The document discusses various AWS services for containerized applications and serverless architectures. It covers ECS, EKS, Lambda, serverless patterns, microservices, data lakes, machine learning, and Kubernetes. Key points include: - ECS uses containers wrapped in task definitions and services wrapped in clusters. EKS launches Kubernetes clusters on EC2 instances in AWS accounts. - Serverless patterns discussed include web applications using API Gateway and Lambda, stream processing with Kinesis, and data lakes using S3 and Athena. - Best practices for serverless include avoiding hardcoding orchestration, using Step Functions, monitoring and testing, and considering costs of data and services used. - Microservices tend to

1. !.
#.
$.
%.
AWS ReInvent Educ4tion :
ECS:
Cont4iner <Wr4pped By> T4sk Definition <Wr4pped By> Service <Wr4pped
By> Cluster
Cont4iner:
Docker
or docker-compose
specify network 4ttributes including DNS, Stor4ge mount points
specify resource limits
T4sk Definition:
Describes one or more cont4iners, 4ttributes 4t both cont4iner 4nd t4sk
level
Network mode: 4wsvpc
Role Needed: ecsT4skExecutionRole
Comp4tibility : F4rg4te -> register t4sk def 4nd F4rg4te m4n4ges the
infr4structure 4nd l4unches
: EC2 -> Self m4n4ged EC2 inst4nces
Service: Includes the security group 4nd lo4d b4l4ncer type
Cluster : F4rg4te Cluster, VPCID 4nd SubNet det4ils
EKS:
St4rt with 4 cluster N4me
Am4zon EKS exposes 4 Kubernetes API endpoint.
Your existing Kubernetes tooling c4n connect directly to EKS m4n4ged
control pl4ne. Worker nodes run 4s EC2 inst4nces in your 4ccount.
You c4n cre4te this cluster with K8S version 1.10
In your VPC
In your Subnet
With your security groups
Mond4y : Mythic4l mysfits: (CON321-R, CON214-R1, CON322-R) (sitting with
pointclickc4re 4 CAN firm)
4ws-mythic4l-mysfits@4m4zon.com
Source->Build->Test->Production
Build in tooling, 4utom4tion, security every step
Source/Build -> CI
Source/Build/Test/Production-> C-Delivery ( only production re4dy 4rtif4ct is
re4dy to deploy. Does not h4ve to be deployed to PROD)

2. `.
a.
b.
c.
d.
!e.
!!.
!#.
!$.
!%.
!`.
!.
#.
Continuous Deployment -> Deployed to production
CI/CD -> velocity, reduced risk, shorter feedb4ck loop,
NOTE TO SELF : C4n our ENV te4m be c4lled DevOps te4m.
S3 : h4s 200 steps for its deployment
Ch4llenges : Get buy in for Autom4tion, Metrics, leg4cy process, leg4cy
4nything
Common p4tterns : Autom4tion (st4rt sm4ll), Microservices, Strict API
contr4cts, Testing
Source -> AWS Code commit, Build -> AWS Code build , Test -> Third p4rty
tooling, Production AWS F4rg4te.
Build/Test/Deploy -> AWS Code Pipeline
https://github.com/4ws-s4mples/4ws-modern-4pplic4tion-workshop/tree/
f4rg4te/workshop-2
https://s3.4m4zon4ws.com/mythic4l-mysfits-website/f4rg4te-devsecops/
core.yml
Aws18Reinvent%
Comm4nds : 4ws ecs list-t4sk-definitions, 4ws ecr describe-repositories
Servless 4pplic4tions 4rchitecture m4cro p4tterns:
Serverless : AWS L4mbd4, Cognito, Kinesis, Steps functions, X-R4y, Athen4,
S3, DDB, SQS, 4pi gw, Cloudw4tch
Cold or W4rm st4rt for l4mbd4 : 128M to 3GB memory (incre4ses CPI/
NEtwork)

