AWS DOs and DONTs

•Download as PPTX, PDF•

0 likes•111 views

AWS offers all the resources needed to run your application workloads at any scale. The challenge becomes how best to leverage those resources in a reliable and secure manner while maintaining cost efficiency. We will cover the DOs and DON’Ts you need to consider on your journey to the cloud including account configuration, networking, security, and automation.

Software

© Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
AWS DOs and DON’Ts
Casey Lee, Chief Architect
6/12/2018

2 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
Foundation Infrastructure Automation

3 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
Foundation Infrastructure Automation

4 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DON’T overload accounts
• Complex access administration
• Larger blast radius
• Tricky cost allocation
https://aws.amazon.com/blogs/apn/migrating-applications-to-saas-a-minimally-invasive-approach/

$5 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved. DO use Organizations API https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html { "Version": "2012-10-17", "Statement": [{ "Effect": "Deny", "Action": [ "cloudtrail:AddTags", "cloudtrail:CreateTrail", "cloudtrail:DeleteTrail", "cloudtrail:RemoveTags", "cloudtrail:StartLogging", "cloudtrail:StopLogging", "cloudtrail:UpdateTrail" ], "Resource": "*" }] }$

6 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO use a separate toolchain account
https://aws.amazon.com/answers/account-management/aws-multi-account-security-strategy/

7 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DON’T create IAM users

8 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO use federation
https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_identity-management.html

9 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO enable CLI access
https://aws.amazon.com/blogs/security/how-to-implement-a-general-solution-for-federated-apicli-access-using-saml-2-0/

10 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO enable CloudTrail
https://aws.amazon.com/answers/account-management/aws-multi-account-security-strategy/

11 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO enable VPC flow logs
https://aws.amazon.com/blogs/aws/vpc-flow-logs-log-and-view-network-traffic-flows/

12 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO enable GuardDuty

14 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DON’T use public subnets
http://jayendrapatil.com/aws-vpc-nat/

15 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO consider a forward proxy
https://aws.amazon.com/answers/networking/controlling-vpc-egress-traffic/

16 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO consider a egress transit VPC
https://aws.amazon.com/answers/networking/controlling-vpc-egress-traffic/

17 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO use VPC endpoints
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-gateway.html

18 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO encrypt at rest
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: RequireEncryption
Effect: Deny
Principal: '*'
Action: s3:PutObject
Resource: arn:aws:s3:::my-bucket-name/*
Condition:
StringNotEquals:
s3:x-amz-server-side-encryption: aws:kms

19 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO encrypt in transit

20 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DON’T launch instances without ASG
https://www.slideshare.net/AmazonWebServices/set-it-and-forget-it-auto-scaling-target-tracking-policies-aws-online-tech-talks

21 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO use target tracking policies
https://www.slideshare.net/AmazonWebServices/set-it-and-forget-it-auto-scaling-
target-tracking-policies-aws-online-tech-talks

22 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO use SSM parameter store
https://www.slideshare.net/AlexMattson/secrets-management-with-ec2-systems-manager-parameter-store

24 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DON’T click the button

25 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DON’T reinvent automation tools
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-whatis-howdoesitwork.html

26 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO use policies in CloudFormatoin
Resource level policiesStack level policies

27 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO use changesets
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-whatis-howdoesitwork.html

28 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DON’T overload stacks

29 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DON’T go 100% bake or boot for AMI
https://aws.amazon.com/answers/configuratio
n-management/aws-ami-design/

30 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO prefer containers over instances
https://platform9.com/blog/kubernetes-vs-ecs/

31 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO governance via Service Catalog
https://www.slideshare.net/AmazonWebServices/aws-service-catalog

32 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO assess security in pipelines
https://stelligent.com/2016/04/05/continuous-security/

33 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO automated compliance
- name: s3-event-global-access
mode:
type: cloudtrail
events:
- source: s3.amazonaws.com
ids:
requestParameters.bucketName
event: PutBucketAcl
runtime: python3.6
resource: s3
filters:
- type: global-grants
actions:
- delete-global-grants
- name: create-bucket-autotag
mode:
type: cloudtrail
events:
- source: s3.amazonaws.com
ids:
requestParameters.bucketName
event: CreateBucket
runtime: python3.6
resource: s3
filters:
- tag:Owner: absent
actions:
- type: auto-tag-user
tag: Owner
Disable all global-grants Auto tag with Owner
Cloud Custodian

35 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved.
DO make it your own
https://www.lifegate.com/people/lifestyle/kintsugi

Serverless is not only great for building and delivering highly scalable applications, it's also great for building developer-friendly tools and services. By also applying Hexagonal Architecture, your services will be testable, cleaner, and easier to maintain. In this session, learn how a team of three developers built a free serverless error-tracking solution and made it available in the AWS Serverless Application Repository in one weekend. Learn how to combine AWS Lambda, AWS CloudFormation, Amazon SNS, Amazon S3, Amazon Pinpoint, and Amazon Elasticsearch Service for a complete error tracking solution, and see how simple it is to build your own serverless developer tools and enable other developers to instantly deploy them to their accounts.

