With the multitude of different software development platforms, tools, and methodologies, it can be daunting to get started and ensure you are on the right architectural track in the cloud. AWS understands architectural best practices for designing reliable, secure, efficient, and cost-effective systems in the AWS cloud. This session will introduce you to the "Well-Architected" framework along with a number of key takeaways on setting solid architectural foundations. Speaker: Ben Potter, Security Consultant, Amazon Web Services Featured Customer - Reckon

1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Ben Potter – Professional Services Consultant, Amazon Web Services
David Taberner – Cloud Solution Architect, Reckon
Introducing Well-­Architected
For Developers
April 2016
Technical 101

2. What We Will Cover
• The Well-­Architected Framework
• Key Best Practices
• How to Get Started
• Resources

3. Main Pillars
Security Reliability Performance
Efficiency
Cost
Optimisation
Account
Access Keys
Network
Services
High Availability
Load Balancing
Backup and DR
Auto Scaling
Right-­Sizing
Benchmarking
Load Testing
Monitoring
Managed-­
Services
Cost Awareness
Tagging

4. General Design Principles
• Secure from the Start
• Stop Guessing your Capacity Needs
• Test Systems at Production Scale
• Lower the Risk of Architecture Change
• Automate to make Architectural Experimentation Easier
• Allow for Evolutionary Architectures

5. SDK’s
• PHP
• Python
• .NET
• Node.js
• JavaScript
• Java
• Ruby
• Andriod and IOS
• Go

6. Building Blocks
EC2 instance
Server
Subnet
Availability Zone A Availability Zone B
Region
Amazon
S3
Amazon
CloudWatch

7. Security
Security Reliability Performance
Efficiency
Cost
Optimisation

8. Security
The ability to protect information, systems and assets while
delivering business value through risk assessments and
mitigation strategies.
• Data Protection
• Privilege Management
• Infrastructure Protection
• Detective Controls

9. Security: Shared Responsibility
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure
Regions
Availability Zones
Edge
Locations
Client-­side Data
Encryption
Server-­side Data
Encryption
Network Traffic
Protection
Platform, Applications, Identity & Access Management
Operating System, Network, and Firewall Configuration
Customer applications & content
Customers

10. Security: Credentials
• As soon as you Create a new AWS Account Enable MFA
• Use Identity and Access Management Service (IAM) to
Create Users, even if its only 1
• Protect all of your Credentials
• DO NOT place Access Keys in Code…EVER!
'key' => '1111-2222-3333-4444-5555’,
'secret' => 'aaaa-bbbb-cccc-dddd-eeee',

11. Security: EC2 Role
1: Create EC2 role
Create role in IAM service with
limited policy
2: Launch EC2 instance
Launch instance with role
3: App retrieves credentials
Using AWS SDK application
retrieves temporary credentials
4: App accesses AWS resource(s)
Using AWS SDK application uses
credentials to access resource(s)
Instance

12. Security: EC2 Role – PHP SDK
• PHP SDK: Using an Instance Profile (EC2 role)
use AwsCredentialsCredentialProvider;
use AwsS3S3Client;
$provider = CredentialProvider::instanceProfile();
// Be sure to memoize the credentials
$memoizedProvider = CredentialProvider::memoize($provider);
$client = new S3Client([
‘region' => ’ap-southeast-2',
'version' => '2006-03-01',
'credentials' => $memoizedProvider
]);

13. Security: Cognito
Identity
Providers
Unique
Identities
Any Device
Any Platform
Any AWS
Service
Helps implement Security Best Practices
Securely access any AWS Service from mobile
device. It simplifies the interaction with AWS
Identity and Access Management
Support Multiple Login Providers
Easily integrate with major login providers for
authentication.
Unique Users vs. Devices
Manage unique identities. Automatically
recognise unique user across devices and
platforms.
Mobile Analytics S3 DynamoDB Kinesis
Joe Anna Bob

14. Security: Network and Boundary
• Security Groups are Built-­in Stateful Firewalls
• Divide Layers of the Stack into Subnets
• Use a Bastion Host for Access
• Implement Host Based Controls

15. Two Layers with Security Groups
Availability Zone A
User
Availability Zone B
WEB
Server
RDS DB Instance
Web Subnet A
DB Subnet A
WEB
Security Group
DB
Security Group

