Getting started with Amazon Web Services (AWS) is fast and simple. This complimentary webinar will outline best practice guidance from many customers and the Amazon Web Services team, helping you gain advantage as your implement your projects in AWS.

1. Best practices for getting
started with AWS
Ryan
Shu)leworth
–
Technical
Evangelist
@ryanAWS

2. Agenda
Amazon
Web
Services
Background
UBlity
compuBng
&
ElasBcity
Best
pracBces
Choosing
your
use
case
Organizing
your
environments
Security
Architect
to
cloud
strengths
Services
not
soGware
Be
elasBc
&
cost
opBmized

3. Your
feedback
is
important
Tell us:
What’s good, what’s not
What you want to see at these
events
What you want AWS to deliver for
you

4. background

5. Consumer Seller" IT Infrastructure
Business
Business
Business
Tens of millions of Sell on Amazon Cloud computing
active customer websites
infrastructure for
accounts
hosting web-scale
Use Amazon solutions
technology for your
own retail website
Eight countries:" Hundreds of
US, UK, Germany, Leverage Amazon’s thousands of
Japan, France, massive fulfillment registered
Canada, China, Italy
center network
customers in over
190 countries

6. About
Amazon
Web
How did Amazon…
Services
Deep experience in building
and operating global web
scale systems
?
…get into cloud computing?

7. Over 10 years in the making
Enablement of sellers on Amazon
Internal need for scalable deployment environment
Early forays proved developers were hungry for more

8. AWS
Mission
Enable
businesses
and
developers
to
use
web
services*
to
build
scalable,
sophisBcated
applicaBons.
*What
people
now
call
“the
cloud”

10. Not excess capacity!

12. Each
day
AWS
adds
the
equivalent
server
capacity
to
power
Amazon
when
it
was
a
global,
$2.76B
enterprise
(circa
2000)

13. Pace
of
innovaBon
April
2012:
May
2012:
June
2012:
AWS
CloudFormaBon
Support
for
CreaBng
VPC
Resources
Amazon
ElasBc
MapReduce
Now
Supports
Hive
0.8.1
AWS
ElasBc
Beanstalk
Announces
Updated
Command
Line
Interface
Amazon
DynamoDB
Now
Available
in
Three
AddiBonal
Amazon
RDS
Announces
Oracle
Enterprise
Manager
Support
Regions
Amazon
SES
Announces
Bounce
and
Complaint
NoBficaBons
Announcing
VM
Export
for
Amazon
EC2
AWS
ElasBc
Beanstalk
Now
Available
in
the
Asia
Pacific
Cluster
Compute
Eight
Extra
Large
Instance
Type
Now
Available
in
(Tokyo)
Region
AWS
Console
Enhancements
for
ElasBc
Load
Balancing:
Listener,
EU-­‐West
CerBficate,
and
Cipher
Management
Amazon
DynamoDB
Announces
BatchWriteItem
Feature
AWS
CloudFormaBon
Supports
Amazon
DynamoDB
and
Amazon
Amazon
RDS
announces
support
for
MySQL
Read
Replica
in
Amazon
CloudFront
Dynamic
Content
Introducing
AWS
Marketplace
VPC
New
Sydney,
Australia
Edge
LocaBon
for
Amazon
CloudFront
&
AWS
Announces
The
Availability
of
the
MicrosoG
SharePoint
AWS
ElasBc
Beanstalk
Now
Available
in
the
EU
(Ireland)
Region
Amazon
Route
53
Server
on
AWS
Reference
Architecture
White
Paper
Amazon
Simple
Email
Service
Announces
Domain
VerificaBon
AWS
Support
Expands
Free
Tier,
Adds
New
Features,
Lowers
Prices
AWS
Announces
CloudSearch
Amazon
CloudFront
Now
Supports
Dynamic
Content
Amazon
ElasBc
MapReduce
Announces
Support
for
HBase
Announcing
the
Availability
of
Reserved
Cache
Nodes
for
Amazon
ElasBCache
Monitor
Your
AWS
Charges
with
Billing
Alerts
Using
Amazon
Amazon
RDS
MySQL
on
t1.micro,
starBng
at
just
$19
a
month
CloudWatch
Live
Smooth
Streaming
for
Amazon
CloudFront
Announcing
AWS
IdenBty
and
Access
Management
(IAM)
roles
for
Announcing
API
and
AWS
IdenBty
&
Access
Management
Support
for
EC2
instances
AWS
Storage
Gateway
Announcing
Internal
Load
Balancing
in
Amazon
Virtual
Private
New
Managed
Services
for
Windows
Developers
Worldwide
Cloud
New
and
Updated
MicrosoG
SQL
Server
Offerings
on
Amazon
EC2
Announcing
Spot
IntegraBon
with
Auto
Scaling
and
CloudFormaBon
New
Amazon
RDS
for
Oracle
CapabiliBes
and
MulB-­‐AZ
Enhancements
AWS
Billing
enables
enhanced
CSV
reports
and
programmaBc
access
Amazon
ElasBCache
Launches
Free
Trial
Program

