5. A region is a independent geographic location that consists of multiple
availability zones.
ITCloudArchitect.com
Regions
Region Code Region Name
ap-northeast-1 Asia Pacific (Tokyo)
ap-southeast-1 Asia Pacific (Singapore)
ap-southeast-2 Asia Pacific (Sydney)
eu-west-1 EU (Ireland)
sa-east-1 South America (Sao Paulo)
us-east-1 US East (Northern Virginia)
us-west-1 US West (Northern California)
us-west-2 US West (Oregon)
Regions are self-contained and independent of
each other.
us-west-2 (Oregon)
Created by Tracey Flanders
6. Availability Zones (AZ)
An availability zone consists of multiple datacenters that are isolated from each
other inside a region.
Typically there are 3 logical Availability Zones
ITCloudArchitect.com
per AWS region.
One availability zone could consist of multiple
datacenters.
Availability Zones are failure domains.
Build for failure. Spread your application
across multiple Availability Zones.
Multiple IP Subnets are assigned to an
Availability Zone.
Availability Zone
us-west-2a
Availability Zone
us-west-2b
Availability Zone
us-west-2c
us-west-2 (Oregon)
Created by Tracey Flanders
7. Virtual Private Cloud (VPC)
A virtual private cloud represents a logical container to isolate your cloud
resources.
VPC’s can and should span multiple AZ’s.
VPC’s will consist of multiple private or public
ITCloudArchitect.com
IP subnets.
By default, VPC’s cannot talk to other VPC’s.
VPC Peering solves that.
Each VPC will have one logical VPC router
and VPC gateway. Both are consider SDN.
Availability Zone
us-west-2a
Availability Zone
us-west-2b
Availability Zone
us-west-2c
us-west-2 (Oregon)
Created by Tracey Flanders
8. Public & Private IP subnets
There are 2 types of IP Subnets available inside a VPC.
ITCloudArchitect.com
Public subnets
Internet accessible, egress and ingress,
Security Groups (firewall rules) permitting
AWS assigned “public” IP addresses
Elastic IPs are used to provide persistent
public IPs
The VPC internet gateway provides public
access
Private subnets
Accessible only from within the VPC
VPC assigned “private” IP addresses
Statically assigned IPs provide persistency
Access to the internet requires a NAT or
proxy server
Availability Zone
us-west-2a
Subne
(Public)
Availability Zone
us-west-2b
Subne
(Private)
Availability Zone
us-west-2c
IP
t
IP
t
IP
Subne
t
(Private)
us-west-2 (Oregon)
VPC
router
Internet
HgAa tNewAaTy
Created by Tracey Flanders
9. Application Tiers
An application tier represents a logical security isolation from other tiers.
Access is permitted using Security Groups
(i.e. distributed firewall rules)
ITCloudArchitect.com
Tiers
Internet (DMZ)
Web
Application
Database
Tiers will span multiple IP Subnets and
AZ’s providing application redundancy
IP
Availability Zone
us-west-2a
Subne
t #1
(Public)
Subne
t #1
(Private)
Subne
t #1
(Private)
IP
Availability Zone
us-west-2b
Subne
t #2
(Public)
Subne
t #2
(Private)
Subne
t #2
(Private)
IP
Availability Zone
us-west-2c
IP
IP
IP
IP
Subne
t #3
(Public)
IP
Subne
t #3
(Private)
IP
Subne
t #3
(Private)
us-west-2 (Oregon)
Internet Web App-DB
Created by Tracey Flanders
11. ITCloudArchitect.com
Amazon EC2
What is EC2?
Elastic Compute Cloud
Virtual Servers called “Instances”
Infinitely scalable, compute on demand
Hosts run an opensource Xen-like hypervisor, AWS customized
Multiple “instance types” from “Micro” to “Extra Large” instances, scale compute vertically
“Instance types” can be changed, requires reboot.
On-Demand instances can be used anytime, but cost the most.
Reserved instances can be used when you know that you will need a certain amount of
capacity. 1-3yrs commitments (Best cost option)
Spot instances offer an auction like request for EC2 instances, based on a bid price.
Instances are terminated once you loose your bid.
