AWSome Day - Milan, July 24th 2014

© 2013, 2014 Amazon Web Services, Inc. and its affiliates. All rights reserved.
AWS Cloud School
Copyright © 2013, 2014 Amazon Web Services, Inc. and its affiliates. All rights reserved.
This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc.
Commercial copying, lending, or selling is prohibited.
Questions? Email us at aws-training-info@amazon.com.
AWSome Days
Danilo Poccia danilop@amazon.com @danilop
Alberto Quario alberto.quario@xpeppers.com @realrealbot
Filippo Liverani filippo.liverani@xpeppers.com @filippo

AWS Cloud School
2
@realrealbot
We value your feedback !
#awsomedays
@danilop @filippo

AWS Cloud School
Course Overview | Training Agenda
Introduction
to AWS
1
AWS Storage
2
AWS Compute
& Networking
3
Deployment &
Management
5
Managed
Services &
Database
4

AWS Cloud School
1
This module describes the history and fundamental elements of Amazon Web
Services (AWS), as well as how to navigate the AWS Management Console. It
discusses the AWS Global Infrastructure, security measures provided by AWS and
basic principles of deploying on AWS.
2 3 54
Introduction
to AWS
AWS Storage Managed
Services &
Database
Deployment &
Management
AWS Compute
& Networking
Course Overview | Training Agenda Module 1

AWS Cloud School
1 2 3 54
This module describes the fundamental elements of AWS Storage with a focus on
Amazon Simple Storage Service (S3) and Amazon Elastic Block Store (EBS).
AWS Storage Managed
Services &
Database
Deployment &
Management
AWS Compute
& Networking
Introduction
to AWS

AWS Cloud School
1 2 3 54
This module describes the fundamental elements of AWS Compute and Networking,
with a focus on Amazon Elastic Compute Cloud (EC2). This module will build off
what you learned in Module 2 by verifying how to use Amazon Elastic Block Storage.
AWS Compute
& Networking
AWS Storage Managed
Services &
Database
Deployment &
Management
Introduction
to AWS

AWS Cloud School
1 2 3 54
This module describes the fundamental elements of AWS Managed Services and
Databases. This module will focus on key aspects of Amazon Relational Database
Service (RDS) and how to execute Amazon RDS.
Managed
Services &
Database
AWS Storage AWS Compute
& Networking
Deployment &
Management
Introduction
to AWS

AWS Cloud School
1 2 3 54
This module describes the fundamental elements of AWS Deployment and
Management products and services.
Deployment &
Management
Introduction
to AWS
AWS Storage Managed
Services &
Database
AWS Compute
& Networking

AWS Cloud School
Introduction to AWS
Module 1

AWS Cloud School
Introduction to AWS | Overview
Module Overview
This module describes the history and fundamental elements of Amazon
Web Services (AWS), as well as how to navigate the AWS Management
Console. It discusses the AWS Global Infrastructure, security measures
provided by AWS and basic principles of deploying on AWS.

AWS Cloud School
Introduction to AWS | Learning Objectives
1 Navigate the AWS Management Console.
2 Recognize AWS Global Infrastructure.
Describe the security measures AWS provides.
3
By the end of this module you will be able to:

AWS Cloud School
Introduction to AWS | Cloud Computing
Compute
Storage
Security
Scaling
Database
Networking
Monitoring
Messaging
Workflow
DNS
Load Balancing
BackupCDN

AWS Cloud School
AWS History

AWS Cloud School
Introduction to AWS | Amazon History
1995 2006 2012
Amazon.com
Launched
Online Bookstore Amazon
Publishing
Kindle
Launched
Amazon
Games
Jeff Bezos
Incorporated
the Company
200720051994 2013
Amazon Web
Services
Launched
Amazon Art

AWS Cloud School
Introduction to AWS | History of Amazon Web Services

AWS Cloud School
Introduction to AWS | AWS Cloud Computing
On Demand
}Uniform
Pay As You Go
Available
Compute
Storage
Security
Scaling
Database
Networking
Monitoring
Messaging
Workflow
DNS
Load Balancing
BackupCDN