AWS Keynote and Opening - AWS Startup Day Boston 2018.pdfAmazon Web Services

Mitigate Security Threats with SIEM

Akamai Developers & Admins

When Your Software is Your Business: Building a SaaS Business on AWS - AWS Su...

Amazon Web Services

When Your Software is Your Business: Building a SaaS Business on AWS Have you ever wondered what it takes to build a fully cloud empowered SaaS business? Local companies like Atlassian have transformed the way ANZ businesses compete across the globe. This session aims to inspire you to innovate and build global businesses on AWS. Hear from the AWS ISV team and Atlassian about their journey in partnering with AWS and how to build for innovation, fast growth and global reach. Chris Merrigan, Enterprise Sales Manager, Amazon Web Services and Martien Verbruggen, Architect, Atlassian

Ready for hybrid cloud ? keep an eagle eye on configuration data - OW2con'19,...

OW2

Top five configuration security errors and how to avoid them - DEM09-S - Chic...

Amazon Web Services

In this session, we explore the security risks to which human configuration errors may expose your AWS resources. Based on data collected that analyzed millions of resources across hundreds of customers, it is apparent the potential impact can be significant. Everyone needs to play their part in managing risks, but first, we need to understand what risks need managing. We’ve distilled our customer experiences into the five most commonly made errors and how best to ensure you avoid them and their potential impact. This presentation is brought to you by AWS partner, Palo Alto Networks.

How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...

Amazon Web Services

AWS Systems Manager gives you visibility and control of your infrastructure on AWS. AWS Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. In this session you will learn how enterprises have embraced AWS Systems Manager to address many of the common operational challenges that have emerged on their journey to the cloud.

Hands-on Lab: Using a Property Graph

Amazon Web Services

Gaining Visibility and Insight into Your Distributed Applications with AWS X-Ray and AWS Step Functions Distributed applications present an additional layer of complexity over traditional monolithic designs and make monitoring, debugging, and optimising systems a challenge. AWS Step Functions manages the heavy-lifting of state management and coordination between tasks, making it easier to build distributed applications with complex business workflows. In this session you will learn how to build state machines to orchestrate multi-step serverless applications and gain operational visibility into your distributed applications using AWS X-Ray. Glenn Gillen, Solutions Architect, Amazon Web Services

Hands-on Lab-Redshift Basics

Amazon Web Services

AWS-S3-infographic-finalVikramaditya Gupta

Automate Testing & Deployment of Modern Serverless Apps (API318-R1) - AWS re:...

Amazon Web Services

Continuous deployment enables you to be more productive and deliver a more stable product. In this session, learn how to utilize CI/CD techniques when deploying AWS services like AWS Step Functions, Amazon API Gateway, and AWS Lambda resources. Get into the nuts and bolts of handling versions, testing, and deploying using AWS CodePipeline, and monitoring performance using Amazon CloudWatch. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.

Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...

Amazon Web Services

APIs are evolving and changing the way developers build. Essential to any sort of application, they are driving our increasingly interactive and integrated software world. In this session we’ll discuss some of the latest releases and new features in the AWS Serverless ecosystem that can help supercharge your APIs at scale as well as discuss architectural patterns, including global multi-region active/active options, deployment tools, implementation concepts, technologies (REST/GraphQL) and services for different use cases.

Ite express labs

Aeshan Wijetunge

Hands-On Lab: Break a Monolith Application into Microservices: Database Week SF

Amazon Web Services

Database Week at the San Francisco Loft Hands-on Lab: Break a Monolith Application into Microservices In this tutorial, you will deploy a monolithic node.js application to a Docker container, then decouple the application into microservices without any downtime. The node.js application hosts a simple message board with threads and messages between users. Speakers: Sachin Holla - Sr. Solutions Architect, AWS Raj Bagwe - Solutions Architect, AWS Ipsita Chowdhury - Technical Account Manager, AWS

Security at the speed of cloud: How to think about it & how you can do it now...

Amazon Web Services

Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...

