Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on Amazon Web Services

Tom Jones, Solution Architect at Amazon Web Services leads a 60-minute tour through everything you need to know to develop, deploy and operate your first secure applications and services on AWS.

  • Login to see the comments

  • Be the first to like this

Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on Amazon Web Services

  1. 1. Tom Jones Solution Architect, Amazon Web Services Developing and Deploying Secure, Scalable Applications on Amazon Web Services
  2. 2. Services Scale Security Development Introduction Solution Architect, Amazon Web Services Tom Jones
  3. 3. TechnologyPartners Consulting Partners AWS MarketplaceEcosystem Elastic Beanstalk OpsWorks CloudFormation Deployment & Management Administration & Security IAM CloudWatch CloudTrailAPIs and SDKsManagement Console Command Line Interface Direct Connect Route 53VPC Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSQS CloudSearchSESAppStream Application Services CloudFrontS3 EBS Glacier DynamoDB ElastiCache Storage & Content DeliveryCompute Databases RDSElastic Load BalancerEC2 Auto Scaling Virtual Server Load Balancer Automatic Elasticity Object Storage Block Storage Archive Storage CDN RDB NoSQL Caching Isolated Cloud Resources Dedicated Network DNS Hadoop Framework PB scale DW Real-time Date stream Data-Driven Workflow Elastic Transcoder Queueing Workflow App Streaming Transcoding Emailing Search Administration Access Control Monitoring Log Tracking Application Container Resource Management Resource Template Development Commend Support Professional Services Training Certification AWS provides broad & deep services
  4. 4. Amazon S3 Highly durable object storage for all types of data Internet-scale storage Grow without limits Built-in redundancy Designed for 99.999999999% durability Flexibility & Reliability • Pay as you go • No upfront investment No commitment • No risky capacity planning • No need to provision for redundancy or overhead
  5. 5. Compute Services Elastic Compute Cloud (EC2) c3.8xlarge g2.medium m3.large Basic unit of compute capacity, virtualmachines Range of CPU, memory & local disk options Choice of instance types, frommicro to cluster compute
  6. 6. Auto Scaling Automatic re-sizing of compute clusters based upon demand and policies
  7. 7. AWS Global Scale
  8. 8. AWS Availability Zones (AZ) AZ A AZ B AZ C Sample Region
  9. 9. AWS Global Scale
  10. 10. 2009 48 280 722 82 2011 2013 2015 AWS Pace of Innovation
  11. 11. Strengthen your security posture Get native functionality and tools Over 30 global compliance certifications and accreditations Leverage security enhancements gleaned from 1M+ customer experiences Benefit from AWS industry leading security teams 24/7, 365 days a year Security infrastructure built to satisfy military, global banks, and other high-sensitivity organizations
  12. 12. Focus on your core mission Lower the time spent on infrastructure Dedicate more resources to innovation Concentrate on new business initiatives “Our goal is to move at the speed of business. Our customers’ needs change constantly, and we need to be able to adapt to that.” Keith Homewood – Cloud Product Owner, Nordstrom
  13. 13. Developing and Deploying Secure, Scalable Applications
  14. 14. MonitorProvisionDeployTestBuildCode Elastic Beanstalk OpsWorks Cloud Watch Cloud Formation Code Deploy Code Commit Code Pipeline AWS DevOps Services
  15. 15. AWS CodeCommit git pull/push CodeCommit Git objects in Amazon S3 Git index in Amazon DynamoDB Encryption key in AWS KMS SSH or HTTPS Secure, scalable, and managed Git source control
  16. 16. Source control in the cloud Secure Fully managed High availability Store anything
  17. 17. $ git clone Cloning into 'aws-cli'... Receiving objects: 100% (16032/16032), 5.55 MiB | 1.25 MiB/s, done. Resolving deltas: 100% (9900/9900), done. Checking connectivity... done. $
  18. 18. AWS CodePipeline Continuous delivery and release automation Build 1) Build 2) Unit test 1) Deploy 2) UI test Source Beta Production 1) Deploy 2) Perf test Gamma 1) Deploy canary 2) Deploy region 1 3) Deploy region 2 1) Pull
  19. 19. AWS CodePipeline
  20. 20. AWS Code partners
  21. 21. AWS CodeDeploy Application Deployment to any target AWS CodeDeploy is a service that automates code deployments to any instance
  22. 22. appspec.yml version: 0.0 os: linux files: - source: / destination: /var/www/html permissions: - object: /var/www/html pattern: “*.html” owner: root group: root mode: 755
  23. 23. *Gray events are non-scriptable Lifecycle Hooks
