SlideShare a Scribd company logo

GPSTEC302_Anti-Patterns- Learning through Failure

Amazon Web Services
Amazon Web Services

How does a practice become a "best" practice? How does a pattern become an "anti" pattern? As always, experience is the best teacher. As Partner Solution Architects, we receive a lot of partner feedback on how practices and design patterns work—and occasionally fail to work—in the real world. We use this feedback to inform our recommendations and reference architectures. In this session, we explore a representative set of real-life "failures." We look at what these failures have to teach us about design and how to prioritize remediation of known issues.

1 of 72
Download to read offline
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Anti-Patterns: Learning through Failure N o v e m b e r 2 7 , 2 0 1 7 G P S T E C 3 0 2
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction and Definitions • Anti-patterns lead to best practices
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction and Definitions • Anti-patterns lead to best practices • Best practices are learned and often earned
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction and Definitions • Anti-patterns lead to best practices • Best practices are learned and often earned • We can learn from the behavior of others
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Best Practice Creation—Myth This work has been released into the public domain by its author, AndrewHorne at English Wikipedia. This applies worldwide.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Best Practice Creation—Reality By Sylvain Pedneault - Self-photographed, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=3616567
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Loss of Control
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://github.com/awslabs/aws-refarch-wordpress
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM long-term security credential
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM long-term security credential temporary security credential
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM long-term security credential temporary security credential public repository mobile device
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM long-term security credential temporary security credential public repository mobile device user
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM long-term security credential temporary security credential
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. backups Amazon S3 logs
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM backups Amazon S3 logs
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM backups Amazon S3 logs
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM credential B backups Amazon S3 logs Account A Account B credential A
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM credential B backups Amazon S3 logs Account A Account B credential A
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM credential B backups Amazon S3 logs Account A Account B
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM credential B backups Amazon S3 logs Account C Account B credential C
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Loss of Control Anti-pattern: Poor IAM Access Key controls Best practices: 1. Lock away your AWS account root user access keys 2. Create individual IAM users 3. Enable MFA for privileged users 4. Never automate with privileged credentials 5. Rotate credentials regularly 6. Audit for compliance 7. Establish separate administrative domains ..and regularly review access policies with an AWS Solutions Architect! More AWS IAM Best Practices http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Control Gaps
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. {"Records": [{ "eventVersion": "1.0", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:user/Alice", "accessKeyId": "EXAMPLE_KEY_ID", "accountId": "123456789012", "userName": "Alice" }, "eventTime": "2014-03-06T21:22:54Z", "eventSource": "ec2.amazonaws.com", "eventName": "StartInstances", "awsRegion": "us-east-2", "sourceIPAddress": "205.251.233.176 ... AWS CloudTrail is awesome!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. "resourceType": "AWS::EC2::Instance", "resourceCreationTime": "2014-02-26T22:56:35.000Z", "tags": { "Name": "integ-test-1", "examplename": "examplevalue" }, "relationships": [ { "resourceId": "vol-ce676ccc", "resourceType": "AWS::EC2::Volume", "name": "Attached Volume" }, { "resourceId": "vol-ef0e06ed", "resourceType": "AWS::EC2::Volume", "name": "Attached Volume", "direction": "OUT" }, { "resourceId": "subnet-47b4cf2c", "resourceType": "AWS::EC2::SUBNET", "name": "Is contained in Subnet", "direction": "IN" } ... AWS Config is awesome!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSTemplateFormatVersion:2010-09-09 Resources: SGBase: Type: 'AWS::EC2::SecurityGroup’ Properties: GroupDescription: Whitelist Security Group SecurityGroupIngress: - IpProtocol: tcp CidrIp: 167.55.180.10/0 FromPort: '22’ ToPort: '22’ What’s wrong with this picture?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSTemplateFormatVersion:2010-09-09 Resources: SGBase: Type: 'AWS::EC2::SecurityGroup’ Properties: GroupDescription: Whitelist Security Group SecurityGroupIngress: - IpProtocol: tcp CidrIp: 167.55.180.10/0 FromPort: '22’ ToPort: '22’ What’s wrong with this picture?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSTemplateFormatVersion:2010-09-09 Resources: SGBase: Type: 'AWS::EC2::SecurityGroup’ Properties: GroupDescription: Whitelist Security Group SecurityGroupIngress: - IpProtocol: any CidrIp: 167.55.180.10/32 FromPort: ’3388’ ToPort: ’3390’ What’s wrong with this picture?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSTemplateFormatVersion:2010-09-09 Resources: SGBase: Type: 'AWS::EC2::SecurityGroup’ Properties: GroupDescription: Whitelist Security Group SecurityGroupIngress: - IpProtocol: any CidrIp: 167.55.180.10/32 FromPort: ’3388’ ToPort: ’3390’ What’s wrong with this picture?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 authorization process
