Catalyst IT is one of Australia's largest open source software houses. We are all about using the awesome array of tools at our disposal from the FOSS (Free and Open Source) spectrum.
In Nov 2012, Catalyst was engaged by a major Australian university to help them pioneer an Australian MOOC (Massive Open Online Course) application - Open2Study.com
From the outset, the application was to be hosted on AWS (Amazon Web Services). Catalyst had experience with applications on AWS but the scale and business requirements of Open2Study meant there was a lot for us to learn and master throughout the build and deployment.
The application is a customised extension of Drupal, Moodle and simpleSAMLphp.
Moodle is an open source LMS (Learning Management System)
Coming from a background of deployment onto both physical and virtual hardware, Catalyst was used to working within the confines of various linux environments.
Building and deploying our application into a full AWS environment gave us a great opportunity to get to grips with the power and challenges associated with Amazon's infrastructure-as-a-service offering.
Catalyst IT is one of Australia's largest open source software houses. We are all about using the awesome array of tools at our disposal from the FOSS (Free and Open Source) spectrum.
In Nov 2012, Catalyst was engaged by a major Australian university to help them pioneer an Australian MOOC (Massive Open Online Course) application - Open2Study.com
From the outset, the application was to be hosted on AWS (Amazon Web Services). Catalyst had experience with applications on AWS but the scale and business requirements of Open2Study meant there was a lot for us to learn and master throughout the build and deployment.
The application is a customised extension of Drupal, Moodle and simpleSAMLphp.
Moodle is an open source LMS (Learning Management System)
Coming from a background of deployment onto both physical and virtual hardware, Catalyst was used to working within the confines of various linux environments.
Building and deploying our application into a full AWS environment gave us a great opportunity to get to grips with the power and challenges associated with Amazon's infrastructure-as-a-service offering.
Solit 2013, Разработка приложений в облаке на примере Amazon Web Services, Сл...solit
Слисенко Константин, Минск. Компания JazzTeam, Senior Software Engineer (R&D), Java/Agile Coach
«Разработка приложений в облаке на примере Amazon Web Services». Development секция. Для разработчиков.
«JVM изнутри: оптимизация и профилирование». Development секция. Для разработчиков.
Оптимизация ИТ в виртуальном частном облаке: основные вопросы для обсужденияMichael Kozloff
Использовать или не использовать частное облако на инфраструктуре провайдера? Короткий обзор ключевых технических вопросов, которые мы обсуждаем с клиентом перед тем как он сможет принять решение
BigData Dive in Minsk / Altoros conference /
Windows Azure and BigData- autoscale, Linux, HDInsigh.
Options for developers and startups - BizSpark, msdn subscriptions, seed fund
Dev&Test на Windows Azure IaaS:
* Что за Dev&Test? Ситуации Dev&Test
* Как делать D&T на Windows Azure?
* Как делают люди?
* Ограничения Windows Azure, которые важны
* Топологии
Solit 2013, Разработка приложений в облаке на примере Amazon Web Services, Сл...solit
Слисенко Константин, Минск. Компания JazzTeam, Senior Software Engineer (R&D), Java/Agile Coach
«Разработка приложений в облаке на примере Amazon Web Services». Development секция. Для разработчиков.
«JVM изнутри: оптимизация и профилирование». Development секция. Для разработчиков.
Оптимизация ИТ в виртуальном частном облаке: основные вопросы для обсужденияMichael Kozloff
Использовать или не использовать частное облако на инфраструктуре провайдера? Короткий обзор ключевых технических вопросов, которые мы обсуждаем с клиентом перед тем как он сможет принять решение
BigData Dive in Minsk / Altoros conference /
Windows Azure and BigData- autoscale, Linux, HDInsigh.
Options for developers and startups - BizSpark, msdn subscriptions, seed fund
Dev&Test на Windows Azure IaaS:
* Что за Dev&Test? Ситуации Dev&Test
* Как делать D&T на Windows Azure?
* Как делают люди?
* Ограничения Windows Azure, которые важны
* Топологии
ReInvent is Amazon's annual cloud computing and artificial intelligence conference with over 60,000 attendees across 6 venues and 2,500 sessions. The conference also features a tremendous party and introduces many new AWS services such as Amazon S3 Access Points, AWS Transit Gateway network manager, AWS Graviton2, Amazon Fraud Detector, Amazon MCS, Amazon Kendra, Amazon Detective, Amazon Bravet, Amazon Transcribe Medical, and AWS DeepComposer.
