Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
AWS Developer Fundamentals 
Josh Padnick 
October 18, 2014 
Desert Code Camp
What We’ll Cover
Forests & Trees 
The Details The Big Picture
The Big Picture 
• What is AWS? 
• AWS for Specific Use Cases 
• Key Ideas in AWS
The Details 
• Running Servers (EC2) 
• Storing Data (S3)
But we only have 60 minutes. 
So we’ll move fast.
About Me
About Me 
Josh Padnick 
josh.padnick@gmail.com 
602.432.3789 
http://JoshPadnick.com 
• Founded healthcare IT company wher...
What is AWS?
It’s what Amazon built internally to 
power their own site. 
They architected it so abstractly that it 
wasn’t even specif...
AWS is a suite of IT services used 
to build or manage software 
faster, cheaper, and at scale.
• Compute Services give you on-demand virtual machines. 
• Storage Services let you store large blocks of unstructured con...
Now let’s look at the AWS console.
Primary AWS Competitors
Magic Quadrant for Public Cloud Services 
Source: Gartner (July 2014)
Secondary AWS Competitors 
Email File Sharing DNS / Domain Reg.
So how do you learn about 33 
different services?
It kind of reminds me of this place.
• Your first experience is overwhelming. 
• No one person needs all of Home Depot. 
• Each person gets just what they need...
AWS is the same. 
Don’t try to learn everything. 
Instead, pick your use case, and get to know 
only the aisles you need.
Use Cases
Major AWS Use Cases 
• Scalable web app 
• Big data 
• Mobile app support 
• Backup & storage 
• Ad hoc (email, DNS, queue...
AWS Big Data Services
AWS Backup & Storage Services
Today’s Talk is about using AWS 
with the Scalable Web App.
For the scalable web app, 
80%+ of your work will be in just three services.
If you want to explore more 
about any use case, check out 
http://aws.amazon.com/solutions/ 
I listed just 5 use cases an...
We’ll go into detail on that shortly. 
First, let’s talk about: 
Key Ideas in AWS
Key Idea #1 
Make your app resilient by using 
global regions & availability zones 
INSPIRATION: “AWS Developer Fundamenta...
AWS Regions Throughout the World 
Region = Data Center
In the AWS API, use the region’s official name.
Each AWS Region has at least 2 
Availability Zones.
Key Idea #1 
• Building across regions is very challenging. 
• Building across availability zones is straightforward. 
• Y...
Key Idea #2 
Pay only for what you need.
Almost nothing in AWS has upfront fees.
Key Idea #2 
• There are almost never upfront fees in AWS. 
• You pay only for what you use. 
• EC2 Instances per hour 
• ...
Key Idea #3 
Architect for failure.
http://status.aws.amazon.com/
Key Idea #3 
• Early versions of the AWS docs just stopped short of telling you 
instances would fail on a periodic basis....
Key Idea #4 
Everything’s an API call away. 
Sometimes exclusively.
Key Idea #4 
• AWS builds their APIs first. 
• Then they upgrade their AWS Console. 
• Sometimes the console only implemen...
Key Idea #5 
Plan to scale out, not up.
Key Idea #5 
• AWS does give you many ways to “scale up”. 
• In the short-term, “scale up” is definitely easier. 
• But it...
Let’s talk details.
AWS for 
Scalable Web Apps
Let’s describe each of 
these AWS services. 
(We’ll be brief for some)
EC2 
Virtual Servers in the Cloud
EC2 
Use Case: 
• Launch Linux and Windows servers in the cloud.
Let’s setup a server 
using non-AWS lingo
Server
Server 
Hard Drive
Server 
Hard Drive 
Firewall
Server 
Hard Drive 
Firewall 
SSH Keys
Server 
Hard Drive 
Firewall 
SSH Keys 
IP Address
Now let’s use 
AWS lingo.
EC2 Instance 
EBS Volume 
Security Group 
Key Pairs 
Elastic IP
Let’s take these one at a time.
EC2 Instance
EC2 Instances Come in Multiple Sizes 
They vary along just 3 dimensions 
CPU Memory Network
CATEGORY INSTANCE TYPES 
General 
Purpose 
T2, M3 
Compute 
Optimized 
C3 
Memory 
Optimized 
R3 
GPU G2 
Storage Optimize...