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Lambda Amazon SQS AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation rule
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Lambda Amazon SQS AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation Amazon Macie rule
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Lambda Amazon SQS AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation Change Control Amazon Macie rule
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Lambda Amazon SQS AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation Change Control Amazon Macie rule
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Lambda Amazon SQS AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation Change Control Auditors Amazon Macie rule Sec Ops
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Lambda Amazon SQS AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation Change Control Auditors Amazon Macie rule Sec Ops Partner Applications
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Automated Control Gaps Anti-pattern: Reliance on incomplete controls automation Best practices: 1. Use managed rules 2. Inject canary events to test controls 3. Use external tests and tools for validation 4. Audit to verify compliance 5. Add manual checkpoints prior to pushing changes 6. Automate everything, but mind the gaps! More on AWS Config Managed Rules https://aws.amazon.com/blogs/aws/aws-config-update-new-managed-rules-to-secure-s3-buckets/ More on Automating Governance on AWS https://www.youtube.com/watch?v=9g0u_05WBig
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Automating Outages
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance web app server Amazon Route 53
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance Amazon Route 53 Auto Scaling group security group EC2 instance future web app server existing web app server
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance Amazon Route 53 Auto Scaling group security group EC2 instance future web app server existing web app server
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance Amazon Route 53 Auto Scaling group security group EC2 instance future web app server existing web app server
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance web app server Amazon Route 53 EC2 instance web app server EC2 instance web app server
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance web app server Amazon Route 53 EC2 instance web app server EC2 instance web app server
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance Amazon Route 53 Auto Scaling group security group EC2 instance future web app server existing web app server ?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance Amazon Route 53 Auto Scaling group security group EC2 instance future web app server existing web app server ?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance Amazon Route 53 Auto Scaling group security group EC2 instance future web app server existing web app server ? ?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance web app server Amazon Route 53 EC2 instance web app server EC2 instance web app server AWS CloudFormation
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance web app server Amazon Route 53 EC2 instance web app server EC2 instance web app server AWS CloudFormation stack stack stack stack
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console AWS CodeCommit AWS CodeDeploy AWS CodeBuild AWS CodePipeline AWS CodeStar Amazon EC2 Systems Manager AWS CloudFormation AWS CloudTrail AWS Config AWS Managed Services AWS Service Catalog AWS OpsWorks
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Automating Outages Anti-pattern: Incomplete Automation and Testing Best practices: 1. Decouple stateful and stateless infrastructure management automation 2. Limit interactive access to infrastructure 3. Define and enforce tagging policy 4. Implement blue/green and rolling upgrades 5. Test infrastructure automation in non-production environments 6. Administrative domains! More AWS Infrastructure Automation Best Practices http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Schrödinger's Backup
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. root volume data volume Amazon S3 bucket logs Amazon EBS snapshot EC2 instance web app server
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. root volume data volume Amazon S3 bucket logs Amazon EBS snapshots EC2 instance web app server
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. root volume data volume Amazon S3 bucket logs Amazon EBS snapshots EC2 instance web app server ?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CC-by-SA 3.0
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CC-by-SA 3.0 DISASTER
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CC-by-SA 3.0 DISASTER RECOVERY
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CC-by-SA 3.0 DISASTER RECOVERY YOUR APPLICATION
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Schrödinger's Backup Anti-pattern: No Regular Recovery Testing Best practices: 1. Automate backups 2. Use services that include native backup features 3. Automate recovery testing 4. Alert on failure 5. Replication is not a backup More AWS Backup and Recovery Best Practices https://d0.awsstatic.com/whitepapers/Backup_and_Recovery_Approaches_Using_AWS.pdf
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Establishing Best Practices
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Establishing Best Practices It’s a journey… 1. Identify Best Practices Learn from mistakes, and, ideally, the mistakes of others Use FAQs, troubleshooting guides, and Backup and Recovery steps BEFORE deployment 2. Test Your Assumptions Schedule Trial Restores and DR Exercises War game scenarios 3. Reassess Frequently Follow blogs or the What’s New page for new features and announcements Schedule periodic architecture reviews with AWS Solutions Architects
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/security/partner-solutions/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/architecture/well-architected/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. THANK YOU! G P S T E C 3 0 2

