Slide-deck used in Bend Web Design and Development Meetup (http://web.archive.org/web/20150728021205/http://www.meetup.com/Bend-Web-Design-and-Development/events/222592014/)
3. Lorenzo Aiello
• “Big Data Geek”
• Five Talent
• AWS/IT Engineer
• Working with AWS Ecosystem since 2012
• Manage large AWS deployments
• $200,000 / year
• Multiple AWS Certifications
4. Amazon Web Services
• Large Companies had Scaling Problems
• Google, Amazon and Microsoft developed their own Clouds
• Launched in JAN 2006
• Google Cloud launched in APR 2008
• Microsoft Azure launched in OCT 2008
5. AWS Perceptions and Misconceptions
Less Reliable 99.999999999% Guarantee
Automated Failure Recovery
11 Geographic Regions
3-5 Accessible Availability Zones per Region
More Expensive Pay as you go
Multiple ways to lower costs from “retail”
Overcapacity discounts
AutoScale capacity as-needed
Less Secure Client Owned Data
Encryption Options Available
Client Chosen Location
Data Versioning and Automated Backups
Managed Firewalls
Dedicated Hardware
16. CloudWatch
Alarms
• Health Monitoring
• Usable Across Most Services
• 1-Minute Metrics
• Custom Metrics / Intervals
• User-Defined Actions / Behaviors on Trigger
17. Application Services
SES
• Email Service
• Authenticated SMTP Relay
SQS
• Queueing Service
• Adding JSON Tasks
• Long-Polling
SNS
• Notification Service
• Push Notifications
• Protocols
• HTTP
• Email
• Mobile
• Cell Networks
18. Identity and Access Management
Users / Groups
• Custom Policies
• Completely Granular
• Managed Policies
Roles
• Server Roles
• Rotating Credentials
• SDK Auto-Queries Meta
MFA
• Multi-Factor Authentication
• Ability to Force / Require
19. Who should and shouldn’t use AWS
Who Should
• Looking for Low Cost, High
Availability
• Highly fluctuating workloads
Who Shouldn’t
• Extra-ordinary requirements
• Need for Bulk Bandwidth
• Requirement for physical access
20. Best Practices and Quick Tips
• Protect the Master Account
• Enable Multi-Factor Authentication
• Use IAM Accounts
• Never store Access Keys in Source Code
• Use Local Profiles
• Use Server Roles
• Never store data on EC2 Instances
• Use RDS Databases
• Use S3 for Files / Objects
• Use auto-scaling of one instead of none
Editor's Notes
Welcome
Agenda
Introduction
Amazon Web Services (History, What it is, Misconceptions, Assurance, Big-Name Clients)
Quick overview of AWS Products and Services
Focusing on Entry/Mid-Level Frequently Used Services
Skipping Enterprise-Level
Dinner
Use Cases / Practical Applications (including Q&A and Discussions around optimal AWS utilization)
Late 1990s/Early 2000s Big Companies had scaling problems
“Classic” server deployments in custom-built datacenters
Oracle, IBM servers
High overhead
Expensive maintenance
Google, Amazon and Microsoft all had the solve the problem and did so by building their own “Cloud” environments.
Virtualized environments…
Take advantage of all physical hardware by allowing multi-tenant environments
Allowed near-instant provisioning and scaling (minutes vs hours)
Allow software and hardware teams to work independently of each other
Amazon launched their first public AWS Service (Simple Queue Service) in NOV 2004
Google and Microsoft started making their cloud environments publicly available in 2008
Less Reliable
Originates from poorly architected environments and applications not designed to gracefully fail.
99.999999999 (9 9’s) of reliability guaranteed
Applications can be built to have automated failure recovery on top of Amazon’s failure recovery
11 Geographic Regions
Each region is geographically separated across the world
Each region has 3-5 availability zones exposed to each client (there are actually more than that in each region)
Each Availability zone is physically separated (building/campus) from each other
Entire AWS Ecosystem is designed to continue functioning with loss of AZ or even Region (if the application is designed to allow for it)
------
More Expensive
Originates from not fully understanding the billing process and rate reduction options available.
Pay as you go (PAYG) – pay for what you use, when you use it
Prices listed online are often all “on-demand”.
Options are available for “reserved” and “bulk” pricing.
Spot Instances / Overcapacity also available (can discuss later).
AutoScale application infrastructure as needed, automatically
------
Less Secure
Originates from not fully understanding what shared responsibilities exist. Amazon managed infrastructure, you managed application.
Clients own all of the data
AWS offers options to encryption data both in motion (SSL) and at rest (Data Encryption)
Clients can choose where data stored geographically (political or compliance)
Data Versioning and Automated Backups of entire services and databases are all one-click on/off
*Favorite Feature* -- Firewalls made easy (Security Groups) – fully managed, AWS handles hardware and network infrastructure security
Provision dedicated hardware (only you are allowed to use)
Physical Security
Badge Controlled Access
Guard Stations
Armed Guards 24/7
Undisclosed Locations
Monitored Security Cameras
Alarms
Segmented Rack Cages
Completely Audited Access, Procedures and Processes
Security often increases when using AWS due to security policies, countermeasures of scale
Compliance List (next slide)
Netflix – Perhaps one of the most well known on here
Services 57 million members in 50 countries
Delivers billions of hours of content per month
Collects and tracks 10PB of analytics per month to improve the streaming experience
SAP – The biggest enterprise software company on the planet
Enterprise software handles and tracks 60% of the world’s GDP
US Department of State – Pretty self explanatory
Amazon.com – Amazon runs amazon.com entirely on the AWS infrastructure
VPC is the your private network
By default, instance can only communicate with each other (no outside access)
It is possible to have services that have no external/public access
Include an Internet Gateway for internet routing
In its most basic configuration, works just like at home
Internet Gateway = Router
Security Groups = Firewall
Set who can access what ports
Eg. Port 80 (HTTP) and Port 443 (HTTPS) are globally accessible while your office/home IP has FTP access
Eg. No-one can access MySQL outside of the VPC Network
Instance
Actual server
Comparable to a VPS/Dedicated Server
Multiple Distributions
Ability to upload custom distribution
ENI
Elastic Network Interface
Re-Assignable between instances
Every piece of infrastructure has an ENI
NAT = Network Address Translation
AMI
Amazon Machine Image
Complete snapshot (disk and configurations)
Type Independent (launch same AMI on multiple instance types)
ENI
Elastic Network Interface
Re-Assignable between instances
Every piece of infrastructure has an ENI
ELB
Elastic Load Balancer
Infinitely Scalable with a single provisioned ELB (happens on the backend)
Multiple Protocols Simultaneously
SSL Termination
Dual Stack Networking (IPv4 and IPv6)
Auto Scaling
Auto Scaling Groups (Rules)
Launch Configurations (AMI + Instance Type)
Handles the triggers and automated behavior for scaling
Hosted Zone
DNS Server
Globally Distributed
Use Auto-Scaling of 1
One ASG , min: 1, max: 1, desired 1:
Provides failover/redundancy automatically
No Cost