Instance 
Type 
vCPU Memory 
(GiB) 
Storage 
(GB) 
Network 
ing 
Physical 
Process 
Clock 
Speed 
Intel® 
AES-NI 
Intel® 
...
CATEGORY INSTANCE TYPES 
General 
Purpose 
T2, M3 
• When your’e starting out, you can just use the general 
purpose line....
Instance Type vCPU Memory (GiB) Storage (GB) Networking 
Performance 
Physical 
Processor 
Clock Speed 
(GHz) 
t2.micro 1 ...
EBS Volume
EBS Volumes are basically 
“virtual hard drives” 
• EBS = Elastic Block Store 
• You can provision hard drives at the bloc...
You can create EBS volumes 
directly. But usually, you create 
them as part of your EC2 instance.
But you may want to attach 
multiple EBS volumes to the 
same EC2 instance.
Key Pairs
A key pair is just an SSH private key 
+ its corresponding public key.
• You can upload your own keys. 
• Or AWS creates them for you. 
• Linux 
• Use your key to SSH into the instance 
• Windo...
• Best practice is to use a bastion host. 
• This means you have one instance that is accessible 
via SSH from the outside...
Security Group
Security Group = 
Firewall for an Instance
• Create one security group for each “tier” in your app. 
• You should have a single security group for allowing 
“outside...
Elastic IP
You can get a public IP address from AWS. 
Then you assign it to any instance! 
You can re-assign it later!
Elastic IP 
EC2 Instance A EC2 Instance B
Elastic IP 
X 
EC2 Instance A EC2 Instance B
Elastic IP 
X 
EC2 Instance A EC2 Instance B
• This means you can re-assign an elastic IP address 
from a failed instance to a working one. 
• Basically, your server a...
EC2 Instance 
EBS Volume 
Security Group 
Key Pairs 
Elastic IP
Now we’re ready to 
launch an instance!
What’s an AMI?
EBS Volume 
Part 2
EBS Volumes are basically 
“virtual hard drives” 
• We can take snapshots of an EBS volume. 
• This means we can instantly...
EC2 Instances are “backed” by 
EBS Volumes 
• We can take snapshots of these EBS volumes, too. 
• When we take a snapshot ...
Amazon Machine Image 
is used to launch … 
EBS Volume 
EC2 Instance
AWS has prepared useful AMIs for us. 
• Windows Server 2008 / 2012 
• With or without paid Microsoft software 
• Multiple ...
Reserved Instances 
• Use Reserved Instances to save money. These 
are a billing concept only; they have no effect on 
any...
VPC 
Isolated Cloud Resources
Let’s setup a network 
using non-AWS lingo
Server Server
Subnet B 
Subnet A 
Server Server
“Subnet Firewall” “Subnet Firewall” 
Subnet B 
Subnet A 
Server Server
Network 
“Subnet Firewall” “Subnet Firewall” 
Subnet B 
Subnet A 
Server Server
Now let’s use the AWS lingo
VPC 
Network ACL Network ACL 
Subnet B 
Subnet A 
Instance Instance
VPC Recommendations 
• VPCs are a great way to logically group your instances into 
different “clusters”, both for securit...
S3 
Scalable Storage in the Cloud
S3 
Use Cases: 
• Store files in the cloud for low-latency access
Let’s Look at S3. 
Using AWS lingo.
us-west-2 region us-east-1 region
us-west-2 region us-east-1 region 
S3 Bucket “A” S3 Bucket “A” 
S3 Bucket “B” S3 Bucket “B”
S3 Buckets 
• Buckets are “holding tanks” for files and folders. 
• Bucket names must be globally unique across an AWS 
re...
Surprising Things About 
S3 Buckets 
• Use a bucket as a way to host static websites!
Cool Things About 
S3 Buckets 
• If enabled, you can preserve, retrieve, and 
restore every version of every object stored...
Neat Things About 
S3 Buckets 
• You can setup “Rules” for a bucket which take effect 
on all files or only certain folder...
