Tom Jones, a Solution Architect at Amazon Web Services, gave a presentation on developing and deploying secure, scalable applications on AWS. He discussed AWS's broad range of services including compute, storage, databases, and networking. He also covered security features, development tools, and best practices for building applications on AWS including using services like Elastic Beanstalk, CloudFormation, and CodePipeline. The presentation provided an overview of how to leverage AWS services at different stages of the development lifecycle.
3. TechnologyPartners Consulting Partners AWS MarketplaceEcosystem
Elastic
Beanstalk OpsWorks CloudFormation
Deployment
& Management
Administration
& Security IAM CloudWatch CloudTrailAPIs and SDKsManagement Console Command Line Interface
Direct Connect Route 53VPC
Networking
Analytics
Data PipelineRedshiftEMR Kinesis SWFSQS CloudSearchSESAppStream
Application Services
CloudFrontS3 EBS Glacier DynamoDB ElastiCache
Storage & Content DeliveryCompute Databases
RDSElastic Load BalancerEC2 Auto Scaling
Virtual
Server
Load Balancer
Automatic
Elasticity
Object
Storage
Block
Storage
Archive
Storage
CDN RDB NoSQL Caching
Isolated
Cloud
Resources
Dedicated
Network
DNS
Hadoop
Framework
PB scale
DW
Real-time
Date
stream
Data-Driven
Workflow
Elastic Transcoder
Queueing Workflow
App
Streaming
Transcoding Emailing Search
Administration
Access
Control
Monitoring
Log
Tracking
Application Container Resource Management Resource Template
Development Commend
Support Professional Services Training Certification
AWS provides broad & deep services
4. Amazon S3
Highly durable object storage for all types of data
Internet-scale storage
Grow without limits
Built-in redundancy
Designed for
99.999999999%
durability
Flexibility & Reliability
• Pay as you go
• No upfront investment
No commitment
• No risky capacity planning
• No need to provision
for redundancy
or overhead
5. Compute Services
Elastic Compute Cloud (EC2)
c3.8xlarge
g2.medium
m3.large
Basic unit of compute capacity, virtualmachines
Range of CPU, memory & local disk options
Choice of instance types, frommicro to cluster compute
11. Strengthen your security posture
Get native functionality and tools
Over 30 global compliance
certifications and accreditations
Leverage security enhancements gleaned
from 1M+ customer experiences
Benefit from AWS industry leading
security teams 24/7, 365 days a year
Security infrastructure built to
satisfy military, global banks, and other
high-sensitivity organizations
12. Focus on your core mission
Lower the time spent
on infrastructure
Dedicate more
resources to
innovation
Concentrate on
new business
initiatives
“Our goal is to move at the speed of business. Our customers’ needs change
constantly, and we need to be able to adapt to that.”
Keith Homewood – Cloud Product Owner, Nordstrom
15. AWS CodeCommit
git pull/push CodeCommit
Git objects in
Amazon S3
Git index in
Amazon
DynamoDB
Encryption key
in AWS KMS
SSH or HTTPS
Secure, scalable, and managed Git source control
16. Source control in the cloud
Secure Fully
managed
High
availability
Store
anything
24. Choose deployment speed & group
v2 v2 v2 v2 v2 v2
one at a time
half at a time
all at once
v2 v2 v2 v1 v1 v1
v2 v1 v1 v1 v1 v1 Agent Agent
Dev Deployment group
OR
Prod Deploymentgroup
Agent
AgentAgent
Agent Agent
Agent
28. AWS Cloudformation
“AWS CloudFormation provides an easy way to create
and manage a collection of related AWS resources,
provisioning and updating them in an orderly and
predictable fashion.”
Infrastructure as code & resource provisioning
32. Information required to deploy application
01
02
03
04
Region
Stack (container) type
Single Instance
Load Balanced with
auto-scaling
OR
Database (RDS) Optional
Your code
Supported Platforms
35. Security Shared Responsibility Model
AWS is
responsible
for the
security OF
the cloud
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
36. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Client-side Data
Encryption
Server-sideData
Encryption
Network Traffic
Protection
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer content
Customers
AWSSharedResponsibilityModel
Customers are
responsible for
their security and
compliance IN the
Cloud
AWS is responsible
for the security OF
the Cloud
38. VPC Public Subnet 10.10.1.0/24 VPC Public Subnet 10.10.2.0/24
VPC CIDR 10.10.0.0/16
VPC Private Subnet 10.10.3.0/24 VPC Private Subnet 10.10.4.0/24
VPC Private Subnet 10.10.5.0/24 VPC Private Subnet 10.10.6.0/24
AZ A AZ B
Public ELB
Internal ELB
RDS
Master
Autoscaling
Web Tier
Autoscaling
Application Tier
Internet
Gateway
RDS
Standby
Snapshots
Multi-AZ RDS
Data Tier
Existing
Datacenter
Virtual
Private
Gateway
Customer
Gateway
VPN Connection
Direct Connect
Network
Partner
Location
Administrators &
Corporate Users
Amazon Virtual Private Cloud
39. Availability Zone A
Private subnet
Public subnet
Private subnet
Availability Zone B
Public subnet
Private subnet
ELB
Web
Back end
VPC CIDR 10.1.0.0/16
ELB
Web
Back end
VPC
sg_ELB_FrontEnd (ELB Security Group)
sg_Web_Frontend (Web Security Group)
Security Groups
sg_Backend (Backend Security Group)
40. Cryptographic Services
Amazon CloudHSM
Deep integration with AWS Services
CloudTrail
AWS SDK for application encryption
Dedicated HSM
Integrate with on-premises HSMs
Hybrid Architectures
AWS KMS
41. AWS regions are geographically isolated by
design
Customer chooses where to place data
Data is not replicated to other AWS
regions and doesn’t move unless you choose
to move it
Data Locality
42. AWS Identity & Access Management
IAM Users IAM Groups IAM Roles IAM Policies
44. What this means
You benefit from an environment built for
the most security sensitive organizations
AWS manages 1,800+ security controls so
you don’t have to
You always have full ownership and
control of your data
You get to define the right security controls
for your workload sensitivity
52. We are here to help
• Online tutorials
• Training classes
• Certifications
• AWS Summits
• Santa Clara: July 12-13
• NYC Summit: August 10-11
• AWS re:Invent: November28 – December 2, 2016
The AWS pop-up loft is completely free and is an execllent resource for anyone working with or wanting to learn about AWS.
We also have a startup loft in NYC