3. What are we going to talk about?
• Overview
• Characteristics of older AWS deployments
• Enhancements to existing AWS services
• New AWS services
• Commonly overlooked AWS services
• Conclusion
4. EC2 Classic
• EC2-Classic
– Original Network configuration available on AWS
– Has since been augmented by VPC
• With VPC you get the ability to:
– Assign static private IP addresses to your instances that persist across starts and
stops
– Assign multiple IP addresses to your instances
– Define network interfaces, and attach one or more network interfaces to your
instances
– Change security group membership for your instances while they're running
– Control the outbound traffic from your instances (egress filtering) in addition to
controlling the inbound traffic to them (ingress filtering)
– Add an additional layer of access control to your instances in the form of network
access control lists (ACL)
– Run your instances on single-tenant hardware
– Launch newer instance types
– Better integrate with Abstracted/Managed services (RDS, for example)
– More performant network capabilities
5. First Generation Instance Types
• First Generation Instance Types
– Original Instance Types offered on AWS
– Have since been augmented by Newer Generation Instance
Types
• With newer generation instances you get:
– Support in all AWS Regions
– Lower price point (cost per CPU, cost per GB RAM)
– Specific, known processor families (and direct access to their
features)
– More performant network capabilities
6. Magnetic Storage
• Magnetic Storage
– Original persistent Block Storage offered on AWS
– Has since been augmented by General Purpose SSD or
Provisioned IOPS SSD
– Variable IOPS (40-200) at half the cost – good for cheap but
slow block storage
– Consider replacing in favor of General Purpose SSD – good for
all around block storage
7. Para-Virtualized, Instance-Store and 32 Bit Instances
• Para-virtualized Instances
– Original virtualization option offered on AWS
– Has since been augmented by Hardware Virtualized Instances
– Not supported in all AWS Regions
– Does not offer SR-IOV (network performance) capabilities
• Instance-Store Instances
– Source is S3, runs from local instance (ephemeral) storage
• 32 Bit AMIs
– Newer AWS Regions no longer offer support for 32 Bit AMIs
8. Are you using the full stack of AWS services?
• Route53 (DNS) – feature rich
• CloudFront (Content Delivery Network)
• S3 (Object Storage, ideal for Static Content) – 3 flavors
• ELB (Load Balancing)
• ASG (Auto Scaling)
• EC2 (Virtual Servers)
• RDS (Managed Database) – numerous flavors
• ElastiCache (Managed Cache)
• SES (SMTP Gateway)
9. What are you doing for automation?
• CloudFormation
– Automation of AWS components
– Reference Architectures/Marketplace are a great place to start
• Elastic Beanstalk
– Automation of application deployments
• OpsWorks
– Automation of AWS components and Configuration Management
on the OS layer and above
10. What are you doing for high availability/disaster recovery?
• Consider how people and things connect to you?
– IP Address
• Is it an Elastic IP?
– DNS
• Pointing towards an instance?
• Pointing (incorrectly) towards an IP Address of an ELB?
• Using Route53?
• What happens if an instance dies?
– Prevent user error: enable termination protection
– Recover from the failure of host hardware with CloudWatch
Actions
– Auto Scaling Group + ELB
11. What are you doing for security?
• IAM
– By now you are using IAM (right?)
– What about instance roles?
– Problems with a policy? Use the Policy Simulator
– Is someone over permissioned? Use Access Advisor
– Is someone actually using the user/role? Use the Credential Report
• CloudTrail
– Previously you had to enable one region at a time – now you can enable all regions at once
– Probably want to check this
• Workspaces
– Easy Bastion (if you are a Windows shop)
• Active Directory
– Directory service comes in three flavors now
• AD Connector
• Lightweight Directory Service
• Full Active Directory
• Tenancy options have expanded
– Dedicated instances
– Dedicated hosts
12. What are you doing for Operations?
• Account/Billing Management
– Alerts – alerts when a predefined threshold has been met
– Reports – granular reporting + forecasting
– Contacts – granular contacts for security, operations and billing
• Tagging
– Manage your tags from one place using the Tag Editor
– Billing Tags for cross charging
• Trusted Advisor
• CloudWatch
– In addition to metrics and alarms now supports logs, dashboards, events and actions
• VPC
– Peering between VPCs (in the same region) without deploying an EC2 based solution
– NAT Gateway without deploying an EC2 based solution
– Multiple CGWs with the same Peer IP Address + NAT + Stronger Encryption/Hashing
– VPC Logs
• EC2 Run Command
– Remote commands to Windows or Linux instances
13. Conclusion and Some Advice
• Assess your environment
– Legacy?