AWS Cloud School
Introduction to AWS | AWS Core Infrastructure and Services
Traditional Infrastructure Amazon Web Services
Security
Network
Servers
Storage & Database
RDBMSDAS SAN NAS
Security
Network
Servers
Storage & Database
Security Groups NACLs Access Mgmt
EBS S3
VPCVPC
EC2 “Classic”
“Public
”
Amazon EC2
RDSEphemeral
ELB
Expand
On-Demand
Provision
AMI Instances

AWS Cloud School
Introduction to AWS | Amazon Web Services
Enterprise
Applications
Virtual
Desktops
Collaboration and Sharing
Platform
Services
Database
s
Caching
Relational
No SQL
Analytics
Hadoop
Real-time
Data
Workflows
Data
Warehouse
App Services
Queuing
Orchestration
App Streaming
Transcoding
Email
Search
Deployment & Management
Containers
Dev/ops Tools
Resource Templates
Usage Tracking
Monitoring and Logs
Mobile Services
Identity
Sync
Mobile Analytics
Notifications
Foundation
Services
Compute
(VMs, Auto-scaling
and Load Balancing)
Storage
(Object, Block
and Archive)
Security &
Access Control
Networking
Infrastructure Regions CDN and Points of PresenceAvailability Zones
Your Application(s)

AWS Cloud School
Introduction to AWS | Amazon Web Services
AWS Management Console
Demonstration

AWS Cloud School
Global Infrastructure

AWS Cloud School
Introduction to AWS | Regions and Edge Locations
10 AWS Regions
52 AWS Edge Locations

AWS Cloud School
US Regions Global Regions
AZ - A AZ - B
AZ - C
EU (Ireland)
AZ - A AZ - B
South America
(Sao Paulo)
AZ - A AZ - B
Asia Pacific (Sydney)
AZ - A AZ - B
GovCloud (US)
AZ - A AZ - B
AZ - C AZ - D
US East (VA)
AZ - A AZ - B
US West (CA)
AZ - A AZ - B
Asia Pacific (Singapore)
AZ - A AZ - B
AZ - C
Asia Pacific (Tokyo)
AZ - A AZ - B
AZ - C
US West (OR)
Customer Decides Where Applications and Data Reside
Note: Conceptual drawing only. The number of Availability Zones (AZ) may vary.
Introduction to AWS | AWS Regions and Availability Zones (AZ)

AWS Cloud School
Introduction to AWS | Achieving High Availability using Multi-AZ
Region
Availability
Zone - A
Availability
Zone - B
Availability
Zone - C

AWS Cloud School
Security

AWS Cloud School
Introduction to AWS | Shared Responsibility
Foundation Services
Compute Storage Database Network
AWS Global
Infrastructure
Regions
Availability Zones
Edge
Locations
Client-side Data Encryption &
Data Integrity Authentication
Server-side Encryption
(File System and/or Data)
Network Traffic Protection
(Encryption/Integrity/Identity)
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer Data
AWSCustomer

AWS Cloud School
Introduction to AWS | Physical Security
24x7 trained security guards
Locations in nondescript, undisclosed facilities
Two-factor authentication for ingress
Authorization for data center access

AWS Cloud School
Introduction to AWS | Hardware, Software and Network
Automated change control process
Bastion servers that record all
access attempts
Firewall and other boundary devices
AWS monitoring tools

AWS Cloud School
Introduction to AWS | Security and Compliance Resources
Secure API access points for
encrypted transmission over HTTPS
using SSL
Cryptographic keys and certificates
are required for any user or software
program to access an AWS API
Security Groups to let you control
external access to your instances

AWS Cloud School
User Accounts
Create individual
AWS Identity and
Access Management
(IAM) user accounts
so that each user
managing AWS has
their own security
credentials
IAM
Introduction to AWS | SSL Endpoints
Subnet Control
In your Virtual
Private Cloud, create
low level networking
constraints for
resource access,
such as public and
private subnets,
internet gateways,
and NATs
VPC
Secure
Transmission
Establish secure
communication
sessions (HTTPS)
using SSL
SSL Endpoints
Instance Firewalls
Configure firewall
rule for instances
and load balancers
using Security
Groups
Security Groups

