This document provides an overview of foundational steps for setting up and using AWS, including:
1. Setting up an AWS account, enabling billing alerts and premium support.
2. Establishing basic security by adding multi-factor authentication to the root account and understanding IAM user types.
3. Getting started with core AWS services like VPC, EC2, S3, ELB, and Direct Connect for networking and compute needs.
4. Recommendations for ongoing monitoring of costs, security best practices, and automation using services like CloudFormation.
3. Overview
• Assumes (very) little AWS knowledge
• Simple tips that can save time and avoid embarrassment
later
• Will focus on what and not so much on how
• Five main areas
– Set up an account
– Monitor your spending
– Basic security setup
– Core AWS Services
– Best Practice Architectures
5. Understand Regions, AZs and Edges
US-WEST (Oregon) EU-WEST (Ireland)
ASIA PAC (Tokyo)
ASIA PAC
(Singapore)
US-WEST (N. California)
SOUTH AMERICA (Sao Paulo)
US-EAST (Virginia)
GOV CLOUD
ASIA PAC
(Sydney)
CHINA
EU-CENTRAL (Frankfurt)
6. Sign Up For An Account
• Very simple, entire process takes less than 5
minutes
– You will need a Credit Card
– You will need access to a phone for automated ID verification
• Pick a good email address
– use a group email alias
– don’t use your amazon.com credentials
7. Turn On Premium Support
Developer Business Enterprise
Access via Email Phone, Chat, Email Phone, Chat, Email
Named Contacts 1 5 Unlimited
Response Time < 12 hours < 1 hour < 15 minutes
Trusted Advisor No Yes Yes
Infrastructure Event
Management
Pay per event Included
Technical Account
Manager
Included
14. Understand the Different Account Types
• Root Account
– treat it like a root or Administrator account (i.e. don’t use it!)
– put the credentials and MFA token somewhere safe
• IAM Accounts
– familiar users and groups model
– apply policies to users or groups to grant privileges in your AWS
environment
15. Create an IAM Group for Admins
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
21. VPCs can be simple …
Region
Availability Zone
VPC
Internet
Gateway
Internet
Users Public Subnet
Servers
22. … but VPCs can also be sophisticated
NAT Instance
Private
Subnet 2
Private Subnet 3 Private Subnet 4
Availability Zone 1
VPC
NAT Instance
Internet
Gateway
Internet
Users
Private
Subnet 1
Public Subnet 1
Availability Zone 2
Public Subnet 2
Region
23. Prioritize Connectivity – Site to Site VPN
Virtual Private Cloud
Availability ZoneAvailability Zone
VPC Subnet VPC Subnet
Customer Gateway
Customer Network
VPN
Router Virtual Private Gateway
25. Upgrade Connectivity to a Direct Connect
Direct Connect
Location
IPVPN
/ MPLS
Customer
Data Center
Customer
Office
Customer
Office
Customer
Office
Customer
Data Center
Direct Connect
Location
26. VPC Peering
Region
Public-facing
web app
Internal
company
app #1
HA pair VPN
endpointscompany data
center
Internal
company
app #2
Internal
company
app #3
Internal
company
app #4
Services
VPC
Internal
company
Dev
Internal
company
QA
AD, DNS
Monitoring
Logging
28. Learn the EC2 Basics
• Explore the different instance types
– why not try them all?
• Exploit the pay-by-the-hour model
• There is a Free Tier – use it!
• Use Tags
29. No really, Use Tags!
• Can be used in your IAM Policies
• Can be used for cost allocation
• Can be used from the SDKs and the CLI
• Can be used from 3rd party tools like Chef
30. Launch an EC2 Instance
• From the console
– baseline AMI from AWS
– fully configured AMI from the AWS Marketplace
– create your own AMIs
• Using CloudFormation
• From the Command Line Interface (CLI)
32. Elastic Load Balancing – Internal/External
Availability Zone A
Private Subnet(s) Private Subnet(s)
AWS region
Intranet
App
Intranet
App
Availability Zone B Internal customers
Internal
Load
balancer
Elastic Load Balancing
Private Subnet
Elastic Load Balancing
Private Subnet
Proxy Public Subnet Proxy Public Subnet
Amazon
S3
HTTP/S
Multi AZ Auto Scaling group
40. Monitor Your Costs – Ninja Style
• Programmatic Billing Access
– you did start Tagging everything right?
• Gamify your infrastructure spend
• Plug in a 3rd party tool
– Splunk
– Netflix Ice
– Cloudyn
– Cloudability
– many others
• Cost Explorer
42. Dial Up Your Security – Ninja Style
• Start using Resource-level
Permissions
• Setup Identity Federation
• Turn on CloudTrail
• Use EC2 Roles to keep your
AWS credentials out of GitHub
44. Start Thinking About Automation
• Get to know CloudFormation like your life depends on it
• Consider higher-level services like Elastic Beanstalk and
OpsWorks
• Learn to use the CLI
• Leverage EC2 User Data
• Layer 3rd-party tools like Chef, Puppet etc. as necessary
45. Summary
• Set up your account, the right way
• Secure your root account and use IAM Accounts
• Monitor costs from the start
• Establish connectivity
• Get familiar with core services
– VPC, EC2, S3, ELB, DX
• Leverage established best practices