  24. 24. Choose deployment speed & group v2 v2 v2 v2 v2 v2 one at a time half at a time all at once v2 v2 v2 v1 v1 v1 v2 v1 v1 v1 v1 v1 Agent Agent Dev Deployment group OR Prod Deploymentgroup Agent AgentAgent Agent Agent Agent
  25. 25. Deploy!
  26. 26. Deploy! aws deploy create-deployment --application-name MyApp --deployment-group-name TargetGroup --s3-location bucket=MyBucket,
  27. 27. allOfThis == $Code
  28. 28. AWS Cloudformation “AWS CloudFormation provides an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.” Infrastructure as code & resource provisioning
  29. 29. Template CloudFormation Stack JSON formatted file Parameterdefinition Resource creation Configuration actions Configured AWS services Comprehensiveservice support Serviceeventaware Customizable Framework Stack creation Stack updates Error detectionand rollback CloudFormation – Components & Technology
  30. 30. Demo
  31. 31. AWS Elastic Beanstalk Focus on your code
  32. 32. Information required to deploy application 01 02 03 04 Region Stack (container) type Single Instance Load Balanced with auto-scaling OR Database (RDS) Optional Your code Supported Platforms
  33. 33. Security Services and Features
  34. 34. Shared security responsibility
  35. 35. Security Shared Responsibility Model AWS is responsible for the security OF the cloud AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations
  36. 36. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-sideData Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers AWSSharedResponsibilityModel Customers are responsible for their security and compliance IN the Cloud AWS is responsible for the security OF the Cloud
  37. 37. Conf igCloudTrail Compliance Service Catalog IdentityEncryptionNetworking IA M A ctive Directory Integration Key Management Service CloudHSM SERVER-SIDE ENCRYPTION Virtual Private Cloud Web Application FIREWA LL SAML Federation
  38. 38. VPC Public Subnet VPC Public Subnet VPC CIDR VPC Private Subnet VPC Private Subnet VPC Private Subnet VPC Private Subnet AZ A AZ B Public ELB Internal ELB RDS Master Autoscaling Web Tier Autoscaling Application Tier Internet Gateway RDS Standby Snapshots Multi-AZ RDS Data Tier Existing Datacenter Virtual Private Gateway Customer Gateway VPN Connection Direct Connect Network Partner Location Administrators & Corporate Users Amazon Virtual Private Cloud
  39. 39. Availability Zone A Private subnet Public subnet Private subnet Availability Zone B Public subnet Private subnet ELB Web Back end VPC CIDR ELB Web Back end VPC sg_ELB_FrontEnd (ELB Security Group) sg_Web_Frontend (Web Security Group) Security Groups sg_Backend (Backend Security Group)
  40. 40. Cryptographic Services Amazon CloudHSM  Deep integration with AWS Services  CloudTrail  AWS SDK for application encryption  Dedicated HSM  Integrate with on-premises HSMs  Hybrid Architectures AWS KMS
  41. 41. AWS regions are geographically isolated by design Customer chooses where to place data Data is not replicated to other AWS regions and doesn’t move unless you choose to move it Data Locality
  42. 42. AWS Identity & Access Management IAM Users IAM Groups IAM Roles IAM Policies
  43. 43. AWS Certifications and Attestations
  44. 44. What this means You benefit from an environment built for the most security sensitive organizations AWS manages 1,800+ security controls so you don’t have to You always have full ownership and control of your data You get to define the right security controls for your workload sensitivity
  45. 45. Getting Started
  46. 46. Interacting with AWS: Management Console
  47. 47. Interacting with AWS: SDKs Ruby iOS Python (boto) Android Node.js AWS Toolkit for Visual Studio .NET AWS Toolkit for Eclipse PHP AWS Tools for Windows PowerShell AWS Simple Icons:SDKs AWS CLI JavaScriptJava Xamarin
  48. 48. Interacting with AWS:AWSCLI aws ec2 describe-instances aws ec2 start-instances –instance-ids <value> aws ec2 stop-instances –instance-ids <value> aws s3 cp object.file s3://mybucket/object.file aws s3 sync s3://mybucket ./localfolder/
  49. 49. AWS and Autodesk
  50. 50. Lots of stuffAWS Services are tools
  51. 51. @AutodeskForge Autodesk and Amazon Web Services
  52. 52. We are here to help • Online tutorials • Training classes • Certifications • AWS Summits • Santa Clara: July 12-13 • NYC Summit: August 10-11 • AWS re:Invent: November28 – December 2, 2016
  53. 53. AWS Pop-up Loft 925 Market Street, San Francisco, CA Open Monday - Friday, 10:00am - 6:00pm.
  54. 54. Example Applications Elastic Beanstalk: Code Pipeline + Code Deploy:
  55. 55. ?
  56. 56. @AutodeskForge Contact Us @awscloud
  57. 57. Thank you!