14. Pace
of
innovaBon
April
2012:
May
2012:
June
2012:
AWS
CloudFormaBon
Support
for
CreaBng
VPC
Resources
Amazon
ElasBc
MapReduce
Now
Supports
Hive
0.8.1
AWS
ElasBc
Beanstalk
Announces
Updated
Command
Line
Interface
Amazon
DynamoDB
Now
Available
in
Three
AddiBonal
Amazon
RDS
Announces
Oracle
Enterprise
Manager
Support
Regions`
Amazon
SES
Announces
Bounce
and
Complaint
NoBficaBons
Announcing
VM
Export
for
Amazon
EC2
Q2 2012
AWS
ElasBc
Beanstalk
Now
Available
in
the
Asia
Pacific
Cluster
Compute
Eight
Extra
Large
Instance
Type
Now
Available
in
(Tokyo)
Region
AWS
Console
Enhancements
for
ElasBc
Load
Balancing:
Listener,
EU-­‐West
CerBficate,
and
Cipher
Management
Amazon
DynamoDB
Announces
BatchWriteItem
Feature
AWS
CloudFormaBon
Supports
Amazon
DynamoDB
and
Amazon
Amazon
RDS
announces
support
for
MySQL
Read
Replica
in
Amazon
CloudFront
Dynamic
Content
35
Introducing
AWS
Marketplace
VPC
New
Sydney,
Australia
Edge
LocaBon
for
Amazon
CloudFront
&
AWS
Announces
The
Availability
of
the
MicrosoG
SharePoint
AWS
ElasBc
Beanstalk
Now
Available
in
the
EU
(Ireland)
Region
Amazon
Route
53
Server
on
AWS
Reference
Architecture
White
Paper
Amazon
Simple
Email
Service
Announces
Domain
VerificaBon
AWS
Support
Expands
Free
Tier,
Adds
New
Features,
Lowers
Prices
AWS
Announces
CloudSearch
Amazon
CloudFront
Now
Supports
Dynamic
Content
Amazon
ElasBc
MapReduce
Announces
Support
for
HBase
Announcing
the
Availability
of
Reserved
Cache
Nodes
for
Amazon
ElasBCache
Live
Smooth
Streaming
for
Amazon
CloudFront
CloudWatch
new features
Monitor
Your
AWS
Charges
with
Billing
Alerts
Using
Amazon
Amazon
RDS
MySQL
on
t1.micro,
starBng
at
just
$19
a
month
Announcing
AWS
IdenBty
and
Access
Management
(IAM)
roles
for
Announcing
API
and
AWS
IdenBty
&
Access
Management
Support
for
EC2
instances
AWS
Storage
Gateway
Announcing
Internal
Load
Balancing
in
Amazon
Virtual
Private
New
Managed
Services
for
Windows
Developers
Worldwide
Cloud
New
and
Updated
MicrosoG
SQL
Server
Offerings
on
Amazon
EC2
Announcing
Spot
IntegraBon
with
Auto
Scaling
and
CloudFormaBon
New
Amazon
RDS
for
Oracle
CapabiliBes
and
MulB-­‐AZ
Enhancements
AWS
Billing
enables
enhanced
CSV
reports
and
programmaBc
access
Amazon
ElasBCache
Launches
Free
Trial
Program

15. Relational Database Service
Virtual Private Cloud
Simple Notification Service
Elastic Map Reduce
Route 53
Auto Scaling
RDS Multi-AZ
Reserved Instances
Singapore Region
Elastic Load Balancer
2009
2010
Identity Access Management
48
61
Cluster Instances
Elastic Beanstalk
Simple Email Service
CloudFormation
2008
RDS for Oracle
ElastiCache
24
SimpleDB
CloudFront
H1 2012
2011
63
82
EBS
Availability Zones
Elastic IPs
2007
9
Amazon FPS
Red Hat EC2
DynamoDB
Simple Workflow
CloudSearch
Storage Gateway
Route 53 Latency Based Routing
number of released features, sample services described

16. Objects in S3
1 Trillion
1000.000
750.000
500.000
250.000
0.000
750k+ peak transactions per second

17. Utility computing

18. Utility computing
On demand Pay as you go
Uniform Available

19. Utility computing
On demand Pay as you go
Uniform Available

20. Utility computing

21. Utility computing
On demand Pay as you go
Compute
Scaling
Security
CDN
Backup
DNS
Database
Storage
Load
Balancing
Workflow
Monitoring
Networking
Uniform Messaging
Available