3. $.
%.
`.
a.
b.
c.
d.
!e.
GitHub.com/4lexc4s4lboni/4ws-l4md4-power-tuning
L4md4 : minimize p4ck4ge size, put j4rs in lib/j4r, simpler IOC (D4gger2),
sm4ller 4nd f4ster fr4meworks (j4ckson-jr), use ENV v4ri4bles, SQS Visibility
timeout check.
AWS SAM : CFT optimized, functions, APIS, t4bles, SAM-CLI (Servlets
4pplic4tion model)
AWS cloud9
AWS codest4r -> CodeCommit, CodeBuild, CodeDeploy
AWS Code pipeline -> Code Pipeline
Ali4s Tr4ffic shifting
P4ttern 1:
Web 4pplic4tion p4ttern. <——— P1
Cloudfront, S3
API g4tew4y, AWS L4mbd4, DDB for stor4ge
3 different API g4tew4y endpoints:
Edge optimized API (client l4tency reduction)
L4mbd4 4t Edge <—— NEW TO COMPUTE AT EDGE
JWT (J4son Web Tokens)
Route 53, Cloudfront distribution
Priv4te API ( API only inside VPC)
Cross Account L4mbd4 <———— ?? (Resource policies) e.g. 4n 4ccount just
for l4mbd4 functions
Per method throttling
AWS Cognito Authoriz4tion
L4mbd4 4uthorizer function
Gr4phQL (4n 4ltern4tive to Gr4phQL) -> HTTP, MQTT, WebSockets
AWS AppSync API ( Gr4phQL)
Stre4m Processing <————P2
Kenesis Video stre4ming, Kinesis D4t4 Stre4ms, Firehose, An4lytics
Source record b4ckup
L4mbd4 tr4nsform4tion, enrichment
delivery type : S3, Redshift, El4sticSe4rch
Buffer size, Buffer interv4ls ( when fills will deliver)
1MB ingest, 2MB egress / Sh4rd
Customer reference : Otonomo
Mess4ging comp4rison on : ordering, push/pull, delivery (once -ex4ctly or 4t le4st
once), retention, p4r4llel consumers,
D4t4 L4ke <————— P3
store for che4p, open form4t stor4ge (schem4 on re4d),
AWS Tr4nsfer for SFTP (SFTP endpoint to ingestion into S3)
S3 decouples compute / stor4ge

4. S3 select, New Block Public Access
Dyn4moDB 4s D4t4 C4t4log (Met4 d4t4) <- using L4mbd4 ( Glue (hive
comp4tibility), Redshift)
Athen4 : serverless query service, (P4rquet, AVRO, ORC)
Blog for Athen4 best pr4ctice.
L4mbd4 : 15 mins
Pywren (custom python 4nd sends to l4mbd4 in p4r4llel) <- pywren.io
ML P4ttern <————— P4
Vision, L4ngu4ge,
Im4ge processing : Am4zon Rekognition Im4ge
Medi4 4n4lysis solution
Am4zon Connect <- AWS c4ll center service
Lex ch4tbot
Glue fine gr4ined 4ccess control:
Access control for d4t4 c4t4logs
Identity 4nd resource b4sed policies (en4ble cross 4ccount 4ccess)
C4t4log / region / 4ccount
Resources 4re : c4t4log, d4t4b4se, connection, t4ble, function
Only one policy per c4t4log
IAM policy to user, Glue resource policy on c4t4log <- to get him 4ccess.
Access gr4nts up to t4bles 4nd not p4rtitions (e.g. if t4ble h4s both PII 4nd non-
PII this will be 4n issue)
WIP : T4g b4sed 4nd p4rtition b4sed ACL, N4tive support for View, EMR 4ccess
using IAM profile.
E2E encryption is support, KMS is supported.
EMR : Ap4che R4nger : https://4ws.4m4zon.com/blogs/big-d4t4/implementing-
4uthoriz4tion-4nd-4uditing-using-4p4che-r4nger-on-4m4zon-emr/
VMW4re Cloud on AWS:
Usec4ses:
Cloud migr4tions
D4t4 Center Extension - On dem4nd, Test/Dev
DR (most common use c4se) [ Replic4ted ]
Next gen 4pplic4tions
NSX VPN or AWS Direct connect
Distributed fireb4lling
SDDC : Softw4re defined d4t4 center
============================================================

5. ===============
Tuesd4y
=======
https://github.com/vmw4re/liot4
https://s3.4m4zon4ws.com/cloudform4tion-ex4mples/
Boostr4ppingApplic4tionsWithAWSCloudForm4tion.pdf
https://4ws.4m4zon.com/blogs/4ws/powerful-new-fe4tures-for-4ws-
cloudform4tion/
Serverless 4ntip4tterns:
Good for dyn4mic sc4l4bility
Well 4rchitected fr4mework: OE, security, Reli4bility, Perform4nce Efficiency, Cost
optimiz4tion
https://d1.4wsst4tic.com/whitep4pers/4rchitecture/AWS-Serverless-Applic4tions-
Lens.pdf
Orchestr4ting AWS L4mbd4 functions mist4kes:
Anti-p4tterns:
H4rd coding to orchestr4tion (ch4llenges : h4rd code, timeout, execution tr4cking,
m4n4ge4bility)
Events to orchestr4tion (execution tr4cking, m4n4ge4bility, h4ndling flow, stor4ge
cost)
Schedule to orchestr4tion (tr4cking, m4n4ge4bility, flow, w4ste compute cycle,
stor4ge cost)
BP : Use step functions (L4mbd4 4nd ECS) : PE, R, CO : AWS-SA-Lense
Anti-p4ttern 4re4:
Debugging 4nd testing : need str4tegy for debugging 4nd testing
Monitoring ; logging 4nd monitoring
Gr4nul4rity : donʼt do too much or too little
Securing : AuthN, AuthZ, bound4ries, V4lid4tion, Compli4nce
Design : right scope dependencies between functions, d4t4 stores, mess4ging
4nd other services
Network connectivity : consider networking requirements 4nd bound4ries
Orchestr4ting : Step functions us4ge
Cost :
API G4tew4y :
Not just compute : consider d4t4, mess4ging, stre4ming, identify, monitoring,
deployment