Helpful Things About 
S3 Buckets 
• You can limit permissions to buckets by IAM 
Roles. 
• More on IAM in a bit. But for n...
us-west-2 region us-east-1 region 
S3 Bucket “A” S3 Bucket “A” 
S3 Bucket “B” S3 Bucket “B”
us-west-2 region us-east-1 region 
Files and Folders 
S3 Bucket “A” S3 Bucket “A” 
S3 Bucket “B” S3 Bucket “B”
Files and Folders in S3 
• Basically works like a standard file system. 
• Files can have granular access permission 
• Fi...
Helpful Things About 
Files and Folders in S3 
• Files can be encrypted server-side by AWS 
• You basically check a box in...
S3 Recommendations 
• Namespace your buckets (e.g. “padnick-dcc14”) 
• Intelligently use auto-delete rules to save on cost...
IAM 
Secure AWS Access Control
• Use IAM to give each member of your team a 
unique login. 
• Never share your root password among 
everyone! 
• You can ...
IAM Recommendations 
• Setup your master account, and then put that 
user/pass in a vault and never give it to anyone! 
• ...
DynamoDB 
Managed NoSQL Databases 
ElastiCache 
Managed Cache Services 
RDS 
Managed SQL Stores
• This is basically AWS setting up, scaling, and 
managing your own X for you, where X = 
• MySQL, PostrgreSQL, Oracle 
• ...
SES 
Use AWS as your email service
Summary
• Pick your AWS use case, then dive in. 
• EC2, VPC, and S3 are the most popular 
services. 
• Take the time to learn abou...
Thank you, 
Now go build something cool! 
Josh Padnick 
josh.padnick@gmail.com 
602.432.3789 
http://JoshPadnick.com
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
AWS Developer Fundamentals
Upcoming SlideShare
Loading in …5
×

AWS Developer Fundamentals

8,218 views

Published on

Covers a broad overview of how to use AWS for building a scalable web app. Covers some of the AWS services in depth, and also gives recommendations on many services.

Published in: Software

AWS Developer Fundamentals

  1. 1. AWS Developer Fundamentals Josh Padnick October 18, 2014 Desert Code Camp
  2. 2. What We’ll Cover
  3. 3. Forests & Trees The Details The Big Picture
  4. 4. The Big Picture • What is AWS? • AWS for Specific Use Cases • Key Ideas in AWS
  5. 5. The Details • Running Servers (EC2) • Storing Data (S3)
  6. 6. But we only have 60 minutes. So we’ll move fast.
  7. 7. About Me
  8. 8. About Me Josh Padnick josh.padnick@gmail.com 602.432.3789 http://JoshPadnick.com • Founded healthcare IT company where we used AWS for 5+ years. • Built three major products for hundreds of thousands of users on AWS. • Hosted 150+ websites on AWS. • Professional AWS Consultant.
  9. 9. What is AWS?
  10. 10. It’s what Amazon built internally to power their own site. They architected it so abstractly that it wasn’t even specific to Amazon!
  11. 11. AWS is a suite of IT services used to build or manage software faster, cheaper, and at scale.
  12. 12. • Compute Services give you on-demand virtual machines. • Storage Services let you store large blocks of unstructured content. • Database Services allow you to store structured and unstructured data in a variety of ways. • Networking Services provide technologies for identifying (DNS) resources and connecting resources to on-premises assets. • Messaging Services enable rich communication scenarios between systems or components. • Content Delivery Services provide edge locations for frequently accessed content. • Deployment and Management Services enable packaging, securing, and monitoring AWS applications. • Big Data Services include tools for ingesting, processing, and storing huge amounts of data. • Mobile Services include tools for sending push notifications, and streamlining app development. SOURCE: “AWS Developer Fundamentals” by Richard Seroter. Pluralsight.
  13. 13. Now let’s look at the AWS console.
  14. 14. Primary AWS Competitors
  15. 15. Magic Quadrant for Public Cloud Services Source: Gartner (July 2014)
  16. 16. Secondary AWS Competitors Email File Sharing DNS / Domain Reg.
  17. 17. So how do you learn about 33 different services?
  18. 18. It kind of reminds me of this place.
