon DynamoDB • Provisioned Capacity • Reserved Capacity • On Demand • Reserved Instances *Glacier isn’t a pricing model for S3, but another service part of the Storage family of services
  43. 43.
  44. 44.
  45. 45. Billing Alerts
  46. 46. Turn things Off! • Unused and forgotten EC2 instances • Shrink disk space if you don’t need it now • Auto-Scaling to shrink tiers during lower traffic periods • Dev/Test environments during nights • Use smaller instances if resource usage is always low (see CloudWatch data)
  47. 47. Business Support starts at 100$/month
  48. 48. ?