6. D4t4 Volume : L4mbd4 (15M limit), in 15 minutes processing window
Sync vs. Async : response , error 4nd retry
ALM in serverless: CI/CD
Code reuse:
St4nd4rds 4nd conventions
Env. V4ri4bles
L4mbd4 needs to run in VPC. (Cre4tes 4 new ENI c4uses 10sec del4y in VPC,
E4ch VPC h4s ENI limits)
L4mbd4 still needs IP 4ddresses.
Choice run time (python, j4v4script)
Cold st4rt 4void4nce str4tegy (work with it r4ther th4n working 4round it)
Use secret m4n4ger or p4r4meter store for environment
If it feels like cost is not the only driver, 4nd we 4re overdoing/thinking 4 problem
with l4mbd4 solution look for other serverless p4tterns
Few ch4llenges : R4ndom f4ilures during testing, file processing 4nd file
movement, doing blocking c4lls, VPC/Network, KMS 4ccess, donʼt use l4mbd4 4s
4 proxy for API g4tew4y

7. Microservices:
Tend to be more 4sync in communic4tion 4nd use mess4ging
Independent deployment
Extern4lize st4te for st4te m4n4gement
St4te m4chine : offered 4s step functions : define in JSON, Visu4lize in console,
Monitor execution
St4te : Action st4te, Choice st4te, P4r4llel processing
Usec4se: Xylem : D4t4 prep workflow, simple st4te m4chine : Serverless during
l4rge pe4k to 4ver4ge v4ri4tion : file from bin4ry to d4t4 l4ke in p4rquet form4t
OnPrem d4t4 store to Dyn4moDB
Usec4se: Coinb4se : reduce new 4mount deployment time, incre4se the reli4bility
of deployment
Integr4ted with CodeFlow configur4tion m4n4gement tool, end to end security
v4lid4tion into production, sex months from ide4 to use for 4ll production
deployment
Usec4se: Gr4nul4r: Integr4tion between modern 4nd leg4cy infr4structure,
heterogeneous technology st4ck.
Usec4se Nov4rtis: Python LAmbd4, AWS B4tch : Use exponenti4l b4ck off 4nd
retry: step functions timeouts: m4x events - 25K events: Network dependency
between DC 4nd Cloud for file movements
Use st4te m4chines with 4 minim4l 4mount of steps
Use S3 4nd p4ss object keys
Extr4ct cert4in business function4lity by st4te m4chine
Error h4ndling : possible exceptions in e4ch step, result of error h4ndling - stop,
recover, continue: c4tch exceptions.
Kubernetes Port4ble Applic4tions :
Cont4iner orchestr4tor : loosely coupled collection of components centered
4round deploying, m4int4ining 4nd sc4ling
Pl4ces cont4iners on nodes
Recovers from f4ilure
B4sic monitoring, logging, he4lth checking
En4bles cont4iners to find e4ch other

8. VMW4re PKS : K8S cluster 4cross vSphere 4nd EC2
VMW4re Cloud PKS : S44S offering

9. Pks login comm4nd
Pks clusters (HA m4ster node 4cross AZs,

10. Uses terr4form scripts
VMW4re Cloud PKS :
S44S b4sed service:
monitoring by W4yfront
====================================================
Wednesd4y
==============
Keynote:
D4t4 stores: [ Key v4lue -> DDB (milli sec l4tency), In Memory -> El4stic C4che
(micro sec l4tency), Gr4ph -> Neptune (d4t4 interconnectedness) ]
ML : TensorFlow, MxNet, Pytorch, C4ffe2, ONNX, Ker4s, Gluon
S4geM4ker : Moodys, Dowjones
New services l4unched:
S3 : Gl4cier Deep Archive
SFTP : File Tr4nsfer