Recommended

SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
Amazon Web Services
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated Workload
Amazon Web Services
 
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfWIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security Team
Amazon Web Services
 
GPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaGPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM Ninja
Amazon Web Services
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
Amazon Web Services
 
FSV305-Optimizing Payments Collections with Containers and Machine Learning
FSV305-Optimizing Payments Collections with Containers and Machine LearningFSV305-Optimizing Payments Collections with Containers and Machine Learning
FSV305-Optimizing Payments Collections with Containers and Machine Learning
Amazon Web Services
 
SID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWSSID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWS
Amazon Web Services
 

Recommended

SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
Amazon Web Services
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated Workload
Amazon Web Services
 
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfWIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security Team
Amazon Web Services
 
GPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaGPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM Ninja
Amazon Web Services
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
Amazon Web Services
 
FSV305-Optimizing Payments Collections with Containers and Machine Learning
FSV305-Optimizing Payments Collections with Containers and Machine LearningFSV305-Optimizing Payments Collections with Containers and Machine Learning
FSV305-Optimizing Payments Collections with Containers and Machine Learning
Amazon Web Services
 
SID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWSSID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWS
Amazon Web Services
 
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfWPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
Amazon Web Services
 
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
Amazon Web Services
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWS
Amazon Web Services
 
SRV213-Thirty Serverless Architectures in 30 Minutes
SRV213-Thirty Serverless Architectures in 30 MinutesSRV213-Thirty Serverless Architectures in 30 Minutes
SRV213-Thirty Serverless Architectures in 30 Minutes
Amazon Web Services
 
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineWIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
Amazon Web Services
 
WIN204-Simplifying Microsoft Architectures with AWS Services
WIN204-Simplifying Microsoft Architectures with AWS ServicesWIN204-Simplifying Microsoft Architectures with AWS Services
WIN204-Simplifying Microsoft Architectures with AWS Services
Amazon Web Services
 
ENT301_Real-World AI For the Enterprise
ENT301_Real-World AI For the EnterpriseENT301_Real-World AI For the Enterprise
ENT301_Real-World AI For the Enterprise
Amazon Web Services
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
Amazon Web Services
 
ALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and MemoryALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and Memory
Amazon Web Services
 
LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...
LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...
LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...
Amazon Web Services
 
Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017
Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017
Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017
Amazon Web Services
 
GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...
GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...
GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...
Amazon Web Services
 
SRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationSRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and Authorization
Amazon Web Services
 
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDSDAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
Amazon Web Services
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
Amazon Web Services
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWS
Amazon Web Services
 
ARC210_Building Scalable Multi-Tenant Email Sending Programs
ARC210_Building Scalable Multi-Tenant Email Sending ProgramsARC210_Building Scalable Multi-Tenant Email Sending Programs
ARC210_Building Scalable Multi-Tenant Email Sending Programs
Amazon Web Services
 