22. On
a
global
footprint
Region
US-WEST (N. California)
EU-WEST (Ireland)
GOV CLOUD
ASIA PAC (Tokyo)
US-EAST (Virginia)
US-WEST (Oregon)
ASIA PAC (Singapore)
SOUTH AMERICA (Sao Paulo)

23. On
a
global
footprint
Availability Zone

24. On
a
global
footprint
Edge Locations
London(2)
Seattle
South Bend
New York (2)
Amsterdam
Newark
Stockholm
Dublin
Palo Alto
Tokyo
San Jose
Frankfurt(2)
Paris(2)
Ashburn(2)
Milan
Osaka
Los Angeles (2)
Jacksonville
Dallas(2)
Hong Kong
St.Louis
Miami
Singapore(2)
Sydney
Sao Paulo

25. At
the
end
of
a
web
service
ec2-run-instances ami-b232d0db ec2-run-instances ami-b232d0db
--instance-count 3 --instance-count 5
--availability-zone eu-west-1a --availability-zone eu-west-1c
--instance-type m1.small --instance-type m1.medium

26. At
the
end
of
a
web
service
ec2-run-instances ami-b232d0db
--instance-count 2
--availability-zone eu-east-1d
--instance-type m1.xlarge
ec2-run-instances ami-b232d0db
--instance-count 2
--availability-zone us-east-1b
--instance-type m1.xlarge

27. At
the
end
of
a
web
service
as-create-auto-scaling-group MyGroup
ec2-authorize default -p 80 --launch-configuration MyConfig
--availability-zones eu-west-1c
--min-size 2
--max-size 200
elb-create-lb myLoadBalancer

28. and
rich
console
services

29. Elasticity

30. ElasBc
capacity
Traditional IT
capacity
Capacity
Time
Your IT needs

31. ElasBc
capacity
On
and
Off
Fast
Growth
Variable
peaks
Predictable
peaks

32. ElasBc
capacity
WASTE
On
and
Off
Fast
Growth
Variable
peaks
Predictable
peaks
CUSTOMER DISSATISFACTION

33. ElasBc
capacity
Capacity
TradiBonal
IT
capacity
ElasBc
cloud
capacity
Time
Your
IT
needs

34. ElasBc
capacity
On
and
Off
Fast
Growth
Variable
peaks
Predictable
peaks

35. 503
Service Temporarily Unavailable
The server is temporarily unable to service
your request due to maintenance downtime or
capacity problems. Please try again later.

36. 503
Service Temporarily Unavailable
The server is temporarily unable to service
your request due to maintenance downtime or
capacity problems. Please try again later.

37. From
one
instance…

38. …to
thousands

39. Time: +00h
<10 cores
Elastic Capacity

40. Time: +24h
>1500 cores
Elastic Capacity

41. Time: +72h
<10 cores
Elastic Capacity

42. Time: +120h
>600 cores
Elastic Capacity

43. 40
servers
to
5000
in
3
days
EC2 scaled to peak of 5000
Number of EC2 Instances instances
“Techcrunched”
Launch of Facebook
modification
Steady state of ~40
instances
4/12/2008 4/13/2008 4/14/2008 4/15/2008 4/16/2008 4/17/2008 4/18/2008 4/19/2008 4/20/2008

44. Best practices

45. 1
Choose your use
case well

46. Choose
use
case
that
suits
you
Low
hanging
fruit
can
be
easiest
way
to
‘cut
teeth’

47. Choose
use
case
that
suits
you
Dev
&
Test
Spin
environments
up
and
down
on
demand
Decouple
development
and
test
environments
from
operaBons
constraints
Explore
elasBcity
in
a
sandboxed
environment
Low
hanging
fruit
can
be
easiest
way
to
‘cut
teeth’

48. Choose
use
case
that
suits
you
Dev
&
Test
Backup
&
DR
Spin
environments
up
and
down
Take
part
of
your
data
or
on
demand
business
applicaBons
step-­‐
by-­‐
step
into
non-­‐producBon
DR
use
Decouple
development
and
test
environments
from
operaBons
Understand
cloud
dynamics
and
constraints
test
during
controlled
failovers
Explore
elasBcity
in
a
sandboxed
environment
Low
hanging
fruit
can
be
easiest
way
to
‘cut
teeth’

49. Choose
use
case
that
suits
you
Dev
&
Test
Backup
&
DR
Greenfield
Project
Spin
environments
up
and
down
Take
part
of
your
data
or
Embody
best
pracBce
of
cloud
on
demand
business
applicaBons
step-­‐
by-­‐ compuBng
in
unconstrained
step
into
non-­‐producBon
DR
use
greenfield
projects
Decouple
development
and
test
environments
from
operaBons
Understand
cloud
dynamics
and
Self
contained
web
projects,
constraints
test
during
controlled
failovers
document
archiving
etc
Explore
elasBcity
in
a
sandboxed
environment
Low
hanging
fruit
can
be
easiest
way
to
‘cut
teeth’