16. Security: Instance, Monitoring and Auditing
• Configure Encryption Everywhere Possible
• Configure CloudTrail Service
• Configure VPC Flow Logs
• Collect all Logs Centrally and Alert
Virtual Private
Cloud
Identity &
Access
Manager
Key
Management
Service
CloudTrail AWS
Config

17. Security: Instance, Monitoring and Auditing
• VPC Flow Logs – Developers Best Friend

18. Reliability
Security Reliability Performance
Efficiency
Cost
Optimisation

19. Reliability
The ability of a system to recover from infrastructure or
service failures, dynamically acquire computing resources
to meet demand and mitigate disruptions such as
misconfigurations or transient network issues.
• Foundations
• Change Management
• Failure Management

20. Reliability: High Availability
• No Single Point of Failure
• Multiple Availability Zones
• Load Balancing
• Auto Scaling and Healing

21. Multi AZ, Load Balanced, Auto Scaled
Availability Zone A
Amazon
Route 53User
Availability Zone B
Elastic Load
Balancing
WEB
Server
WEB
Server
WEB
Server
WEB
Server
WEB
Server
WEB
Server
RDS DB Instance
Standby
RDS DB Instance
Active
Auto Scaling
Group
Web Subnet A Web Subnet B
DB Subnet A DB Subnet B
Amazon
S3
Amazon
CloudWatch

22. Reliability: Monitoring and Alerting
• Monitoring
• Notification
• Automated Response
• Review
Amazon
CloudWatch
CloudWatch
Alarm
Amazon
SNS
Amazon
CloudWatch
Logs
AWS
Lambda

23. Reliability: Backup and DR
• Define Objectives
• Backup Strategy
• Periodic Recovery Testing
• Automated Recovery
• Periodic Reviews

24. Performance Efficiency
Security Reliability Performance
Efficiency
Cost
Optimisation

25. Performance Efficiency
The ability to use computing resources efficiently to meet
system requirements and to maintain that efficiency as
demand changes and technologies evolve.
• Compute
• Storage
• Database

26. Performance Efficiency: Right Sizing
• Reference Architecture
• Quick Start Reference Deployments
• Benchmarking
• Load Testing
• Cost / Budget
• Monitoring and Notification

27. Performance Efficiency: Proximity and Caching
• Content Delivery Network (CDN)
• Database Caching
• Reduce Latency
• Pro-­active Monitoring and Notification
Amazon
CloudFront
Amazon
ElastiCache
RDS DB
instance read
replica

28. Performance Efficiency: Proximity and Caching
• Session State in ElastiCache (Redis) for .NET:
<sessionState mode="Custom" customProvider="MySessionStateStore">
<providers>
<add name="MySessionStateStore" type="Microsoft.Web.Redis.RedisSessionStateProvider"
host="aspnet.k30h8n.0001.use1.cache.amazonaws.com"
accessKey="" ssl="false" />
</providers>
</sessionState>

29. Multi AZ, Load Balanced, Auto Scaled, Caching
Availability Zone A
Amazon
Route 53User
Amazon
CloudFront
Availability Zone B
Elastic Load
Balancing
RDS DB Instance
Read Replica
WEB
Server
WEB
Server
WEB
Server
ElastiCache RDS DB Instance
Read Replica
WEB
Server
WEB
Server
WEB
Server
ElastiCacheRDS DB Instance
Standby
RDS DB Instance
Active
Auto Scaling
Group
Web Subnet A Web Subnet B
DB Subnet A
AWS WAF
Amazon
S3
Amazon
CloudWatch
DB Subnet B

30. Authenticate Users
Authorise Access
Analyse User Behavior
Store and Share Media
Synchronise Data
AWS Mobile SDK
Amazon Mobile
Analytics
Deliver Media
Amazon Cognito
(Sync)
AWS Identity and
Access Management
Amazon Cognito
(Identity Broker)
Amazon S3
Transfer Manager
Amazon CloudFront
(Device Detection)
Store Shared Data
Amazon DynamoDB
(Object Mapper)
Stream Real-­time Data
Amazon Kinesis
(Recorder)
Send Push Notifications
Amazon SNS
Mobile Push
Your
Mobile
App
Run Business Logic
AWS Lambda