11. AWS D4t4 Sync
S3: ML driven intelligent Tier
Am4zon FSX for windows File Server <- AD integr4ted
Am4zon FSX for Lustre (m4n4ged file system for HPC)
AWS Control Tower <- L4nding Zone (on the console)
AWS Security Hub
AWS L4ke Form4tion
DDB re4dwrite c4p4city on dem4nd
Am4zon Timestre4m (1000X f4ster 4nd 1/10th of RDBMS cost)
Blockch4in : DLT - Centr4lized 4nd distributed peer to peer. : QLDB (4ppend only
mut4ble ledger ) -> Qu4ntum Ledger D4t4b4se (QLDB)
Immut4ble, Cryptogr4phic4lly verifi4ble, tr4nsp4rent, f4st, sc4l4ble, e4sy
Am4zon M4n4ged Blockch4in : Hyperledger F4bric/Ethereum
Am4zon El4stic Inference : ML interf4ce 4cceler4tion using GPU
AWS Inferenti4 Chip (custom designed by AWS)
S4geM4ker Ground Truth
S4geM4ker M4rketpl4ce for M4chine le4rning
Am4zon S4gem4ker RL (ReInforcement Le4rning models)
Intel Co4ch, R4y RL
AWS RoboM4ker
AWS DeepR4cer
Tr4nsit G4tew4y
VPC Priv4te Link
Redshift dyn4mic concurrency sc4ling
AWS IDE Integr4tion : Cloud9, IntelliJ, PyCh4rm, VCode (Note, Python, Go)
Ruby 4nd custom runtime for L4mbd4
Step Functions to integr4te AWS services (including ECS, F4rg4te, SQS, SNS, ..)
ALB support for L4mbd4
Am4zon M4n4ged Stre4ming for K4fk4

13. PostgreSQL:
Jim Mldgenski:
EKS:
St4testreet (running 4 OSS DB Vikes)
Components : Client responsible components (Docker, Worker nodes), EKS (AWS)
owned components.
Docker: Sm4ller size, use multist4ge docker build
Minim4list OS : Alpine Linux, St4tic4lly Go bin4ry
Popul4r b4se im4ges: node:l4test, j4v4:l4test, node:slim, ubuntu:l4test,
4lpine:l4test, busy box:l4test
? Admission Controllers ?
Use resource constr4ints
Setup 4nti-4ffinity rules.

14. Optimize the worker nodes by using better EC2 inst4nces (c5 vs c4) [ crmp ]
AWS owned 4nd oper4ted eKS control pl4ne.

17. Yekes4 Kosuru (MD) from St4te Street
DBMS with high concurrency, low l4tency, OSS, Cloud n4tive for quick f4ilure
recovery
MySQL with RocksDB (LSM d4t4 structure )
Demo: 30 nodes, 169 PDS

20. Mess4ging services:
SQS St4nd4rd Queues :
Duplic4te mess4ge c4n be cre4ted if sender retries to send 4 mess4ge.
Invisibility timeout.
Out of order mess4ges
At le4st once delivery
SQS FIFO Queues:
Kinesis d4t4 stre4m
===================================================
Thursd4y Keynote (CTO 4m4zon.com):
Reducing bl4st r4dius
Sh4rding, Sh4red Nothing, Sh4red Disk
Auror4 : AZ+1 f4ilure support with low MTBF 4nd f4ster MTTR
Every write in MQSQL (with one re4d replic4) results in 5 writes.
Auror4 Replic4tion is 4chieved by moving log
S3 h4s 255 microservices

21. Welllington session:
10K CFT
8K L4mbd4
4K EC2, 5 Regions
4K SQS
362 VPC (worklo4d isol4tion)
Segmented Network on AWS
EU Region (US E4st1, 2)
On Colo : M4rket D4t4 vendor - Network interf4ces , NAS, Centr4lized DBs,
Best pr4ctices:
F4ult dom4ins upfront with n VPC
EC2 with 4utosc4le
Multi-AZ
Cross region only if needed bec4use itʼs h4rder, complex 4nd costly.
Monitor
Sep4r4te Dev/test/st4te/prod
B4stion hosts for 4ll login to AWS process. (SOC1 compli4nce)
Enforce resiliency p4ttern 4utom4tic4lly
Simi4n Army p4ttern (Monkeys : EC2T4g, Shutdown non-prod, ..)
Monitor service us4ge
Autom4te/script f4ilure testing
T4gging v4lues come from CMDB (4ped, Applic4tion ), Logon Group (AD Group
N4me)
Use CloudCheckr & T4be4u for cost reporting 4nd controlling
2019 : All AWS costs will be distributed to LOBs.
They 4re 4ble to project 4nd report cost per 4pplic4tion/4sset:
OneView D4t4 M4rt (AWS Cost)
CADM (Cost)
OneView
Envoy
Fund D4t4 Hub
Journey to AWS is h4rder for less technic4l resources.
Guidelines for permitting services : E.g. if no KMS service not 4llowed.