50. Choose
use
case
that
suits
you
Dev
&
Test
Backup
&
DR
Greenfield
Project
Pain
point
Spin
environments
up
and
down
Take
part
of
your
data
or
Embody
best
pracBce
of
cloud
Move
specific
service
aspects
on
demand
business
applicaBons
step-­‐
by-­‐ compuBng
in
unconstrained
causing
undue
cost
or
step
into
non-­‐producBon
DR
use
greenfield
projects
management
burden
Decouple
development
and
test
environments
from
operaBons
Understand
cloud
dynamics
and
Self
contained
web
projects,
Workflows,
search
indexing,
constraints
test
during
controlled
failovers
document
archiving
etc
media
streaming,
document
archiving,
constrained
databases
Explore
elasBcity
in
a
sandboxed
environment
Low
hanging
fruit
can
be
easiest
way
to
‘cut
teeth’

51. Plan
evoluBon
&
set
goals
PoC
ProducBon
AutomaBon
Understand
services
Implement
monitoring
Automate
correcBve
measures
Examples
Test
performance
Change
control
and
management
Auto-­‐scaling
Architect
for
scale
Security
management
Zero
downBme
deployments
Build
cross
funcBonal
team
capabiliBes
Scalability
System
backup
and
recovery

52. Plan
evoluBon
&
set
goals
PoC
ProducBon
AutomaBon
Understand
services
Implement
monitoring
Automate
correcBve
measures
Examples
Test
performance
Change
control
and
management
Auto-­‐scaling
Architect
for
scale
Security
management
Zero
downBme
deployments
Build
cross
funcBonal
team
capabiliBes
Scalability
System
backup
and
recovery
Beanstalk
APIs
Cloud
FormaBon
Beanstalk
CLI
Cloud
Watch
Auto
scaling
IAM

53. 2
Organize your house

54. Organize
your
house
Accounts
Create
an
account
structure
that
makes
sense
Use
accounts
like
environments
where
you
need
separaBon
and
control
e.g
Dev
Sandboxes
Test
Environments
Business
Units
Products
&
Services

55. Organize
your
house
Accounts Billing
Create
an
account
structure
Control
access
to
billing
that
makes
sense
informaBon
Use
accounts
like
environments
Use
IAM
users
to
keep
billing
where
you
need
separaBon
and
informaBon
in
the
master
account
control
Consolidate
billing
into
a
e.g
single
account
Dev
Sandboxes
Let
one
account
pick
up
the
bill
for
Test
Environments
mulBple
‘sub
accounts’
Business
Units
Products
&
Services
Setup
billing
alerts
and
automated
bill
reporBng
Get
CloudWatch
noBficaBons
when
billing
reaches
a
point
and
output
csv
reports
to
S3
for
analysis

56. Enable CSV &
Billing
setngs
Programmatic Access
Billing
Preferences

57. Billing
setngs
Cost accounting in
favorite package
Billing Alerts
Bill reached $x
Dev
1
Dev
2
Test
Master
Account
ProducBon
Data labeled by
source in S3
Internal
Systems
Consolidated Billing

58. Billing
setngs
Dev
1
Dev 1 reached $100
Dev
2
Dev 2 reached $250
Test
Master
Account
Test reached $1,000
ProducBon
Prod reached $1,200
Internal
Systems
Internal reached $400

59. Organize
your
house
Accounts Billing
Create
an
account
structure
Control
access
to
billing
that
makes
sense
informaBon
Use
accounts
like
environments
Use
IAM
users
to
keep
billing
where
you
need
separaBon
and
informaBon
in
the
master
account
control
Consolidate
billing
into
a
e.g
single
account
Dev
Sandboxes
Let
one
account
pick
up
the
bill
for
Test
Environments
mulBple
‘sub
accounts’
Business
Units
Products
&
Services
Setup
billing
alerts
and
automated
bill
reporBng
Get
CloudWatch
noBficaBons
when
billing
reaches
a
point
and
output
csv
reports
to
S3
for
analysis