Use Cases
Standard servers
Memory optimized servers, caching
Compute intensive servers, HPC
GPU optimized servers, graphics
Note: No automatic option to move instances between AZ’s
You must redeploy with automation, bootstrapping or cloning
(i.e. No VMware vmotion)
Created by Tracey Flanders
12. ITCloudArchitect.com
Amazon S3
What is S3?
Simple Storage Service
Object based shared storage
Infinitely scalable, storage on demand
Available from anywhere via http or https (SSL)
Use Cases
Code Release Repository
Shared storage, it’s not NFS
Input or Output data
Static Web content
Backup & Recovery
And many more…
Created by Tracey Flanders
13. Amazon Glacier
ITCloudArchitect.com
What is Glacier?
Archive shared storage
Infinitely scalable, policy driven storage
Requires a 3-5 hour window for data restores to be available from Amazon
Glacier
Best used for one time archiving of data you may never access again
Use Cases
Backup & Recovery Archiving
Legal retention of data
Dormant or historical data
Created by Tracey Flanders
14. ITCloudArchitect.com
Amazon EBS
What is EBS?
Elastic Block Storage
Persistent, low latency storage for EC2 instances
Automatically replicated by AWS
Provisioned IOPS (Optional, additional cost)
Snapshots
Use Cases
Local EC2 instance storage for persistent data
Local volumes used to provide CIFS or NFS
Created by Tracey Flanders
15. ITCloudArchitect.com
Amazon ELB
What is ELB?
Elastic Load Balancing
Infinitely Scalable Load Balancing
Distribute application traffic across multiple EC2 instances
Health check EC2 instances
Use Cases
Load Balancing of Web & App Tier, ingress & egress network traffic
Customer traffic to applications
Load Balancing of outbound, egress network traffic, NAT, Squid Servers
Used for updates and AWS services access
Created by Tracey Flanders
16. ITCloudArchitect.com
Amazon RDS
What is RDS?
Relational Database Service
Managed databases
Multi-AZ support for redundancy
Automated backups and upgrades
Read-Only database replicas, offload reads
Use Cases
MySQL
Oracle
Microsoft SQL
Created by Tracey Flanders
17. Amazon Redshift
ITCloudArchitect.com
What is Redshift?
Cloud-based and cost effective Data Warehouse
Scalable clusters into the PBs
No tuning to maintain speed
Backup to S3
Fastest growing Amazon Service to date
No hardware to buy
Use Cases
Analyze data with existing Business Intelligence (BI) tools
Store analytic data output from Hadoop, BigData
Clone Redshift clusters for testing or development
Spin clusters up or down storing offline data on S3
Created by Tracey Flanders
18. ITCloudArchitect.com
Amazon EMR
What is EMR?
Elastic Map Reduce
Cloud-based Hadoop
Scalable clusters that can process PBs of data
No tuning or maintenance
Add or remove capacity
Pulls in data from S3 and outputs data to S3, also Redshift, Dynamo DB
No hardware to buy, fail faster
Use Cases
Always on Clusters, Data-lakes utilizing Hadoop HDFS
Computational short term clusters, store output results on S3
Typically use spot instances for a subset of the workload
Created by Tracey Flanders
19. Amazon Route 53
ITCloudArchitect.com
What is Route 53?
Domain Name System (DNS)
Latency and Keyword based health checks
Integrates with other AWS services
Use Cases
DNS Hosted Zones for applications
Region based latency detection and DNS failovers
Created by Tracey Flanders
20. Amazon CloudFront
ITCloudArchitect.com
What is CloudFront?
Content Delivery Network (CDN)
Caches content, similar to an Akamai
Uses AWS Edge locations all over the world
Use Cases
Caching of Web and S3 content
Global content caching for lower latency access to customer
applications
Created by Tracey Flanders
21. Amazon CloudWatch
ITCloudArchitect.com
What is CloudWatch?
AWS Monitoring and Performance
Basic CloudWatch is free
Use Cases
Enable detailed CloudWatch for critical resource monitoring
Enable and disable for performance baselines on less critical
systems during troubleshooting
Created by Tracey Flanders
23. Automation: Tags
ITCloudArchitect.com
What are Tags?
