SlideShare a Scribd company logo

AWS Black Belt Ninja Dojo: Optimizing AWS Services Performance and Costs

Amazon Web Services
Amazon Web Services

How you use the AWS platform last year may be very different to how you utilise it today to maximize innovation, outcomes and remaining competitive. In this advanced technical session an AWS Solution Architect will address technical requirements for successfully deploying and managing applications on the AWS platform, how solutions were potentially architected previously, both off-cloud and on-cloud, and some of the best practice recommendations on AWS today.

Technology
1 of 204
AWS Black Belt Ninja Dojo Dean Samuels, Solutions Architect Amazon Web Services
Business 101 Technical 201 Technical 301 Technical 401 Technical Session Grading
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: Amazon SQS Auto Scaling groups AWS Region SNS
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Amazon SQS Auto Scaling groups AWS Region SNS
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Amazon SQS Auto Scaling groups AWS Region SNS
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Amazon SQS Auto Scaling groups AWS Region SNS
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Amazon SQS Auto Scaling groups AWS Region SNS
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Amazon SQS Auto Scaling groups AWS Region SNS
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Amazon SQS Auto Scaling groups AWS Region SNS
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
How can I optimise the performance of these AWS services
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
Amazon EBS – Larger & Faster Volumes
Amazon EBS – Larger & Faster Volumes GP2 1GB-16TB
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 1GB-16TB 4GB-16TB
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 1GB-16TB 4GB-16TB 1GB-1TB
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 1GB-16TB 4GB-16TB 1GB-1TB
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 1GB-16TB 4GB-16TB 1GB-1TB
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 1GB-16TB 4GB-16TB 1GB-1TB
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) 1GB-16TB 4GB-16TB 1GB-1TB
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 1GB-16TB 4GB-16TB 1GB-1TB
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB EC2 48,000 IOPS @ 16K IO 800MB/s^ ^Amazon EC2 *.8xlarge instances support 10Gb/s network
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB EC2 48,000 IOPS @ 16K IO 800MB/s^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ ^Amazon EC2 *.8xlarge instances support 10Gb/s network 1-2ms
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB EC2 48,000 IOPS @ 16K IO 800MB/s^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ ^Amazon EC2 *.8xlarge instances support 10Gb/s network 1-2ms 48,000 IOPS @ 16K IO 800MB/s^ EC2
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB EC2 48,000 IOPS @ 16K IO 800MB/s^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ ^Amazon EC2 *.8xlarge instances support 10Gb/s network 1-2ms 1-2ms 48,000 IOPS @ 16K IO 800MB/s^ EC2
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB EC2 48,000 IOPS @ 16K IO 800MB/s^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ ^Amazon EC2 *.8xlarge instances support 10Gb/s network 1-2ms 1-2ms ~2-40ms 48,000 IOPS @ 16K IO 800MB/s^ EC2 48,000 IOPS @ 16K IO 800MB/s^ EC2
Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB EC2 48,000 IOPS @ 16K IO 800MB/s^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ ^Amazon EC2 *.8xlarge instances support 10Gb/s network 1-2ms 1-2ms ~2-40ms 48,000 IOPS @ 16K IO 800MB/s^ EC2 48,000 IOPS @ 16K IO 800MB/s^ EC2 Optimal queue depth to achieve lower latency and highest IOPS is ~1 QD per 200 IOPS
Amazon EBS
Amazon EBS Cost Optimisation
Amazon EBS Cost Optimisation • 1TB PIOPS volume with 4K IOPS – $429.32* per month per volume __________________________________ *Pricing for AWS Sydney region – ap-southeast-2
Amazon EBS Cost Optimisation • 1TB PIOPS volume with 4K IOPS – $429.32* per month per volume __________________________________ • GP2 1TB volume with 3000 IOPS – $122.88* *Pricing for AWS Sydney region – ap-southeast-2
Amazon EBS Cost Optimisation • 1TB PIOPS volume with 4K IOPS – $429.32* per month per volume __________________________________ • GP2 1TB volume with 3000 IOPS – $122.88* • GP2 2 x 500GB volumes at 3K, burst to 6K – $122.88* ~70% Cost Savings. 50% more peak I/O with *Pricing for AWS Sydney region – ap-southeast-2
Amazon EBS Cost Optimisation • 1TB PIOPS volume with 4K IOPS – $429.32* per month per volume __________________________________ • GP2 1TB volume with 3000 IOPS – $122.88* • GP2 2 x 500GB volumes at 3K, burst to 6K – $122.88* ~70% Cost Savings. 50% more peak I/O with General Purpose (SSD) *Pricing for AWS Sydney region – ap-southeast-2
Amazon EBS Cost Optimisation • 1TB PIOPS volume with 4K IOPS – $429.32* per month per volume __________________________________ • GP2 1TB volume with 3000 IOPS – $122.88* • GP2 2 x 500GB volumes at 3K, burst to 6K – $122.88* ~70% Cost Savings. 50% more peak I/O with General Purpose (SSD) Management Optimisation *Pricing for AWS Sydney region – ap-southeast-2
Amazon EBS Cost Optimisation • 1TB PIOPS volume with 4K IOPS – $429.32* per month per volume __________________________________ • GP2 1TB volume with 3000 IOPS – $122.88* • GP2 2 x 500GB volumes at 3K, burst to 6K – $122.88* ~70% Cost Savings. 50% more peak I/O with General Purpose (SSD) Management Optimisation • Leverage tags to add metadata to snapshots – Application stack – Instance Id – Volume Id – Version – Type (daily, weekly) *Pricing for AWS Sydney region – ap-southeast-2 Use together with new AMI creation date
Amazon EC2
Amazon EC2 • Next Generation Instance Types – C4 & C3: Compute Optimized – R3: Memory Optimized – I2: High IO – D2: Dense-storage
Amazon EC2 • Next Generation Instance Types – C4 & C3: Compute Optimized – R3: Memory Optimized – I2: High IO – D2: Dense-storage • Hardware Assisted Virtualization (HVM)
Amazon EC2 • Next Generation Instance Types – C4 & C3: Compute Optimized – R3: Memory Optimized – I2: High IO – D2: Dense-storage • Hardware Assisted Virtualization (HVM) • Enhanced Networking
Amazon EC2 – Enhanced Networking
Virtualization layer eth0 eth1 Instance Virtual NICs Physical NIC VIF Amazon EC2 – Enhanced Networking
Virtualization layer eth0 eth1 Instance Virtual NICs Physical NIC Virtualization layer eth0 Instance Physical NIC VF Driver eth1 VF VIF SR-IOV Amazon EC2 – Enhanced Networking
Virtualization layer eth0 eth1 Instance Virtual NICs Physical NIC Virtualization layer eth0 Instance Physical NIC VF Driver eth1 VF VIF SR-IOV Amazon EC2 – Enhanced Networking Instance 1 Instance 2 ........
Demo
Amazon S3 – Distributing Key Names
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg Don’t Do This!
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg Don’t Do This! You end up with this
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Don’t Do This! You end up with this
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition Don’t Do This! You end up with this
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition Don’t Do This! You end up with this
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition Don’t Do This! You end up with this
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Don’t Do This! You end up with this
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg <my_bucket>/521335461-2013_11_13.jpg <my_bucket>/465330151-2013_11_13.jpg <my_bucket>/987331160-2013_11_13.jpg <my_bucket>/465765461-2013_11_13.jpg <my_bucket>/125631151-2013_11_13.jpg <my_bucket>/934563160-2013_11_13.jpg <my_bucket>/532132341-2013_11_13.jpg <my_bucket>/565437681-2013_11_13.jpg <my_bucket>/234567460-2013_11_13.jpg 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg <my_bucket>/521335461-2013_11_13.jpg <my_bucket>/465330151-2013_11_13.jpg <my_bucket>/987331160-2013_11_13.jpg <my_bucket>/465765461-2013_11_13.jpg <my_bucket>/125631151-2013_11_13.jpg <my_bucket>/934563160-2013_11_13.jpg <my_bucket>/532132341-2013_11_13.jpg <my_bucket>/565437681-2013_11_13.jpg <my_bucket>/234567460-2013_11_13.jpg 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg <my_bucket>/521335461-2013_11_13.jpg <my_bucket>/465330151-2013_11_13.jpg <my_bucket>/987331160-2013_11_13.jpg <my_bucket>/465765461-2013_11_13.jpg <my_bucket>/125631151-2013_11_13.jpg <my_bucket>/934563160-2013_11_13.jpg <my_bucket>/532132341-2013_11_13.jpg <my_bucket>/565437681-2013_11_13.jpg <my_bucket>/234567460-2013_11_13.jpg 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this Do this…
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg <my_bucket>/521335461-2013_11_13.jpg <my_bucket>/465330151-2013_11_13.jpg <my_bucket>/987331160-2013_11_13.jpg <my_bucket>/465765461-2013_11_13.jpg <my_bucket>/125631151-2013_11_13.jpg <my_bucket>/934563160-2013_11_13.jpg <my_bucket>/532132341-2013_11_13.jpg <my_bucket>/565437681-2013_11_13.jpg <my_bucket>/234567460-2013_11_13.jpg 1 2 N 1 2 N Partition Partition Partition Partition 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this Do this… You end up with this
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg <my_bucket>/521335461-2013_11_13.jpg <my_bucket>/465330151-2013_11_13.jpg <my_bucket>/987331160-2013_11_13.jpg <my_bucket>/465765461-2013_11_13.jpg <my_bucket>/125631151-2013_11_13.jpg <my_bucket>/934563160-2013_11_13.jpg <my_bucket>/532132341-2013_11_13.jpg <my_bucket>/565437681-2013_11_13.jpg <my_bucket>/234567460-2013_11_13.jpg 1 2 N 1 2 N Partition Partition Partition Partition 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this Do this… You end up with this
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this Do this… You end up with this
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this Do this… You end up with this <my_bucket>/images/521335461-2013_11_13.jpg <my_bucket>/images/465330151-2013_11_13.jpg <my_bucket>/images/987331160-2013_11_13.jpg <my_bucket>/movies/465765461-2013_11_13.jpg <my_bucket>/movies/125631151-2013_11_13.jpg <my_bucket>/thumbs-small/934563160-2013_11_13.jpg <my_bucket>/thumbs-small/532132341-2013_11_13.jpg <my_bucket>/thumbs-small/565437681-2013_11_13.jpg <my_bucket>/thumbs-small/234567460-2013_11_13.jpg
Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this Do this… You end up with this <my_bucket>/images/521335461-2013_11_13.jpg <my_bucket>/images/465330151-2013_11_13.jpg <my_bucket>/images/987331160-2013_11_13.jpg <my_bucket>/movies/465765461-2013_11_13.jpg <my_bucket>/movies/125631151-2013_11_13.jpg <my_bucket>/thumbs-small/934563160-2013_11_13.jpg <my_bucket>/thumbs-small/532132341-2013_11_13.jpg <my_bucket>/thumbs-small/565437681-2013_11_13.jpg <my_bucket>/thumbs-small/234567460-2013_11_13.jpg This is also ok
Amazon S3 – Secondary Lists
 Restrict Use of S3 LIST DynamoDB RDS CloudSearch EC2 S3 ObjectCreated Notification Lambda SQS Workers
Amazon S3 – Secondary Lists
 Restrict Use of S3 LIST DynamoDB RDS CloudSearch EC2 S3 ObjectCreated Notification Lambda SQS Workers
Amazon S3 – Secondary Lists
 Restrict Use of S3 LIST DynamoDB RDS CloudSearch EC2 S3 ObjectCreated Notification Lambda SQS Workers
Demo
How can I simplify encryption for data in transit and data at rest?
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS Elastic Load Balancer with SSL Termination (Announced 2010)
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS Elastic Load Balancer with SSL Termination (Announced 2010) CloudFront with HTTPS Access With Custom Domain Names (Announced 2013)
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS Elastic Load Balancer with SSL Termination (Announced 2010) CloudFront with HTTPS Access With Custom Domain Names (Announced 2013) RDS with SSL (MySQL - 2010) (SQL Server – 2012) (Oracle/NNE – 2013) (PostgreSQL – 2013)
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS Elastic Load Balancer with SSL Termination (Announced 2010) CloudFront with HTTPS Access With Custom Domain Names (Announced 2013) RDS with SSL (MySQL - 2010) (SQL Server – 2012) (Oracle/NNE – 2013) (PostgreSQL – 2013)
Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Client Application S3 Objects
Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client S3 Objects
Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client S3 Objects
Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 1: Client Side Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 1: Client Side Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 1: Client Side DIY Key Management Infrastructure Encryption Libraries Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 1: Client Side DIY Key Management Infrastructure Encryption Libraries Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 1: Client Side DIY Key Management Infrastructure Data Encryption Libraries Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 1: Client Side DIY Key Management Infrastructure Data Encryption Libraries MySQL SSL (Announced 2010) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 2: Transparent Data Encryption – Oracle & SQL Server Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 2: Transparent Data Encryption – Oracle & SQL Server AWS Managed Wallet (Announced 2013) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 2: Transparent Data Encryption – Oracle & SQL Server AWS Managed Wallet (Announced 2013) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 2: Transparent Data Encryption – Oracle & SQL Server AWS Managed Wallet (Announced 2013) Data SQL SSL/Oracle NNE (Announced 2012/2013) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 2: Transparent Data Encryption – Oracle & SQL Server AWS Managed Wallet (Announced 2013) Data SQL SSL/Oracle NNE (Announced 2012/2013) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data SQL SSL/Oracle NNE (Announced 2012/2013) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 1: Client Side DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 1: Client Side Encryption Libraries Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 1: Client Side Encryption Libraries Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 2: SSE (Announced 2011) Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 2: SSE (Announced 2011) Master AWS Encryption Key Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 2: SSE (Announced 2011) Master AWS Encryption Key Object Generated DataKey DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 2: SSE (Announced 2011) Master AWS Encryption Key Object Generated DataKey DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 2: SSE (Announced 2011) Master AWS Encryption Key Object Generated DataKey Encrypted DataKey DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 2: SSE (Announced 2011) Master AWS Encryption Key Object Generated DataKey Encrypted DataKey DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 3: SSE-C (Announced 2014) Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 3: SSE-C (Announced 2014) Object Customer Provided Key DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App DIY Key Management Infrastructure CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 3: SSE-C (Announced 2014) Object Customer Provided Key DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App DIY Key Management Infrastructure CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 3: SSE-C (Announced 2014) Object Customer Provided Key DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 3: SSE-C (Announced 2014) Object Customer Provided Key CloudHSM (Announced 2013) DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Store Data with Envelope Encryption Client Application Announced 2014
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS 1) User creates Customer Master Keys (CMK) Store Data with Envelope Encryption Client Application Announced 2014
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS 2) User associates resource with CMK Store Data with Envelope Encryption Client Application Announced 2014
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Obj 3) Request to store data & context for encryption Data Data Data Requests Store Data with Envelope Encryption Client Application Announced 2014
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Obj Data Data Data 4) Service requests encryption key with context Store Data with Envelope Encryption Client Application Announced 2014
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Obj Data Data Data 5) AWS KMS returns an encryption (data) key + an encrypted version of the key + + + +Store Data with Envelope Encryption Client Application Announced 2014
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS 6) Service encrypts the data with the encryption key, then deletes the key from memory Store Data with Envelope Encryption Client Application Announced 2014
