Amazon Web Services (AWS) provides an ideal platform for running web architectures. This session describes the foundational services required for deploying an example web architecture. It covers Amazon EC2, Amazon EBS, Elastic Load Balancing, Auto Scaling, Amazon S3, Amazon RDS, and Amazon Machine Images (AMIs) and relates overviews of the services back to the example web architecture. After the initial architecture discussion, we will describe the usage of Amazon S3 for scalable content, Elastic Load Balancing, and Auto Scaling to provide high availability.
3. AWS Mission
Enable businesses and
developers to use web services* to
build scalable, sophisticated
applications.
*What people now call “the cloud”
4. Gartner Magic Quadrant for Cloud Infrastructure as a Service, Worldwide
Gartner “Magic Quadrant for Cloud Infrastructure as a
Service, Worldwide,” Lydia Leong, Douglas Toombs, Bob
Gill, May 18, 2015. This Magic Quadrant graphic was
published by Gartner, Inc. as part of a larger research note
and should be evaluated in the context of the entire report.
The Gartner report is available at
http://aws.amazon.com/resources/analyst-reports/. Gartner
does not endorse any vendor, product or service depicted in
its research publications, and does not advise technology
users to select only those vendors with the highest ratings or
other designation. Gartner research publications consist of
the opinions of Gartner's research organization and should
not be construed as statements of fact. Gartner disclaims all
warranties, expressed or implied, with respect to this
research, including any warranties of merchantability or
fitness for a particular purpose.
11. Architected for
Government Security Requirements
Certifications and accreditations
for workloads that matter
AWS CloudTrail and AWS Config
Call logging and configuration
management for governance &
compliance
• Log, review, alarm
on all user actions
• Browse and query
database of
current and
previous state of
cloud resources
12. Security Is a Shared Responsibility
Customers Refocus on Systems and Apps.
Security experts are a scarce resource!
Refocus your security professional on a subset of the problem.
Facilities
Physical security
Compute infrastructure
Storage infrastructure
Network infrastructure
Virtualization layer (Amazon
EC2)
Hardened service endpoints
Rich AWS Identity and Access
Management (IAM ) capabilities
+ =
Network configuration
Security groups
OS firewalls
Operating systems
Application security
Proper service configuration
AuthN & account management
Authorization policies
Customers
More secure and
compliant systems
than any single
entity could achieve
on its own
13. Economies of Scale Apply to Security and Compliance
The customer community benefits from
tough scrutiny, the world-class AWS security
team, market-leading capabilities, and
constant improvements.
Everyone’s Systems and Applications
Security Infrastructure
Security Infrastructure
Requirements Requirements Requirements
Nothing better for the entire community
than a tough set of customers…
15. AWS Global Infrastructure
Availability
Zone A
Availability
Zone B
Availability
Zone C
EU (Ireland)
Availability
Zone A
Availability
Zone B
South America (Sao Paulo)
Availability
Zone A
Availability
Zone B
Asia Pacific (Sydney)
Availability
Zone A
Availability
Zone B
GovCloud (OR)
Availability
Zone A
Availability
Zone B
Availability
Zone C
Availability
Zone D
US East (VA)
Availability
Zone A
Availability
Zone B
US West (CA)
Availability
Zone A
Availability
Zone B
Asia Pacific (Singapore)
Availability
Zone A
Availability
Zone B
Availability
Zone C
Asia Pacific (Tokyo)
Availability
Zone A
Availability
Zone B
Availability
Zone C
US West (OR)
Customer Decides Where Applications and Data Reside
US REGIONS GLOBAL REGIONS
Note: Conceptual drawing only. The number of Availability Zones may vary.
Availability
Zone A
Availability
Zone B
EU (Frankfurt)
25. Use at regional level
Combined with Auto Scaling, ELB
will balance requests and
resource capacity across
Availability Zones
Within Amazon VPC
Use to load balance between
application tiers within an
Availability Zone
Instance migrations
Easily move instances from dev
environments to test
environments by moving between
elastic load balancers
Leverage SLA
Improve application reliability with
Route 53’s SLA on requests
served
Weighted routing
Perform A/B analysis and staged
application rollouts by moving a
portion of traffic to new
infrastructure
Control TTLs and updates
Take absolute control of DNS
updates for more decisive system
updates
Scale databases without
admin overhead
Choose instance size for
databases and scale up over time
Add high availability from
management console
Create Multi-AZ deployments and
Read Replicas. AWS takes care
of the failover and recreation of a
new standby in event of master
DB loss
Elastic Load Balancing Route 53 RDS
Dynamically scale
resources & control costs
Provision only the resources that
are required with scale up and
cool down policies that match
demand
Auto Scaling
Architect to Use Cloud Strengths
27. AWS CloudFormation?
Simplified provisioning for the full breadth of
AWS services.
Create templates of the infrastructure and
applications you want to run on AWS.
CloudFormation automatically provisions the
required AWS resources and their
relationships from the templates.
Easily version control, replicate, or update the
infrastructure and applications.
CloudFormation integrates with other
development, CI/CD, and management tools.
So in 2006 AWS Web Services was born. It's mission was clear: to enable businesses and developers to use web services to scalable sophisticated applications. It's interesting to note that what we called Web Services, has now morphed into a common term 'the Cloud'. AWS Web Services is and always has been a distinct and individual AWS organization.
