Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on Amazon Web Services

1. Tom Jones Solution Architect, Amazon Web Services Developing and Deploying Secure, Scalable Applications on Amazon Web Services

2. Services Scale Security Development Introduction Solution Architect, Amazon Web Services Tom Jones

3. TechnologyPartners Consulting Partners AWS MarketplaceEcosystem Elastic Beanstalk OpsWorks CloudFormation Deployment & Management Administration & Security IAM CloudWatch CloudTrailAPIs and SDKsManagement Console Command Line Interface Direct Connect Route 53VPC Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSQS CloudSearchSESAppStream Application Services CloudFrontS3 EBS Glacier DynamoDB ElastiCache Storage & Content DeliveryCompute Databases RDSElastic Load BalancerEC2 Auto Scaling Virtual Server Load Balancer Automatic Elasticity Object Storage Block Storage Archive Storage CDN RDB NoSQL Caching Isolated Cloud Resources Dedicated Network DNS Hadoop Framework PB scale DW Real-time Date stream Data-Driven Workflow Elastic Transcoder Queueing Workflow App Streaming Transcoding Emailing Search Administration Access Control Monitoring Log Tracking Application Container Resource Management Resource Template Development Commend Support Professional Services Training Certification AWS provides broad & deep services

4. Amazon S3 Highly durable object storage for all types of data Internet-scale storage Grow without limits Built-in redundancy Designed for 99.999999999% durability Flexibility & Reliability • Pay as you go • No upfront investment No commitment • No risky capacity planning • No need to provision for redundancy or overhead

5. Compute Services Elastic Compute Cloud (EC2) c3.8xlarge g2.medium m3.large Basic unit of compute capacity, virtualmachines Range of CPU, memory & local disk options Choice of instance types, frommicro to cluster compute

6. Auto Scaling Automatic re-sizing of compute clusters based upon demand and policies

7. AWS Global Scale

8. AWS Availability Zones (AZ) AZ A AZ B AZ C Sample Region

9. AWS Global Scale

10. 2009 48 280 722 82 2011 2013 2015 AWS Pace of Innovation

11. Strengthen your security posture Get native functionality and tools Over 30 global compliance certifications and accreditations Leverage security enhancements gleaned from 1M+ customer experiences Benefit from AWS industry leading security teams 24/7, 365 days a year Security infrastructure built to satisfy military, global banks, and other high-sensitivity organizations

12. Focus on your core mission Lower the time spent on infrastructure Dedicate more resources to innovation Concentrate on new business initiatives “Our goal is to move at the speed of business. Our customers’ needs change constantly, and we need to be able to adapt to that.” Keith Homewood – Cloud Product Owner, Nordstrom

13. Developing and Deploying Secure, Scalable Applications

14. MonitorProvisionDeployTestBuildCode Elastic Beanstalk OpsWorks Cloud Watch Cloud Formation Code Deploy Code Commit Code Pipeline AWS DevOps Services

15. AWS CodeCommit git pull/push CodeCommit Git objects in Amazon S3 Git index in Amazon DynamoDB Encryption key in AWS KMS SSH or HTTPS Secure, scalable, and managed Git source control

16. Source control in the cloud Secure Fully managed High availability Store anything

17. $ git clone https://git-codecommit.us- east-1.amazonaws.com/v1/repos/aws-cli Cloning into 'aws-cli'... Receiving objects: 100% (16032/16032), 5.55 MiB | 1.25 MiB/s, done. Resolving deltas: 100% (9900/9900), done. Checking connectivity... done. $

18. AWS CodePipeline Continuous delivery and release automation Build 1) Build 2) Unit test 1) Deploy 2) UI test Source Beta Production 1) Deploy 2) Perf test Gamma 1) Deploy canary 2) Deploy region 1 3) Deploy region 2 1) Pull

19. AWS CodePipeline

20. AWS Code partners

21. AWS CodeDeploy Application Deployment to any target AWS CodeDeploy is a service that automates code deployments to any instance

22. appspec.yml version: 0.0 os: linux files: - source: / destination: /var/www/html permissions: - object: /var/www/html pattern: “*.html” owner: root group: root mode: 755

23. *Gray events are non-scriptable Lifecycle Hooks

24. Choose deployment speed & group v2 v2 v2 v2 v2 v2 one at a time half at a time all at once v2 v2 v2 v1 v1 v1 v2 v1 v1 v1 v1 v1 Agent Agent Dev Deployment group OR Prod Deploymentgroup Agent AgentAgent Agent Agent Agent

25. Deploy!

26. Deploy! aws deploy create-deployment --application-name MyApp --deployment-group-name TargetGroup --s3-location bucket=MyBucket,key=MyApp.zip