  19. 19. • Your first experience is overwhelming. • No one person needs all of Home Depot. • Each person gets just what they need.
  20. 20. AWS is the same. Don’t try to learn everything. Instead, pick your use case, and get to know only the aisles you need.
  21. 21. Use Cases
  22. 22. Major AWS Use Cases • Scalable web app • Big data • Mobile app support • Backup & storage • Ad hoc (email, DNS, queueing)
  23. 23. AWS Big Data Services
  24. 24. AWS Backup & Storage Services
  25. 25. Today’s Talk is about using AWS with the Scalable Web App.
  26. 26. For the scalable web app, 80%+ of your work will be in just three services.
  27. 27. If you want to explore more about any use case, check out http://aws.amazon.com/solutions/ I listed just 5 use cases and AWS lists 18! Think of my 5 as the major forests. AWS is just being extra helpful with every tree it can think of.
  28. 28. We’ll go into detail on that shortly. First, let’s talk about: Key Ideas in AWS
  29. 29. Key Idea #1 Make your app resilient by using global regions & availability zones INSPIRATION: “AWS Developer Fundamentals” by Richard Seroter. Pluralsight.
  30. 30. AWS Regions Throughout the World Region = Data Center
  31. 31. In the AWS API, use the region’s official name.
  32. 32. Each AWS Region has at least 2 Availability Zones.
  33. 33. Key Idea #1 • Building across regions is very challenging. • Building across availability zones is straightforward. • You can basically purchase (in time and money) the amount of resilience you want!
  34. 34. Key Idea #2 Pay only for what you need.
  35. 35. Almost nothing in AWS has upfront fees.
  36. 36. Key Idea #2 • There are almost never upfront fees in AWS. • You pay only for what you use. • EC2 Instances per hour • S3 files per GB stored / transferred • etc. • You can stop and start instances as you need them before you launch your app. • You can start with small (or even burstable!) instances, and easily change your instance type later.
  37. 37. Key Idea #3 Architect for failure.
  38. 38. http://status.aws.amazon.com/
  39. 39. Key Idea #3 • Early versions of the AWS docs just stopped short of telling you instances would fail on a periodic basis. • Instances are now very reliable, but you should still assume they could fail at any time. • When they inevitably do, this is not “something unexpected”, it’s just another state you expect your infrastructure may enter. • On the other hand, all AWS services have built in reliability / fault tolerance. • Note that there have been isolated stories of businesses going under when their AWS account was hijacked. So, it’s always a good idea to keep your most important data on a different AWS account or location.
  40. 40. Key Idea #4 Everything’s an API call away. Sometimes exclusively.
  41. 41. Key Idea #4 • AWS builds their APIs first. • Then they upgrade their AWS Console. • Sometimes the console only implements a subset of the API! • It would be possible to build a complete AWS console on your own using only their APIs. Often used for cloud management providers, other partner vendors.
  42. 42. Key Idea #5 Plan to scale out, not up.
  43. 43. Key Idea #5 • AWS does give you many ways to “scale up”. • In the short-term, “scale up” is definitely easier. • But it’s best if you build your architecture to “scale out” • This is most challenging at the database level. Which is why AWS offers RDS and DynamoDB. • Even if you can’t build perfectly “horizontally scaling” architectures, you should have that in mind as the ideal.
  44. 44. Let’s talk details.
  45. 45. AWS for Scalable Web Apps
  46. 46. Let’s describe each of these AWS services. (We’ll be brief for some)
  47. 47. EC2 Virtual Servers in the Cloud
  48. 48. EC2 Use Case: • Launch Linux and Windows servers in the cloud.
  49. 49. Let’s setup a server using non-AWS lingo
  50. 50. Server
  51. 51. Server Hard Drive
  52. 52. Server Hard Drive Firewall
  53. 53. Server Hard Drive Firewall SSH Keys
  54. 54. Server Hard Drive Firewall SSH Keys IP Address
  55. 55. Now let’s use AWS lingo.
  56. 56. EC2 Instance EBS Volume Security Group Key Pairs Elastic IP
  57. 57. Let’s take these one at a time.