Used as attributes to identify AWS resources
Almost every AWS service offers Tags
Automate your auditing
Accountability, track resource abuse
Can be used to key off of for scripts
Forecasting and Cost control, find the big $$$
Use Cases
TAG EVERYTHING!!!
Always use default base Tags (Limited to 9 on EC2 Instances)
Environment: Dev, Test, Stage, Prod
Product: Application XYZ
Owner/SME: Bob Smith/Jack Rogers
Costcenter: 123456
And more…
Created by Tracey Flanders
24. Automation: Boot-Strapping
ITCloudArchitect.com
What is Boot-Strapping?
The process of automating an AWS resource on start-up, using scripts and/or
automation tools.
Builds and customizes your server on boot-up
Use Cases
EC2 Instances
Auto-Scaling of EC2 Instances
And more…
Created by Tracey Flanders
25. Automation: AMI
ITCloudArchitect.com
What is AMI?
Amazon Machine Image
Company customized Image
Use Cases
Build “Gold” Image Templates for base builds of EC2 Instances
Customized images for Applications with minor bootstrapping
Created by Tracey Flanders
26. Automation: CloudFormation
ITCloudArchitect.com
What is CloudFormation?
Automation of entire platform deployments with JSON
Some challenges with this approach…
Don’t ever make manual changes!!!
No current option to build a template from existing platforms
Use Cases
Build entire platforms via JSON template
Reproduce entire environments from production templates for dev, test, stage
Created by Tracey Flanders
27. Automation: Auto-Scaling
ITCloudArchitect.com
What is Auto-Scaling?
Automatically scale the number EC2 instances based on specified thresholds
Monitors and recreates instances if they crash, self-healing
Can use Spot instances
Use Cases
Every platform should use this, even if there is no immediate need
Helps with maintenance, code releases etc.
Created by Tracey Flanders
28. Automation: AWS OpsWork, Chef, Puppet
ITCloudArchitect.com
What is AWS OpsWork?
Automated service using Chef
Has some limitations, may be better to use your own chef or puppet platform
Usually used for smaller organizations
What is Chef and Puppet
Opensource automation and Configuration/Change management tools
Use Cases
Automate “NEW” platform builds, AWS OpsWork may be limited
Configuration and Change management
Created by Tracey Flanders
30. Security Groups
ITCloudArchitect.com
What are Security Groups?
Distributed Firewall rules to protect individual EC2 instances
Used to “Whitelist” access to EC2 instances
NACLS are used to “Blacklist” access to VPC’s, use sparingly
Use Cases
Apply Security Groups to all EC2 instances
Create Security Groups Per Application and Per Tier
Use common standards Security Groups on all
EC2 instances for admin and/or monitoring purposes
security group
Created by Tracey Flanders
31. Identity and Access Management (IAM)
ITCloudArchitect.com
What is IAM?
Identity and Access Management
Control logical access to AWS resources
Control user access to AWS resources
Use Cases
Always use IAM roles with federation and integration with Microsoft Active
Directory or LDAP
Created by Tracey Flanders
32. Amazon DirectConnect
ITCloudArchitect.com
What is DirectConnect?
Easier to manager VPC to VPC and VPC to On-Premise datacenter network
communication
Requires one per region
Bandwidth speeds from 1Gb to 10Gb
Use Cases
Use in every region that requires high bandwidth
Connect to multiple VPCs without complex HA VPN endpoints per VPC
Created by Tracey Flanders
34. Summary: Recommendations
ITCloudArchitect.com
Training
Send colleagues to AWS training
Host potential boot-camps working with Developers
Automation
Do the heavy lifting of automating everything, no manual hands
Don’t double duty your team. If you wanted to automate, you would already be
doing it
Build a small 1-2 person team to evangelize automation throughout the
organization. Others may follow.
Build processes and procedures around automation
Consuming the Cloud
DO NOT place traditional applications into the cloud. More $$$
Build applications that are cloud aware, SDK kits are available
Plan for failures, EC2 instances will disappear, AZ’s will have intermittent issues,
regions may will go offline because of natural disasters
Created by Tracey Flanders