Building Well Architected .NET Apps (WIN304) - AWS re:Invent 2018

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Building Well-Architected
.NET Apps
Greg Eppel
Sr. Solutions Architect, Microsoft
Amazon Web Services
W I N 3 0 4
Brajendra Singh
Partner SA, Microsoft
Amazon Web Services
Hampton Reese
Advanced Cloud Engineer
GameStop

Agenda
Well-Architected Framework
Virtual machines
Containers
Serverless
Customer example

Related sessions
Friday, Nov 30
WIN312-R3 – AWS Systems Manager for Microsoft Workloads
8:30 AM – 9:30 AM | Mirage, Grand Ballroom D, Table 8
Friday, Nov 30
WIN317 – Microsoft Licensing: Choose Your Own Adventure
10:00 AM – 11:00 AM | Venetian, Level 2, Veronese 2406
Friday, Nov 30
WIN315-R4 – Build a Serverless .NET App on AWS Using the AWS Toolkit for Visual Studio
10:00 AM – 11:00 AM | Mirage, Grand Ballroom D, Table 10

“I really urge you to visit the Well-Architected
Framework because there is a lot of advice about
how you can build very extensive architectures
on top of AWS.”
Werner Vogels
Chief Technology Officer

https://aws.amazon.com/well-architected/
AWS Well-Architected

What is the AWS Well-Architected Framework?
Pillars Design
principles
Questions

Pillars of AWS Well-Architected Framework
Security Reliability
Performance
Efficiency
Cost
Optimization
Operational
Excellence

Why should I apply the AWS Well-Architected Framework?
Build and
deploy
faster
Lower or
mitigate
risks
Make
informed
decisions
Learn AWS
best
practices

.NET Framework vs. .NET Core

Hosting options for .NET applications
AWS WELL-ARCHITECTED FRAMEWORK
VIRTUAL MACHINES CONTAINERS SERVERLESS
WELL-ARCHITECTED
SERVERLESS LENS

Hosting options for .NET applications
AWS WELL ARCHITECTED FRAMEWORK
WELL ARCHITECTED
SERVERLESS LENS
AMAZON EC2 AMAZON ECS AWS LAMBDA

Well-architecting for operational excellence
Principle: Learn from all operational failures
Example: Leverage AWS X-Ray and Amazon CloudWatch together
Use AWS X-Ray Recorder for .NET for Instrumentation
Use Amazon CloudWatch Logs and .NET logging frameworks

Well-architecting for reliability
Principle: Scale horizontally to increase aggregate system availability
Example: Offload state to Amazon DynamoDB using AWS SDK for .NET
<sessionState timeout="20" mode="Custom" customProvider="DynamoDBSessionStoreProvider">
<providers>
<add name="DynamoDBSessionStoreProvider"
type="Amazon.SessionProvider.DynamoDBSessionStateStore"
AWSProfileName="{profile_name}"
Region="us-west-2" />
</providers>
</sessionState>

Well-architecting for cost optimization
Principle: Analyze and attribute expenditure
Example: Encourage use of .NET Core and run it on Linux to reduce
licensing footprint
RELEASED 2002 2016
OPERATING SYSTEMS Windows Server 2016 Linux
EC2 COST (on-demand,
m5.large, us-east-1)
$0.188 per Hour $0.096 per Hour
.NET
CORE

Well-architecting for security
Principle: Implement a strong identity foundation
Example: Centralize privilege management and reduce or even eliminate
reliance on long-term credentials, using:
var endpoint = new SAMLEndpoint("endpoint1", new Uri("https://some_saml_endpoint")
,SAMLAuthenticationType.Kerberos);
var endpointManager = new SAMLEndpointManager();
endpointManager.RegisterEndpoint(endpoint);
var options = new CredentialProfileOptions { EndpointName = "endpoint1”,
RoleArn = "arn:aws:iam::999999999999:role/some-role” };
profile = new CredentialProfile("federated_profile", options);
netSDKFile = new NetSDKCredentialsFile();
netSDKFile.RegisterProfile(profile);

Well-architecting for performance efficiency
Principle: Mechanical sympathy
Example: Consider data access patterns when you select database or
storage approaches.
Storage type Purpose
Amazon S3 (object) Unstructured / structured, large files
Amazon DynamoDB (NoSQL) Non relational data, high throughput
Amazon RDS (SQL) Relational, data integrity
Amazon Neptune (graph) Many-to-many role-based relationship, high performance

Leverage CloudWatch and X-Ray together
Key AWS Lambda KPIs
Throttling and errors
Duration metric
Key Amazon API Gateway KPIs
5XXError, 4XXError
Integration latency
CloudWatch custom metrics for application insights

API stage variable and Lambda alias to decouple design
Map stage variable to the Lambda live alias
Alias
version1
version2
version3
version4
version5
version6
version7
version8
Stage variable = function
Prod stage
Function=vesion5
Beta stage
Function=vesion6
Test stage
Function=vesion7

Use AWS SAM to package, deploy, and model applications
AWS SAM local for debugging Lambda function locally
Don’t use it as a replacement for performance or regression testing