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS 7) Service stores the data along with the encrypted key Store Data with Envelope Encryption Client Application Announced 2014
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application Retrieve Data with Envelope Encryption Announced 2014
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application Request Request Request Request 1) Request to retrieve data Retrieve Data with Envelope Encryption Announced 2014
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application Request Request Request Request 2) Service retrieves the encrypted data & encrypted key. Retrieve Data with Envelope Encryption Announced 2014
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application 3) Service sends the encrypted key and the UserID to KMS. Retrieve Data with Envelope Encryption Announced 2014
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application 4) AWS KMS unencrypts the encryption key and returns the key to the service Retrieve Data with Envelope Encryption Announced 2014
Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application 5) Service decrypts the data with the encryption key, then deletes the key from memory Data Data DataObj Retrieve Data with Envelope Encryption Announced 2014
6) Service returns the data to the user Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application Data Data Data Obj Retrieve Data with Envelope Encryption Announced 2014
I’ve hit some obstacles with my VPC in terms of integration and performance, what are some of my options
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS This is a bottleneck & SPOF!
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS This is a bottleneck & SPOF! These are bandwidth- intensive for Internet egress
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS This is a bottleneck & SPOF! These are bandwidth- intensive for Internet egress Applications with legacy network reqs
10.4.0.0/16 10.0.0.0/16 172.16.0.0/16 192.168.0.0/16 172.17.0.0/16 10.1.0.0/16 10.2.0.0/1610.3.0.0/16 company data center 10.10.0.0/16 VPC Peering
10.4.0.0/16 10.0.0.0/16 172.16.0.0/16 192.168.0.0/16 172.17.0.0/16 10.1.0.0/16 10.2.0.0/1610.3.0.0/16 company data center 10.10.0.0/16 VPC Peering
10.4.0.0/16 10.0.0.0/16 172.16.0.0/16 192.168.0.0/16 172.17.0.0/16 10.1.0.0/16 10.2.0.0/1610.3.0.0/16 company data center 10.10.0.0/16 VPC Peering
10.1.0.0/16 10.0.0.0/16 10.0.0.0/16 Taking VPC Peering to the next Level
10.1.0.0/16 10.0.0.0/16 10.0.0.0/16 Taking VPC Peering to the next Level
10.1.0.0/16 10.0.0.0/16 10.0.0.0/16 ✔ Taking VPC Peering to the next Level
10.1.0.0/16 10.0.0.0/16 10.0.0.0/16 ✔ Taking VPC Peering to the next Level Overlapping IP is not a dead end
10.0.0.0/16 10.0.0.0/16 10.1.0.0/16 A B C Taking VPC Peering to the next Level PCX-1 PCX-2
10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16 A B C Taking VPC Peering to the next Level PCX-1 PCX-2
10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 A B C Taking VPC Peering to the next Level PCX-1 PCX-2
10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level PCX-1 PCX-2
10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level PCX-1 PCX-2 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network PCX-1 PCX-2 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network 10.0.0.58 PCX-1 PCX-2 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network 10.0.0.58 10.0.0.105 PCX-1 PCX-2 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network 10.0.0.58 10.0.0.105 PCX-1 PCX-210.1.1.105 10.1.2.105 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network SRC: 10.0.0.58 DST: 10.1.1.105 SRC: 10.1.2.105 DST: 10.0.0.105 10.0.0.58 10.0.0.105 PCX-1 PCX-210.1.1.105 10.1.2.105 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network SRC: 10.0.0.58 DST: 10.1.1.105 SRC: 10.1.2.105 DST: 10.0.0.105 10.0.0.58 10.0.0.105 PCX-1 PCX-210.1.1.105 10.1.2.105 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network SRC: 10.0.0.58 DST: 10.1.1.105 SRC: 10.1.2.105 DST: 10.0.0.105 10.0.0.58 10.0.0.105 PCX-1 PCX-210.1.1.105 10.1.2.105 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network SRC: 10.0.0.58 DST: 10.1.1.105 SRC: 10.1.2.105 DST: 10.0.0.105 10.0.0.58 10.0.0.105 PCX-1 PCX-210.1.1.105 10.1.2.105 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network SRC: 10.0.0.58 DST: 10.1.1.105 SRC: 10.1.2.105 DST: 10.0.0.105 10.0.0.58 10.0.0.105 PCX-1 PCX-210.1.1.105 10.1.2.105 Route53 Private Hosted Zone Route53 Private Hosted Zone Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
Demo
Availability Zone A Private Subnet Availability Zone B Private Subnet Internet AWS region Public Subnet Public Subnet NAT • Use Auto Scaling for NAT availability • Create 1 NAT per Availability Zone • All private subnet route tables to point to same zone NAT • 1 Auto Scaling group per NAT with min and max size set to 1 • Let Auto Scaling monitor the health and availability of your NATs • NAT bootstrap script updates route tables programmatically • Latest version of script – uses tags: https://github.com/ralex-aws/vpc Auto scale HA NAT Dynamo DB Scaling Internet egress capacity NAT ASG min=1 max=1 ASG min=1 max=1 SQS SNS
Availability Zone A Private Subnet Availability Zone B Private Subnet Internet AWS region Public Subnet Public Subnet NAT • Use Auto Scaling for NAT availability • Create 1 NAT per Availability Zone • All private subnet route tables to point to same zone NAT • 1 Auto Scaling group per NAT with min and max size set to 1 • Let Auto Scaling monitor the health and availability of your NATs • NAT bootstrap script updates route tables programmatically • Latest version of script – uses tags: https://github.com/ralex-aws/vpc Auto scale HA NAT Dynamo DB Scaling Internet egress capacity NAT ASG min=1 max=1 ASG min=1 max=1 SQS SNS
Availability Zone A Private Subnet Availability Zone B Private Subnet Internet AWS region Public Subnet Public Subnet NAT • Use Auto Scaling for NAT availability • Create 1 NAT per Availability Zone • All private subnet route tables to point to same zone NAT • 1 Auto Scaling group per NAT with min and max size set to 1 • Let Auto Scaling monitor the health and availability of your NATs • NAT bootstrap script updates route tables programmatically • Latest version of script – uses tags: https://github.com/ralex-aws/vpc Auto scale HA NAT Dynamo DB Scaling Internet egress capacity NAT ASG min=1 max=1 ASG min=1 max=1 SQS SNS
Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet S3 Scaling Internet egress capacity Direct Connect DynamoDBSQS
Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet S3 Scaling Internet egress capacity Direct Connect DynamoDBSQS
Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 Scaling Internet egress capacity Direct Connect DynamoDBSQS
Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 • Only proxy subnets have route to IGW. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 • Only proxy subnets have route to IGW. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 • Only proxy subnets have route to IGW. • Proxy security group allows inbound only from Elastic Load Balancing security group. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 HTTP/S • Only proxy subnets have route to IGW. • Proxy security group allows inbound only from Elastic Load Balancing security group. • Proxy restricts which URLs may pass. In this example, *.amazonaws.com is allowed. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 HTTP/S • Only proxy subnets have route to IGW. • Proxy security group allows inbound only from Elastic Load Balancing security group. • Proxy restricts which URLs may pass. In this example, *.amazonaws.com is allowed. • Egress NACLs on proxy subnets enforce HTTP/S only. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 HTTP/S • Only proxy subnets have route to IGW. • Proxy security group allows inbound only from Elastic Load Balancing security group. • Proxy restricts which URLs may pass. In this example, *.amazonaws.com is allowed. • Egress NACLs on proxy subnets enforce HTTP/S only. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 HTTP/S • Only proxy subnets have route to IGW. • Proxy security group allows inbound only from Elastic Load Balancing security group. • Proxy restricts which URLs may pass. In this example, *.amazonaws.com is allowed. • Egress NACLs on proxy subnets enforce HTTP/S only. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 HTTP/S • Only proxy subnets have route to IGW. • Proxy security group allows inbound only from Elastic Load Balancing security group. • Proxy restricts which URLs may pass. In this example, *.amazonaws.com is allowed. • Egress NACLs on proxy subnets enforce HTTP/S only. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS • Could also have HA NATs NATNAT
Multicast on AWS
Multicast on AWS • Not directly supported
Multicast on AWS • Not directly supported 10.0.0.54 10.0.0.79 10.0.1.132 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 10.0.1.18310.0.0.41
Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N 10.0.0.54 10.0.0.79 10.0.1.132 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 10.0.1.18310.0.0.41
Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N 10.0.0.54 10.0.0.79 10.0.1.132 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 Tunnel 10.0.1.18310.0.0.41
Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N 10.0.0.54 10.0.0.79 10.0.1.132192.16.0.10 192.168.0.13 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 Tunnel 10.0.1.18310.0.0.41
Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N • GRE configuration can be automated – Multicast configuration stored in tags 10.0.0.54 10.0.0.79 10.0.1.132192.16.0.10 192.168.0.12 192.168.0.13 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 Tunnel 10.0.1.18310.0.0.41 192.168.0.12 192.168.0.0/24 Overlay
Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N • GRE configuration can be automated – Multicast configuration stored in tags 10.0.0.54 10.0.0.79 10.0.1.132192.16.0.10 192.168.0.12 192.168.0.13 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 Tunnel 10.0.1.18310.0.0.41 192.168.0.12 192.168.0.0/24 Overlay TAG: multicast App1,192.168.0.13/24 TAG: multicast App1,192.168.0.12/24 TAG: multicast App1,192.168.0.10/24
Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N • GRE configuration can be automated – Multicast configuration stored in tags 10.0.0.54 10.0.0.79 10.0.1.132192.16.0.10 192.168.0.12 192.168.0.13 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 Tunnel 10.0.1.18310.0.0.41 192.168.0.12 192.168.0.0/24 Overlay TAG: multicast App1,192.168.0.13/24 TAG: multicast App1,192.168.0.12/24 TAG: multicast App1,192.168.0.10/24 Setup Guide: http://bit.ly/aws-multi
Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N • GRE configuration can be automated – Multicast configuration stored in tags • Periodically check for new members (60 seconds) 10.0.0.54 10.0.0.79 10.0.1.132192.16.0.10 192.168.0.12 192.168.0.13 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 Tunnel 10.0.1.18310.0.0.41 192.168.0.12 192.168.0.0/24 Overlay TAG: multicast App1,192.168.0.13/24 TAG: multicast App1,192.168.0.12/24 TAG: multicast App1,192.168.0.10/24 Setup Guide: http://bit.ly/aws-multi
I’ve automated my deployments but what about responding to events?
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS What about services with no native CloudWatch integration
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS What about services with no native CloudWatch integration Managing non- CloudFormation supported resources/events
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS What about services with no native CloudWatch integration Collecting and analysing non-EC2 logs Managing non- CloudFormation supported resources/events
Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS What about services with no native CloudWatch integration Collecting and analysing non-EC2 logs Managing non- CloudFormation supported resources/events
Advanced uses of CloudWatch – Custom Metrics #!/usr/bin/python import boto.ec2.cloudwatch import boto.vpc AWS_Regions=["us-east-1","us-west-2","us-west-1","eu-west-1"] CloudWatch_Region="us-east-1" cw = boto.ec2.cloudwatch.connect_to_region(CloudWatch_Region) for region in AWS_Regions: vpcconn = boto.vpc.connect_to_region(region) vpns = vpcconn.get_all_vpn_connections() for vpn in vpns: if vpn.state == "available": active_tunnels = 0 if vpn.tunnels[0].status == "UP": active_tunnels+=1 if vpn.tunnels[1].status == "UP": active_tunnels+=1 print vpn.id+" has "+str(active_tunnels)+" active tunnels!” cw.put_metric_data("VPNStatus", vpn.id, value=active_tunnels, dimensions={'VGW':vpn.vpn_gateway_id, 'CGW':vpn.customer_gateway_id})
Advanced uses of CloudWatch – Custom Metrics #!/usr/bin/python import boto.ec2.cloudwatch import boto.vpc AWS_Regions=["us-east-1","us-west-2","us-west-1","eu-west-1"] CloudWatch_Region="us-east-1" cw = boto.ec2.cloudwatch.connect_to_region(CloudWatch_Region) for region in AWS_Regions: vpcconn = boto.vpc.connect_to_region(region) vpns = vpcconn.get_all_vpn_connections() for vpn in vpns: if vpn.state == "available": active_tunnels = 0 if vpn.tunnels[0].status == "UP": active_tunnels+=1 if vpn.tunnels[1].status == "UP": active_tunnels+=1 print vpn.id+" has "+str(active_tunnels)+" active tunnels!” cw.put_metric_data("VPNStatus", vpn.id, value=active_tunnels, dimensions={'VGW':vpn.vpn_gateway_id, 'CGW':vpn.customer_gateway_id})
Advanced uses of CloudWatch – Custom Metrics #!/usr/bin/python import boto.ec2.cloudwatch import boto.vpc AWS_Regions=["us-east-1","us-west-2","us-west-1","eu-west-1"] CloudWatch_Region="us-east-1" cw = boto.ec2.cloudwatch.connect_to_region(CloudWatch_Region) for region in AWS_Regions: vpcconn = boto.vpc.connect_to_region(region) vpns = vpcconn.get_all_vpn_connections() for vpn in vpns: if vpn.state == "available": active_tunnels = 0 if vpn.tunnels[0].status == "UP": active_tunnels+=1 if vpn.tunnels[1].status == "UP": active_tunnels+=1 print vpn.id+" has "+str(active_tunnels)+" active tunnels!” cw.put_metric_data("VPNStatus", vpn.id, value=active_tunnels, dimensions={'VGW':vpn.vpn_gateway_id, 'CGW':vpn.customer_gateway_id})
Advanced uses of CloudWatch – Custom Metrics #!/usr/bin/python import boto.ec2.cloudwatch import boto.vpc AWS_Regions=["us-east-1","us-west-2","us-west-1","eu-west-1"] CloudWatch_Region="us-east-1" cw = boto.ec2.cloudwatch.connect_to_region(CloudWatch_Region) for region in AWS_Regions: vpcconn = boto.vpc.connect_to_region(region) vpns = vpcconn.get_all_vpn_connections() for vpn in vpns: if vpn.state == "available": active_tunnels = 0 if vpn.tunnels[0].status == "UP": active_tunnels+=1 if vpn.tunnels[1].status == "UP": active_tunnels+=1 print vpn.id+" has "+str(active_tunnels)+" active tunnels!” cw.put_metric_data("VPNStatus", vpn.id, value=active_tunnels, dimensions={'VGW':vpn.vpn_gateway_id, 'CGW':vpn.customer_gateway_id}) And Not Just For AWS Resources!
Advanced uses of CloudWatch – Logs CloudWatch Logs
Advanced uses of CloudWatch – Logs EC2 CloudWatch Logs OS Agent-based
Advanced uses of CloudWatch – Logs EC2 Traditional Server CloudWatch Logs OS Agent-based OS Agent-based
Advanced uses of CloudWatch – Logs CloudTrail EC2 Traditional Server CloudWatch Logs OS Agent-based OS Agent-based Native
Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs OS Agent-based OS Agent-based Native Pull/Push Lambda??
Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda??
Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda?? Metrics filters:
Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda?? Metrics filters: • Literal Terms
Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda?? Metrics filters: • Literal Terms
Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda?? Metrics filters: • Literal Terms • Common Log Format
Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda?? Metrics filters: • Literal Terms • Common Log Format
Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda?? Metrics filters: • Literal Terms • Common Log Format • JSON
Lambda-powered custom resources EC2 instance Software pkgs, config, & dataCloudWatch alarms Your AWS CloudFormation stack // Implement custom logic here Look up an AMI ID Your AWS Lambda functions Look up VPC ID and Subnet ID Reverse an IP address Lambda-powered custom resources
Lambda-powered custom resources security group Auto Scaling group EC2 instance Elastic Load Balancing ElastiCache memcached cluster Software pkgs, config, & dataCloudWatch alarms Your AWS CloudFormation stack // Implement custom logic here Look up an AMI ID Your AWS Lambda functions Look up VPC ID and Subnet ID Reverse an IP address Lambda-powered custom resources
Recent announcements of interest
Recent announcements of interest • AWS Lambda GA • Amazon EC2 Container Service GA • Amazon Machine Learning • Amazon Workspaces Application Manager • Amazon Elastic File System
AWS Black Belt Ninja Dojo: Optimizing AWS Services Performance and Costs