27. allOfThis == $Code https://secure.flickr.com/photos/wscullin/3770015991

28. AWS Cloudformation “AWS CloudFormation provides an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.” Infrastructure as code & resource provisioning

29. Template CloudFormation Stack JSON formatted file Parameterdefinition Resource creation Configuration actions Configured AWS services Comprehensiveservice support Serviceeventaware Customizable Framework Stack creation Stack updates Error detectionand rollback CloudFormation – Components & Technology

30. Demo

31. AWS Elastic Beanstalk Focus on your code

32. Information required to deploy application 01 02 03 04 Region Stack (container) type Single Instance Load Balanced with auto-scaling OR Database (RDS) Optional Your code Supported Platforms

33. Security Services and Features

34. Shared security responsibility

35. Security Shared Responsibility Model AWS is responsible for the security OF the cloud AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations

36. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-sideData Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers AWSSharedResponsibilityModel Customers are responsible for their security and compliance IN the Cloud AWS is responsible for the security OF the Cloud

37. Conf igCloudTrail Compliance Service Catalog IdentityEncryptionNetworking IA M A ctive Directory Integration Key Management Service CloudHSM SERVER-SIDE ENCRYPTION Virtual Private Cloud Web Application FIREWA LL SAML Federation

38. VPC Public Subnet 10.10.1.0/24 VPC Public Subnet 10.10.2.0/24 VPC CIDR 10.10.0.0/16 VPC Private Subnet 10.10.3.0/24 VPC Private Subnet 10.10.4.0/24 VPC Private Subnet 10.10.5.0/24 VPC Private Subnet 10.10.6.0/24 AZ A AZ B Public ELB Internal ELB RDS Master Autoscaling Web Tier Autoscaling Application Tier Internet Gateway RDS Standby Snapshots Multi-AZ RDS Data Tier Existing Datacenter Virtual Private Gateway Customer Gateway VPN Connection Direct Connect Network Partner Location Administrators & Corporate Users Amazon Virtual Private Cloud

39. Availability Zone A Private subnet Public subnet Private subnet Availability Zone B Public subnet Private subnet ELB Web Back end VPC CIDR 10.1.0.0/16 ELB Web Back end VPC sg_ELB_FrontEnd (ELB Security Group) sg_Web_Frontend (Web Security Group) Security Groups sg_Backend (Backend Security Group)

40. Cryptographic Services Amazon CloudHSM  Deep integration with AWS Services  CloudTrail  AWS SDK for application encryption  Dedicated HSM  Integrate with on-premises HSMs  Hybrid Architectures AWS KMS

41. AWS regions are geographically isolated by design Customer chooses where to place data Data is not replicated to other AWS regions and doesn’t move unless you choose to move it Data Locality

42. AWS Identity & Access Management IAM Users IAM Groups IAM Roles IAM Policies

43. AWS Certifications and Attestations aws.amazon.com/compliance

44. What this means You benefit from an environment built for the most security sensitive organizations AWS manages 1,800+ security controls so you don’t have to You always have full ownership and control of your data You get to define the right security controls for your workload sensitivity

45. Getting Started https://aws.amazon.com

46. Interacting with AWS: Management Console

47. Interacting with AWS: SDKs Ruby iOS Python (boto) Android Node.js AWS Toolkit for Visual Studio .NET AWS Toolkit for Eclipse PHP AWS Tools for Windows PowerShell AWS Simple Icons:SDKs AWS CLI JavaScriptJava Xamarin

48. Interacting with AWS:AWSCLI aws ec2 describe-instances aws ec2 start-instances –instance-ids <value> aws ec2 stop-instances –instance-ids <value> aws s3 cp object.file s3://mybucket/object.file aws s3 sync s3://mybucket ./localfolder/

49. AWS and Autodesk

50. Lots of stuffAWS Services are tools https://flic.kr/p/c4QJzC

51. Forge.Autodesk.com @AutodeskForge Autodesk and Amazon Web Services

52. We are here to help • Online tutorials • Training classes • Certifications • AWS Summits • Santa Clara: July 12-13 • NYC Summit: August 10-11 • AWS re:Invent: November28 – December 2, 2016

53. AWS Pop-up Loft http://aws.amazon.com/start-ups/loft/sf-loft/ 925 Market Street, San Francisco, CA Open Monday - Friday, 10:00am - 6:00pm.

54. Example Applications Elastic Beanstalk: http://amzn.to/1pyLzDH Code Pipeline + Code Deploy: http://amzn.to/1SzT3h0

55. ? https://secure.flickr.com/photos/dullhunk/202872717/

56. Forge.Autodesk.com @AutodeskForge Contact Us AWS.Amazon.com @awscloud

57. Thank you!