  58. 58. EC2 Instance
  59. 59. EC2 Instances Come in Multiple Sizes They vary along just 3 dimensions CPU Memory Network
  60. 60. CATEGORY INSTANCE TYPES General Purpose T2, M3 Compute Optimized C3 Memory Optimized R3 GPU G2 Storage Optimized I2, HS1
  61. 61. Instance Type vCPU Memory (GiB) Storage (GB) Network ing Physical Process Clock Speed Intel® AES-NI Intel® AV Intel® Turbo EBS OPT Enhance t2.micro 1 1 EBS d Only Low to Moderat Intel Xeon 2.5 Yes Yes Yes - - t2.small 1 2 EBS Only Low to Moderat Intel Xeon 2.5 Yes Yes Yes - - t2.mediu m 2 4 EBS Only Low to Moderat Intel Xeon 2.5 Yes Yes Yes - - m3.medi um 1 3.75 1 x 4 SSD Moderat e Intel Xeon 2.5 Yes Yes Yes - - m3.large 2 7.5 1 x 32 SSD Moderat e Intel Xeon 2.5 Yes Yes Yes - - m3.xlarg e 4 15 2 x 40 SSD High Intel Xeon 2.5 Yes Yes Yes Yes - m3.2xlar ge 8 30 2 x 80 SSD High Intel Xeon 2.5 Yes Yes Yes Yes - c3.large 2 3.75 2 x 16 SSD Moderat e Intel Xeon 2.8 Yes Yes Yes - Yes c3.xlarge 4 7.5 2 x 40 SSD Moderat e Intel Xeon 2.8 Yes Yes Yes Yes Yes c3.2xlarg e 8 15 2 x 80 SSD High Intel Xeon 2.8 Yes Yes Yes Yes Yes c3.4xlarg e 16 30 2 x 160 SSD High Intel Xeon 2.8 Yes Yes Yes Yes Yes c3.8xlarg e 32 60 2 x 320 SSD 10 Gigabit Intel Xeon 2.8 Yes Yes Yes - Yes g2.2xlarg e 8 15 1 x 60 SSD High Intel Xeon 2.6 Yes - - Yes - r3.large 2 15.25 1 x 32 SSD Moderat e Intel Xeon 2.5 Yes Yes Yes - Yes r3.xlarge 4 30.5 1 x 80 SSD Moderat e Intel Xeon 2.5 Yes Yes Yes Yes Yes r3.2xlarg e 8 61 1 x 160 SSD High Intel Xeon 2.5 Yes Yes Yes Yes Yes r3.4xlarg e 16 122 1 x 320 SSD High Intel Xeon 2.5 Yes Yes Yes Yes Yes r3.8xlarg e 32 244 2 x 320 SSD 10 Gigabit Intel Xeon 2.5 Yes Yes Yes - Yes i2.xlarge 4 30.5 1 x 800 SSD Moderat e Intel Xeon 2.5 Yes Yes Yes Yes Yes i2.2xlarg e 8 61 2 x 800 SSD High Intel Xeon 2.5 Yes Yes Yes Yes Yes i2.4xlarg e 16 122 4 x 800 SSD High Intel Xeon 2.5 Yes Yes Yes Yes Yes i2.8xlarg e 32 244 8 x 800 SSD 10 Gigabit Intel Xeon 2.5 Yes Yes Yes - Yes hs1.8xlar ge 16 117 24 x 2,000 10 Gigabit Intel Xeon 2 Yes - - - -
  62. 62. CATEGORY INSTANCE TYPES General Purpose T2, M3 • When your’e starting out, you can just use the general purpose line. • The T2 line is especially good for servers that often sit idle, but then need a burst of performance (e.g. low-traffic web servers, build servers, etc.)