Recommended

AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)
AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)
AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)Amazon Web Services
 
Sony DAD NMS & Our Migration to the AWS Cloud
Sony DAD NMS & Our Migration to the AWS CloudSony DAD NMS & Our Migration to the AWS Cloud
Sony DAD NMS & Our Migration to the AWS CloudAmazon Web Services
 
Getting Started with Amazon DynamoDB
Getting Started with Amazon DynamoDBGetting Started with Amazon DynamoDB
Getting Started with Amazon DynamoDBAmazon Web Services
 
AWS Summit London 2014 | Scaling on AWS for the First 10 Million Users (200)
AWS Summit London 2014 | Scaling on AWS for the First 10 Million Users (200)AWS Summit London 2014 | Scaling on AWS for the First 10 Million Users (200)
AWS Summit London 2014 | Scaling on AWS for the First 10 Million Users (200)Amazon Web Services
 
How to Scale to Millions of Users with AWS
How to Scale to Millions of Users with AWSHow to Scale to Millions of Users with AWS
How to Scale to Millions of Users with AWSAmazon Web Services
 
Relational Database Services on AWS
Relational Database Services on AWSRelational Database Services on AWS
Relational Database Services on AWSAmazon Web Services
 
BDA308 Serverless Analytics with Amazon Athena and Amazon QuickSight, featuri...
BDA308 Serverless Analytics with Amazon Athena and Amazon QuickSight, featuri...BDA308 Serverless Analytics with Amazon Athena and Amazon QuickSight, featuri...
BDA308 Serverless Analytics with Amazon Athena and Amazon QuickSight, featuri...Amazon Web Services
 
AWS re:Invent 2016: Technical Tips for Helping SAP Customers Succeed on AWS (...
AWS re:Invent 2016: Technical Tips for Helping SAP Customers Succeed on AWS (...AWS re:Invent 2016: Technical Tips for Helping SAP Customers Succeed on AWS (...
AWS re:Invent 2016: Technical Tips for Helping SAP Customers Succeed on AWS (...Amazon Web Services
 

Recommended

AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)
AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)
AWS re:Invent 2016: Introduction to Managed Database Services on AWS (DAT307)Amazon Web Services
 
Sony DAD NMS & Our Migration to the AWS Cloud
Sony DAD NMS & Our Migration to the AWS CloudSony DAD NMS & Our Migration to the AWS Cloud
Sony DAD NMS & Our Migration to the AWS CloudAmazon Web Services
 
Getting Started with Amazon DynamoDB
Getting Started with Amazon DynamoDBGetting Started with Amazon DynamoDB
Getting Started with Amazon DynamoDBAmazon Web Services
 
AWS Summit London 2014 | Scaling on AWS for the First 10 Million Users (200)
AWS Summit London 2014 | Scaling on AWS for the First 10 Million Users (200)AWS Summit London 2014 | Scaling on AWS for the First 10 Million Users (200)
AWS Summit London 2014 | Scaling on AWS for the First 10 Million Users (200)Amazon Web Services
 
How to Scale to Millions of Users with AWS
How to Scale to Millions of Users with AWSHow to Scale to Millions of Users with AWS
How to Scale to Millions of Users with AWSAmazon Web Services
 
Relational Database Services on AWS
Relational Database Services on AWSRelational Database Services on AWS
Relational Database Services on AWSAmazon Web Services
 
BDA308 Serverless Analytics with Amazon Athena and Amazon QuickSight, featuri...
BDA308 Serverless Analytics with Amazon Athena and Amazon QuickSight, featuri...BDA308 Serverless Analytics with Amazon Athena and Amazon QuickSight, featuri...
BDA308 Serverless Analytics with Amazon Athena and Amazon QuickSight, featuri...Amazon Web Services
 
AWS re:Invent 2016: Technical Tips for Helping SAP Customers Succeed on AWS (...
AWS re:Invent 2016: Technical Tips for Helping SAP Customers Succeed on AWS (...AWS re:Invent 2016: Technical Tips for Helping SAP Customers Succeed on AWS (...
AWS re:Invent 2016: Technical Tips for Helping SAP Customers Succeed on AWS (...Amazon Web Services
 
AWS Chicago user group - October 2015 "reInvent Replay"
AWS Chicago user group - October 2015 "reInvent Replay"AWS Chicago user group - October 2015 "reInvent Replay"
AWS Chicago user group - October 2015 "reInvent Replay"Cohesive Networks
 
Accelerate your Business with SAP on AWS - AWS Summit Cape Town 2017
Accelerate your Business with SAP on AWS - AWS Summit Cape Town 2017 Accelerate your Business with SAP on AWS - AWS Summit Cape Town 2017
Accelerate your Business with SAP on AWS - AWS Summit Cape Town 2017 Amazon Web Services
 
Amazon Redshift Deep Dive
Amazon Redshift Deep Dive Amazon Redshift Deep Dive
Amazon Redshift Deep Dive Amazon Web Services
 
Intro to AWS: Database Services
Intro to AWS: Database ServicesIntro to AWS: Database Services
Intro to AWS: Database ServicesAmazon Web Services
 
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)Amazon Web Services
 
ENT306 Migrating large Scale Data Sets to the Cloud
ENT306 Migrating large Scale Data Sets to the CloudENT306 Migrating large Scale Data Sets to the Cloud
ENT306 Migrating large Scale Data Sets to the CloudAmazon Web Services
 