AWS Cloud School
Introduction to AWS | Security Groups
Secure
Transmission
Establish secure
communication
sessions (HTTPS)
using SSL
SSL Endpoints
Instance Firewalls
Configure firewall
rule for instances
and load balancers
using Security
Groups
Security Groups
User Accounts
Create individual
AWS Identity and
Access Management
(IAM) user accounts
so that each user
managing AWS has
their own security
credentials
IAM
Subnet Control
In your Virtual
constraints for
resource access,
such as public and
private subnets,
internet gateways,
and NATs
VPC

AWS Cloud School
Introduction to AWS | AWS Multi-tier Security Groups
HTTP
SSH
DB-sync
Ports 80 and 443 only
open to the internet
Engineering staff have
SSH / RDP access to
Bastion host
DB-sync can be
established with a
database server
running on-premise
All other internet ports
blocked by default
EC2
EC2
EBS
EC2

AWS Cloud School
Introduction to AWS | Identity and Access Management (IAM)
Secure
Transmission
Establish secure
communication
sessions (HTTPS)
using SSL
SSL Endpoints
Instance Firewalls
Configure firewall
rule for instances
and load balancers
using Security
Groups
Security Groups IAM
User Accounts
Create individual
AWS Identity and
Access Management
(IAM) user accounts
so that each user
managing AWS has
their own security
credentials
Subnet Control
In your Virtual
constraints for
resource access,
such as public and
private subnets,
internet gateways,
and NATs
VPC

AWS Cloud School
Introduction to AWS | Account Control
AWS Identify and Access Management (IAM)
AWS Identity and Access Management (IAM) enables you to securely control
access to AWS services and resources for your users. Using IAM, you can
create and manage AWS users and groups and use permissions to allow and
deny their permissions to AWS resources. If you are new to IAM, read the
IAM Top 10 Best Practices.
Note: Master IAM accounts should not be used for production systems!!!

AWS Cloud School
Introduction to AWS | Virtual Private Cloud (VPC)
VPC
Secure
transmission
Establish secure
communication
sessions (HTTPS)
using SSL
SSL Endpoints
Instance firewalls
Configure firewall
rule for instances
and load balancers
using Security
Groups
Security Groups
User Accounts
Create individual
AWS Identity and
Access Management
(IAM) user accounts
so that each user
managing AWS has
their own security
credentials
IAM
Subnet Control
In your Virtual
constraints for
resource access,
such as public and
private subnets,
internet gateways,
and NATs

AWS Cloud School
Introduction to AWS | Certifications and Accreditations
AWS publishes SOC 1 Type II, SOC 2 Type II and SOC 3 reports
AWS is PCI DSS Level 1 compliant and ISO 27001 certified
AWS has achieved FedRAMP compliance, received authorization from
the U.S. Government
FISMA Moderate level
Authorities to Operate (ATOs) under the Defense Information
Assurance Certification and Accreditation Program (DIACAP)

AWS Cloud School
Additional Resources
Introduction to AWS | Additional Resources
Here are some additional resources:
More details and up to date information on Global Infrastructure can be found
online: http://aws.amazon.com/about-aws/globalinfrastructure/
AWS Management Console: https://console.aws.amazon.com/console/home.
AWS Security Assurance and Compliance Programs:
https://aws.amazon.com/compliance/
Security Center: http://aws.amazon.com/security
IAM Best Practices:
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html

AWS Cloud School
Introduction to AWS | Module Completion and Summary
Summary
You have reached the end of this training module. In summary, you have learned:
How to navigate the AWS Management Console
What is the AWS Global Infrastructure
Describe the security measures AWS provides

AWS Cloud School
AWS Storage
Module 2

AWS Cloud School
AWS Storage | Overview
Module Overview
This module describes the fundamental elements of AWS Storage with a
focus on Amazon Simple Storage Service (S3) and Amazon Elastic Block
Store (EBS).

