This document summarizes a presentation about Amazon Web Services (AWS) architecture and security. It provides an overview of key AWS services like EC2, S3, EBS, ELB, VPC, IAM, RDS, DynamoDB, ElastiCache, Redshift, Route 53, CloudFront, and WAF. It discusses features of these services like scalability, availability, security groups, access management, and DDoS protection. The presentation aimed to discuss important AWS services and security features.
TeamStation AI System Report LATAM IT Salaries 2024
Amazon AWS Services Overview
1. Michael Mullins Page 1
Lausanne Cloud MeetUp
Hosted by Digicomp Academy, Lausanne, Switzerland
17th
November 2016
2. Michael Mullins Page 2
AWS Architecture & Security
Overview of a few important AWS services
Security features in selected AWS services
Discussion
3. Michael Mullins Page 3
About AWS
In 2008 AWS began offering S3 and EC2 to customers
Opex versus Capex financial model
Agile and elastic
Secure & redundant
Multiple availability zones in each geography
38 availability zones in 14 regions
More coming online next year
4. Michael Mullins Page 4
EC2 (Elastic Compute Cloud)
Virtualisation in the Cloud
Fast scale out (in minutes)
On demand (Dev and Test environment)
Reserved (Black Friday)
Spot prices (Simulation Jobs)
Instance sizes (T2, M4, C4 etc)
EBS (Elastic Block Store)
SSD / magnetic volumes attached to instances
In single availability zone (AZ) & single instance
5. Michael Mullins Page 5
Elastic Load Balancing
Distribute load across EC2 instances
Uses hostname not public IP address
Provide fault-tolerance (health checks)
Auto-scaling
Classic Load Balancer (HTTP)
Application Load Balancer (multiple ports)
Security groups
Internal only or internet facing
6. Michael Mullins Page 6
S3 Storage
Object storage ideal for flat files
Up to 1 Terabyte file size
Unlimited storage up to Petabytes
Files stored in S3 buckets
Key : Value
Metadata
Unique URL like http://s3.amazonaws.com/bucket/
Pay for what you use
Durable 11 x 9's durability and 4 x 9's availability
7. Michael Mullins Page 7
Other Storage Types
Glacier
Long term backup
Very low cost
Very infrequently accessed data
Elastic File System
Scalable block Storage
For EC2 compute
NFS v4 protocol (shared parallel access)
Replicated across availability zones
8. Michael Mullins Page 8
AWS Databases
RDS (Microsoft, MySQL, Postgres, Oracle, MariaDB, Aurora)
DynamoDB (NoSQL – document or key value)
Elasticache (In memory data store & cache)
Redshift (Data Warehouse)
MDS (Database Migration Service)
9. Michael Mullins Page 9
Identity Access Management (IAM)
Manage Users and their access privileges
Centralised access control
Identity federation to Active Directory, Facebook etc
Two-factor authentication
Set password policy
Policies (permission documents) applied to
Users
Groups (with common permissions
Roles (e.g. can Acess S3)
10. Michael Mullins Page 10
VPC (Virtual Private Cloud)
Completely isolated virtual network environment
Private cloud subnets in single AZ
DMZ to private connections
Routing tables
Stepping stone hosts in DMZ
NAT instances & NAT gateways
Security groups (service port)
Network ACL's (source / destination addresses / services)
Public IP addresses & internet gateway
11. Michael Mullins Page 11
AWS Databases
Relational DB (Microsoft, MySQL, Postgres, Oracle, MariaDB, Aurora)
DynamoDB (NoSQL – document or key value)
Elasticache (In memory data store & cache)
Redshift (Data Warehouse)
MDS (Database Migration Service)
12. Michael Mullins Page 12
Route 53
AWS DNS hosting service
NS records for your domain are AWS hostnames
AWS alias not CNAME for Elastic Load Balancer hostnames
DNS routing policies
Simple
Weighted (A – B testing)
Latency (DNS resource records)
Failover (health checks)
Geolocation (where is the user)
13. Michael Mullins Page 13
CloudFront CDN
Content Delivery Network
Geolocation of user & web server
Edge locations (over 50)
Distribution (collection of edge locations)
HTTP or RTSP
GET & PUT
Origin file in S3 bucket, EC2 instance or load balancer
DDoS protection
14. Michael Mullins Page 14
AWS Web Application Firewall (WAF)
Protects against application layer attacks
OWASP top 10 (Open Web Application Security Project)
SQL injection
Cross site scripting (XSS)
Billed on number of rules and web hits
Better reporting of web usage
Increased control, source IP address, country etc
15. Michael Mullins Page 15
Close
Thank you Digicomp
Slideshare
Speakers
Thank you for your contribution to the community