60. Organize
your
house
Accounts Billing Access Keys
Create
an
account
structure
Control
access
to
billing
Decide
upon
a
key
that
makes
sense
informaBon
management
strategy
Use
accounts
like
environments
Use
IAM
users
to
keep
billing
Control
access
to
EC2
instances
via
where
you
need
separaBon
and
informaBon
in
the
master
account
SSH
and
embedded
public
key:
control
e.g.
EC2
Key
Pair
per
group
of
instances,
EC2
Key
Pair
per
account
Consolidate
billing
into
a
e.g
single
account
Dev
Sandboxes
Consider
SSH
key
rotaBon
&
Let
one
account
pick
up
the
bill
for
Test
Environments
mulBple
‘sub
accounts’
automaBon
Business
Units
Limit
exposure
to
private
key
Products
&
Services
compromise
by
rotaBng
keys
and
Setup
billing
alerts
and
replacing
authorized_keys
automated
bill
reporBng
lisBngs
on
running
instances
Get
CloudWatch
noBficaBons
when
Consider
bootstrap
automaBon
to
billing
reaches
a
point
and
output
grant
developer
access
with
csv
reports
to
S3
for
analysis
developer
unique
keypairs

61. Organize
your
house
Accounts Billing Access Keys Groups & Roles
Create
an
account
structure
Control
access
to
billing
Decide
upon
a
key
Use
IAM
Groups
to
manage
that
makes
sense
informaBon
management
strategy
console
users
and
API
access
Use
accounts
like
environments
Use
IAM
users
to
keep
billing
Control
access
to
EC2
instances
via
Provide
developers
with
IAM
user
where
you
need
separaBon
and
informaBon
in
the
master
account
SSH
and
embedded
public
key:
login
and
unique
API
access
control
e.g.
EC2
Key
Pair
per
group
of
credenBals
instances,
EC2
Key
Pair
per
account
Consolidate
billing
into
a
Control
&
restrict
what
IAM
users
e.g
single
account
can
do
by
placing
them
in
groups
Dev
Sandboxes
Consider
SSH
key
rotaBon
&
with
policies
Let
one
account
pick
up
the
bill
for
Test
Environments
mulBple
‘sub
accounts’
automaBon
Business
Units
Limit
exposure
to
private
key
Assign
EC2
Instances
IAM
Products
&
Services
compromise
by
rotaBng
keys
and
roles
Setup
billing
alerts
and
replacing
authorized_keys
Let
AWS
manage
API
access
automated
bill
reporBng
lisBngs
on
running
instances
credenBals
on
running
instances
by
Get
CloudWatch
noBficaBons
when
Consider
bootstrap
automaBon
to
assigning
a
system
enBtlement
to
an
billing
reaches
a
point
and
output
grant
developer
access
with
instance
csv
reports
to
S3
for
analysis
developer
unique
keypairs
e.g
instance
can
only
read
S3
bucket

62. IdenBty
&
access
management
Account
Administrators
Developers
ApplicaBons
Jim
Brad
ReporBng
Bob
Mark
Console
Susan
Tomcat
Kevin

63. IdenBty
&
access
management
Groups
Account
Administrators
Developers
ApplicaBons
Jim
Brad
ReporBng
Bob
Mark
Console
Susan
Tomcat
Kevin
MulB-­‐factor
authenBcaBon

64. IdenBty
&
access
management
Groups
Account
Roles
Administrators
Developers
ApplicaBons
Jim
Brad
ReporBng
Bob
Mark
Console
Susan
Tomcat
Kevin
MulB-­‐factor
authenBcaBon
AWS
system
enBtlements

65. IAM
policies
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:*",
Policy
driven
"ec2:*",
"elasticloadbalancing:*",
Declara:ve
defini:on
of
rights
for
groups
"autoscaling:*",
"cloudwatch:*",
Policies
control
access
to
AWS
APIs
"s3:*",
"sns:*"
],
"Resource": "*"
}
]
}

66. 3
Think security

67. Shared
responsibility
Customer
Data
You
Playorm,
ApplicaBons,
IdenBty
&
Access
Management
OperaBng
System,
Network
&
Firewall
ConfiguraBon
Client-­‐side
Data
EncrypBon
&
Data
Server-­‐side
EncrypBon
Network
Traffic
ProtecBon
Integrity
AuthenBcaBon
(File
System
and/or
Data)
(EncrypBon/Integrity/IdenBty)
FoundaBon
Services
Amazon
Compute
Storage
Database
Networking
Availability
Zones
AWS
Global
Edge
LocaBons
Infrastructure
Regions

68. Leverage
shared
security
model
Understand your customer & form security stance

69. Leverage
shared
security
model
Understand your customer & form security stance
PenetraBon
test
requests
Your
cerBficaBons
Your
processes
External
audience

70. Leverage
shared
security
model
Understand your customer & form security stance
PenetraBon
test
requests
Your
cerBficaBons
Your
processes
External
audience
IAM
Internal
AdministraBon
audience
Architecture

71. Leverage
shared
security
model
Understand your customer & form security stance
PenetraBon
test
requests
Your
cerBficaBons
Your
processes
External
audience
IAM
AWS
CerBficaBons
Internal
Regulated
AdministraBon
AWS
White
Papers
audience
audience
Architecture
AWS
QSA
Process

