Tom Jones, a Solution Architect at Amazon Web Services, gave a presentation on developing and deploying secure, scalable applications on AWS. He discussed AWS's broad range of services including compute, storage, databases, and networking. He also covered security features, development tools, and best practices for building applications on AWS including using services like Elastic Beanstalk, CloudFormation, and CodePipeline. The presentation provided an overview of how to leverage AWS services at different stages of the development lifecycle.

1. Tom Jones
Solution Architect, Amazon Web Services
Developing and Deploying Secure, Scalable
Applications on Amazon Web Services

2. Services
Scale
Security
Development
Introduction
Solution Architect,
Amazon Web Services
Tom Jones

3. TechnologyPartners Consulting Partners AWS MarketplaceEcosystem
Elastic
Beanstalk OpsWorks CloudFormation
Deployment
& Management
Administration
& Security IAM CloudWatch CloudTrailAPIs and SDKsManagement Console Command Line Interface
Direct Connect Route 53VPC
Networking
Analytics
Data PipelineRedshiftEMR Kinesis SWFSQS CloudSearchSESAppStream
Application Services
CloudFrontS3 EBS Glacier DynamoDB ElastiCache
Storage & Content DeliveryCompute Databases
RDSElastic Load BalancerEC2 Auto Scaling
Virtual
Server
Load Balancer
Automatic
Elasticity
Object
Storage
Block
Storage
Archive
Storage
CDN RDB NoSQL Caching
Isolated
Cloud
Resources
Dedicated
Network
DNS
Hadoop
Framework
PB scale
DW
Real-time
Date
stream
Data-Driven
Workflow
Elastic Transcoder
Queueing Workflow
App
Streaming
Transcoding Emailing Search
Administration
Access
Control
Monitoring
Log
Tracking
Application Container Resource Management Resource Template
Development Commend
Support Professional Services Training Certification
AWS provides broad & deep services

4. Amazon S3
Highly durable object storage for all types of data
Internet-scale storage
Grow without limits
Built-in redundancy
Designed for
99.999999999%
durability
Flexibility & Reliability
• Pay as you go
• No upfront investment
No commitment
• No risky capacity planning
• No need to provision
for redundancy
or overhead

5. Compute Services
Elastic Compute Cloud (EC2)
c3.8xlarge
g2.medium
m3.large
Basic unit of compute capacity, virtualmachines
Range of CPU, memory & local disk options
Choice of instance types, frommicro to cluster compute

6. Auto Scaling
Automatic re-sizing of compute clusters based upon
demand and policies

7. AWS Global Scale

8. AWS Availability Zones (AZ)
AZ A AZ B
AZ C
Sample Region

9. AWS Global Scale

10. 2009
48
280
722
82
2011 2013 2015
AWS Pace of Innovation

11. Strengthen your security posture
Get native functionality and tools
Over 30 global compliance
certifications and accreditations
Leverage security enhancements gleaned
from 1M+ customer experiences
Benefit from AWS industry leading
security teams 24/7, 365 days a year
Security infrastructure built to
satisfy military, global banks, and other
high-sensitivity organizations

12. Focus on your core mission
Lower the time spent
on infrastructure
Dedicate more
resources to
innovation
Concentrate on
new business
initiatives
“Our goal is to move at the speed of business. Our customers’ needs change
constantly, and we need to be able to adapt to that.”
Keith Homewood – Cloud Product Owner, Nordstrom

13. Developing and Deploying Secure, Scalable
Applications

14. MonitorProvisionDeployTestBuildCode
Elastic Beanstalk
OpsWorks
Cloud
Watch
Cloud
Formation
Code
Deploy
Code
Commit
Code
Pipeline
AWS DevOps Services

15. AWS CodeCommit
git pull/push CodeCommit
Git objects in
Amazon S3
Git index in
Amazon
DynamoDB
Encryption key
in AWS KMS
SSH or HTTPS
Secure, scalable, and managed Git source control

16. Source control in the cloud
Secure Fully
managed
High
availability
Store
anything

17. $ git clone https://git-codecommit.us-
east-1.amazonaws.com/v1/repos/aws-cli
Cloning into 'aws-cli'...
Receiving objects: 100% (16032/16032),
5.55 MiB | 1.25 MiB/s, done.
Resolving deltas: 100% (9900/9900),
done.
Checking connectivity... done.
$

18. AWS CodePipeline
Continuous delivery and release automation
Build
1) Build
2) Unit test
1) Deploy
2) UI test
Source Beta Production
1) Deploy
2) Perf test
Gamma
1) Deploy canary
2) Deploy region 1
3) Deploy region 2
1) Pull

19. AWS CodePipeline

20. AWS Code partners

21. AWS CodeDeploy
Application Deployment to any target
AWS CodeDeploy is a service that automates
code deployments to any instance

22. appspec.yml version: 0.0
os: linux
files:
- source: /
destination:
/var/www/html
permissions:
- object: /var/www/html
pattern: “*.html”
owner: root
group: root
mode: 755

23. *Gray events are non-scriptable
Lifecycle Hooks

24. Choose deployment speed & group
v2 v2 v2 v2 v2 v2
one at a time
half at a time
all at once
v2 v2 v2 v1 v1 v1
v2 v1 v1 v1 v1 v1 Agent Agent
Dev Deployment group
OR
Prod Deploymentgroup
Agent
AgentAgent
Agent Agent
Agent