AWS Cloud School
AWS Storage | Learning Objectives
1 Identify key AWS storage options.
2 Describe Amazon Elastic Block Store (EBS).
Create an Amazon S3 Bucket and manage associated objects.
3
By the end of this training you will be able to:

AWS Cloud School
AWS Storage | AWS Storage Products and Services
Amazon
Simple
Storage
Service
Amazon
Glacier
AWS Storage
Gateway
Amazon
Import/Export
Amazon
Elastic Block
Store

AWS Cloud School
AWS Storage | Amazon Simple Storage Service (S3)
Storage for the Internet. Natively online,
HTTP access
Store and retrieve any amount of data,
any time, from anywhere on the web
Highly scalable, reliable, fast
and durable
Amazon
Simple
Storage
Service

AWS Cloud School
AWS Storage | Amazon S3 Storage Concepts
Amazon S3 Concepts
Amazon
S3
Bucket
with
Objects
Bucket
Objec
t
Amazon S3 stores data as
objects within buckets
An object is comprised of a file
and optionally any metadata that
describes that file
You can have up to 100 buckets
in each account
You can control access to the
bucket and its objects

AWS Cloud School
AWS Storage | Amazon S3 Concepts - Buckets
Amazon S3 Buckets
Objects are stored in Buckets.
Objects can be accessed via a URL:
Organize Amazon S3 namespace at highest level
Identify account – storage and data transfer charges
Access Control
Unit of aggregation for usage reporting Amazon S3 Bucket
http://johnsmith.s3.amazonaws.com/photos/puppy.jpg
Bucket Object

AWS Cloud School
AWS Storage | Amazon S3 Concepts - Objects
Amazon S3 Objects
Objects are the fundamental entities stored in Amazon S3. When using the
console, you can think of them as being files. Objects consist of data
and metadata. The data portion is opaque to Amazon S3. The metadata is
a set of name-value pairs that describe the object.
Default metadata such as the date last modified
Standard HTTP metadata such as Content-Type
Custom metadata at the time the object is stored
An object is uniquely identified within a bucket by a key (name)
Object Bucket w/Objects

AWS Cloud School
AWS Storage | Amazon S3 Object Lifecycle
Lifecycle Management
Lifecycle management defines how Amazon S3 manages objects during their
lifetime. Some objects that you store in an Amazon S3 bucket might have a well-
defined lifecycle:
Log files
Archive documents
Digital media archives
Financial and healthcare records
Raw genomics sequence data
Long-term database backups
Data that must be retained for regulatory compliance

AWS Cloud School
AWS Storage | Amazon S3 Pricing
Pay only for what you use
No minimum fee
Prices based on location of your Amazon S3 bucket
Estimate monthly bill using the AWS Simple Monthly Calculator
Pricing

AWS Cloud School
AWS Storage | Amazon S3 Facts
Facts
Able to store unlimited number of Objects in a Bucket
Objects up to 5TB; no bucket size limit
Designed for 99.999999999% durability and 99.99% availability of objects
over a given year
HTTP/S endpoint to store and retrieve any amount of data, at any time,
from anywhere on the web
Highly scalable, reliable, fast, and inexpensive
Server-side Encryption using AES 256-bit symmetric keys
Access Logs for auditing
Provides standards-based REST interface

AWS Cloud School
AWS Storage | Amazon Glacier
Amazon
Glacier Extremely low-cost storage
Secure, durable storage for
data archiving and backup
Optimized for data that is
infrequently accessed

AWS Cloud School
AWS Storage | Amazon Glacier Storage Facts
Offload the administrative burdens of operating and scaling archival
storage to AWS, and make retaining data for long periods, whether
measured in years or decades, especially simple.
Optimized for data that is infrequently accessed and for which retrieval
time of several hours are suitable.
No limit to the amount of data you can store in Amazon Glacier.
Automatic Server-side Encryption using AES 256-bit symmetric keys.
Average annual durability of 99.999999999% for an archive.
Facts

AWS Cloud School
AWS Storage | Amazon Elastic Block Store (EBS)
Amazon
Elastic Block
Store
Attach to running instance and
expose as a block device
Persistent block level
storage volumes for
use with Amazon EC2
instances
Snapshots stored
durably in Amazon S3

AWS Cloud School
AWS Storage | Amazon EBS Lifecycle
Create
Vast amounts of
unused space
Call CreateVolume
1 GB to 1 TB
Attach
Deleted
Call AttachVolume to affiliate with
one Amazon EC2 instance
Attached
&
In Use
• Format from Amazon EC2
instance OS
• Mount formatted drive
CreateSnapshot
Snapshot to
Amazon S3
Detach
Call DetachVolume
Call DeleteVolume