Big Data and Architectural Patterns on AWS - Pop-up Loft Tel Aviv
Big Data and Architectural Patterns on AWS - Pop-up Loft Tel AvivBig Data and Architectural Patterns on AWS - Pop-up Loft Tel Aviv
Big Data and Architectural Patterns on AWS - Pop-up Loft Tel AvivAmazon Web Services
 
Strategic Uses for Cost Efficient Long-Term Cloud Storage
Strategic Uses for Cost Efficient Long-Term Cloud StorageStrategic Uses for Cost Efficient Long-Term Cloud Storage
Strategic Uses for Cost Efficient Long-Term Cloud StorageAmazon Web Services
 
Data Replication Options in AWS (ARC302) | AWS re:Invent 2013
Data Replication Options in AWS (ARC302) | AWS re:Invent 2013Data Replication Options in AWS (ARC302) | AWS re:Invent 2013
Data Replication Options in AWS (ARC302) | AWS re:Invent 2013Amazon Web Services
 
AWS Summit London 2014 | Deployment Done Right (300)
AWS Summit London 2014 | Deployment Done Right (300)AWS Summit London 2014 | Deployment Done Right (300)
AWS Summit London 2014 | Deployment Done Right (300)Amazon Web Services
 
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)Amazon Web Services
 
Deep Dive on Amazon DynamoDB
Deep Dive on Amazon DynamoDBDeep Dive on Amazon DynamoDB
Deep Dive on Amazon DynamoDBAmazon Web Services
 
AWS Webcast - Best Practices for Deploying SAP Workloads on AWS
AWS Webcast - Best Practices for Deploying SAP Workloads on AWSAWS Webcast - Best Practices for Deploying SAP Workloads on AWS
AWS Webcast - Best Practices for Deploying SAP Workloads on AWSAmazon Web Services
 
AWS re:Invent 2016: Best Practices for Data Warehousing with Amazon Redshift ...
AWS re:Invent 2016: Best Practices for Data Warehousing with Amazon Redshift ...AWS re:Invent 2016: Best Practices for Data Warehousing with Amazon Redshift ...
AWS re:Invent 2016: Best Practices for Data Warehousing with Amazon Redshift ...Amazon Web Services
 
AWS re:Invent 2016| DAT318 | Migrating from RDBMS to NoSQL: How Sony Moved fr...
AWS re:Invent 2016| DAT318 | Migrating from RDBMS to NoSQL: How Sony Moved fr...AWS re:Invent 2016| DAT318 | Migrating from RDBMS to NoSQL: How Sony Moved fr...
AWS re:Invent 2016| DAT318 | Migrating from RDBMS to NoSQL: How Sony Moved fr...Amazon Web Services
 
Relational Database Services on AWS
Relational Database Services on AWSRelational Database Services on AWS
Relational Database Services on AWSAmazon Web Services
 
Introduction to Database Services
Introduction to Database ServicesIntroduction to Database Services
Introduction to Database ServicesAmazon Web Services
 
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...Amazon Web Services
 
SQL Server on AWS
SQL Server on AWSSQL Server on AWS
SQL Server on AWSAmazon Web Services
 
Best Practices running SQL Server on AWS
Best Practices running SQL Server on AWSBest Practices running SQL Server on AWS
Best Practices running SQL Server on AWSAmazon Web Services
 
Deep Dive on Amazon RDS
Deep Dive on Amazon RDSDeep Dive on Amazon RDS
Deep Dive on Amazon RDSAmazon Web Services
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceAmazon Web Services
 

More Related Content

What's hot

AWS Chicago user group - October 2015 "reInvent Replay"
AWS Chicago user group - October 2015 "reInvent Replay"AWS Chicago user group - October 2015 "reInvent Replay"
AWS Chicago user group - October 2015 "reInvent Replay"Cohesive Networks
 
Accelerate your Business with SAP on AWS - AWS Summit Cape Town 2017
Accelerate your Business with SAP on AWS - AWS Summit Cape Town 2017 Accelerate your Business with SAP on AWS - AWS Summit Cape Town 2017
Accelerate your Business with SAP on AWS - AWS Summit Cape Town 2017 Amazon Web Services
 
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)Amazon Web Services
 
ENT306 Migrating large Scale Data Sets to the Cloud
ENT306 Migrating large Scale Data Sets to the CloudENT306 Migrating large Scale Data Sets to the Cloud
ENT306 Migrating large Scale Data Sets to the CloudAmazon Web Services
 
Big Data and Architectural Patterns on AWS - Pop-up Loft Tel Aviv
Big Data and Architectural Patterns on AWS - Pop-up Loft Tel AvivBig Data and Architectural Patterns on AWS - Pop-up Loft Tel Aviv
Big Data and Architectural Patterns on AWS - Pop-up Loft Tel AvivAmazon Web Services
 
Strategic Uses for Cost Efficient Long-Term Cloud Storage
Strategic Uses for Cost Efficient Long-Term Cloud StorageStrategic Uses for Cost Efficient Long-Term Cloud Storage
Strategic Uses for Cost Efficient Long-Term Cloud StorageAmazon Web Services
 
Data Replication Options in AWS (ARC302) | AWS re:Invent 2013
Data Replication Options in AWS (ARC302) | AWS re:Invent 2013Data Replication Options in AWS (ARC302) | AWS re:Invent 2013
Data Replication Options in AWS (ARC302) | AWS re:Invent 2013Amazon Web Services
 
AWS Summit London 2014 | Deployment Done Right (300)
AWS Summit London 2014 | Deployment Done Right (300)AWS Summit London 2014 | Deployment Done Right (300)
AWS Summit London 2014 | Deployment Done Right (300)Amazon Web Services
 
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)Amazon Web Services
 
AWS Webcast - Best Practices for Deploying SAP Workloads on AWS
AWS Webcast - Best Practices for Deploying SAP Workloads on AWSAWS Webcast - Best Practices for Deploying SAP Workloads on AWS
AWS Webcast - Best Practices for Deploying SAP Workloads on AWSAmazon Web Services
 
AWS re:Invent 2016: Best Practices for Data Warehousing with Amazon Redshift ...
AWS re:Invent 2016: Best Practices for Data Warehousing with Amazon Redshift ...AWS re:Invent 2016: Best Practices for Data Warehousing with Amazon Redshift ...
AWS re:Invent 2016: Best Practices for Data Warehousing with Amazon Redshift ...Amazon Web Services
 
AWS re:Invent 2016| DAT318 | Migrating from RDBMS to NoSQL: How Sony Moved fr...
AWS re:Invent 2016| DAT318 | Migrating from RDBMS to NoSQL: How Sony Moved fr...AWS re:Invent 2016| DAT318 | Migrating from RDBMS to NoSQL: How Sony Moved fr...
AWS re:Invent 2016| DAT318 | Migrating from RDBMS to NoSQL: How Sony Moved fr...Amazon Web Services
 
Relational Database Services on AWS
Relational Database Services on AWSRelational Database Services on AWS
Relational Database Services on AWSAmazon Web Services
 
Introduction to Database Services
Introduction to Database ServicesIntroduction to Database Services
Introduction to Database ServicesAmazon Web Services
 
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...Amazon Web Services
 
Best Practices running SQL Server on AWS
Best Practices running SQL Server on AWSBest Practices running SQL Server on AWS
Best Practices running SQL Server on AWSAmazon Web Services
 

What's hot (20)

AWS Chicago user group - October 2015 "reInvent Replay"
AWS Chicago user group - October 2015 "reInvent Replay"AWS Chicago user group - October 2015 "reInvent Replay"
AWS Chicago user group - October 2015 "reInvent Replay"
 
Accelerate your Business with SAP on AWS - AWS Summit Cape Town 2017
Accelerate your Business with SAP on AWS - AWS Summit Cape Town 2017 Accelerate your Business with SAP on AWS - AWS Summit Cape Town 2017
Accelerate your Business with SAP on AWS - AWS Summit Cape Town 2017
 
Amazon Redshift Deep Dive
Amazon Redshift Deep Dive Amazon Redshift Deep Dive
Amazon Redshift Deep Dive
 
Intro to AWS: Database Services
Intro to AWS: Database ServicesIntro to AWS: Database Services
Intro to AWS: Database Services
 
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
 
ENT306 Migrating large Scale Data Sets to the Cloud
ENT306 Migrating large Scale Data Sets to the CloudENT306 Migrating large Scale Data Sets to the Cloud
ENT306 Migrating large Scale Data Sets to the Cloud
 
Big Data and Architectural Patterns on AWS - Pop-up Loft Tel Aviv
Big Data and Architectural Patterns on AWS - Pop-up Loft Tel AvivBig Data and Architectural Patterns on AWS - Pop-up Loft Tel Aviv
Big Data and Architectural Patterns on AWS - Pop-up Loft Tel Aviv
 
Strategic Uses for Cost Efficient Long-Term Cloud Storage
Strategic Uses for Cost Efficient Long-Term Cloud StorageStrategic Uses for Cost Efficient Long-Term Cloud Storage
Strategic Uses for Cost Efficient Long-Term Cloud Storage
 
Data Replication Options in AWS (ARC302) | AWS re:Invent 2013
Data Replication Options in AWS (ARC302) | AWS re:Invent 2013Data Replication Options in AWS (ARC302) | AWS re:Invent 2013
Data Replication Options in AWS (ARC302) | AWS re:Invent 2013
 
AWS Summit London 2014 | Deployment Done Right (300)
AWS Summit London 2014 | Deployment Done Right (300)AWS Summit London 2014 | Deployment Done Right (300)
AWS Summit London 2014 | Deployment Done Right (300)
 
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
 
Deep Dive on Amazon DynamoDB
Deep Dive on Amazon DynamoDBDeep Dive on Amazon DynamoDB
Deep Dive on Amazon DynamoDB
 
AWS Webcast - Best Practices for Deploying SAP Workloads on AWS
AWS Webcast - Best Practices for Deploying SAP Workloads on AWSAWS Webcast - Best Practices for Deploying SAP Workloads on AWS
AWS Webcast - Best Practices for Deploying SAP Workloads on AWS
 
AWS re:Invent 2016: Best Practices for Data Warehousing with Amazon Redshift ...
AWS re:Invent 2016: Best Practices for Data Warehousing with Amazon Redshift ...AWS re:Invent 2016: Best Practices for Data Warehousing with Amazon Redshift ...
AWS re:Invent 2016: Best Practices for Data Warehousing with Amazon Redshift ...
 
AWS re:Invent 2016| DAT318 | Migrating from RDBMS to NoSQL: How Sony Moved fr...
AWS re:Invent 2016| DAT318 | Migrating from RDBMS to NoSQL: How Sony Moved fr...AWS re:Invent 2016| DAT318 | Migrating from RDBMS to NoSQL: How Sony Moved fr...
AWS re:Invent 2016| DAT318 | Migrating from RDBMS to NoSQL: How Sony Moved fr...
 
Relational Database Services on AWS
Relational Database Services on AWSRelational Database Services on AWS
Relational Database Services on AWS
 
Introduction to Database Services
Introduction to Database ServicesIntroduction to Database Services
Introduction to Database Services
 
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
AWS re:Invent 2016: Design Patterns for High Availability: Lessons from Amazo...
 