Amazon Web Services

As enterprises transform their business and the way they consume infrastructure, there is a need for a new organizational unit, a Cloud Center of Excellence (CCoE), to ensure a successful transformation. As the acting center of knowledge, the CCoE is a bridge connecting all departments involved, guiding and accelerating your cloud journey. In this session, we discuss how your CCoE can develop a holistic cloud strategy designed to efficiently scale with your business. We share proven optimization and governance best practices from CloudHealth across RI management, identifying underutilized resources and auto-governing rule sets.

Build your APPs in Lean and Agile Way using AWS Amplify

Amazon Web Services

Use AWS RoboMaker to Develop a Robot Application to Track and Find Fido (ROB2...

Amazon Web Services

AWS RoboMaker enables you to easily develop complex robot applications. In this workshop, we introduce the capabilities of RoboMaker to develop ROS robot and simulation applications, natively integrate with other AWS services such as Amazon CloudWatch and Amazon Kinesis video streams, and build and compile these applications. Upon completion, you will launch a simulated TurtleBot3 wheeled robot to look at different images within an enclosed space utilizing Amazon Rekognition’s object detection features, and track down that pesky pooch’s photo! After the workshop, you will have a fundamental understanding of the development process for robotic applications using AWS RoboMaker.

Migrate your Oracle and SQL Server databases to Amazon RDS - ADB210 - New Yor...

Amazon Web Services

Accelerating App Development with AWS Amplify

Amazon Web Services

Looking for a way to build beautiful, cloud-native web and mobile apps? Seeking to eliminate the undifferentiated heavy lifting of a traditional, three-tier web application? AWS Amplify makes it a snap with an easy-to-use library, a powerful toolchain, a user-interface component library, and built-in capabilities such as authentication and analytics. Uncover how to bring your idea to life, scale it to the max, and delight your users in less time than before.

Building Mobile Apps with AWS Amplify

Amazon Web Services

By: Nader Dabit, Developer Advocate, AWS Mobile You’ve got an awesome startup idea – Wild Rydes! The next generation in transportation will be driven by a willing unicorn population and your new startup will produce the worlds first unicorn hailing services. It’s just seven days to launch, and your designers have delivered the final designs for your website, but your idea depends on the mobile economy! Can you build out your web and mobile infrastructure in time for your launch? Across three days, AWS experts will guide you through all the pieces that are needed to produce an awesome mobile experience for both your unicorns and your riders.

Move desktops & applications to AWS with Amazon WorkSpaces & AppStream 2.0 - ...

Amazon Web Services

IT organizations today need to support a mobile, flexible, global workforce and ensure that their users can be productive anywhere. Moving desktops and applications to AWS offers improved security, scale, and performance with cloud economics. In this session, we provide an overview of Amazon WorkSpaces and Amazon AppStream 2.0, and we discuss the use cases for each. Then, we dive deep into best practices for implementing Amazon WorkSpaces and AppStream 2.0, including how to integrate with your existing identity, security, networking, and storage solutions.

Migrating monolithic applications with the strangler pattern - FSV303 - New Y...

Amazon Web Services

“Lifting and shifting” an enterprise-scale application will yield some of the benefits of the cloud, but elasticity and agility may still be limited. Conversely, rewriting that application to be cloud-native can be costly in terms of both time and money and could cause you to miss market opportunities. This session explores the challenges financial institutions face when migrating their existing portfolio of applications to the cloud. Then, we share practical tips to migrate applications to realize cloud-native architectural benefits incrementally using the strangler pattern.

Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018

Amazon Web Services

A successful transition to a modern elastic, containerized, microservice architecture requires automating all things, including your monitoring and alerting infrastructure. In this talk, we share some of the techniques and best practices we learned at New Relic for applying "infrastructure as code" (IaC) techniques to monitoring and alerting during our 10-year journey from a single-region monolithic application to a global multi-region deployment of hundreds of microservices. This session is brought to you by AWS partner, New Relic.

How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...

Amazon Web Services

What's hot

Secure End User Computing in the Cloud_AWSPSSummit_Singapore

Amazon Web Services

Charla principal

Elasticsearch

Microservices for Startups

Amazon Web Services

A Practical Guide to Migrating Legacy Applications

Cloudsoft

Gaining Visibility and Insight into Your Distributed Applications with AWS X-...

Amazon Web Services

Hands-on Lab-Redshift Basics

Amazon Web Services

AWS-S3-infographic-finalVikramaditya Gupta

Automate Testing & Deployment of Modern Serverless Apps (API318-R1) - AWS re:...

Amazon Web Services

Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...

Amazon Web Services

Ite express labs

Aeshan Wijetunge

Hands-On Lab: Break a Monolith Application into Microservices: Database Week SF

Amazon Web Services

Security at the speed of cloud: How to think about it & how you can do it now...