AWS Cloud School
AWS Storage | Amazon EBS Facts
Facts about Amazon EBS
Use for persistent storage
Can use to create RAID configuration for a server
Off-instance block storage that persists independently
Volumes behave like unformatted block devices for Linux or Windows instances
Volume Types: Magnetic, General Purpose (SSD), Provisioned IOPS (SSD)
Volume Encryption

AWS Cloud School
AWS Storage | Amazon EBS Use Case
Use Cases
OS Boot device / root file system; secondary volumes/filesystems
Typical basis for database storage
Raw block devices for RAID, some databases

AWS Cloud School
AWS Storage | Amazon EBS Pricing
* Check Amazon EBS Pricing page for current pricing for all regions.
Pay for what you Provision
Pricing based on Region
AWS GovCloud (US) Pricing page
Review Pricing Calculator online

AWS Cloud School
AWS Storage | Amazon EBS Best Practices
Amazon EBS Volumes are in a Single Availability Zone
Availability Zone A
EBS Volume 1
Availability Zone B
EBS Volume 2
Volume data is replicated across multiple servers in an Availability Zone.

AWS Cloud School
AWS Storage | Amazon EBS and Amazon S3
Amazon EBS Amazon S3
Paradigm File system Object store
Performance Very fast Fast
Redundancy Across multiple servers in an
Availability Zone
Across multiple facilities and on
multiple devices within each facility
Security Visible only to your
Amazon EC2
Public Key / Private Key
Access from
the Internet?
No (1) Yes (2)
Typical use
case
Its a disk drive Write once, read many
(1) Accessible from Internet if mounted to server and set up as FTP, etc.
(2) Only with proper credentials, unless ACLs are world-readable

AWS Cloud School
AWS Storage | AWS Storage Gateway
AWS Storage
Gateway
Mirror your on-premises data
to Amazon EC2 instances
Connect an on-premises
software appliance with
cloud-based storage
Securely upload data to the AWS
cloud for cost effective backup and
rapid disaster recovery

AWS Cloud School
AWS Storage | Gateway-Cached Volume Architecture

AWS Cloud School
AWS Storage | AWS Storage Gateway Virtual Tape Library

AWS Cloud School
AWS Storage | Amazon Import/Export
Amazon
Import/Export
Uses Amazon high-
speed internal network
Accelerates moving large
amounts of data into and out of
Amazon S3 or Amazon EBS
Transfers your data directly onto
and off of storage devices

AWS Cloud School
AWS Storage | AWS Import/Export Support
Import/Export Support
Accelerates moving large amounts of data into and out of Amazon S3 or Amazon EBS
Transfers your data directly onto and off of storage devices
Uses AWS high-speed internal network
Amazon
S3
AWS
Import/Export
Amazon
S3
Amazon EBS
AWS
Import/Export
AWS
Import/Export
Amazon GlacierAWS
Import/Export
Import to Amazon S3
Export from Amazon S3
Import to Amazon EBS
Import to Amazon Glacier
AWS Import/Export supports:

AWS Cloud School
Amazon S3 Demo

AWS Cloud School
AWS Storage | Additional Resources
Yelp Amazon Case Study: http://aws.amazon.com/solutions/case-studies/yelp/
Getting Started with Amazon S3 Video:
http://www.youtube.com/watch?v=1qrjFb0ZTm8&feature=youtu.be
Online Pricing Calculator: http://calculator.s3.amazonaws.com/calc5.html
Glacier: http://aws.amazon.com/glacier/
Introduction to Amazon EBS Video: https://us-east-1-aws-
training.s3.amazonaws.com/intro/elb.html

AWS Cloud School
AWS Storage | Module Completion
Summary
The key AWS storage options
What is an Amazon Elastic Block Store
How to create an Amazon S3 bucket and manage associated objects

AWS Cloud School
Compute Services & Networking
Module 3

AWS Cloud School
Compute Services & Networking | Overview
Module Overview
This module describes the fundamental elements of AWS Compute and
Networking, with a focus on Amazon Elastic Compute Cloud (EC2). This
module will build off what you learned in Module 2 by verifying how to use
Amazon Elastic Block Storage.