SQL Server on AWS
SQL Server on AWSSQL Server on AWS
SQL Server on AWS
 
Best Practices running SQL Server on AWS
Best Practices running SQL Server on AWSBest Practices running SQL Server on AWS
Best Practices running SQL Server on AWS
 

Viewers also liked

Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceAmazon Web Services
 
(SDD403) Amazon RDS for MySQL Deep Dive | AWS re:Invent 2014
(SDD403) Amazon RDS for MySQL Deep Dive | AWS re:Invent 2014(SDD403) Amazon RDS for MySQL Deep Dive | AWS re:Invent 2014
(SDD403) Amazon RDS for MySQL Deep Dive | AWS re:Invent 2014Amazon Web Services
 
MySQL Server Backup, Restoration, And Disaster Recovery Planning Presentation
MySQL Server Backup, Restoration, And Disaster Recovery Planning PresentationMySQL Server Backup, Restoration, And Disaster Recovery Planning Presentation
MySQL Server Backup, Restoration, And Disaster Recovery Planning PresentationColin Charles
 
Disaster Recovery using AWS -Architecture blueprints
Disaster Recovery using AWS -Architecture blueprintsDisaster Recovery using AWS -Architecture blueprints
Disaster Recovery using AWS -Architecture blueprintsHarish Ganesan
 
AWS re:Invent 2016: Deep Dive on Amazon Relational Database Service (DAT305)
AWS re:Invent 2016: Deep Dive on Amazon Relational Database Service (DAT305)AWS re:Invent 2016: Deep Dive on Amazon Relational Database Service (DAT305)
AWS re:Invent 2016: Deep Dive on Amazon Relational Database Service (DAT305)Amazon Web Services
 

Viewers also liked (6)

Deep Dive on Amazon RDS
Deep Dive on Amazon RDSDeep Dive on Amazon RDS
Deep Dive on Amazon RDS
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
(SDD403) Amazon RDS for MySQL Deep Dive | AWS re:Invent 2014
(SDD403) Amazon RDS for MySQL Deep Dive | AWS re:Invent 2014(SDD403) Amazon RDS for MySQL Deep Dive | AWS re:Invent 2014
(SDD403) Amazon RDS for MySQL Deep Dive | AWS re:Invent 2014
 
MySQL Server Backup, Restoration, And Disaster Recovery Planning Presentation
MySQL Server Backup, Restoration, And Disaster Recovery Planning PresentationMySQL Server Backup, Restoration, And Disaster Recovery Planning Presentation
MySQL Server Backup, Restoration, And Disaster Recovery Planning Presentation
 
Disaster Recovery using AWS -Architecture blueprints
Disaster Recovery using AWS -Architecture blueprintsDisaster Recovery using AWS -Architecture blueprints
Disaster Recovery using AWS -Architecture blueprints
 
AWS re:Invent 2016: Deep Dive on Amazon Relational Database Service (DAT305)
AWS re:Invent 2016: Deep Dive on Amazon Relational Database Service (DAT305)AWS re:Invent 2016: Deep Dive on Amazon Relational Database Service (DAT305)
AWS re:Invent 2016: Deep Dive on Amazon Relational Database Service (DAT305)
 

Similar to AWS Black Belt Ninja Dojo: Optimizing AWS Services Performance and Costs

Deep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block StoreDeep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block StoreAmazon Web Services
 
Deep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block StoreDeep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block StoreAmazon Web Services
 
Deep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block StoreDeep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block StoreAmazon Web Services
 
AWS re:Invent 2016: Deep Dive on Amazon Elastic Block Store (STG301)
AWS re:Invent 2016: Deep Dive on Amazon Elastic Block Store (STG301)AWS re:Invent 2016: Deep Dive on Amazon Elastic Block Store (STG301)
AWS re:Invent 2016: Deep Dive on Amazon Elastic Block Store (STG301)Amazon Web Services
 
Maximizing Amazon EC2 and Amazon EBS performance
Maximizing Amazon EC2 and Amazon EBS performanceMaximizing Amazon EC2 and Amazon EBS performance
Maximizing Amazon EC2 and Amazon EBS performanceAmazon Web Services
 
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)Amazon Web Services
 
Maximizing EC2 and Elastic Block Store Disk Performance
Maximizing EC2 and Elastic Block Store Disk PerformanceMaximizing EC2 and Elastic Block Store Disk Performance
Maximizing EC2 and Elastic Block Store Disk PerformanceAmazon Web Services
 
Optimize MySQL Workloads with Amazon Elastic Block Store - February 2017 AWS ...
Optimize MySQL Workloads with Amazon Elastic Block Store - February 2017 AWS ...Optimize MySQL Workloads with Amazon Elastic Block Store - February 2017 AWS ...
Optimize MySQL Workloads with Amazon Elastic Block Store - February 2017 AWS ...Amazon Web Services
 
AWS Summit Seoul 2015 - EBS 성능 향상 및 EC2 비용 최적화 기법
AWS Summit Seoul 2015 - EBS 성능 향상 및 EC2 비용 최적화 기법AWS Summit Seoul 2015 - EBS 성능 향상 및 EC2 비용 최적화 기법
AWS Summit Seoul 2015 - EBS 성능 향상 및 EC2 비용 최적화 기법Amazon Web Services Korea
 
(SDD416) Amazon EBS Deep Dive | AWS re:Invent 2014
(SDD416) Amazon EBS Deep Dive | AWS re:Invent 2014(SDD416) Amazon EBS Deep Dive | AWS re:Invent 2014
(SDD416) Amazon EBS Deep Dive | AWS re:Invent 2014Amazon Web Services
 
AWS vs Azure vs Google Cloud Storage Deep Dive
AWS vs Azure vs Google Cloud Storage Deep DiveAWS vs Azure vs Google Cloud Storage Deep Dive
AWS vs Azure vs Google Cloud Storage Deep DiveRightScale
 
What to know about Amazon Elastic Block Store (EBS)
What to know about Amazon Elastic Block Store (EBS)What to know about Amazon Elastic Block Store (EBS)
What to know about Amazon Elastic Block Store (EBS)LCloud
 
Maximizing EC2 and Elastic Block Store Disk Performance
Maximizing EC2 and Elastic Block Store Disk PerformanceMaximizing EC2 and Elastic Block Store Disk Performance
Maximizing EC2 and Elastic Block Store Disk PerformanceAmazon Web Services
 
Optimizing Amazon EBS for Performance (CMP317-R2) - AWS re:Invent 2018
Optimizing Amazon EBS for Performance (CMP317-R2) - AWS re:Invent 2018Optimizing Amazon EBS for Performance (CMP317-R2) - AWS re:Invent 2018
Optimizing Amazon EBS for Performance (CMP317-R2) - AWS re:Invent 2018Amazon Web Services
 
Optimizing Amazon EBS for Performance (CMP371) - AWS re:Invent 2018
Optimizing Amazon EBS for Performance (CMP371) - AWS re:Invent 2018Optimizing Amazon EBS for Performance (CMP371) - AWS re:Invent 2018
Optimizing Amazon EBS for Performance (CMP371) - AWS re:Invent 2018Amazon Web Services
 
AWS Summit London 2014 | Maximising EC2 and EBC Performance (400)
AWS Summit London 2014 | Maximising EC2 and EBC Performance (400)AWS Summit London 2014 | Maximising EC2 and EBC Performance (400)
AWS Summit London 2014 | Maximising EC2 and EBC Performance (400)Amazon Web Services
 
AWS Webcast - Cost and Performance Optimization in Amazon RDS
AWS Webcast - Cost and Performance Optimization in Amazon RDSAWS Webcast - Cost and Performance Optimization in Amazon RDS
AWS Webcast - Cost and Performance Optimization in Amazon RDSAmazon Web Services
 
Deep Dive on Amazon EBS - AWS Online Tech Talks
Deep Dive on Amazon EBS - AWS Online Tech TalksDeep Dive on Amazon EBS - AWS Online Tech Talks
Deep Dive on Amazon EBS - AWS Online Tech TalksAmazon Web Services
 
Deep Dive on Amazon EBS Elastic Volumes - March 2017 AWS Online Tech Talks
Deep Dive on Amazon EBS Elastic Volumes - March 2017 AWS Online Tech TalksDeep Dive on Amazon EBS Elastic Volumes - March 2017 AWS Online Tech Talks
Deep Dive on Amazon EBS Elastic Volumes - March 2017 AWS Online Tech TalksAmazon Web Services
 
DAT203 Optimizing Your MongoDB Database on AWS - AWS re: Invent 2012
DAT203 Optimizing Your MongoDB Database on AWS - AWS re: Invent 2012DAT203 Optimizing Your MongoDB Database on AWS - AWS re: Invent 2012
DAT203 Optimizing Your MongoDB Database on AWS - AWS re: Invent 2012Amazon Web Services
 

Similar to AWS Black Belt Ninja Dojo: Optimizing AWS Services Performance and Costs (20)

Deep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block StoreDeep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block Store
 
Deep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block StoreDeep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block Store
 
Deep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block StoreDeep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block Store
 
AWS re:Invent 2016: Deep Dive on Amazon Elastic Block Store (STG301)
AWS re:Invent 2016: Deep Dive on Amazon Elastic Block Store (STG301)AWS re:Invent 2016: Deep Dive on Amazon Elastic Block Store (STG301)
AWS re:Invent 2016: Deep Dive on Amazon Elastic Block Store (STG301)
 
Maximizing Amazon EC2 and Amazon EBS performance
Maximizing Amazon EC2 and Amazon EBS performanceMaximizing Amazon EC2 and Amazon EBS performance
Maximizing Amazon EC2 and Amazon EBS performance
 
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
SRV413 Deep Dive on Elastic Block Storage (Amazon EBS)
 
Maximizing EC2 and Elastic Block Store Disk Performance
Maximizing EC2 and Elastic Block Store Disk PerformanceMaximizing EC2 and Elastic Block Store Disk Performance
Maximizing EC2 and Elastic Block Store Disk Performance
 
Optimize MySQL Workloads with Amazon Elastic Block Store - February 2017 AWS ...
Optimize MySQL Workloads with Amazon Elastic Block Store - February 2017 AWS ...Optimize MySQL Workloads with Amazon Elastic Block Store - February 2017 AWS ...
Optimize MySQL Workloads with Amazon Elastic Block Store - February 2017 AWS ...
 
AWS Summit Seoul 2015 - EBS 성능 향상 및 EC2 비용 최적화 기법
AWS Summit Seoul 2015 - EBS 성능 향상 및 EC2 비용 최적화 기법AWS Summit Seoul 2015 - EBS 성능 향상 및 EC2 비용 최적화 기법
AWS Summit Seoul 2015 - EBS 성능 향상 및 EC2 비용 최적화 기법
 
(SDD416) Amazon EBS Deep Dive | AWS re:Invent 2014
(SDD416) Amazon EBS Deep Dive | AWS re:Invent 2014(SDD416) Amazon EBS Deep Dive | AWS re:Invent 2014
(SDD416) Amazon EBS Deep Dive | AWS re:Invent 2014
 
AWS vs Azure vs Google Cloud Storage Deep Dive
AWS vs Azure vs Google Cloud Storage Deep DiveAWS vs Azure vs Google Cloud Storage Deep Dive
AWS vs Azure vs Google Cloud Storage Deep Dive
 
What to know about Amazon Elastic Block Store (EBS)
What to know about Amazon Elastic Block Store (EBS)What to know about Amazon Elastic Block Store (EBS)
What to know about Amazon Elastic Block Store (EBS)
 
Maximizing EC2 and Elastic Block Store Disk Performance
Maximizing EC2 and Elastic Block Store Disk PerformanceMaximizing EC2 and Elastic Block Store Disk Performance
Maximizing EC2 and Elastic Block Store Disk Performance
 
Optimizing Amazon EBS for Performance (CMP317-R2) - AWS re:Invent 2018
Optimizing Amazon EBS for Performance (CMP317-R2) - AWS re:Invent 2018Optimizing Amazon EBS for Performance (CMP317-R2) - AWS re:Invent 2018
Optimizing Amazon EBS for Performance (CMP317-R2) - AWS re:Invent 2018
 
Optimizing Amazon EBS for Performance (CMP371) - AWS re:Invent 2018
Optimizing Amazon EBS for Performance (CMP371) - AWS re:Invent 2018Optimizing Amazon EBS for Performance (CMP371) - AWS re:Invent 2018
Optimizing Amazon EBS for Performance (CMP371) - AWS re:Invent 2018
 
AWS Summit London 2014 | Maximising EC2 and EBC Performance (400)
AWS Summit London 2014 | Maximising EC2 and EBC Performance (400)AWS Summit London 2014 | Maximising EC2 and EBC Performance (400)
AWS Summit London 2014 | Maximising EC2 and EBC Performance (400)
 
AWS Webcast - Cost and Performance Optimization in Amazon RDS
AWS Webcast - Cost and Performance Optimization in Amazon RDSAWS Webcast - Cost and Performance Optimization in Amazon RDS
AWS Webcast - Cost and Performance Optimization in Amazon RDS
 
Deep Dive on Amazon EBS - AWS Online Tech Talks
Deep Dive on Amazon EBS - AWS Online Tech TalksDeep Dive on Amazon EBS - AWS Online Tech Talks
Deep Dive on Amazon EBS - AWS Online Tech Talks
 