  63. 63. Instance Type vCPU Memory (GiB) Storage (GB) Networking Performance Physical Processor Clock Speed (GHz) t2.micro 1 1 EBS Only Low to Moderate Intel Xeon family 2.5 t2.small 1 2 EBS Only Low to Moderate Intel Xeon family 2.5 t2.medium 2 4 EBS Only Low to Moderate Intel Xeon family 2.5 m3.medium 1 3.75 1 x 4 SSD Moderate Intel Xeon E5-2670 v2* 2.5 m3.large 2 7.5 1 x 32 SSD Moderate Intel Xeon E5-2670 v2* 2.5 m3.xlarge 4 15 2 x 40 SSD High Intel Xeon E5-2670 v2* 2.5 m3.2xlarge 8 30 2 x 80 SSD High Intel Xeon E5-2670 v2* 2.5
  64. 64. EBS Volume
  65. 65. EBS Volumes are basically “virtual hard drives” • EBS = Elastic Block Store • You can provision hard drives at the block level, which means AWS doesn’t care which file system you format it with (e.g. EXT4, ZFX, NTFS) • You can even create RAID arrays. • If you need extra performance, you can pay for higher IOPS.
  66. 66. You can create EBS volumes directly. But usually, you create them as part of your EC2 instance.
  67. 67. But you may want to attach multiple EBS volumes to the same EC2 instance.
  68. 68. Key Pairs
  69. 69. A key pair is just an SSH private key + its corresponding public key.
  70. 70. • You can upload your own keys. • Or AWS creates them for you. • Linux • Use your key to SSH into the instance • Windows • Use your key to get the RDP password of the instance
  71. 71. • Best practice is to use a bastion host. • This means you have one instance that is accessible via SSH from the outside (locked down only to specific IP addresses). • Once in the bastion host, then you can SSH into other instances.
  72. 72. Security Group
  73. 73. Security Group = Firewall for an Instance
  74. 74. • Create one security group for each “tier” in your app. • You should have a single security group for allowing “outside access” from specific IPs (the bastion host security group) • Be paranoid and restrictive. There are lots of bots out there!
  75. 75. Elastic IP
  76. 76. You can get a public IP address from AWS. Then you assign it to any instance! You can re-assign it later!
  77. 77. Elastic IP EC2 Instance A EC2 Instance B
  78. 78. Elastic IP X EC2 Instance A EC2 Instance B
  79. 79. Elastic IP X EC2 Instance A EC2 Instance B
  80. 80. • This means you can re-assign an elastic IP address from a failed instance to a working one. • Basically, your server and your IP address are no longer bound to each other.
  81. 81. EC2 Instance EBS Volume Security Group Key Pairs Elastic IP
  82. 82. Now we’re ready to launch an instance!
  83. 83. What’s an AMI?
  84. 84. EBS Volume Part 2
  85. 85. EBS Volumes are basically “virtual hard drives” • We can take snapshots of an EBS volume. • This means we can instantly clone the EBS volume and attach it to another instance.
  86. 86. EC2 Instances are “backed” by EBS Volumes • We can take snapshots of these EBS volumes, too. • When we take a snapshot of EBS volumes as part of an EC2 instance, we wind up creating an Amazon Machine Image.
  87. 87. Amazon Machine Image is used to launch … EBS Volume EC2 Instance
  88. 88. AWS has prepared useful AMIs for us. • Windows Server 2008 / 2012 • With or without paid Microsoft software • Multiple Linux distros • Ubuntu • Suse • Amazon Linux
  89. 89. Reserved Instances • Use Reserved Instances to save money. These are a billing concept only; they have no effect on anything else. • If you can prepay for 1 year, save 40%. • If you can prepay for 3 years, save 60%
  90. 90. VPC Isolated Cloud Resources
  91. 91. Let’s setup a network using non-AWS lingo
  92. 92. Server Server
  93. 93. Subnet B Subnet A Server Server
  94. 94. “Subnet Firewall” “Subnet Firewall” Subnet B Subnet A Server Server
  95. 95. Network “Subnet Firewall” “Subnet Firewall” Subnet B Subnet A Server Server
  96. 96. Now let’s use the AWS lingo
  97. 97. VPC Network ACL Network ACL Subnet B Subnet A Instance Instance
  98. 98. VPC Recommendations • VPCs are a great way to logically group your instances into different “clusters”, both for security and management. • If you can, setup one public (exposed to Internet) subnet each in two different Availability Zones (AZ’s), and one private subnet each two different AZ’s. • Use Network ACLs for high-level filtering rules (e.g. connecting Subnet A to Subnet B). Instance-level rules have an additional management overhead.