AWS Cloud School
Compute Services & Networking | Learning Objectives
1 Identify the different AWS compute and networking options.
2 Describe what is Amazon Virtual Private Cloud (VPC).
4 Verify how to use Amazon Elastic Block Storage.
Create an Amazon Elastic Compute Cloud (EC2) Instance.
3

AWS Cloud School
Compute Services & Networking | AWS Compute Products and Services
Amazon Elastic
Compute Cloud
(EC2)
Amazon Elastic
MapReduce
(EMR)
Auto Scaling

AWS Cloud School
Compute Services & Networking | Amazon Elastic Compute Cloud (EC2)
Resizable compute capacity
Complete control of your
computing resources
Reduces the time required to obtain and
boot new server instances to minutes
Amazon Elastic
Compute Cloud
(EC2)

AWS Cloud School
Compute Services & Networking | Amazon EC2 Facts
Resizable compute capacity with many instance types
Reduces the time required to obtain and boot new server instances to minutes
or seconds
Scale capacity as your computing requirements change
Pay only for capacity that you actually use
Choose Linux or Windows
Deploy across Regions and Availability Zones for reliability
Facts about Amazon EC2

AWS Cloud School
Compute Services & Networking | Using Amazon EC2
How to Use Amazon EC2
Select a pre-configured, Amazon Machine Image (AMI) to get up and running
immediately. Or create an AMI containing your applications, libraries, data, and
associated configuration settings.
Configure security and network access on your Amazon EC2 instance.
Choose which instance type(s) you want, then start, terminate, and monitor as
many instances of your AMI as needed, using the web service APIs or the
variety of management tools provided.
Determine whether you want to run in multiple locations, utilize static IP
endpoints, or attach persistent block storage to your instances.
Pay only for the resources that you actually consume, like instance-hours
or data transfer.

AWS Cloud School
Compute Services & Networking | Amazon Machine Images (AMI)
AMIs
Building blocks of Amazon EC2 Instances
An AMI is a template of a computer's root volume
Can be public or private
Create “gold Images” of your Amazon EC2 infrastructure
AMI

AWS Cloud School
Compute Services & Networking | Infrastructure and Applications
Oracle
SAP
Microsoft
AWS Marketplace
Infrastructure and Applications

AWS Cloud School
Compute Services & Networking | Amazon EC2 Instances
256
128
64
32
16
8
4
2
1
1 2 4 8 16 32 64 128
Amazon EC2 Compute Units
Memory(GB)

AWS Cloud School
Compute Services & Networking | Choosing the Right Instance
Your choice of Amazon EC2 instances matters…
A larger compute instance will sometimes save you not only time but money
too. Paying more per hour for a shorter amount of time can be less expensive.
Instances come in multiple sizes, allowing you to optimally scale resources to
the requirements of your workload. As you choose an instance type, consider
the following:
– Core count
– Memory size
– Storage size & type
– Network performance

AWS Cloud School
Compute Services & Networking | Amazon EC2 Instances with Intel®
Additional Features that impact your workload:
Intel AES-NI1 – Intel processors that support these new encryption instructions
allow you to enable encryption for enhanced data security without paying a
performance penalty
Intel AVX – Get dramatically better performance for highly parallel HPC
workloads such as life science engineering, data mining, financial analysis, or
other technical computing applications. AVX also enhances image, video, and
audio processing.
Intel Turbo Boost Technology2 – Get a turbo boost of compute speed,
accelerating performance for peak loads. This Instance is appropriate for
traditional non-parallel workloads.
1. Intel AES-New Instructions (Intel AES-NI) requires a system with an AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct
sequence. AES-NI is available on select Intel processors. For more information, see http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-
instructions-aes-ni/.
2. Intel Turbo Boost Technology requires a system with Intel Turbo Boost Technology capability. Performance varies depending on hardware, software, and system
configuration. For more information, see http://www.intel.com/content/www/us/en/architecture-and-technology/turbo-boost/turbo-boost-technology.html

AWS Cloud School
Compute Services & Networking | Choosing the Right Instance
Instances with All Three Intel® Xeon® Processor Technologies