MBL306_Mobile State of the Union
MBL306_Mobile State of the UnionMBL306_Mobile State of the Union
MBL306_Mobile State of the Union
Amazon Web Services
 
MAE401_Designing for DisneyMarvel Studio-Grade Security
MAE401_Designing for DisneyMarvel Studio-Grade SecurityMAE401_Designing for DisneyMarvel Studio-Grade Security
MAE401_Designing for DisneyMarvel Studio-Grade Security
Amazon Web Services
 
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
Amazon Web Services
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
Kristana Kane
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF) Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Amazon Web Services
 

More Related Content

What's hot

WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfWPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
Amazon Web Services
 
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
Amazon Web Services
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWS
Amazon Web Services
 
SRV213-Thirty Serverless Architectures in 30 Minutes
SRV213-Thirty Serverless Architectures in 30 MinutesSRV213-Thirty Serverless Architectures in 30 Minutes
SRV213-Thirty Serverless Architectures in 30 Minutes
Amazon Web Services
 
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineWIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
Amazon Web Services
 
WIN204-Simplifying Microsoft Architectures with AWS Services
WIN204-Simplifying Microsoft Architectures with AWS ServicesWIN204-Simplifying Microsoft Architectures with AWS Services
WIN204-Simplifying Microsoft Architectures with AWS Services
Amazon Web Services
 
ENT301_Real-World AI For the Enterprise
ENT301_Real-World AI For the EnterpriseENT301_Real-World AI For the Enterprise
ENT301_Real-World AI For the Enterprise
Amazon Web Services
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
Amazon Web Services
 
ALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and MemoryALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and Memory
Amazon Web Services
 
LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...
LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...
LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...
Amazon Web Services
 
Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017
Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017
Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017
Amazon Web Services
 
GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...
GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...
GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...
Amazon Web Services
 
SRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationSRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and Authorization
Amazon Web Services
 
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDSDAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
Amazon Web Services
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
Amazon Web Services
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWS
Amazon Web Services
 
ARC210_Building Scalable Multi-Tenant Email Sending Programs
ARC210_Building Scalable Multi-Tenant Email Sending ProgramsARC210_Building Scalable Multi-Tenant Email Sending Programs
ARC210_Building Scalable Multi-Tenant Email Sending Programs
Amazon Web Services
 
MBL306_Mobile State of the Union
MBL306_Mobile State of the UnionMBL306_Mobile State of the Union
MBL306_Mobile State of the Union
Amazon Web Services
 
MAE401_Designing for DisneyMarvel Studio-Grade Security
MAE401_Designing for DisneyMarvel Studio-Grade SecurityMAE401_Designing for DisneyMarvel Studio-Grade Security
MAE401_Designing for DisneyMarvel Studio-Grade Security
Amazon Web Services
 
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
Amazon Web Services
 

What's hot (20)

WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdfWPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf
 
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWS
 
SRV213-Thirty Serverless Architectures in 30 Minutes
SRV213-Thirty Serverless Architectures in 30 MinutesSRV213-Thirty Serverless Architectures in 30 Minutes
SRV213-Thirty Serverless Architectures in 30 Minutes
 
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineWIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
 
WIN204-Simplifying Microsoft Architectures with AWS Services
WIN204-Simplifying Microsoft Architectures with AWS ServicesWIN204-Simplifying Microsoft Architectures with AWS Services
WIN204-Simplifying Microsoft Architectures with AWS Services
 
ENT301_Real-World AI For the Enterprise
ENT301_Real-World AI For the EnterpriseENT301_Real-World AI For the Enterprise
ENT301_Real-World AI For the Enterprise
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
 
ALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and MemoryALX401-Advanced Alexa Skill Building Conversation and Memory
ALX401-Advanced Alexa Skill Building Conversation and Memory
 
LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...
LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...
LFS301-SAGE Bionetworks, Digital Mammography DREAM Challenge and How AWS Enab...
 
Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017
Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017
Patterns and Considerations in Service Discovery - Con327 - re:Invent 2017
 
GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...
GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...
GPSBUS221_Breaking Barriers Move Enterprise SAP Customers to SAP HANA on AWS ...
 
SRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationSRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and Authorization
 
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDSDAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
DAT309_Best Practices for Migrating from Oracle and SQL Server to Amazon RDS
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWS
 
ARC210_Building Scalable Multi-Tenant Email Sending Programs
ARC210_Building Scalable Multi-Tenant Email Sending ProgramsARC210_Building Scalable Multi-Tenant Email Sending Programs
ARC210_Building Scalable Multi-Tenant Email Sending Programs
 
MBL306_Mobile State of the Union
MBL306_Mobile State of the UnionMBL306_Mobile State of the Union
MBL306_Mobile State of the Union
 
MAE401_Designing for DisneyMarvel Studio-Grade Security
MAE401_Designing for DisneyMarvel Studio-Grade SecurityMAE401_Designing for DisneyMarvel Studio-Grade Security
MAE401_Designing for DisneyMarvel Studio-Grade Security
 
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
 

Similar to GPSTEC302_Anti-Patterns- Learning through Failure

Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
Kristana Kane
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF) Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Amazon Web Services
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Amazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Amazon Web Services
 
AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017
Amazon Web Services
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
Amazon Web Services
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
Amazon Web Services
 
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Amazon Web Services
 
從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全
Amazon Web Services
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
Amazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...
Amazon Web Services
 
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
Amazon Web Services
 
Introduction: Security & AWS Storage
Introduction: Security & AWS StorageIntroduction: Security & AWS Storage
Introduction: Security & AWS Storage
Amazon Web Services
 
DEV203_Launch Applications the Amazon Way
DEV203_Launch Applications the Amazon WayDEV203_Launch Applications the Amazon Way
DEV203_Launch Applications the Amazon Way
Amazon Web Services
 
How to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSHow to use IAM roles grant access to AWS
How to use IAM roles grant access to AWS
Amazon Web Services
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS Workloads
Amazon Web Services
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
Amazon Web Services
 
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsMSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
Amazon Web Services
 

Similar to GPSTEC302_Anti-Patterns- Learning through Failure (20)

Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF) Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
 
AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
 
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
 
從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...
 
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
 
Introduction: Security & AWS Storage
Introduction: Security & AWS StorageIntroduction: Security & AWS Storage
Introduction: Security & AWS Storage
 
DEV203_Launch Applications the Amazon Way
DEV203_Launch Applications the Amazon WayDEV203_Launch Applications the Amazon Way
DEV203_Launch Applications the Amazon Way
 
How to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSHow to use IAM roles grant access to AWS
How to use IAM roles grant access to AWS
 
Best Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS WorkloadsBest Practices for Active Directory with AWS Workloads
Best Practices for Active Directory with AWS Workloads
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsMSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