Amazon Web Services

Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...

Amazon Web Services

Build your APPs in Lean and Agile Way using AWS Amplify

Amazon Web Services

Use AWS RoboMaker to Develop a Robot Application to Track and Find Fido (ROB2...

Amazon Web Services

Migrate your Oracle and SQL Server databases to Amazon RDS - ADB210 - New Yor...

Amazon Web Services

Accelerating App Development with AWS Amplify

Amazon Web Services

Building Mobile Apps with AWS Amplify

Amazon Web Services

Move desktops & applications to AWS with Amazon WorkSpaces & AppStream 2.0 - ...

Amazon Web Services

Migrating monolithic applications with the strangler pattern - FSV303 - New Y...

Amazon Web Services

What's hot (20)

Secure End User Computing in the Cloud_AWSPSSummit_Singapore

Charla principal

Microservices for Startups

A Practical Guide to Migrating Legacy Applications

Gaining Visibility and Insight into Your Distributed Applications with AWS X-...

Hands-on Lab-Redshift Basics

AWS-S3-infographic-final

Automate Testing & Deployment of Modern Serverless Apps (API318-R1) - AWS re:...

Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...

Ite express labs

Hands-On Lab: Break a Monolith Application into Microservices: Database Week SF

Security at the speed of cloud: How to think about it & how you can do it now...

Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...

Build your APPs in Lean and Agile Way using AWS Amplify

Use AWS RoboMaker to Develop a Robot Application to Track and Find Fido (ROB2...

Migrate your Oracle and SQL Server databases to Amazon RDS - ADB210 - New Yor...

Accelerating App Development with AWS Amplify

Building Mobile Apps with AWS Amplify

Move desktops & applications to AWS with Amazon WorkSpaces & AppStream 2.0 - ...

Migrating monolithic applications with the strangler pattern - FSV303 - New Y...

Similar to AWS DOs and DONTs

Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018

Amazon Web Services

How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...

Amazon Web Services

The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...

Amazon Web Services

Data privacy and security are top concerns for customers in the cloud. In this session, the AWS Automated Reasoning group shares the advanced technologies, rooted in mathematical proof, that help provide the highest levels of security assurance in today's data-driven world. The Automated Reasoning group co-presents with Bridgewater, a customer that has leveraged these technologies to help confirm that security requirements are being met, an assurance not previously available from conventional tools.

Serverless best practices plus design principles 20m version

Heitor Lessa

Transforming Enterprise IT - AWS Transformation Day Boston 2018

Amazon Web Services

Advanced Serverless application architecture and design considerations

Dilip Kola

Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...

Amazon Web Services

In this session, we outline the five levels of cloud operations automation, providing a clear path and maturity model for achieving security, compliance, and architecture best practices. Using real-world case studies from Fortune 100 enterprises, we demonstrate how secure AWS Landing Zones and policy-based, automated guardrails accelerate the safe migration and ongoing operation of hundreds of enterprise applications, putting your team on the road to DevSecOps maturity. This session is brought to you by AWS partner, Turbot HQ, Inc.

AWS 기반 Microservice 운영을 위한 데브옵스 사례와 Spinnaker 소개::김영욱::AWS Summit Seoul 2018Amazon Web Services Korea

The Quest for Continuous ATO: A Case Study Featuring the US Intelligence Comm...

Amazon Web Services

In 2013 the Central Intelligence Agency partnered with AWS to stand up an entire AWS region, completely air-gapped and dedicated to use by the Intelligence Community (IC). The resulting Commercial Cloud Services (C2S) environment leverages many AWS services to offer virtually unlimited capacity, auto scaling, instant provisioning, and fault isolation. Naming this new environment Commercial Cloud Services was quite intentional, as the government sought to work at the speed of commercial innovation and accelerate time-to-mission. Despite the physical isolation and protections afforded to C2S, each workload to operate in the environment needs to be configured and assessed according the IC’s rigorous security standards. During the implementation of C2S the government worked with AWS and Telos Corporation to revolutionize traditional A&A practices, streamlining the end-to-end process for completing a Body of Evidence (BoE) for authorization in as little as one week versus the six to nine months previously expected. Practitioners from Telos and AWS who worked directly with the C2S sponsor on the ATO effort will share their experiences using Xacta 360, the risk management solutions engineered to integrate with AWS services to seamlessly automate compliance validation and reporting, and generate auto-populated compliance packages with inherited, pre-vetted security controls of AWS services.

Under the Hood: How Amazon Uses AWS Services for Analytics at a Massive Scale...