AWS Cloud School
Compute Services & Networking | Instances with Intel®
Amazon EC2 Intel Processor Specifications

AWS Cloud School
Compute Services & Networking | Amazon EC2 Instances Pricing
Reserved Instances
1- or 3-year terms
Pay 1 time low up-
front fee for significant
hourly discount
Pay low up-front fee,
receive significant
hourly discount
Helps ensure
compute capacity is
available when
needed
Pay as you go for
compute power
Pay only for what you
use, no up-front
commitments or
long-term contracts
On-Demand Instances Spot Instances
Bid on unused
Amazon EC2
capacity
Spot Price based on
supply/demand,
determined
automatically
Spot Price below bid,
instances start
Spot Price above bid,
instances terminate

AWS Cloud School
Reserved Instances
Billing Options
Architecting With AWS
Designing for Cost |

AWS Cloud School
Reserved Instances
On Demand
Spot
ComputeResources
Compute Services & Networking | Leverage all 3 Instances

AWS Cloud School
Compute Services & Networking | Compute Example
Virtual Machine
Configuration
AMI
Running or
Stopped VM
Instances VPC
EC2 “Classic”
“Public”
AZ Availability Zone
VPC
Region
VPC
EC2 “Classic”
“Public”
EBS EBS EBS EBS EBS EBS
Region
S3
EBS
Snapshots
S3 Buckets

AWS Cloud School
Amazon EC2 Demo

AWS Cloud School
Compute Services & Networking | Amazon Elastic MapReduce (EMR)
Easily and cost-effectively
process vast amounts of data
Utilizes a hosted
Hadoop framework
Highly scalable
Amazon Elastic
MapReduce
(EMR)

AWS Cloud School
Compute Services & Networking | Amazon EMR Example
Amazon EMR
Job Flow
Amazon Simple
Storage Service (S3)
Amazon
CloudWatch
Amazon EC2 Instance
The Amazon EMR
job flow runs on a
cluster of Amazon
EC2 Instances
Input Data
Output Results
Metrics

AWS Cloud School
Compute Services & Networking | Amazon Auto Scaling
Auto Scaling
Scale your Amazon EC2
capacity automatically
Available at no
additional charge
Well-suited for applications
that experience variability
in usage

AWS Cloud School
Compute Services & Networking | Amazon Auto Scaling Cont.
Elastic Capacity
1
Ease of Use
2
Cost Savings
3
Actions
5
Geographic
4

AWS Cloud School
Compute Services & Networking | Elastic Capacity
1
With Auto Scaling, you can ensure that the number of Amazon EC2 instances you are using
increases seamlessly during demand spikes to maintain performance, and decreases
automatically during demand lulls to minimize costs.
Ease of Use
2
Cost Savings
3
Actions
5
Geographic
4
Elastic Capacity

AWS Cloud School
Compute Services & Networking | Ease of Use
1 2 3 54
Manage your instances as a single collective entity and define rules for when instances should be
added and removed. Replace lost or unhealthy instances automatically based on predefined
thresholds.
Ease of Use Cost Savings ActionsGeographicElastic Capacity

AWS Cloud School
Compute Services & Networking | Cost Savings
1 2 3 54
Save compute costs by terminating underused instances automatically and launching new
instances when you need them, without the need for manual intervention.

AWS Cloud School
Compute Services & Networking | Geographic
1 2 3 54
Distribute, scale, and balance applications automatically over multiple Availability Zones within
a region to support scalability and geographic redundancy.

AWS Cloud School
Compute Services & Networking | Actions
1 2 3 54
Schedule scaling actions for future times and dates when you expect to need more or less
capacity.