72. Leverage
shared
security
model
Understand your customer & form security stance
Engage with security assessors early in adoption cycle
Don’t
fear
assessment
–
AWS
meets
high
standards
(PCI,
ISO27001,
SOC1…)
As
with
any
infrastructure
provider,
security
assessments
take
Bme
Derive
value
from
architecture
reviews
early
in
deployment
cycle

73. Leverage
shared
security
model
Understand your customer & form security stance
Engage with security assessors early in adoption cycle
Use comprehensive materials and certifications provided by AWS
h)p://aws.amazon.com/security/
Risk
and
compliance
paper
AWS
security
processes
paper
NEW!
CSA
consensus
assessments
iniBaBve
quesBonnaire

74. Leverage
shared
security
model
Understand your customer & form security stance
Engage with security assessors early in adoption cycle
Use comprehensive materials and certifications provided by AWS
Build upon features of AWS and implement a ‘security by design’ environment

75. Build
upon
AWS
features
Tiered Access Security Groups VPC Direct Connect & VPN
IAM
Instance
firewalls
Subnet
control
Private
connecBons
to
VPC
Control
users
and
allow
AWS
to
Use
IAM
users
to
keep
billing
Create
low
level
networking
Secured
access
to
resources
in
AWS
manage
credenBals
in
running
informaBon
in
the
master
account
constraints
for
resource
access,
such
over
soGware
or
hardware
VPN
and
instances
for
service
access
as
public
and
private
subnets,
dedicated
network
links
(allocaBon,
rotaBon)
CLIs
and
APIs
internet
gateways
and
NATs
Instantly
audit
your
enBre
AWS
APIs
vs
Instance
infrastructure
from
scriptable
APIs
–
BasBon
hosts
Provide
developer
API
credenBals
generate
an
on-­‐demand
IT
inventory
Only
allow
access
for
management
and
control
access
to
SSH
keys
enabled
by
programmaBc
nature
of
of
producBon
resources
from
a
AWS
basBon
host.
Turn
off
when
not
needed
Temporary
CredenBals
Provide
developer
API
credenBals
and
control
access
to
SSH
keys

76. 4
Architect to use cloud
strengths

77. Architect
to
use
cloud
strengths
Review
applicaBon
architectures
early
–
assess
fit
for
cloud
?
e.g.
variable
capacity
requirements,
‘standard’
technology
stacks,
reference
architectures*
Can
cloud
benefits
be
leveraged
with
minimum
effort
outlay?
?
e.g.
Applica:on
performance
improvement
by
migra:on
of
sta:c
content
to
S3/CloudFront
Will
cloud
yield
cost
savings
&
agility
improvements?
?
e.g.
Faster
development
cycles
for
dev/test,
reduced
cap-­‐ex
for
applica:on
environments
Can
automaBon
lead
to
a
more
agile
&
secure
service?
?
e.g.
fully
scripted
deployments,
IAM
&
EC2
instance
roles,
rolling
deployments
*hLp://aws.amazon.com/architecture

78. Architect
to
use
cloud
strengths
Disposable
compute
Design
systems
that
can
suffer
✓
✓
instance
loss
Dispose
of
compute
when
it
is
not
✓
✓
required

79. Architect
to
use
cloud
strengths
Disposable
compute
Flexible
capacity
✓
✓
✓
Design
for
systems
that
potenBally
scale
from
zero
instances
to
hundreds
Use
Auto-­‐scaling
(events,
schedules
etc)
to
✓
✓
✓
drive
capacity
availability

80. Architect
to
use
cloud
strengths
Disposable
compute
Flexible
capacity
✓
✓
✓
UBlize
99.999999999%
durability
of
objects
in
S3
Scale
databases
with
RDS
and
use
Cost
effecBve
&
reliable
storage
✓
✓
✓
DynamoDB
for
high
throughput
NoSQL

81. Architect
to
use
cloud
strengths
Disposable
compute
Flexible
capacity
✓
✓
✓
Automate
everything
from
scaling
to
instance
recovery
from
failure
Cost
effecBve
storage
AutomaBon
and
control

82. Bootstrapping
–
custom
AMIs
Instance
AMI
1
Create
instance
for
your
OS
choice
Custom
machine
image
2
Configure
environment
Auto-­‐scaling
Manual
deployments
3
Install
soGware
Programma:c
deployments
4
Create
AMI
from
instance
5
Launch
fully
configured
instances
from
AMI