Managing configuration variables to decouple code from configuration
Use environment variable
When configuration is local to Lambda function
Configuration can be stored in plain text
Use Systems Manager Parameter Store or AWS Secrets Manager
Configuration shared across different Lambda functions
Configuration needs to be encrypted for security

Authorize API call within API Gateway
Choose a suitable authorization method
AWS Identity and Access Management (IAM) authorization
Amazon Cognito user pools
API Gateway custom authorizer
The API keys feature is not a security mechanism
IAM authorization
API Gateway custom authorizer
Amazon Cognito user pools

Track vulnerability using logs
Check compliance requirement before logging
Enable API Gateway method-level logging
Input validation
Use API Gateway basic request validation
Implement application-specific deep validation

Monitor and manage service limits
Ensure significant gap between service limit
and hard limit
Isolate Lambda concurrent execution limit for
critical and non-critical paths
Workloads across different accounts based on
profile, threat, and org structure
Regulate access rates
Enable API-level throttling
Control usage using API keys

Asynchronous calls and events
Follow asynchronous pattern where possible
Define SLA & fail-in-flight requests overriding it
Enable dead-letter queues (DLQ) for fails
Build for resiliency
Prefer AWS Step Functions where possible
Implement sage pattern to rollback transactions

Leverage optimization settings
Caching in API Gateway
DAX in DynamoDB
Global and local secondary indexes in DynamoDB
Global scope for Lambda function

Deploy with consideration
Deploy Lambda in an Amazon Virtual Private Cloud
(Amazon VPC) only when necessary
Plan Multi-AZ NAT gateways

Well-architecting for cost optimization
Resource allocation
Load test for optimal memory allocation
Optimize Amazon CloudWatch Logs
Configure log level such as INFO, DEBUG
Control log size using retention period
Optimize execution
Avoid unnecessary Lambda functions
Optimize code execution time
Let Step Functions handle orchestration
Call service using Lambda
Call service using service proxy
Kinesis Data
Firehose
Kinesis Data
Firehose

Hampton Reese
Advanced Engineer, Cloud Technologies

Our first cloud
migration
• 2015 set a goal to shut down all
physical data centers
• Started with a small data center
in Europe
• Lift and shift of existing systems

Key takeaways
• Go all-in on automation
• Treat infrastructure as code

US e-commerce data centers migration
Auto Scaling
groups
AWS
CloudFormation
Automated
configuration

Issues during patching
• Intermittent configuration errors
at launch
• AMI is deregistered before we’ve
finished patching

We need our own
monthly AMIs

Amazon EC2 Systems Manager
DocumentsAutomation Parameter Store

Validating the AMI configuration
AMI validation
document

Complementary testing steps
Creation Validation

AWS Step Functions
Automate tasks
Provides auditable automation
of reoccurring tasks
Application orchestration
Workflow logic
Error handling
Timeouts or retries

The AMI Factory state machine
RunEC2Automation
WaitBeforePolling
GetJobStatus
IsJobComplete
NotifyJobFailed
PublishNotification
SaveImageId
RunSubWorkflows
End
Start
FailWorkflow
Start
RunEC2Automation
WaitBeforePolling
GetJobStatus
IsJobComplete
SaveImageId
PublishNotification
RunSubWorkflows
End
Definition
Example Execution

Amazon SNS subscription
RunFactory
Lambda function
windows-ami
SNS
Factory
AWS Step Functions
Factory notifications
SNS topics

We can do more with this

Next goals
• Reduce the time it takes for an instance to
go into service
• Install patches for our configured features

New AMIsAWSGameStop
Windows Server 2012 R2 Base
Foundation
Web Server
Application
23.5 minutes
19.7 minutes
18.9 minutes
15.5 minutes
Avg Time to ‘In Service’
15.5 minutes
34% savings!

Distributing the AMIs

Distribution Step Functions
Share AMI
to accounts
Publish ready
notification
Copy AMI
to regions

Immutable images
Staging
us-east-1 eu-west-1
Test
us-east-1 eu-west-1
Production
us-east-1 eu-west-1
Foundation AMI Foundation AMI

AWS Well-Architected

Well-Architected Framework
Operational
Excellence
Fully automated
AMI Factory using
native services
Security
Additional
patches and
updates in AMI
Reliability
Common features
and applications
in AMI
Performance
Efficiency
Reduce time to in
service by 34%
Cost
Optimization
Able to scale
down our fleets

Business outcomes
Faster patching saves labor
hours
Faster scaling means consistent
application performance
Running fewer instances saves
money

Available on GitHub
https://github.com/GameStopCorp/AMIFactory.git

Thank you!
Greg Eppel
Sr. Solutions Architect, Microsoft
Amazon Web Services
Brajendra Singh
Partner SA, Microsoft
Amazon Web Services
Hampton Reese
Advanced Cloud Engineer
GameStop

Building Well Architected .NET Apps (WIN304) - AWS re:Invent 2018

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Building Well Architected .NET Apps (WIN304) - AWS re:Invent 2018

Similar to Building Well Architected .NET Apps (WIN304) - AWS re:Invent 2018 (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Building Well Architected .NET Apps (WIN304) - AWS re:Invent 2018