  99. 99. S3 Scalable Storage in the Cloud
  100. 100. S3 Use Cases: • Store files in the cloud for low-latency access
  101. 101. Let’s Look at S3. Using AWS lingo.
  102. 102. us-west-2 region us-east-1 region
  103. 103. us-west-2 region us-east-1 region S3 Bucket “A” S3 Bucket “A” S3 Bucket “B” S3 Bucket “B”
  104. 104. S3 Buckets • Buckets are “holding tanks” for files and folders. • Bucket names must be globally unique across an AWS region. For example, you can’t have two buckets named “A” in the us-west-2 region. • Buckets have properties which govern all files stored in them (examples shortly)
  105. 105. Surprising Things About S3 Buckets • Use a bucket as a way to host static websites!
  106. 106. Cool Things About S3 Buckets • If enabled, you can preserve, retrieve, and restore every version of every object stored in this bucket. • Of course, you also pay to store every version of every object, so tread carefully here.
  107. 107. Neat Things About S3 Buckets • You can setup “Rules” for a bucket which take effect on all files or only certain folders in that bucket. • Example: auto-delete all files X days after they’re created • Example: automatically move all files to Glacier X days after they’re created. • Example: first delete, then archive.
  108. 108. Helpful Things About S3 Buckets • You can limit permissions to buckets by IAM Roles. • More on IAM in a bit. But for now, note that you can allow only certain instances or certain logged in users to your AWS console to access certain S3 folders.
  109. 109. us-west-2 region us-east-1 region S3 Bucket “A” S3 Bucket “A” S3 Bucket “B” S3 Bucket “B”
  110. 110. us-west-2 region us-east-1 region Files and Folders S3 Bucket “A” S3 Bucket “A” S3 Bucket “B” S3 Bucket “B”
  111. 111. Files and Folders in S3 • Basically works like a standard file system. • Files can have granular access permission • Files can have public read permissions or not. • Files can be accessed with a temporary token so that when a user downloads one in your app, he can’t take that URL and use it again the next day.
  112. 112. Helpful Things About Files and Folders in S3 • Files can be encrypted server-side by AWS • You basically check a box indicating you want encryption. • Then you trust that Amazon actually encrypts it. AWS handles all encryption on their end. You don’t change anything on yours. • Costs nothing. • If you want to supply the encryption keys, AWS will support that, too.
  113. 113. S3 Recommendations • Namespace your buckets (e.g. “padnick-dcc14”) • Intelligently use auto-delete rules to save on cost. If you’re paranoid about needing the files, then archive to Glacier. • Use very thoughtful folder names in your buckets, then you can apply folder-specific rules. e.g. “builds”, “backup”, “temp”, etc. • S3 is a great place for key storage (but obviously doesn’t provide key management).
  114. 114. IAM Secure AWS Access Control
  115. 115. • Use IAM to give each member of your team a unique login. • Never share your root password among everyone! • You can also use IAM to give permissions to individual EC2 instances for other AWS resources (e.g. S3 buckets)
  116. 116. IAM Recommendations • Setup your master account, and then put that user/pass in a vault and never give it to anyone! • Each engineer should have his own IAM login. • Consequences of a bad actor accessing your AWS account are catastrophic, so please use MFA. • Even if you don’t plan on using IAM roles, create them and assign them to instances at launch time.
  117. 117. DynamoDB Managed NoSQL Databases ElastiCache Managed Cache Services RDS Managed SQL Stores
  118. 118. • This is basically AWS setting up, scaling, and managing your own X for you, where X = • MySQL, PostrgreSQL, Oracle • MongoDB • Redis, Memcached
  119. 119. SES Use AWS as your email service
  120. 120. Summary
  121. 121. • Pick your AWS use case, then dive in. • EC2, VPC, and S3 are the most popular services. • Take the time to learn about IAM. It’s not difficult, and will dramatically improve your security posture. • The best way to learn is by doing!
  122. 122. Thank you, Now go build something cool! Josh Padnick josh.padnick@gmail.com 602.432.3789 http://JoshPadnick.com

×