83. Bootstrapping
–
metadata
service
Instance
Metadata
service
contains
wealth
of
informaBon
about
an
instance
AMI
h)p://169.254.169.254/latest/meta-­‐data
Custom
or
standard
machine
image
ami-­‐id
local-­‐hostname
Receive
custom
Metadata
data
to
drive
ami-­‐launch-­‐index
local-­‐ipv4
Service
bootstrapping
ami-­‐manifest-­‐path
mac
block-­‐device-­‐mapping
network
hostname
placement
instance-­‐ac:on
profile
instance-­‐id
public-­‐hostname
Instance-­‐type
public-­‐ipv4
kernel-­‐id
public-­‐keys
reserva:on-­‐id

84. Bootstrapping
–
metadata
service
Instance
Metadata
service
contains
wealth
of
informaBon
about
an
instance
AMI
h)p://169.254.169.254/latest/meta-­‐data
Custom
or
standard
machine
image
+
user
data
Receive
custom
data
to
drive
Metadata
Service
bootstrapping
Scripts
in
user-­‐data
field
of
metadata
will
be
executed
on
launch
e.g.
#!/bin/sh
yum -y install httpd
chkconfig httpd on
/etc/init.d/httpd start
Or:
<powershell>
…
</powershell>

85. Bootstrapping
–
metadata
service
Instance
Metadata
service
contains
wealth
of
informaBon
about
an
instance
AMI
h)p://169.254.169.254/latest/meta-­‐data
Custom
or
standard
machine
image
+
user
data
Receive
custom
data
to
drive
Metadata
Service
bootstrapping
Scripts
in
user-­‐data
field
of
metadata
will
be
executed
on
launch
Install
soGware
e.g.
web
server,
app
server,
proxy
Pull
data
and
applicaBon
packages
from
S3
Publish
metadata
for
instance
to
other
systems
e.g.
monitoring
systems
Setup
security
profile
of
instance
based
upon
intended
use
e.g.
pull
latest
config

86. 1. Use multiple
availability zones

87. 2. Use RDS with replicas
and slaves

88. 3. Use auto-scaling
groups

89. 4. Use Elastic Load
Balancing

90. 5. Use Route53 to host
DNS zones

91. Architect
to
use
cloud
strengths
Elastic Load Balancing Route 53 RDS Auto-scaling
Use
at
regional
level
Leverage
SLA
Scale
databases
without
Dynamically
scale
resources
&
Combined
with
autoscaling
will
Improve
applicaBon
reliability
with
admin
overhead
control
costs
balance
requests
and
resource
Route
53’s
SLA
on
requests
served
Choose
instance
size
for
databases
Only
provision
the
resources
that
capacity
across
availability
zones
and
scale
up
over
Bme
are
required
with
scale
up
and
cool
Weighted
rouBng
down
policies
that
match
demand
Within
VPC
Perform
A/B
analysis,
and
staged
Add
high
availability
from
Use
to
loadbalance
between
applicaBon
roll-­‐outs
by
moving
a
management
console
applicaBon
Bers
within
an
porBon
of
traffic
to
new
Create
master-­‐slave
configuraBons
availability
zone
infrastructure
and
read-­‐replicas.
AWS
takes
care
of
the
failover
and
recreaBon
of
a
new
Instance
migraBons
Control
TTLs
and
updates
slave
in
event
of
master
DB
loss
Easily
move
instances
from
dev
Take
absolute
control
of
DNS
environments
to
test
environments
updates
for
more
decisive
system
by
moving
between
ELBs
updates

92. 5
Services not software

93. Services
not
soGware
Use
AWS
services
+
Your
technology
skills
=
Less
Bme
managing
and
installing
soGware
More
Bme
focused
on
business
applicaBons
let
AWS
do
the
heavy
liGing

94. Services
not
soGware
Relational Database Service
Use RDS for Database-as-a-Service
databases
No need to install or manage database instances
Scalable and fault tolerant configurations
DynamoDB
Use DynamoDB for
Provisioned throughput NoSQL database
high performance
Fast, predictable performance
key-value DB
Fully distributed, fault tolerant architecture

95. Services
not
soGware
Processing results
Amazon SQS
Reliable message
Reliable, highly scalable, queue
Amazon SQS
queuing without
service for storing messages as they
travel between instances
additional software
Processing task/
processing trigger
1
2
Push inter-process Simple Workflow
Task A
workflows into the Reliably coordinate processing steps
Task B
3
across applications
cloud with SWF
(Auto-scaling)
Integrate AWS and non-AWS resources
Manage distributed state in complex
systems
Task C

96. Services
not
soGware
Document
Don’t install search Cloud Search
Server
Elastic search engine based upon
software, use
Amazon A9 search engine
CloudSearch
Fully managed service with
sophisticated feature set
Search
Scales automatically
Server
Results
Elastic MapReduce
Elastic Hadoop cluster
Process large
Integrates with S3 & DynamoDB
volumes of data cost
Leverage Hive & Pig analytics scripts
effectively with EMR
Integrates with instance types such as
spot