31. Cost Optimisation
Security Reliability Performance
Efficiency
Cost
Optimisation

32. Cost Optimisation
The ability to avoid or eliminate unneeded cost or
suboptimal resources.
• Matching Capacity and Demand
• Cost-­effective Resources
• Expenditure Awareness
• Optimising Over Time

33. Cost Optimisation: Capacity Matching
• Demand Based
• Queue Based
• Schedule Based
• Appropriately Provisioned
• Instance Matching
• Pro-­active Monitoring and Action
Amazon
SQS
Optimised
instance
Amazon
SWF

34. Cost Optimisation: Pricing Model
• On Demand
• Reserved
• Spot
• Automated Turn Off

35. Cost Optimisation: Managed Services
• Analyse Available Services
• Appropriate Databases
• Consider Application Level Services
• Automation: CloudFormation, Elastic Beanstalk
Amazon
RDS
Amazon
DynamoDB
Amazon
Redshift
Amazon
ElastiCache
AWS
CloudFormation
AWS
Elastic
Beanstalk
Amazon
Elasticsearch
Service

36. Cost Optimisation: Manage Expenditure
• Tag Resources
• Track Project Lifecycle and Profile Applications
• Monitor Usage and Spend
• Cost Explorer
• Partner Tools

37. Introducing David @ Reckon

38. Who I Am and What I Do
• Solution Architect
• Head up our AWS Platform Architecture and DevOps
Team
• Involved in various aspects of our Application
Architecture and Product Technical Development

39. AWS is a Developer Platform
• Access to Advanced Tools like Load Balancers without
Network Knowledge
• Control the Infrastructure as Code… something we are
already comfortable with
• Platform Removes a lot of Undifferentiated Heavy Lifting

40. Cloud Formation
• Cloud Formation is Worth Learning
• Comes with great Developer Documentation and written
in JSON
• Has Calls and Support for almost all of the Platform
• Has become a Corner Stone of our Environment

41. Code Deploy
• Push Code to Servers
• Integrates with GitHub Auto Deploy Trigger from
Commits
• Can Deploy Code to Non-­AWS Servers as well
• Is Simple and Flexible

42. Some Things We’ve Learned
• Faster to Deploy Services – No more waiting for IT
• Its Not a Perfect World – Smart Compromises can be
Key
• Manage your Costs as you go
• Have a Tag Policy – Doesn’t have to be Complex

43. Our Tag Policy
• KISS Policy Applies!
• Lambda can help with some Tag Management

44. Tag Reporting Using Cost Explorer

46. Elastic Beanstalk

52. Trusted Advisor

53. Trusted Advisor

54. Developer Support
The Developer Support plan offers resources for customers
testing or developing on AWS, as well as any customers
who:
• Want Access to Guidance and Technical Support
• Are Exploring how to Quickly put AWS to Work
• Use AWS for Non-­production Workloads or Applications
• Trusted Advisor – Core Checks
• Architecture Support – Developer

56. Get Started
Architecture Centre: https://aws.amazon.com/architecture/
AWS Well-­Architected Framework
https://aws.amazon.com/whitepapers/
10m Tutorials: https://aws.amazon.com/getting-­started/

57. Additional Resources
AWS Channel:
https://www.youtube.com/user/AmazonWebServices
qwikLABS:
https://qwiklabs.com
SlideShare:
http://www.slideshare.net/AmazonWebServices
ElasticBeanstalk:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Gett
ingStarted.html

58. AWS Training & Certification
Intro Videos & Labs
Free videos and labs to
help you learn to work
with 30+ AWS services
– in minutes!
Training Classes
In-­person and online
courses to build
technical skills –
taught by accredited
AWS instructors
Online Labs
Practice working with
AWS services in live
environment –
Learn how related
services work
together
AWS Certification
Validate technical
skills and expertise –
identify qualified IT
talent or show you
are AWS cloud ready
Learn more: aws.amazon.com/training

59. Your Training Next Steps:
ü Visit the AWS Training & Certification pod to discuss your
training plan & AWS Summit training offer
ü Register & attend AWS instructor led training
ü Get Certified
AWS Certified? Visit the AWS Summit Certification Lounge to pick up your swag
Learn more: aws.amazon.com/training

60. Thank You!