Deep Dive on Amazon EBS Elastic Volumes - March 2017 AWS Online Tech Talks
Deep Dive on Amazon EBS Elastic Volumes - March 2017 AWS Online Tech TalksDeep Dive on Amazon EBS Elastic Volumes - March 2017 AWS Online Tech Talks
Deep Dive on Amazon EBS Elastic Volumes - March 2017 AWS Online Tech Talks
 
DAT203 Optimizing Your MongoDB Database on AWS - AWS re: Invent 2012
DAT203 Optimizing Your MongoDB Database on AWS - AWS re: Invent 2012DAT203 Optimizing Your MongoDB Database on AWS - AWS re: Invent 2012
DAT203 Optimizing Your MongoDB Database on AWS - AWS re: Invent 2012
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Recently uploaded (20)

Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 

AWS Black Belt Ninja Dojo: Optimizing AWS Services Performance and Costs

  • 1. AWS Black Belt Ninja Dojo Dean Samuels, Solutions Architect Amazon Web Services
  • 2. Business 101 Technical 201 Technical 301 Technical 401 Technical Session Grading
  • 3. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: Amazon SQS Auto Scaling groups AWS Region SNS
  • 4. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Amazon SQS Auto Scaling groups AWS Region SNS
  • 5. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Amazon SQS Auto Scaling groups AWS Region SNS
  • 6. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Amazon SQS Auto Scaling groups AWS Region SNS
  • 7. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Amazon SQS Auto Scaling groups AWS Region SNS
  • 8. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Amazon SQS Auto Scaling groups AWS Region SNS
  • 9. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Amazon SQS Auto Scaling groups AWS Region SNS
  • 10. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
  • 11. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
  • 12. How can I optimise the performance of these AWS services
  • 13. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
  • 14. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
  • 15. Amazon EBS – Larger & Faster Volumes
  • 16. Amazon EBS – Larger & Faster Volumes GP2 1GB-16TB
  • 17. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 1GB-16TB 4GB-16TB
  • 18. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 1GB-16TB 4GB-16TB 1GB-1TB
  • 19. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 1GB-16TB 4GB-16TB 1GB-1TB
  • 20. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 1GB-16TB 4GB-16TB 1GB-1TB
  • 21. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 1GB-16TB 4GB-16TB 1GB-1TB
  • 22. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) 1GB-16TB 4GB-16TB 1GB-1TB
  • 23. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 1GB-16TB 4GB-16TB 1GB-1TB
  • 24. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB
  • 25. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB EC2 48,000 IOPS @ 16K IO 800MB/s^ ^Amazon EC2 *.8xlarge instances support 10Gb/s network
  • 26. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB EC2 48,000 IOPS @ 16K IO 800MB/s^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ ^Amazon EC2 *.8xlarge instances support 10Gb/s network 1-2ms
  • 27. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB EC2 48,000 IOPS @ 16K IO 800MB/s^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ ^Amazon EC2 *.8xlarge instances support 10Gb/s network 1-2ms 48,000 IOPS @ 16K IO 800MB/s^ EC2
  • 28. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB EC2 48,000 IOPS @ 16K IO 800MB/s^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ ^Amazon EC2 *.8xlarge instances support 10Gb/s network 1-2ms 1-2ms 48,000 IOPS @ 16K IO 800MB/s^ EC2
  • 29. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB EC2 48,000 IOPS @ 16K IO 800MB/s^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ ^Amazon EC2 *.8xlarge instances support 10Gb/s network 1-2ms 1-2ms ~2-40ms 48,000 IOPS @ 16K IO 800MB/s^ EC2 48,000 IOPS @ 16K IO 800MB/s^ EC2
  • 30. Amazon EBS – Larger & Faster Volumes GP2 PIOPS/ io2 MAG/STD 10,000 IOPS (<1TB – 3000 IOPS) 160MB/s (<1TB – 128MB/s) 20,000 IOPS 320MB/s (<1TB – 128MB/s) ~100 IOPS 50-90MB/s 1GB-16TB 4GB-16TB 1GB-1TB EC2 48,000 IOPS @ 16K IO 800MB/s^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ EBS-Optimized @ 500Mb, 1Gb, 2Gb^ ^Amazon EC2 *.8xlarge instances support 10Gb/s network 1-2ms 1-2ms ~2-40ms 48,000 IOPS @ 16K IO 800MB/s^ EC2 48,000 IOPS @ 16K IO 800MB/s^ EC2 Optimal queue depth to achieve lower latency and highest IOPS is ~1 QD per 200 IOPS
  • 33. Amazon EBS Cost Optimisation • 1TB PIOPS volume with 4K IOPS – $429.32* per month per volume __________________________________ *Pricing for AWS Sydney region – ap-southeast-2
  • 34. Amazon EBS Cost Optimisation • 1TB PIOPS volume with 4K IOPS – $429.32* per month per volume __________________________________ • GP2 1TB volume with 3000 IOPS – $122.88* *Pricing for AWS Sydney region – ap-southeast-2
  • 35. Amazon EBS Cost Optimisation • 1TB PIOPS volume with 4K IOPS – $429.32* per month per volume __________________________________ • GP2 1TB volume with 3000 IOPS – $122.88* • GP2 2 x 500GB volumes at 3K, burst to 6K – $122.88* ~70% Cost Savings. 50% more peak I/O with *Pricing for AWS Sydney region – ap-southeast-2
  • 36. Amazon EBS Cost Optimisation • 1TB PIOPS volume with 4K IOPS – $429.32* per month per volume __________________________________ • GP2 1TB volume with 3000 IOPS – $122.88* • GP2 2 x 500GB volumes at 3K, burst to 6K – $122.88* ~70% Cost Savings. 50% more peak I/O with General Purpose (SSD) *Pricing for AWS Sydney region – ap-southeast-2
  • 37. Amazon EBS Cost Optimisation • 1TB PIOPS volume with 4K IOPS – $429.32* per month per volume __________________________________ • GP2 1TB volume with 3000 IOPS – $122.88* • GP2 2 x 500GB volumes at 3K, burst to 6K – $122.88* ~70% Cost Savings. 50% more peak I/O with General Purpose (SSD) Management Optimisation *Pricing for AWS Sydney region – ap-southeast-2
  • 38. Amazon EBS Cost Optimisation • 1TB PIOPS volume with 4K IOPS – $429.32* per month per volume __________________________________ • GP2 1TB volume with 3000 IOPS – $122.88* • GP2 2 x 500GB volumes at 3K, burst to 6K – $122.88* ~70% Cost Savings. 50% more peak I/O with General Purpose (SSD) Management Optimisation • Leverage tags to add metadata to snapshots – Application stack – Instance Id – Volume Id – Version – Type (daily, weekly) *Pricing for AWS Sydney region – ap-southeast-2 Use together with new AMI creation date
  • 40. Amazon EC2 • Next Generation Instance Types – C4 & C3: Compute Optimized – R3: Memory Optimized – I2: High IO – D2: Dense-storage
  • 41. Amazon EC2 • Next Generation Instance Types – C4 & C3: Compute Optimized – R3: Memory Optimized – I2: High IO – D2: Dense-storage • Hardware Assisted Virtualization (HVM)
  • 42. Amazon EC2 • Next Generation Instance Types – C4 & C3: Compute Optimized – R3: Memory Optimized – I2: High IO – D2: Dense-storage • Hardware Assisted Virtualization (HVM) • Enhanced Networking
  • 43. Amazon EC2 – Enhanced Networking
  • 44. Virtualization layer eth0 eth1 Instance Virtual NICs Physical NIC VIF Amazon EC2 – Enhanced Networking
  • 45. Virtualization layer eth0 eth1 Instance Virtual NICs Physical NIC Virtualization layer eth0 Instance Physical NIC VF Driver eth1 VF VIF SR-IOV Amazon EC2 – Enhanced Networking
  • 46. Virtualization layer eth0 eth1 Instance Virtual NICs Physical NIC Virtualization layer eth0 Instance Physical NIC VF Driver eth1 VF VIF SR-IOV Amazon EC2 – Enhanced Networking Instance 1 Instance 2 ........
  • 47. Demo
  • 48. Amazon S3 – Distributing Key Names
  • 49. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg
  • 50. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg
  • 51. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg Don’t Do This!
  • 52. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg Don’t Do This! You end up with this
  • 53. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Don’t Do This! You end up with this
  • 54. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition Don’t Do This! You end up with this
  • 55. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition Don’t Do This! You end up with this
  • 56. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition Don’t Do This! You end up with this
  • 57. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Don’t Do This! You end up with this
  • 58. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this
  • 59. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg <my_bucket>/521335461-2013_11_13.jpg <my_bucket>/465330151-2013_11_13.jpg <my_bucket>/987331160-2013_11_13.jpg <my_bucket>/465765461-2013_11_13.jpg <my_bucket>/125631151-2013_11_13.jpg <my_bucket>/934563160-2013_11_13.jpg <my_bucket>/532132341-2013_11_13.jpg <my_bucket>/565437681-2013_11_13.jpg <my_bucket>/234567460-2013_11_13.jpg 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this
  • 60. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg <my_bucket>/521335461-2013_11_13.jpg <my_bucket>/465330151-2013_11_13.jpg <my_bucket>/987331160-2013_11_13.jpg <my_bucket>/465765461-2013_11_13.jpg <my_bucket>/125631151-2013_11_13.jpg <my_bucket>/934563160-2013_11_13.jpg <my_bucket>/532132341-2013_11_13.jpg <my_bucket>/565437681-2013_11_13.jpg <my_bucket>/234567460-2013_11_13.jpg 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this
  • 61. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg <my_bucket>/521335461-2013_11_13.jpg <my_bucket>/465330151-2013_11_13.jpg <my_bucket>/987331160-2013_11_13.jpg <my_bucket>/465765461-2013_11_13.jpg <my_bucket>/125631151-2013_11_13.jpg <my_bucket>/934563160-2013_11_13.jpg <my_bucket>/532132341-2013_11_13.jpg <my_bucket>/565437681-2013_11_13.jpg <my_bucket>/234567460-2013_11_13.jpg 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this Do this…
  • 62. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg <my_bucket>/521335461-2013_11_13.jpg <my_bucket>/465330151-2013_11_13.jpg <my_bucket>/987331160-2013_11_13.jpg <my_bucket>/465765461-2013_11_13.jpg <my_bucket>/125631151-2013_11_13.jpg <my_bucket>/934563160-2013_11_13.jpg <my_bucket>/532132341-2013_11_13.jpg <my_bucket>/565437681-2013_11_13.jpg <my_bucket>/234567460-2013_11_13.jpg 1 2 N 1 2 N Partition Partition Partition Partition 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this Do this… You end up with this
  • 63. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg <my_bucket>/521335461-2013_11_13.jpg <my_bucket>/465330151-2013_11_13.jpg <my_bucket>/987331160-2013_11_13.jpg <my_bucket>/465765461-2013_11_13.jpg <my_bucket>/125631151-2013_11_13.jpg <my_bucket>/934563160-2013_11_13.jpg <my_bucket>/532132341-2013_11_13.jpg <my_bucket>/565437681-2013_11_13.jpg <my_bucket>/234567460-2013_11_13.jpg 1 2 N 1 2 N Partition Partition Partition Partition 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this Do this… You end up with this
  • 64. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this Do this… You end up with this
  • 65. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this Do this… You end up with this <my_bucket>/images/521335461-2013_11_13.jpg <my_bucket>/images/465330151-2013_11_13.jpg <my_bucket>/images/987331160-2013_11_13.jpg <my_bucket>/movies/465765461-2013_11_13.jpg <my_bucket>/movies/125631151-2013_11_13.jpg <my_bucket>/thumbs-small/934563160-2013_11_13.jpg <my_bucket>/thumbs-small/532132341-2013_11_13.jpg <my_bucket>/thumbs-small/565437681-2013_11_13.jpg <my_bucket>/thumbs-small/234567460-2013_11_13.jpg
  • 66. Amazon S3 – Distributing Key Names <my_bucket>/2013_11_13-164533125.jpg <my_bucket>/2013_11_13-164533126.jpg <my_bucket>/2013_11_13-164533127.jpg <my_bucket>/2013_11_13-164533128.jpg <my_bucket>/2013_11_12-164533129.jpg <my_bucket>/2013_11_12-164533130.jpg <my_bucket>/2013_11_12-164533131.jpg <my_bucket>/2013_11_12-164533132.jpg <my_bucket>/2013_11_11-164533133.jpg 1 2 N 1 2 N Partition Partition Partition Partition 1 2 N 1 2 N Partition Partition Partition Partition If you want a bucket capable of routinely exceeding 100 TPS Note: 100 TPS is A LOT! Don’t Do This! You end up with this Do this… You end up with this <my_bucket>/images/521335461-2013_11_13.jpg <my_bucket>/images/465330151-2013_11_13.jpg <my_bucket>/images/987331160-2013_11_13.jpg <my_bucket>/movies/465765461-2013_11_13.jpg <my_bucket>/movies/125631151-2013_11_13.jpg <my_bucket>/thumbs-small/934563160-2013_11_13.jpg <my_bucket>/thumbs-small/532132341-2013_11_13.jpg <my_bucket>/thumbs-small/565437681-2013_11_13.jpg <my_bucket>/thumbs-small/234567460-2013_11_13.jpg This is also ok
  • 67. Amazon S3 – Secondary Lists
 Restrict Use of S3 LIST DynamoDB RDS CloudSearch EC2 S3 ObjectCreated Notification Lambda SQS Workers
  • 68. Amazon S3 – Secondary Lists
 Restrict Use of S3 LIST DynamoDB RDS CloudSearch EC2 S3 ObjectCreated Notification Lambda SQS Workers
  • 69. Amazon S3 – Secondary Lists
 Restrict Use of S3 LIST DynamoDB RDS CloudSearch EC2 S3 ObjectCreated Notification Lambda SQS Workers
  • 70. Demo
  • 71. How can I simplify encryption for data in transit and data at rest?
  • 72. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
  • 73. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS Elastic Load Balancer with SSL Termination (Announced 2010)
  • 74. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS Elastic Load Balancer with SSL Termination (Announced 2010) CloudFront with HTTPS Access With Custom Domain Names (Announced 2013)