97. 6
Be elastic and cost
optimized

98. Be
elasBc
and
cost
opBmized
Elastic Load Balancing Auto-scaling policies
Scalability
Cost
OpBmizaBon
Availability
Instance types and sizes

99. Auto-­‐scaling
policies
Manually
By
Schedule
Send
an
API
call
or
use
CLI
to
Scale
up/down
based
on
date
launch/terminate
instances
–
and
Bme
Only
need
to
specify
capacity
change
(+/-­‐)
By
Policy
Auto-­‐Rebalance
Scale
in
response
to
changing
Instances
are
automaBcally
condiBons,
based
on
user
launched/terminated
to
configured
real-­‐Bme
ensure
the
applicaBon
is
monitoring
and
alerts
balanced
across
mulBple
Azs

100. Auto-­‐scaling
policies
Manually
By
Schedule
Send
an
API
cmanual
scaling
PreempBve
all
or
use
CLI
to
Scale
up/down
based
on
own
Regular
scaling
up
and
d date
of
capacity
launch/terminate
instances
–
of
instances
and
Bme
Only
efore
a
mo
specify
capacity
e.g.
b need
t arke:ng
event
add
10
e.g.
scale
from
0
to
2
to
process
SQS
more
instances
messages
every
night
or
double
change
(+/-­‐)
capacity
on
a
Friday
night
By
Policy
Auto-­‐Rebalance
Scale
in
response
to
changing
Instances
are
automaBcally
Dynamic
scale
based
upon
condiBons,
based
on
user
Maintain
capacity
across
launched/terminated
to
custom
metrics
configured
real-­‐Bme
availability
zones
ensure
the
applicaBon
is
e.g.
SQS
queue
depth,
Average
CPU
e.g.
Instance
availability
maintained
in
monitoring
and
alerts
load,
ELB
latency
balanced
Z
becoming
unavailable
event
of
A
across
mulBple
Azs

101. Instance
types
On-demand instances Reserved instances Spot instances
Unix/Linux
instances
start
at
$0.02/ 1-­‐
or
3-­‐year
terms
Bid
on
unused
EC2
capacity
hour
Pay
low
up-­‐front
fee,
receive
significant
hourly
Spot
Price
based
on
supply/demand,
Pay
as
you
go
for
compute
power
discount
determined
automaBcally
Low
cost
and
flexibility
Low
Cost
/
Predictability
Cost
/
Large
Scale,
dynamic
workload
handling
Pay
only
for
what
you
use,
no
up-­‐front
Helps
ensure
compute
capacity
is
available
commitments
or
long-­‐term
contracts
when
needed
Use
Cases:
Use
Cases:
Use
Cases:
Applica:ons
with
flexible
start
and
end
:mes
Applica:ons
with
short
term,
spiky,
or
unpredictable
workloads;
Applica:ons
with
steady
state
or
predictable
Applica:ons
only
feasible
at
very
low
compute
usage
prices
Applica:on
development
or
tes:ng
Applica:ons
that
require
reserved
capacity,
including
disaster
recovery

102. Leverage
all
models
7000
6000 Spot
5000
4000 On Demand
3000
2000
Reserved Instances
1000
0

103. Instance
types
Choose instance type that matches requirements
Start
with
memory
requirements
and
architecture
type
(32bit
or
64-­‐bit)
Then
choose
the
closest
number
of
virtual
cores
required
Scale across availability zones
Smaller
sizes
give
more
granularity
for
deploying
to
mulBple
AZs
Start with on-demand and then assess utilization for RIs
Instances
that
are
always
running
–
heavy
uBlizaBon
RIs
Instances
occasionally
used
in
auto-­‐scaling
–
light
uBlizaBon
RIs

104. Summary

105. Cloud computing
30%
70%
On-­‐Premise
Your
Managing
All
of
the
Infrastructure
Business
“UndifferenBated
Heavy
LiGing”

106. Cloud computing
30%
70%
On-­‐Premise
Your
Managing
All
of
the
Infrastructure
Business
“UndifferenBated
Heavy
LiGing”
AWS
Cloud-­‐Based
More
Time
to
Focus
on
Configuring
Your
Your
Business
Cloud
Assets
Infrastructure
70%
30%

107. Agility

108. aws.amazon.com"
"
get started with the free tier

109. Agenda
Amazon
Web
Services
Background
UBlity
compuBng
&
ElasBcity
Best
pracBces
Choosing
your
use
case
Organizing
your
environments
Security
Architect
to
cloud
strengths
Services
not
soGware
Be
elasBc
&
cost
opBmized

110. Thank you
Ryan
Shu)leworth
–
Technical
Evangelist
@ryanAWS