GPSTEC302_Anti-Patterns- Learning through Failure

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Anti-Patterns: Learning through Failure N o v e m b e r 2 7 , 2 0 1 7 G P S T E C 3 0 2
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction and Definitions • Anti-patterns lead to best practices
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction and Definitions • Anti-patterns lead to best practices • Best practices are learned and often earned
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction and Definitions • Anti-patterns lead to best practices • Best practices are learned and often earned • We can learn from the behavior of others
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Best Practice Creation—Myth This work has been released into the public domain by its author, AndrewHorne at English Wikipedia. This applies worldwide.
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Best Practice Creation—Reality By Sylvain Pedneault - Self-photographed, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=3616567
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Loss of Control
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://github.com/awslabs/aws-refarch-wordpress
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM long-term security credential
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM long-term security credential temporary security credential
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM long-term security credential temporary security credential public repository mobile device
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM long-term security credential temporary security credential public repository mobile device user
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM long-term security credential temporary security credential
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. backups Amazon S3 logs
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM backups Amazon S3 logs
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM backups Amazon S3 logs
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM credential B backups Amazon S3 logs Account A Account B credential A
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM credential B backups Amazon S3 logs Account A Account B credential A
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM credential B backups Amazon S3 logs Account A Account B
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IAM credential B backups Amazon S3 logs Account C Account B credential C
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Loss of Control Anti-pattern: Poor IAM Access Key controls Best practices: 1. Lock away your AWS account root user access keys 2. Create individual IAM users 3. Enable MFA for privileged users 4. Never automate with privileged credentials 5. Rotate credentials regularly 6. Audit for compliance 7. Establish separate administrative domains ..and regularly review access policies with an AWS Solutions Architect! More AWS IAM Best Practices http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Control Gaps
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. {"Records": [{ "eventVersion": "1.0", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:user/Alice", "accessKeyId": "EXAMPLE_KEY_ID", "accountId": "123456789012", "userName": "Alice" }, "eventTime": "2014-03-06T21:22:54Z", "eventSource": "ec2.amazonaws.com", "eventName": "StartInstances", "awsRegion": "us-east-2", "sourceIPAddress": "205.251.233.176 ... AWS CloudTrail is awesome!
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. "resourceType": "AWS::EC2::Instance", "resourceCreationTime": "2014-02-26T22:56:35.000Z", "tags": { "Name": "integ-test-1", "examplename": "examplevalue" }, "relationships": [ { "resourceId": "vol-ce676ccc", "resourceType": "AWS::EC2::Volume", "name": "Attached Volume" }, { "resourceId": "vol-ef0e06ed", "resourceType": "AWS::EC2::Volume", "name": "Attached Volume", "direction": "OUT" }, { "resourceId": "subnet-47b4cf2c", "resourceType": "AWS::EC2::SUBNET", "name": "Is contained in Subnet", "direction": "IN" } ... AWS Config is awesome!
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSTemplateFormatVersion:2010-09-09 Resources: SGBase: Type: 'AWS::EC2::SecurityGroup’ Properties: GroupDescription: Whitelist Security Group SecurityGroupIngress: - IpProtocol: tcp CidrIp: 167.55.180.10/0 FromPort: '22’ ToPort: '22’ What’s wrong with this picture?
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSTemplateFormatVersion:2010-09-09 Resources: SGBase: Type: 'AWS::EC2::SecurityGroup’ Properties: GroupDescription: Whitelist Security Group SecurityGroupIngress: - IpProtocol: tcp CidrIp: 167.55.180.10/0 FromPort: '22’ ToPort: '22’ What’s wrong with this picture?
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSTemplateFormatVersion:2010-09-09 Resources: SGBase: Type: 'AWS::EC2::SecurityGroup’ Properties: GroupDescription: Whitelist Security Group SecurityGroupIngress: - IpProtocol: any CidrIp: 167.55.180.10/32 FromPort: ’3388’ ToPort: ’3390’ What’s wrong with this picture?
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSTemplateFormatVersion:2010-09-09 Resources: SGBase: Type: 'AWS::EC2::SecurityGroup’ Properties: GroupDescription: Whitelist Security Group SecurityGroupIngress: - IpProtocol: any CidrIp: 167.55.180.10/32 FromPort: ’3388’ ToPort: ’3390’ What’s wrong with this picture?
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 authorization process
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Lambda Amazon SQS AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation rule
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Lambda Amazon SQS AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation Amazon Macie rule
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Lambda Amazon SQS AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation Change Control Amazon Macie rule
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Lambda Amazon SQS AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation Change Control Amazon Macie rule
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Lambda Amazon SQS AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation Change Control Auditors Amazon Macie rule Sec Ops