  • 75. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS Elastic Load Balancer with SSL Termination (Announced 2010) CloudFront with HTTPS Access With Custom Domain Names (Announced 2013) RDS with SSL (MySQL - 2010) (SQL Server – 2012) (Oracle/NNE – 2013) (PostgreSQL – 2013)
  • 76. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS Elastic Load Balancer with SSL Termination (Announced 2010) CloudFront with HTTPS Access With Custom Domain Names (Announced 2013) RDS with SSL (MySQL - 2010) (SQL Server – 2012) (Oracle/NNE – 2013) (PostgreSQL – 2013)
  • 77. Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Client Application S3 Objects
  • 78. Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client S3 Objects
  • 79. Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client S3 Objects
  • 80. Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 81. Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 82. Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 1: Client Side Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 83. EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 1: Client Side Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 84. EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 1: Client Side DIY Key Management Infrastructure Encryption Libraries Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 85. EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 1: Client Side DIY Key Management Infrastructure Encryption Libraries Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 86. EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 1: Client Side DIY Key Management Infrastructure Data Encryption Libraries Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 87. EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 1: Client Side DIY Key Management Infrastructure Data Encryption Libraries MySQL SSL (Announced 2010) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 88. EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 89. EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 2: Transparent Data Encryption – Oracle & SQL Server Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 90. EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 2: Transparent Data Encryption – Oracle & SQL Server AWS Managed Wallet (Announced 2013) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 91. EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 2: Transparent Data Encryption – Oracle & SQL Server AWS Managed Wallet (Announced 2013) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 92. EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 2: Transparent Data Encryption – Oracle & SQL Server AWS Managed Wallet (Announced 2013) Data SQL SSL/Oracle NNE (Announced 2012/2013) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 93. EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Option 2: Transparent Data Encryption – Oracle & SQL Server AWS Managed Wallet (Announced 2013) Data SQL SSL/Oracle NNE (Announced 2012/2013) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 94. EC2 Instance App Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data SQL SSL/Oracle NNE (Announced 2012/2013) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 95. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 96. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 1: Client Side DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 97. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 1: Client Side Encryption Libraries Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 98. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 1: Client Side Encryption Libraries Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 99. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 100. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 2: SSE (Announced 2011) Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 101. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 2: SSE (Announced 2011) Master AWS Encryption Key Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 102. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 2: SSE (Announced 2011) Master AWS Encryption Key Object Generated DataKey DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 103. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 2: SSE (Announced 2011) Master AWS Encryption Key Object Generated DataKey DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 104. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 2: SSE (Announced 2011) Master AWS Encryption Key Object Generated DataKey Encrypted DataKey DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 105. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 2: SSE (Announced 2011) Master AWS Encryption Key Object Generated DataKey Encrypted DataKey DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 106. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 107. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 3: SSE-C (Announced 2014) Object DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 108. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 3: SSE-C (Announced 2014) Object Customer Provided Key DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 109. EC2 Instance App DIY Key Management Infrastructure CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 3: SSE-C (Announced 2014) Object Customer Provided Key DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 110. EC2 Instance App DIY Key Management Infrastructure CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 3: SSE-C (Announced 2014) Object Customer Provided Key DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 111. EC2 Instance App CloudHSM (Announced 2015) Simplifying encryption in AWS - Previous EBS RDS S3 EBS Volume RDS Instance Data Option 3: Transparent Data Encryption – Oracle SQL SSL/Oracle NNE (Announced 2012/2013) Client Application Option 3: SSE-C (Announced 2014) Object Customer Provided Key CloudHSM (Announced 2013) DIY Key Management Infrastructure EC2 Instance App Encryption Agent/Client Data S3 Objects
  • 112. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Store Data with Envelope Encryption Client Application Announced 2014
  • 113. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS 1) User creates Customer Master Keys (CMK) Store Data with Envelope Encryption Client Application Announced 2014
  • 114. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS 2) User associates resource with CMK Store Data with Envelope Encryption Client Application Announced 2014
  • 115. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Obj 3) Request to store data & context for encryption Data Data Data Requests Store Data with Envelope Encryption Client Application Announced 2014
  • 116. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Obj Data Data Data 4) Service requests encryption key with context Store Data with Envelope Encryption Client Application Announced 2014
  • 117. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Obj Data Data Data 5) AWS KMS returns an encryption (data) key + an encrypted version of the key + + + +Store Data with Envelope Encryption Client Application Announced 2014
  • 118. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS 6) Service encrypts the data with the encryption key, then deletes the key from memory Store Data with Envelope Encryption Client Application Announced 2014
  • 119. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS 7) Service stores the data along with the encrypted key Store Data with Envelope Encryption Client Application Announced 2014
  • 120. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application Retrieve Data with Envelope Encryption Announced 2014
  • 121. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application Request Request Request Request 1) Request to retrieve data Retrieve Data with Envelope Encryption Announced 2014
  • 122. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application Request Request Request Request 2) Service retrieves the encrypted data & encrypted key. Retrieve Data with Envelope Encryption Announced 2014
  • 123. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application 3) Service sends the encrypted key and the UserID to KMS. Retrieve Data with Envelope Encryption Announced 2014
  • 124. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application 4) AWS KMS unencrypts the encryption key and returns the key to the service Retrieve Data with Envelope Encryption Announced 2014
  • 125. Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application 5) Service decrypts the data with the encryption key, then deletes the key from memory Data Data DataObj Retrieve Data with Envelope Encryption Announced 2014
  • 126. 6) Service returns the data to the user Simplifying encryption in AWS - Today Amazon S3 Object Amazon EBS Volume Amazon RDS
 or Redshift Custom
 Application AWS KMS Client Application Data Data Data Obj Retrieve Data with Envelope Encryption Announced 2014
  • 127. I’ve hit some obstacles with my VPC in terms of integration and performance, what are some of my options
  • 128. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
  • 129. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS This is a bottleneck & SPOF!
  • 130. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS This is a bottleneck & SPOF! These are bandwidth- intensive for Internet egress
  • 131. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS This is a bottleneck & SPOF! These are bandwidth- intensive for Internet egress Applications with legacy network reqs
  • 138. 10.1.0.0/16 10.0.0.0/16 10.0.0.0/16 ✔ Taking VPC Peering to the next Level Overlapping IP is not a dead end
  • 139. 10.0.0.0/16 10.0.0.0/16 10.1.0.0/16 A B C Taking VPC Peering to the next Level PCX-1 PCX-2
  • 140. 10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16 A B C Taking VPC Peering to the next Level PCX-1 PCX-2
  • 141. 10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 A B C Taking VPC Peering to the next Level PCX-1 PCX-2
  • 142. 10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level PCX-1 PCX-2
  • 143. 10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level PCX-1 PCX-2 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
  • 144. 10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network PCX-1 PCX-2 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
  • 145. 10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network 10.0.0.58 PCX-1 PCX-2 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
  • 146. 10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network 10.0.0.58 10.0.0.105 PCX-1 PCX-2 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
  • 147. 10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network 10.0.0.58 10.0.0.105 PCX-1 PCX-210.1.1.105 10.1.2.105 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
  • 148. 10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network SRC: 10.0.0.58 DST: 10.1.1.105 SRC: 10.1.2.105 DST: 10.0.0.105 10.0.0.58 10.0.0.105 PCX-1 PCX-210.1.1.105 10.1.2.105 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
  • 149. 10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network SRC: 10.0.0.58 DST: 10.1.1.105 SRC: 10.1.2.105 DST: 10.0.0.105 10.0.0.58 10.0.0.105 PCX-1 PCX-210.1.1.105 10.1.2.105 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
  • 150. 10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network SRC: 10.0.0.58 DST: 10.1.1.105 SRC: 10.1.2.105 DST: 10.0.0.105 10.0.0.58 10.0.0.105 PCX-1 PCX-210.1.1.105 10.1.2.105 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
  • 151. 10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network SRC: 10.0.0.58 DST: 10.1.1.105 SRC: 10.1.2.105 DST: 10.0.0.105 10.0.0.58 10.0.0.105 PCX-1 PCX-210.1.1.105 10.1.2.105 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
  • 152. 10.0.0.0/16 10.0.0.0/16 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C Taking VPC Peering to the next Level Floating NAT Network SRC: 10.0.0.58 DST: 10.1.1.105 SRC: 10.1.2.105 DST: 10.0.0.105 10.0.0.58 10.0.0.105 PCX-1 PCX-210.1.1.105 10.1.2.105 Route53 Private Hosted Zone Route53 Private Hosted Zone Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.1.0/24 PCX-1 Route Table Subnet # Destination Target 10.0.0.0/16 local 10.1.2.0/24 PCX-1
  • 153. Demo
  • 154. Availability Zone A Private Subnet Availability Zone B Private Subnet Internet AWS region Public Subnet Public Subnet NAT • Use Auto Scaling for NAT availability • Create 1 NAT per Availability Zone • All private subnet route tables to point to same zone NAT • 1 Auto Scaling group per NAT with min and max size set to 1 • Let Auto Scaling monitor the health and availability of your NATs • NAT bootstrap script updates route tables programmatically • Latest version of script – uses tags: https://github.com/ralex-aws/vpc Auto scale HA NAT Dynamo DB Scaling Internet egress capacity NAT ASG min=1 max=1 ASG min=1 max=1 SQS SNS
  • 155. Availability Zone A Private Subnet Availability Zone B Private Subnet Internet AWS region Public Subnet Public Subnet NAT • Use Auto Scaling for NAT availability • Create 1 NAT per Availability Zone • All private subnet route tables to point to same zone NAT • 1 Auto Scaling group per NAT with min and max size set to 1 • Let Auto Scaling monitor the health and availability of your NATs • NAT bootstrap script updates route tables programmatically • Latest version of script – uses tags: https://github.com/ralex-aws/vpc Auto scale HA NAT Dynamo DB Scaling Internet egress capacity NAT ASG min=1 max=1 ASG min=1 max=1 SQS SNS