REMINDER! Amazon Web Services to Gartner External Use Policy
As a subscriber to Gartner Services, all Amazon Web Services associates are obligated to seek permission from Gartner in order to use the "Gartner" name, take excerpts of Gartner research or quote Gartner analysts. All such use must comply with the Gartner Copyright and Quote Policy on gartner.com, which includes submitting usage requests in writing to quote.requests@gartner.com for review and approval prior to distribution. It is very important to follow these requirements to insure that Amazon Web Services does not violate its agreement with Gartner.
Approved talking points for internal and private meetings (e.g. customer meeting without other vendors or partners present):
AWS is rated as the “Leader” in this market evaluation far ahead of all other vendors assessed for the fifth consecutive evaluation, dating back to 2011.
Gartner increased its estimate of AWS market share and customer adoption over last year’s estimate – Gartner says in this report that AWS has ten times more cloud capacity in use than the other 14 providers combined (in 2014, that estimate was 5 times.)
AWS improved its market leadership position across both axes in this evaluation year-over-year even as Gartner increased the requirements expected of providers in the evaluation.
AWS is the only “Leader” recommended for implementing enterprise applications. Gartner recommends AWS for “all use cases that run well in a virtualized environment,” including enterprise applications.
Competitors clearly lag behind AWS in features and customer adoption. In 2015, all vendors except Microsoft and Amazon fell below the mid-point on ability to execute, with IBM, CSS and Verizon slipping significantly and HP falling out of the report entirely. About Microsoft, Gartner states, “Furthermore, customers express concern about the global impact of many past Azure outages, which may necessitate ensuring that critical applications on Azure have a non-Azure disaster recovery solution.” About Google, Gartner states, “[Google] is still in the rudimentary stages of learning to engage with enterprise and midmarket customers, and needs to expand its sales, solutions engineering and support capabilities,” and that, “Google lacks many capabilities important to businesses that want to migrate legacy workloads to the cloud.”
NOTE: the above comments and quotations cannot be used in any public forum. This is includes but is not limited to events and conferences (AWS, partner or customer), media events, user groups and written communications such as promotional materials, websites, and email to anyone external to AWS. If you are in doubt please contact aws-ar@amazon.com for help.
To help understand why AWS Web Services and Cloud Computing are changing IT delivery, a nice comparison to make is that of a utility like electricity. When electricity was discovered businesses would generate their own, using steam generators to power factories. When electricity was brought together under a national system of supply, it was no longer necessary for everyone to generate their own and buy and maintain their generators, you could simply tap into the grid and use what you needed, paying only for what you did use, and be assured that the electricity you consumed was consistent and always available.
To help understand why AWS Web Services and Cloud Computing are changing IT delivery, a nice comparison to make is that of a utility like electricity. When electricity was discovered businesses would generate their own, using steam generators to power factories. When electricity was brought together under a national system of supply, it was no longer necessary for everyone to generate their own and buy and maintain their generators, you could simply tap into the grid and use what you needed, paying only for what you did use, and be assured that the electricity you consumed was consistent and always available.
Utility computing brings those same benefits to the delivery of IT - the factories of many businesses.
services that are normally expensive to manage or difficult to use become available on-demand, in a uniform and available way, and only paid for when used. Just like electricity.
This is what AWS does. It takes away the hard work from providing infrastructure IT services and makes them available to anyone on a pay as you go basis.
services that are normally expensive to manage or difficult to use become available on-demand, in a uniform and available way, and only paid for when used. Just like electricity.
This is what AWS does. It takes away the hard work from providing infrastructure IT services and makes them available to anyone on a pay as you go basis.
Utility computing brings those same benefits to the deliver of IT - the factories of many businesses.
If you look at the amount of certifications that AWS has achieved and secured for its customers over the last several years, influenced by what they told us matters most, it’s been a real enabler for enterprises to move.
We have SOC 1, SOC 2 and SOC 3, and ISO27001. Customers can be PCI and HIPAA compliant on AWS and we have a number of public sector certifications like FIZMA, ITAR, FEDRAMP and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems.
We also recently launched our latest certification ISO9001 which is primarily for healthcare, life sciences, medical devices, automotive and aerospace.
We see security as a shared responsibility model with the customer. We manage and control the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate, and the customers are responsible for building secure applications.
The cloud paradigm hugely reduces the total “security surface area” that customer security experts need to take care of for themselves. They rely on us (as verified by our auditors) for all the low level infrastructure security. They can then refocus their expertise on the higher level OS and application security issues. With that narrower focus, that “reduced security surface area,” comes better security. Your experts can focus and achieve better results in the areas that are more closely related to the differentiated value for your business or mission, as opposed to the generic “undifferentiated heavy lifting” that applies to low-level security and compliance work as well as infrastructure management itself.
When big institutions submit stringent security requirements to us, and review the audit findings of our compliance auditors, we build their requirements and incorporate their feedback into the platform. EVERYBODY benefits from them. We don’t build “one off” solutions for anyone, so everybody benefits from the improvements made for any customer. In many cases, this results in a better security profile than what each individual firm could accomplish on their own.