– New Services?
– Underused Services?
– Enhanced Services?
– Roll your own versus managed/abstracted?
• Prioritize your findings
– Improve Scalability?
– Improve Reliability?
– Enhance Security?
– Lower Costs?
• Implement them
– Model in a sandbox, implement in production
• Review your environment on a periodic basis
– New services and features come out weekly!
14. Further Learning
• Getting Started: https://aws.amazon.com/getting-started
• General Reference: http://docs.aws.amazon.com/general/latest/gr
• Global Infrastructure: https://aws.amazon.com/about-aws/global-
infrastructure/
• FAQs: https://aws.amazon.com/faqs
• Documentation: https://aws.amazon.com/documentation/
• Architecture: https://aws.amazon.com/architecture
• Whitepapers: https://aws.amazon.com/whitepapers
• Security: https://aws.amazon.com/security
• Blog: https://aws.amazon.com/blogs
• Service Specific Pages: https://aws.amazon.com/service
• SlideShare: http://www.slideshare.net/AmazonWebServices
• Github: https://github.com/aws and https://github.com/awslabs
Who are you?
Patrick Hannah, CloudHesive (where I’m a co-founder and the VP of Engineering)
What’s your background?
Architecture, Security and Operations on AWS for 5 years, prior to that Contact Center Architecture and Operations for over 8 years (SaaS but we didn’t call it that). I’ve drawn on experience in both spaces in this presentation.
What do you hope to get out of the presentation?
I want to help folks get as the same out of AWS as I have.
I’d also like to see how others are using AWS – as with just about any thing in technology there are multiple ways to do something right (or wrong).
How are you using cloud services?
At CloudHesive, we provide consulting services to customers who wish to, or who are, leveraging AWS and we also use a number of AWS services to host our managed services customers (and the back-office systems supporting them).
Why did you pick the cloud services that you are using?
AWS is at the forefront of Cloud; their service catalog can support most traditional on-premise software use cases (infrastructure) but they also offer more abstracted services for software built on the cloud (such as SQS, which is one of my favorite) that negate the need to manage server infrastructure – on premise or on cloud.
What about you?
This is not a complete list and I’ve categorized certain services to suit my needs.
A key point to note is when I refer to infrastructure I refer to building blocks and when I refer to abstracted I refer to a managed service to solve a specific requirement (like SES, SQS, etc.)
How to do it
With ClassicLink you can enable communication between EC2-Classic and VPC using Private IP Addresses – great for a staggered migration
You’ll need to either relaunch your instances or migrate them to VPC (by way of AMI)
If you have services using Elastic IP Addresses that you cannot update you can move EC2-Classic EIPs to VPC (one way only)
How to do it
If it’s EBS backed you just need to stop/start the instance
If it’s not EBS backed – see the following slide
How to do it
You can move between each tier with EBS Snapshots
Create a Snapshot ahead of time and again at cutover to save time
How to do it
Most of these migrations will involve launching from a new AMI and copying data/customizing accordingly
Older AWS deployments may be leveraging their own solutions, running on EC2 to handle a number of services that are now offered as managed or abstracted services
Three options available, each geared towards a different audience
Multiple solutions to handle recovery of single instance and up
Each service has it’s own site and set of documentation
The SlideShare presentations can be an invaluable resource when it comes to diving into the details
The GitHub repositories have excellent examples of applications you can build on AWS
CloudHesive sponsors 5 Meetups in Florida; 4 in the South Florida-Tri-County Area and one in North Florida
We are always looking for ideas on topics, as well as attendees and speakers (especially Jacksonville)