25. Deploy!

26. Deploy!
aws deploy create-deployment
--application-name MyApp
--deployment-group-name TargetGroup
--s3-location bucket=MyBucket,key=MyApp.zip

27. allOfThis == $Code
https://secure.flickr.com/photos/wscullin/3770015991

28. AWS Cloudformation
“AWS CloudFormation provides an easy way to create
and manage a collection of related AWS resources,
provisioning and updating them in an orderly and
predictable fashion.”
Infrastructure as code & resource provisioning

29. Template CloudFormation Stack
JSON formatted file
Parameterdefinition
Resource creation
Configuration actions
Configured AWS
services
Comprehensiveservice support
Serviceeventaware
Customizable
Framework
Stack creation
Stack updates
Error detectionand rollback
CloudFormation – Components & Technology

30. Demo

31. AWS Elastic Beanstalk
Focus on your code

32. Information required to deploy application
01
02
03
04
Region
Stack (container) type
Single Instance
Load Balanced with
auto-scaling
OR
Database (RDS) Optional
Your code
Supported Platforms

33. Security Services and Features

34. Shared security responsibility

35. Security Shared Responsibility Model
AWS is
responsible
for the
security OF
the cloud
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations

36. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Client-side Data
Encryption
Server-sideData
Encryption
Network Traffic
Protection
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer content
Customers
AWSSharedResponsibilityModel
Customers are
responsible for
their security and
compliance IN the
Cloud
AWS is responsible
for the security OF
the Cloud

37. Conf igCloudTrail
Compliance
Service
Catalog
IdentityEncryptionNetworking
IA M A ctive Directory
Integration
Key Management
Service
CloudHSM SERVER-SIDE
ENCRYPTION
Virtual Private
Cloud
Web Application
FIREWA LL
SAML
Federation

38. VPC Public Subnet 10.10.1.0/24 VPC Public Subnet 10.10.2.0/24
VPC CIDR 10.10.0.0/16
VPC Private Subnet 10.10.3.0/24 VPC Private Subnet 10.10.4.0/24
VPC Private Subnet 10.10.5.0/24 VPC Private Subnet 10.10.6.0/24
AZ A AZ B
Public ELB
Internal ELB
RDS
Master
Autoscaling
Web Tier
Autoscaling
Application Tier
Internet
Gateway
RDS
Standby
Snapshots
Multi-AZ RDS
Data Tier
Existing
Datacenter
Virtual
Private
Gateway
Customer
Gateway
VPN Connection
Direct Connect
Network
Partner
Location
Administrators &
Corporate Users
Amazon Virtual Private Cloud

39. Availability Zone A
Private subnet
Public subnet
Private subnet
Availability Zone B
Public subnet
Private subnet
ELB
Web
Back end
VPC CIDR 10.1.0.0/16
ELB
Web
Back end
VPC
sg_ELB_FrontEnd (ELB Security Group)
sg_Web_Frontend (Web Security Group)
Security Groups
sg_Backend (Backend Security Group)

40. Cryptographic Services
Amazon CloudHSM
 Deep integration with AWS Services
 CloudTrail
 AWS SDK for application encryption
 Dedicated HSM
 Integrate with on-premises HSMs
 Hybrid Architectures
AWS KMS

41. AWS regions are geographically isolated by
design
Customer chooses where to place data
Data is not replicated to other AWS
regions and doesn’t move unless you choose
to move it
Data Locality

42. AWS Identity & Access Management
IAM Users IAM Groups IAM Roles IAM Policies

43. AWS Certifications and Attestations
aws.amazon.com/compliance

44. What this means
You benefit from an environment built for
the most security sensitive organizations
AWS manages 1,800+ security controls so
you don’t have to
You always have full ownership and
control of your data
You get to define the right security controls
for your workload sensitivity

45. Getting Started
https://aws.amazon.com

46. Interacting with AWS: Management Console

47. Interacting with AWS: SDKs
Ruby
iOS
Python (boto)
Android Node.js
AWS Toolkit
for Visual
Studio
.NET
AWS Toolkit
for Eclipse
PHP
AWS Tools
for Windows
PowerShell
AWS Simple Icons:SDKs
AWS CLI
JavaScriptJava
Xamarin

48. Interacting with AWS:AWSCLI
aws ec2 describe-instances
aws ec2 start-instances –instance-ids <value>
aws ec2 stop-instances –instance-ids <value>
aws s3 cp object.file s3://mybucket/object.file
aws s3 sync s3://mybucket ./localfolder/

49. AWS and Autodesk

50. Lots of stuffAWS Services are tools
https://flic.kr/p/c4QJzC

51. Forge.Autodesk.com
@AutodeskForge
Autodesk and Amazon Web Services

52. We are here to help
• Online tutorials
• Training classes
• Certifications
• AWS Summits
• Santa Clara: July 12-13
• NYC Summit: August 10-11
• AWS re:Invent: November28 – December 2, 2016

53. AWS Pop-up Loft
http://aws.amazon.com/start-ups/loft/sf-loft/
925 Market Street, San Francisco, CA
Open Monday - Friday, 10:00am - 6:00pm.

54. Example Applications
Elastic Beanstalk:
http://amzn.to/1pyLzDH
Code Pipeline + Code Deploy:
http://amzn.to/1SzT3h0

55. ?
https://secure.flickr.com/photos/dullhunk/202872717/

56. Forge.Autodesk.com
@AutodeskForge
Contact Us
AWS.Amazon.com
@awscloud

58. Thank you!