Amazon Web Services Architecture - An Overview

Amazon Web Services – An Overview
Scott Weber – Vice President, Cloud Solutions at EagleDream Technologies

Customer Driven. Customer Focused.
We Are Cutting-Edge
We’re first to leverage new systems,
software, and ideas to provide smart
solutions that fit your needs.
We Value People
We offer many services, but we
serve people first, and through that
we produce quality work.
We Focus on Process
From start to finish, our processes
will guide your project to a
successful completion.
2Confidential | eagledream.com
Our Mission
Security Web DesignCloud Development Compliance Communications

Cloud Provider Architectures Compared
AWS Region
Availability
Zone 1
Availability
Zone 2
Availability
Zone 3
The Other Guys
Single Data Center In a Region

Shared Security Model

Agenda
• Region Architecture
• Security
• Cost Management
• IaaS
• PaaS
• X-abilities

Virtual Private Cloud Concepts
Internet
gateway
Endpoints
VPN
gateway
VPN
Connection
AWS
Direct
Connect
VPC NAT
Gateway
Private Public
Route 53
Hosted
Zone
Route
Table
Route
Table

Internet
gateway
Endpoints
VPN
gateway
VPN
Connection
AWS
Direct
Connect
172.30.x.x/16

8
Confidential | eagledream.com
Internet
gateway
Endpoints
VPN
gateway
VPN
Connection
AWS
Direct
Connect
VPC NAT
Gateway
Private Public
Route 53
Hosted
Zone
Route
Table
Route
Table
Server 1
Security Group 1
Subnet 1
Server 2
Security Group 2
Subnet 2
NACL

9
Security Groups
• Software defined firewalls
• Implicit Deny All
• Explicitly define access rules
• TCP
• UDP
• ICMP
• Inbound
• Protocol
• Port
• Source
Network Access Control Lists
• Layer 3 control
• IP or subnet to subnet control
• Must define in and out
• Network segmentation control
• Example use case – Separate Production and
Test environment traffic within a VPC
• Outbound
• Protocol
• Port
• Destination
• Source/Destination can be:
• Single IP Address
• IP Address Block
• Another Security Group
• The same Security Group itself
Security Groups and NACLs

Internet
gateway
Endpoints
VPN
gateway
Private Public
CloudFront (CDN)
&
Web Application
Firewall
Elastic Load
Balancing
Securing Web Applications

11
Log files are the key
• There is no Span port in the Cloud for a
Next Gen Firewall
• Rely instead on log files
• VPC Flow logs
• ELB logs
• CloudFront logs
• Application logs
• CloudTrail logs
• Need tooling to mine and compare to
known threats
• Sumo Logic
• Combine your on-premises logs as
well into a single pane of glass
Services from AWS
• CloudTrail
• Log EVERY API call
• Config and Config Rules
• State history of objects
• Enforce object configuration
• Identity and Access Management
• Server Roles
• Shield and Shield Advanced
• Inspector
Securing the Cloud

Cost Management

14
IaaS, the beginning of the Cloud
• Compute
• T2 – Web servers, small
Databases
• M4 – General purpose
• C4 – Compute optimized
• X1 – SAP HANA workloads
• R4 – Memory optimized
• P2 – General purpose GPU
• G2 – Graphic intensive GPU
• F1 – Field Programmable Gate
Arrays
• I3 – Storage Optimized
• D3 – Dense storage
• From 1 vCPU and 0.5 GB of RAM to
128 vCPU and 2 TB of RAM
• Disk
• 1 GB to 16 TB – no RAID
necessary
• SSD storage for $0.10/GB/month
• Block level backups
• Purchase Provisioned IOPS
• File storage
• $0.004 - $0.023/GB/month
• Licensing
• All OS licensing is included in
pricing
• Dedicated servers for HIPAA
workloads
Infrastructure as a Service

15
DBaaS
• Let someone else do the “unmitigated
heavy lifting”
• Engines that are supported
• MariaDB
• MySQL
• Postgresql
• MS SQL
• Oracle
• Aurora – 5x the performance of
MySQL
• High availability with AWS managed
Master/Slave
DWaaS (Data Warehouse as a Service)
• As low as $0.25/hr to get started
• Scale to 5 PB on disk, and hundreds of
vCPUs
• Scale to Exabytes with new features
• Postgres-like interface
• Invoke Python functions from SQL
• Managed service with backup and high
availability
Platform as a Service

16
FaaS (Lambda)
• No more servers!
• Upload code and AWS handles the rest
• Java
• C#
• NodeJS
• Python
• Will automatically scale as wide as
needed
• Costs based on requests and memory
footprint and duration of execution time
• $0.20/million/month requests
• $0.00001667/GB-second/month
CCaaS (Amazon Connect)
• Call Center as a Service
• No monthly recurring charges – pay for
what you use
• Inbound and outbound rates
• Toll-free support
• Port in numbers
• Soft phone only
• Build integrations to CRM and other
APIs
Platform as a Service

17
Scalability
• Vertical or horizontal scaling –
horizontal is better
• Horizontal scaling via automation
• Spin up or down
• Customized triggers
• Customizable flows
• Windows or Linux
High Availability
• Multiple Availability Zone deployments
for IaaS and DBaaS
• Synchronous database replication
within the Region
• Stream files to other Regions
• Cross Region read replicas of
databases
• Cross Region backup distribution
Durability
• 11 9’s of durability for data stored in S3
• 5 9’s for data on Block storage - RAID is
not needed or recommended
• 99.95% SLA at the Availability Zone
level
<X>-abilities

Contact Us
1.888.4EAGLEDREAM
info@eagledream.com
Headquarters | Rochester, NY
300 Trolley Blvd
Rochester, NY 14606
New England | Boston, MA
300 Baker Avenue, Suite 300
Concord, MA 01742
Primary Contact(s):
Scott Weber
Vice President, Cloud Solutions
Email: Scott.Weber@eagledream.com
We look forward to working with you. EagleDream.com

Amazon Web Services Architecture - An Overview

More Related Content

What's hot

Similar to Amazon Web Services Architecture - An Overview

Recently uploaded

Amazon Web Services Architecture - An Overview

Editor's Notes