Amazon Web Services

As Amazon's consumer business continues to grow, so does the volume of data and the number and complexity of the analytics done in support of the business. In this session, we talk about how Amazon.com uses AWS technologies to build a scalable environment for data and analytics. We look at how Amazon is evolving the world of data warehousing with a combination of a data lake and parallel, scalable compute engines, such as Amazon EMR and Amazon Redshift.

Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018

Amazon Web Services

Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...

Amazon Web Services

As companies employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology to ensure the speed, stability, and security of your applications.

[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...

Amazon Web Services

Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018

Amazon Web Services

Serverless brings many advantages to software development, but it introduces new monitoring challenges as well. Isolated telemetry on individual functions might not provide enough visibility, and instrumentation in a world where 100 ms of extra execution time could cost thousands of dollars might prove prohibitive. In this session, we explore how New Relic enables full observability of the serverless stack, including its executing context, with minimal impact in performance. Learn from customer case studies and real-world examples. This session is brought to you by AWS partner, New Relic.

Remove Undifferentiated Heavy Lifting from CI/CD Toolsets with Corteva Agrisc...

Amazon Web Services

Cloud engineering teams at Corteva Agriscience, Agriculture Division of DowDuPont, have a challenge: how to support a global business of research scientists and software developers in building a world-class innovation organization. Modern agriculture produces larger and more varied data types, so their approach must be not only scalable and flexible, but also commit to operational excellence while remaining adoptable. This session will walk through how Corteva Agriscience builds container-based infrastructures with CI/CD pipelines that remove undifferentiated heavy lifting and allow teams to empower developers. Members of the cloud engineering team will discuss problems they face, solutions they implement, and show an example of how they leverage AWS services (AWS CodeCommit, AWS CodePipeline, AWS CloudFormation, AWS Fargate) to deploy a novel machine learning algorithm for scoring genetic markers.

Serverless and DevOps

Chris Munns

From July 2015 until January 2017 I represented the DevOps service space at AWS. I traveled the world and spoke about DevOps culture, practices and tools to companies small and large. Then I left for AWS Lambda team and now travel the world helping developers understand this new application paradigm that is serverless. People often ask me, what does serverless mean for DevOps? What does DevOps mean for serverless? In this talk I’ll give the AWS perspective and help clear up the future of both, talk about the culture, practice, and tools of serverless application development and explain what you should do if DevOps is in your title.

AWSome Day Online Keynote

Amazon Web Services

Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...

Amazon Web Services

Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018

Amazon Web Services

You've spent the time designing, architecting, setting up, and configuring your Kubernetes cluster. Now, it's on to day two. "Day two" refers to the functions of scaling, optimizing, monitoring, securing, and in general keeping the lights on. In this talk, we discuss the tools that you have available to help you build a reliable and resilient Kubernetes cluster and run workloads in production. We discuss how to control the network, secure your environment using threat detection, scan your containers for vulnerabilities, use monitoring tools, and create scalable containers and clusters.

New AWS Security Solutions to Protect Your Workload

Amazon Web Services

New AWS Security Solutions to Protect Your Workload 亞馬遜 AWS 於 2018 年 11 月底在美國拉斯維加斯所舉辦的第七屆 AWS re:Invent 2018 大會，在 AWS 客戶、合作夥伴、媒體人士、產業分析師及 AWS 員工共襄盛舉下，與會人數再創新高，超過 5 萬人。會中 AWS 發布超過 20 款雲端方案，且一半以上專攻雲端 AI、機器學習、物聯網，包括對 SageMaker 強化更多進階功能，推出第一款專用的機器學習推論晶片、加入深度的機器學習運算法支援，及其他包括儲存、資料庫、混合雲、邊緣運算 IoT 等解決方案。而具備微型機器學習能力的迷你自駕遙控車 DeepRacer 的現身，驚人之舉不僅抓人眼球，深入客戶體驗的用心，更成功抓住全球使用者的心。為讓您與全球先進技術同步，共享最新趨勢資訊，解決您開發機器學習和發展 AIoT 所遇到的難題，AWS 台灣團隊將於 2019 年 1 月 31 日 (四) 舉辦《AWS re:Invent 2018 Recap 台北》，特別嚴選最適切國內諸位先進和企業需求的內容，從「技術創新」、「AIoT」兩大分組議程，發表 AWS 的新服務和新方案。大會除了邀請亞馬遜 AWS 大中華區首席雲計算企業顧問 (Principal Evangelist) 張俠博士分享 AWS 的解決方案藍圖外，眾多 AWS 資深專家也將分享包含機器學習、深度學習推理加速等新方案，完全託管的文件系統、資料庫，無伺服器、容器技術與安全性，以及大數據與分析、物聯網服務應用、儲存方案等最新技術。歡迎您親臨會場，全方位體驗 AWS 新服務將能為您創造的驚人創新之效益。

Similar to AWS DOs and DONTs (20)

Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018

How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...