  • 156. Availability Zone A Private Subnet Availability Zone B Private Subnet Internet AWS region Public Subnet Public Subnet NAT • Use Auto Scaling for NAT availability • Create 1 NAT per Availability Zone • All private subnet route tables to point to same zone NAT • 1 Auto Scaling group per NAT with min and max size set to 1 • Let Auto Scaling monitor the health and availability of your NATs • NAT bootstrap script updates route tables programmatically • Latest version of script – uses tags: https://github.com/ralex-aws/vpc Auto scale HA NAT Dynamo DB Scaling Internet egress capacity NAT ASG min=1 max=1 ASG min=1 max=1 SQS SNS
  • 157. Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet S3 Scaling Internet egress capacity Direct Connect DynamoDBSQS
  • 158. Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet S3 Scaling Internet egress capacity Direct Connect DynamoDBSQS
  • 159. Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 Scaling Internet egress capacity Direct Connect DynamoDBSQS
  • 160. Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 • Only proxy subnets have route to IGW. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
  • 161. Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 • Only proxy subnets have route to IGW. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
  • 162. Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 • Only proxy subnets have route to IGW. • Proxy security group allows inbound only from Elastic Load Balancing security group. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
  • 163. Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 HTTP/S • Only proxy subnets have route to IGW. • Proxy security group allows inbound only from Elastic Load Balancing security group. • Proxy restricts which URLs may pass. In this example, *.amazonaws.com is allowed. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
  • 164. Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 HTTP/S • Only proxy subnets have route to IGW. • Proxy security group allows inbound only from Elastic Load Balancing security group. • Proxy restricts which URLs may pass. In this example, *.amazonaws.com is allowed. • Egress NACLs on proxy subnets enforce HTTP/S only. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
  • 165. Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 HTTP/S • Only proxy subnets have route to IGW. • Proxy security group allows inbound only from Elastic Load Balancing security group. • Proxy restricts which URLs may pass. In this example, *.amazonaws.com is allowed. • Egress NACLs on proxy subnets enforce HTTP/S only. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
  • 166. Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 HTTP/S • Only proxy subnets have route to IGW. • Proxy security group allows inbound only from Elastic Load Balancing security group. • Proxy restricts which URLs may pass. In this example, *.amazonaws.com is allowed. • Egress NACLs on proxy subnets enforce HTTP/S only. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS
  • 167. Availability Zone A Private Subnet(s) Private Subnet(s) AWS region VPN connection Customer data center Intranet AppsIntranet Apps Availability Zone B Internal customers Controlling the border Internal Load balancer Elastic Load Balancing Private Subnet Elastic Load Balancing Private Subnet • Squid Proxy layer deployed between internal load balancer and the IGW border. Public Subnet Public Subnet S3 HTTP/S • Only proxy subnets have route to IGW. • Proxy security group allows inbound only from Elastic Load Balancing security group. • Proxy restricts which URLs may pass. In this example, *.amazonaws.com is allowed. • Egress NACLs on proxy subnets enforce HTTP/S only. Scaling Internet egress capacity # CIDR AND Destination Domain based Allow # CIDR Subnet blocks for Internal ELBs acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24 # Destination domain for target S3 bucket acl aws_v2_endpoints dstdomain .amazonaws.com # Squid does AND on both ACLs for allow match http_access allow int_elb_cidrs aws_v2_endpoints # Deny everything else http_access deny all Direct Connect DynamoDBSQS • Could also have HA NATs NATNAT
  • 169. Multicast on AWS • Not directly supported
  • 170. Multicast on AWS • Not directly supported 10.0.0.54 10.0.0.79 10.0.1.132 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 10.0.1.18310.0.0.41
  • 171. Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N 10.0.0.54 10.0.0.79 10.0.1.132 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 10.0.1.18310.0.0.41
  • 172. Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N 10.0.0.54 10.0.0.79 10.0.1.132 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 Tunnel 10.0.1.18310.0.0.41
  • 173. Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N 10.0.0.54 10.0.0.79 10.0.1.132192.16.0.10 192.168.0.13 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 Tunnel 10.0.1.18310.0.0.41
  • 174. Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N • GRE configuration can be automated – Multicast configuration stored in tags 10.0.0.54 10.0.0.79 10.0.1.132192.16.0.10 192.168.0.12 192.168.0.13 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 Tunnel 10.0.1.18310.0.0.41 192.168.0.12 192.168.0.0/24 Overlay
  • 175. Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N • GRE configuration can be automated – Multicast configuration stored in tags 10.0.0.54 10.0.0.79 10.0.1.132192.16.0.10 192.168.0.12 192.168.0.13 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 Tunnel 10.0.1.18310.0.0.41 192.168.0.12 192.168.0.0/24 Overlay TAG: multicast App1,192.168.0.13/24 TAG: multicast App1,192.168.0.12/24 TAG: multicast App1,192.168.0.10/24
  • 176. Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N • GRE configuration can be automated – Multicast configuration stored in tags 10.0.0.54 10.0.0.79 10.0.1.132192.16.0.10 192.168.0.12 192.168.0.13 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 Tunnel 10.0.1.18310.0.0.41 192.168.0.12 192.168.0.0/24 Overlay TAG: multicast App1,192.168.0.13/24 TAG: multicast App1,192.168.0.12/24 TAG: multicast App1,192.168.0.10/24 Setup Guide: http://bit.ly/aws-multi
  • 177. Multicast on AWS • Not directly supported • Can be implemented with an overlay network – GRE or L2TP tunnels, Ntop’s N2N • GRE configuration can be automated – Multicast configuration stored in tags • Periodically check for new members (60 seconds) 10.0.0.54 10.0.0.79 10.0.1.132192.16.0.10 192.168.0.12 192.168.0.13 Subnet 10.0.0.0/24 Subnet 10.0.1.0/24 Tunnel 10.0.1.18310.0.0.41 192.168.0.12 192.168.0.0/24 Overlay TAG: multicast App1,192.168.0.13/24 TAG: multicast App1,192.168.0.12/24 TAG: multicast App1,192.168.0.10/24 Setup Guide: http://bit.ly/aws-multi
  • 178. I’ve automated my deployments but what about responding to events?
  • 179. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS
  • 180. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS What about services with no native CloudWatch integration
  • 181. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS What about services with no native CloudWatch integration Managing non- CloudFormation supported resources/events
  • 182. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS What about services with no native CloudWatch integration Collecting and analysing non-EC2 logs Managing non- CloudFormation supported resources/events
  • 183. Your Application Stacks Availability Zone A Availability Zone B Private subnetPrivate subnet Public subnetPublic subnet Private subnetPrivate subnet CloudFront Glacier S3 DynamoDB Route 53 CloudWatch CloudFormation NAT Stacks for: VPC Edge Services Datastores Applications Presentation Amazon SQS Auto Scaling groups AWS Region SNS What about services with no native CloudWatch integration Collecting and analysing non-EC2 logs Managing non- CloudFormation supported resources/events
  • 184. Advanced uses of CloudWatch – Custom Metrics #!/usr/bin/python import boto.ec2.cloudwatch import boto.vpc AWS_Regions=["us-east-1","us-west-2","us-west-1","eu-west-1"] CloudWatch_Region="us-east-1" cw = boto.ec2.cloudwatch.connect_to_region(CloudWatch_Region) for region in AWS_Regions: vpcconn = boto.vpc.connect_to_region(region) vpns = vpcconn.get_all_vpn_connections() for vpn in vpns: if vpn.state == "available": active_tunnels = 0 if vpn.tunnels[0].status == "UP": active_tunnels+=1 if vpn.tunnels[1].status == "UP": active_tunnels+=1 print vpn.id+" has "+str(active_tunnels)+" active tunnels!” cw.put_metric_data("VPNStatus", vpn.id, value=active_tunnels, dimensions={'VGW':vpn.vpn_gateway_id, 'CGW':vpn.customer_gateway_id})
  • 185. Advanced uses of CloudWatch – Custom Metrics #!/usr/bin/python import boto.ec2.cloudwatch import boto.vpc AWS_Regions=["us-east-1","us-west-2","us-west-1","eu-west-1"] CloudWatch_Region="us-east-1" cw = boto.ec2.cloudwatch.connect_to_region(CloudWatch_Region) for region in AWS_Regions: vpcconn = boto.vpc.connect_to_region(region) vpns = vpcconn.get_all_vpn_connections() for vpn in vpns: if vpn.state == "available": active_tunnels = 0 if vpn.tunnels[0].status == "UP": active_tunnels+=1 if vpn.tunnels[1].status == "UP": active_tunnels+=1 print vpn.id+" has "+str(active_tunnels)+" active tunnels!” cw.put_metric_data("VPNStatus", vpn.id, value=active_tunnels, dimensions={'VGW':vpn.vpn_gateway_id, 'CGW':vpn.customer_gateway_id})
  • 186. Advanced uses of CloudWatch – Custom Metrics #!/usr/bin/python import boto.ec2.cloudwatch import boto.vpc AWS_Regions=["us-east-1","us-west-2","us-west-1","eu-west-1"] CloudWatch_Region="us-east-1" cw = boto.ec2.cloudwatch.connect_to_region(CloudWatch_Region) for region in AWS_Regions: vpcconn = boto.vpc.connect_to_region(region) vpns = vpcconn.get_all_vpn_connections() for vpn in vpns: if vpn.state == "available": active_tunnels = 0 if vpn.tunnels[0].status == "UP": active_tunnels+=1 if vpn.tunnels[1].status == "UP": active_tunnels+=1 print vpn.id+" has "+str(active_tunnels)+" active tunnels!” cw.put_metric_data("VPNStatus", vpn.id, value=active_tunnels, dimensions={'VGW':vpn.vpn_gateway_id, 'CGW':vpn.customer_gateway_id})
  • 187. Advanced uses of CloudWatch – Custom Metrics #!/usr/bin/python import boto.ec2.cloudwatch import boto.vpc AWS_Regions=["us-east-1","us-west-2","us-west-1","eu-west-1"] CloudWatch_Region="us-east-1" cw = boto.ec2.cloudwatch.connect_to_region(CloudWatch_Region) for region in AWS_Regions: vpcconn = boto.vpc.connect_to_region(region) vpns = vpcconn.get_all_vpn_connections() for vpn in vpns: if vpn.state == "available": active_tunnels = 0 if vpn.tunnels[0].status == "UP": active_tunnels+=1 if vpn.tunnels[1].status == "UP": active_tunnels+=1 print vpn.id+" has "+str(active_tunnels)+" active tunnels!” cw.put_metric_data("VPNStatus", vpn.id, value=active_tunnels, dimensions={'VGW':vpn.vpn_gateway_id, 'CGW':vpn.customer_gateway_id}) And Not Just For AWS Resources!
  • 188. Advanced uses of CloudWatch – Logs CloudWatch Logs
  • 189. Advanced uses of CloudWatch – Logs EC2 CloudWatch Logs OS Agent-based
  • 190. Advanced uses of CloudWatch – Logs EC2 Traditional Server CloudWatch Logs OS Agent-based OS Agent-based
  • 191. Advanced uses of CloudWatch – Logs CloudTrail EC2 Traditional Server CloudWatch Logs OS Agent-based OS Agent-based Native
  • 192. Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs OS Agent-based OS Agent-based Native Pull/Push Lambda??
  • 193. Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda??
  • 194. Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda?? Metrics filters:
  • 195. Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda?? Metrics filters: • Literal Terms
  • 196. Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda?? Metrics filters: • Literal Terms
  • 197. Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda?? Metrics filters: • Literal Terms • Common Log Format
  • 198. Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda?? Metrics filters: • Literal Terms • Common Log Format
  • 199. Advanced uses of CloudWatch – Logs CloudTrail S3 EC2 Traditional Server CloudWatch Logs CloudFront OS Agent-based OS Agent-based Native Pull/Push Lambda?? Pull/Push Lam bda?? Metrics filters: • Literal Terms • Common Log Format • JSON
  • 200. Lambda-powered custom resources EC2 instance Software pkgs, config, & dataCloudWatch alarms Your AWS CloudFormation stack // Implement custom logic here Look up an AMI ID Your AWS Lambda functions Look up VPC ID and Subnet ID Reverse an IP address Lambda-powered custom resources
  • 201. Lambda-powered custom resources security group Auto Scaling group EC2 instance Elastic Load Balancing ElastiCache memcached cluster Software pkgs, config, & dataCloudWatch alarms Your AWS CloudFormation stack // Implement custom logic here Look up an AMI ID Your AWS Lambda functions Look up VPC ID and Subnet ID Reverse an IP address Lambda-powered custom resources
  • 203. Recent announcements of interest • AWS Lambda GA • Amazon EC2 Container Service GA • Amazon Machine Learning • Amazon Workspaces Application Manager • Amazon Elastic File System