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CLI AWS SDKs AWS CloudTrail AWS Config Amazon S3 AWS Lambda Amazon SQS AWS Services Auto Scaling group Availability Zone #1 security group security group EC2 instance web app server AWS CloudFormation Change Control Auditors Amazon Macie rule Sec Ops Partner Applications
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Automated Control Gaps Anti-pattern: Reliance on incomplete controls automation Best practices: 1. Use managed rules 2. Inject canary events to test controls 3. Use external tests and tools for validation 4. Audit to verify compliance 5. Add manual checkpoints prior to pushing changes 6. Automate everything, but mind the gaps! More on AWS Config Managed Rules https://aws.amazon.com/blogs/aws/aws-config-update-new-managed-rules-to-secure-s3-buckets/ More on Automating Governance on AWS https://www.youtube.com/watch?v=9g0u_05WBig
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Automating Outages
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance web app server Amazon Route 53
  • 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance Amazon Route 53 Auto Scaling group security group EC2 instance future web app server existing web app server
  • 45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance Amazon Route 53 Auto Scaling group security group EC2 instance future web app server existing web app server
  • 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance Amazon Route 53 Auto Scaling group security group EC2 instance future web app server existing web app server
  • 47. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance web app server Amazon Route 53 EC2 instance web app server EC2 instance web app server
  • 48. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance web app server Amazon Route 53 EC2 instance web app server EC2 instance web app server
  • 49. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance Amazon Route 53 Auto Scaling group security group EC2 instance future web app server existing web app server ?
  • 50. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance Amazon Route 53 Auto Scaling group security group EC2 instance future web app server existing web app server ?
  • 51. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance Amazon Route 53 Auto Scaling group security group EC2 instance future web app server existing web app server ? ?
  • 52. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance web app server Amazon Route 53 EC2 instance web app server EC2 instance web app server AWS CloudFormation
  • 53. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling group Availability Zone #1 security group security groupElastic Load Balancing Amazon S3 bucket CloudFront distribution EC2 instance web app server Amazon Route 53 EC2 instance web app server EC2 instance web app server AWS CloudFormation stack stack stack stack
  • 54. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 55. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console
  • 56. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Console AWS CodeCommit AWS CodeDeploy AWS CodeBuild AWS CodePipeline AWS CodeStar Amazon EC2 Systems Manager AWS CloudFormation AWS CloudTrail AWS Config AWS Managed Services AWS Service Catalog AWS OpsWorks
  • 57. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Automating Outages Anti-pattern: Incomplete Automation and Testing Best practices: 1. Decouple stateful and stateless infrastructure management automation 2. Limit interactive access to infrastructure 3. Define and enforce tagging policy 4. Implement blue/green and rolling upgrades 5. Test infrastructure automation in non-production environments 6. Administrative domains! More AWS Infrastructure Automation Best Practices http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html
  • 58. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Schrödinger's Backup
  • 59. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. root volume data volume Amazon S3 bucket logs Amazon EBS snapshot EC2 instance web app server
  • 60. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. root volume data volume Amazon S3 bucket logs Amazon EBS snapshots EC2 instance web app server
  • 61. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. root volume data volume Amazon S3 bucket logs Amazon EBS snapshots EC2 instance web app server ?
  • 62. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CC-by-SA 3.0
  • 63. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CC-by-SA 3.0 DISASTER
  • 64. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CC-by-SA 3.0 DISASTER RECOVERY
  • 65. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CC-by-SA 3.0 DISASTER RECOVERY YOUR APPLICATION
  • 66. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anti-Pattern: Schrödinger's Backup Anti-pattern: No Regular Recovery Testing Best practices: 1. Automate backups 2. Use services that include native backup features 3. Automate recovery testing 4. Alert on failure 5. Replication is not a backup More AWS Backup and Recovery Best Practices https://d0.awsstatic.com/whitepapers/Backup_and_Recovery_Approaches_Using_AWS.pdf
  • 67. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Establishing Best Practices
  • 68. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Establishing Best Practices It’s a journey… 1. Identify Best Practices Learn from mistakes, and, ideally, the mistakes of others Use FAQs, troubleshooting guides, and Backup and Recovery steps BEFORE deployment 2. Test Your Assumptions Schedule Trial Restores and DR Exercises War game scenarios 3. Reassess Frequently Follow blogs or the What’s New page for new features and announcements Schedule periodic architecture reviews with AWS Solutions Architects
  • 69. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 70. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/security/partner-solutions/
  • 71. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/architecture/well-architected/
  • 72. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. THANK YOU! G P S T E C 3 0 2