The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...

Serverless best practices plus design principles 20m version

Transforming Enterprise IT - AWS Transformation Day Boston 2018

Advanced Serverless application architecture and design considerations

Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...

AWS 기반 Microservice 운영을 위한 데브옵스 사례와 Spinnaker 소개::김영욱::AWS Summit Seoul 2018

The Quest for Continuous ATO: A Case Study Featuring the US Intelligence Comm...

Under the Hood: How Amazon Uses AWS Services for Analytics at a Massive Scale...

Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018

Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...

[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...

Monitoring Serverless Applications (SRV303-S) - AWS re:Invent 2018

Remove Undifferentiated Heavy Lifting from CI/CD Toolsets with Corteva Agrisc...

Serverless and DevOps

AWSome Day Online Keynote

Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...

Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018

New AWS Security Solutions to Protect Your Workload

More from Casey Lee

2022 SF Summit - Improving Developer Experience with CDK

Casey Lee

AWS Summit DC 2021: Improve the developer experience with AWS CDK

Casey Lee

In this session, you will learn how to allow developers to rapidly deploy and iterate on their apps in AWS, using AWS CDK. You will also discover AWS CDK best practices related to security and cost optimization. You will hear from Gaggle about how they used these practices to allow their developers to focus on building, testing, and deploying applications rapidly, without focusing on undifferentiated heavy lifting. https://www.youtube.com/watch?v=pJX1hvTRUYE

The Last Bottleneck of Continuous Delivery

Casey Lee

Raise your hand if you enjoy working with the CAB (Change Advisory Board) to get your app deployed to production; 臘‍♀️didn’t think so. Now raise your hand if you’d like a “Get out of CAB free card”; ‍♀️ hands go up across the room! We’ve mastered the automation of building, testing and deploying software but one bottleneck still remains in continuous delivery, the CAB (Change Advisory Board). In this talk we will explore the use of tools such as Grafeas and OPA to automate the enforcement of the CAB’s policies to give teams a fast pass to production!

Using AWS to Achieve Both Autonomy and Governance at 3M

Casey Lee

There is a constant tension between empowering teams to be agile through autonomy and enforcing governance policies to maintain regulatory compliance. Hear from Nathan Scott, Senior Consultant at AWS and James Martin, Automation Engineering Manager at 3M on how they have achieved both autonomy and governance through self-service automation tools on AWS. Learn how to avoid pitfalls with building the CI/CD team, right sizing and how to address. This session will also feature a demo from Casey Lee, Chief Architect at Stelligent on the tools used to accomplish this for 3M, including AWS Service Catalog, AWS CloudFormation, AWS CodePipeline and Cloud Custodian, an open source tool for managing AWS accounts.

AWS re:Invent 2018

Casey Lee

Continuous Delivery on AWS with Zero Downtime

Casey Lee

Container based CI/CD on GitHub Actions

Casey Lee

WORKSHOP: Microservices as Containers on AWS

Casey Lee

Microservices as Containers on AWS . . . for Fun and Profit

Casey Lee

The architectural pattern of decomposing an application into microservices has proven extremely effective at delivering software faster. However, this type of an architecture comes with its fair share of challenges. Fortunately, Amazon Web Services (AWS) offers many services that can be leveraged to overcome these challenges and adopt microservice best practices. If you are just starting to consider using AWS for running your microservices or if you have already started on the journey and looking for opportunities to improve, then this presentation will be beneficial for you. Access the accompanying webinar at the following: http://www.hosting.com/resources/webinars/?commid=258551

Serverless Delivery

Casey Lee

Top10 Characteristics of Awesome Apps

Casey Lee

In this talk, you will hear the best practices from analysts at Gartner, engineers at Heroku, and experiences at VSP distilled down into a top ten list of characteristics that applications ought to have to achieve high availability, scalability and flexibility. Target audience includes developers of APIs and web-based applications, the analysts and architects that design them and the infrastructure teams that support them.