How to stop dreaming about security and start implementingAleksandr Maklakov
This document provides an overview of how to improve AWS security. It discusses common AWS security problems like publicly accessible buckets and stolen credentials. It recommends starting with a consulting company or security tools to audit compliance. The document then reviews the CIS AWS Benchmark for best practices and configurations. It explains how to implement continuous security monitoring versus periodic auditing. AWS security services like CloudTrail, GuardDuty, and SecurityHub are outlined. Best practices architecture and common lessons learned are also recapped. Estimated costs for implementing these security measures on an AWS account are provided.
This document provides an overview of Amazon Workspaces and how to ensure network perimeter security when using Workspaces and VPC services. It discusses setting up a directory server for user authentication and provisioning managed cloud desktops via Workspaces. The document also compares the advantages of Workspaces versus traditional desktops and provides estimated monthly costs for Workspaces and the associated directory server.
This document discusses the threats and opportunities of going serverless on AWS. It covers limitations on deployment package sizes for Lambda functions, how Firecracker is used to power Lambda, and that serverless may be cheaper but not necessarily simpler due to underlying complexity. It also discusses development patterns like microservices and monolithic approaches. Frameworks like AWS SAM and the Serverless Framework are presented. Considerations around infrastructure setup, local development environments, security, logging/tracing, and loss of control are also covered. Opportunities of serverless like automated infrastructure management and cost/time savings are highlighted.
The document discusses security best practices when using AWS. It highlights some common security anti-patterns to avoid, such as overcrowding AWS accounts, using personal AWS accounts, and relying only on manual technical auditing. It promotes practices like implementing least privilege access, continuous automated auditing using native AWS services, and adopting a DevSecOps approach to development that incorporates security testing and monitoring throughout the software development lifecycle.
The document discusses container services on AWS, including Amazon ECS, AWS Fargate, and Amazon EKS. It provides an overview of each service's key features such as scheduling and orchestration, scaling, networking, and resource allocation. It also compares the services and provides guidance on which may be most suitable for different use cases. ECS is best for applications requiring more control over infrastructure, while Fargate removes the need to manage EC2 instances. EKS provides a native Kubernetes experience on AWS.
This document discusses how to implement DevSecOps on AWS for startups. It covers:
- Key principles of DevSecOps like everyone being responsible for security and shifting security left
- The tools and services used in their pipeline including Packer, Terraform, Ansible, SonarQube, AWS Inspector, GuardDuty, and WAF
- How they established policies, used a multi-account approach, implemented access management, and focused on security culture and monitoring
- Their plans to further improve using AWS Config, perform penetration testing, and meet standards like OWASP and PCI DSS
Amazon EC2 Container Service (ECS) is a highly scalable, fast container management service that supports Docker containers and allows deploying containerized applications quickly. It provides container orchestration, scheduling, cluster management, load balancing, auto-scaling, and monitoring. ECS integrates with other AWS services like EC2 for compute, ECR for private Docker registry, EFS for shared file storage, and CloudWatch for monitoring. Customers can use ECS for various use cases like microservices, batch jobs, continuous integration/deployment by writing task definitions and deploying them on ECS clusters.
This document outlines best practices for continuous operations in DevOps. It discusses challenges with traditional system administration approaches being slower than development teams. The document recommends a DevOps approach where system administrators have development skills and focus on automation to deploy code within minutes. It provides an overview of continuous integration/delivery pipelines and infrastructure as code using AWS Elastic Beanstalk as an example. The document concludes by offering additional DevOps training.
This document discusses best practices for managing AWS accounts and IAM users. It recommends creating separate AWS accounts for different workloads, departments, and projects to isolate them. When managing IAM users, it advises assigning least privilege, using strong passwords, enabling MFA for privileged users, and regularly rotating credentials. AWS Organizations and solutions like managing a single account can help centrally govern policies and users across multiple AWS accounts while controlling costs and access.
9. When use CloudFront ?
- Для экономии денег
- Для ускорение загрузки сайта (статический и динамический контент)
- Пользователи ресурса находяться по всему миру или хотя бы на
нескольких континентах (Европа, Америка)
- Периодически возникают всплески трафика (выпуск новых версий
ПО, акции, рекламные кампании, сезонность)
- Необходима защита от DDoS-атак
- Снятие нагрузки с основного сервера
19. Best Practices
- Versioning (instead of invalidation)
- Compression
- Different expirations(images/*, css/*)
- Multiple distributions
- Domain sharding (use different CNAME)
20. Advanced Using of CloudFront
- Amazon Certificate Manager with CloudFront
- Amazon Web Application Firewall with CloudFront
- AWS Shield with CloudFront
- AWS Lambda@Edge