More from Casey Lee (11)

2022 SF Summit - Improving Developer Experience with CDK

AWS Summit DC 2021: Improve the developer experience with AWS CDK

The Last Bottleneck of Continuous Delivery

Using AWS to Achieve Both Autonomy and Governance at 3M

AWS re:Invent 2018

Continuous Delivery on AWS with Zero Downtime

Container based CI/CD on GitHub Actions

WORKSHOP: Microservices as Containers on AWS

Microservices as Containers on AWS . . . for Fun and Profit

Serverless Delivery

Top10 Characteristics of Awesome Apps

Recently uploaded

E-commerce Application Development Company.pdf

Hornet Dynamics

Vitthal Shirke Java Microservices Resume.pdf

Vitthal Shirke

A Sighting of filterA in Typelevel Rite of Passage

Philip Schwarz

AI Genie Review: World’s First Open AI WordPress Website Creator

Google

AI Genie Review: World’s First Open AI WordPress Website Creator 👉👉 Click Here To Get More Info 👇👇 https://sumonreview.com/ai-genie-review AI Genie Review: Key Features ✅Creates Limitless Real-Time Unique Content, auto-publishing Posts, Pages & Images directly from Chat GPT & Open AI on WordPress in any Niche ✅First & Only Google Bard Approved Software That Publishes 100% Original, SEO Friendly Content using Open AI ✅Publish Automated Posts and Pages using AI Genie directly on Your website ✅50 DFY Websites Included Without Adding Any Images, Content Or Doing Anything Yourself ✅Integrated Chat GPT Bot gives Instant Answers on Your Website to Visitors ✅Just Enter the title, and your Content for Pages and Posts will be ready on your website ✅Automatically insert visually appealing images into posts based on keywords and titles. ✅Choose the temperature of the content and control its randomness. ✅Control the length of the content to be generated. ✅Never Worry About Paying Huge Money Monthly To Top Content Creation Platforms ✅100% Easy-to-Use, Newbie-Friendly Technology ✅30-Days Money-Back Guarantee See My Other Reviews Article: (1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review (2) SocioWave Review: https://sumonreview.com/sociowave-review (3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review (4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review #AIGenieApp #AIGenieBonus #AIGenieBonuses #AIGenieDemo #AIGenieDownload #AIGenieLegit #AIGenieLiveDemo #AIGenieOTO #AIGeniePreview #AIGenieReview #AIGenieReviewandBonus #AIGenieScamorLegit #AIGenieSoftware #AIGenieUpgrades #AIGenieUpsells #HowDoesAlGenie #HowtoBuyAIGenie #HowtoMakeMoneywithAIGenie #MakeMoneyOnline #MakeMoneywithAIGenie

2024 eCommerceDays Toulouse - Sylius 2.0.pdf

Łukasz Chruściel

Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx

rickgrimesss22

Fundamentals of Programming and Language Processors

Rakesh Kumar R

May Marketo Masterclass, London MUG May 22 2024.pdf

Adele Miller

Need for Speed: Removing speed bumps from your Symfony projects ⚡️

Łukasz Chruściel

No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception. In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed. We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.

Cracking the code review at SpringIO 2024

Paco van Beckhoven

Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production. Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process? In this session we will cover: - The Art of Effective Code Reviews - Streamlining the Review Process - Elevating Reviews with Automated Tools By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces

Introducing Crescat - Event Management Software for Venues, Festivals and Eve...

Crescat

Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry. Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events. With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use. Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements. If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io

APIs for Browser Automation (MoT Meetup 2024)

Boni García

GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)

Alina Yurenko

Transform Your Communication with Cloud-Based IVR Solutions

TheSMSPoint

Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony

Artificia Intellicence and XPath Extension Functions

Octavian Nadolu

Graspan: A Big Data System for Big Code Analysis

Aftab Hussain

We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs. We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations. These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18. - Accepted in ASPLOS ‘17, Xi’an, China. - Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17. - Invited for presentation at SoCal PLS ‘16. - Invited for poster presentation at PLDI SRC ‘16.

A Study of Variable-Role-based Feature Enrichment in Neural Models of Code

Aftab Hussain

Understanding variable roles in code has been found to be helpful by students in learning programming -- could variable roles help deep neural models in performing coding tasks? We do an exploratory study. - These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia

Launch Your Streaming Platforms in Minutes

Roshan Dwivedi

The claim of launching a streaming platform in minutes might be a bit of an exaggeration, but there are services that can significantly streamline the process. Here's a breakdown: Pros of Speedy Streaming Platform Launch Services: No coding required: These services often use drag-and-drop interfaces or pre-built templates, eliminating the need for programming knowledge. Faster setup: Compared to building from scratch, these platforms can get you up and running much quicker. All-in-one solutions: Many services offer features like content management systems (CMS), video players, and monetization tools, reducing the need for multiple integrations. Things to Consider: Limited customization: These platforms may offer less flexibility in design and functionality compared to custom-built solutions. Scalability: As your audience grows, you might need to upgrade to a more robust platform or encounter limitations with the "quick launch" option. Features: Carefully evaluate which features are included and if they meet your specific needs (e.g., live streaming, subscription options). Examples of Services for Launching Streaming Platforms: Muvi [muvi com] Uscreen [usencreen tv] Alternatives to Consider: Existing Streaming platforms: Platforms like YouTube or Twitch might be suitable for basic streaming needs, though monetization options might be limited. Custom Development: While more time-consuming, custom development offers the most control and flexibility for your platform. Overall, launching a streaming platform in minutes might not be entirely realistic, but these services can significantly speed up the process compared to building from scratch. Carefully consider your needs and budget when choosing the best option for you.

openEuler Case Study - The Journey to Supply Chain Security

Shane Coughlan

Quarkus Hidden and Forbidden Extensions

Max Andersen

Recently uploaded (20)

E-commerce Application Development Company.pdf

Vitthal Shirke Java Microservices Resume.pdf

A Sighting of filterA in Typelevel Rite of Passage

AI Genie Review: World’s First Open AI WordPress Website Creator

2024 eCommerceDays Toulouse - Sylius 2.0.pdf

Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx

Fundamentals of Programming and Language Processors

May Marketo Masterclass, London MUG May 22 2024.pdf

Need for Speed: Removing speed bumps from your Symfony projects ⚡️

Cracking the code review at SpringIO 2024

Introducing Crescat - Event Management Software for Venues, Festivals and Eve...

APIs for Browser Automation (MoT Meetup 2024)

GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)

Transform Your Communication with Cloud-Based IVR Solutions

Artificia Intellicence and XPath Extension Functions

Graspan: A Big Data System for Big Code Analysis

A Study of Variable-Role-based Feature Enrichment in Neural Models of Code

Launch Your Streaming Platforms in Minutes

openEuler Case Study - The Journey to Supply Chain Security

Quarkus Hidden and Forbidden Extensions

AWS DOs and DONTs

4. 4 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved. DON’T overload accounts • Complex access administration • Larger blast radius • Tricky cost allocation https://aws.amazon.com/blogs/apn/migrating-applications-to-saas-a-minimally-invasive-approach/

5. 5 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved. DO use Organizations API https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html { "Version": "2012-10-17", "Statement": [{ "Effect": "Deny", "Action": [ "cloudtrail:AddTags", "cloudtrail:CreateTrail", "cloudtrail:DeleteTrail", "cloudtrail:RemoveTags", "cloudtrail:StartLogging", "cloudtrail:StopLogging", "cloudtrail:UpdateTrail" ], "Resource": "*" }] }

9. 9 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved. DO enable CLI access https://aws.amazon.com/blogs/security/how-to-implement-a-general-solution-for-federated-apicli-access-using-saml-2-0/

13. Foundation Infrastructure Automation

18. 18 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved. DO encrypt at rest PolicyDocument: Version: '2012-10-17' Statement: - Sid: RequireEncryption Effect: Deny Principal: '*' Action: s3:PutObject Resource: arn:aws:s3:::my-bucket-name/* Condition: StringNotEquals: s3:x-amz-server-side-encryption: aws:kms

20. 20 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved. DON’T launch instances without ASG https://www.slideshare.net/AmazonWebServices/set-it-and-forget-it-auto-scaling-target-tracking-policies-aws-online-tech-talks

21. 21 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved. DO use target tracking policies https://www.slideshare.net/AmazonWebServices/set-it-and-forget-it-auto-scaling- target-tracking-policies-aws-online-tech-talks

23. Foundation Infrastructure Automation

33. 33 © Copyright 2007-2018 Stelligent Systems, llc. All Rights Reserved. DO automated compliance - name: s3-event-global-access mode: type: cloudtrail events: - source: s3.amazonaws.com ids: requestParameters.bucketName event: PutBucketAcl runtime: python3.6 resource: s3 filters: - type: global-grants actions: - delete-global-grants - name: create-bucket-autotag mode: type: cloudtrail events: - source: s3.amazonaws.com ids: requestParameters.bucketName event: CreateBucket runtime: python3.6 resource: s3 filters: - tag:Owner: absent actions: - type: auto-tag-user tag: Owner Disable all global-grants Auto tag with Owner Cloud Custodian

34. Foundation Infrastructure Automation

36. Thank you Questions?

37. stelligent.com

AWS DOs and DONTs

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to AWS DOs and DONTs

Similar to AWS DOs and DONTs (20)

More from Casey Lee

More from Casey Lee (11)

Recently uploaded

Recently uploaded (20)

AWS DOs and DONTs