AWS Cloud School
Compute Services & Networking | Trinity of Services
Amazon Auto Scaling
Elastic Load
Balancer
CloudWatchAuto Scaling
Utilization
Metrics
99

AWS Cloud School
Networking

AWS Cloud School
Compute Services & Networking | AWS Networking Products & Services
Amazon
Virtual Private
Cloud
Amazon
Route 53
AWS Direct
Connect
Elastic Load
Balancing

AWS Cloud School
Compute Services & Networking | AWS Networking Products & Services
Amazon
Route 53
AWS Direct
Connect
Amazon
Virtual Private
Cloud
Elastic Load
Balancing

AWS Cloud School
Compute Services & Networking | Amazon Virtual Private Cloud (VPC)
Amazon
Virtual Private
Cloud
Provision a private, isolated section of the
AWS Cloud where you can launch AWS
resources in a virtual network that you define
You have complete control over your virtual networking
environment: selection of IP address range, creation of
subnets, configuration of route tables, and network gateways
Define a virtual network topology that closely
resembles a traditional network that you
might operate in your own datacenter

AWS Cloud School
Compute Services & Networking | Amazon VPC
Bridge your Amazon VPC to
your own IT infrastructure via an
encrypted VPN connection.
Attach an Amazon Elastic IP
address to any instance in your
VPC so it can be reached
directly from the Internet.
Control inbound and
outbound access to
subnets using Network
Access Control Lists.
Divide your VPC’s private
IP address range into
multiple subnets.Create an Amazon VPC and
specify its private IP address
range from any range you
choose.
Amazon VPC
Internet
Amazon VPC

AWS Cloud School
Compute Services & Networking | AWS Direct Connect
AWS Direct
Connect
All AWS services, including
Amazon EC2 and Amazon
S3 can be used with AWS
Direct Connect
Use the same connection to access public
resources such as objects stored in Amazon S3
Virtual interfaces can be
reconfigured at any time

AWS Cloud School
Compute Services & Networking | Networking
AWS Direct Connect
AWS Direct Connect establishes a
dedicated network connection from your
premises to AWS.
Establish private connectivity between
AWS and your datacenter, office, or
colocation environment.
Create multiple virtual interfaces to use
the same connection to access public
resources such as Amazon S3 and
private resources such as Amazon EC2
instances running within a VPC.

AWS Cloud School
Compute Services & Networking | Amazon Route 53
Amazon
Route 53
Route end users to
Internet applications
Provides secure and reliable
routing to your application instances
Answers DNS queries
with low latency by
using a global network
of DNS servers

AWS Cloud School
Compute Services & Networking | Networking with Amazon Route 53
Amazon Route 53
Answers DNS queries with low latency by using a global network of DNS servers.
Queries for your domain are automatically routed to the nearest DNS server,
and thus answered with the best possible performance.
You pay only for managing domains through the service and the number of queries
that the service answers.

AWS Cloud School
Compute Services & Networking | Elastic Load Balancing (ELB)
Elastic Load
Balancing
Supports the routing and load balancing of HTTP,
HTTPS, and TCP traffic to Amazon EC2 instances
Dynamically grows and
shrinks required resources
based on traffic
Supports health checks
to ensure detect and
remove failing instances

AWS Cloud School
Compute Services & Networking | Elastic Load Balancing Diagram

AWS Cloud School
Elastic Load Balancing : Demo

AWS Cloud School
Compute Services & Networking | Additional Resources
Amazon EC2 Instance Types: http://aws.amazon.com/ec2/instance-types/
Service Documentation: http://aws.amazon.com/documentation
White Papers: http://aws.amazon.com/whitepapers
AWS Free Usage Tier: http://aws.amazon.com/free/
AWS Support: http://aws.amazon.com/premiumsupport/
APN Partners supporting AWS Direct Connect:
http://aws.amazon.com/directconnect/partners/
AWS Security Process:
http://d36cz9buwru1tt.cloudfront.net/pdf/AWS_Security_Whitepaper.pdf

AWS Cloud School
Summary
Compute Services & Networking | Module Completion
Amazon Virtual Private Cloud lets you provision a logically isolated section
with complete control over your virtual networking environment, including IP
address range, creation of subnets, and configuration of route tables and
network gateways
VPN and Direct Connect allows you to leverage the AWS cloud as an
extension of your corporate datacenter
Elastic Load Balancing service provides load balancing across multiple
instances in a region
Amazon Route 53 is a highly available scalable Domain Name System (DNS)
web service

AWS Cloud School
Managed Services
& Database
Module 4

AWS Cloud School
Managed Services & Database | Overview
Module Overview
This module describes the fundamental elements of AWS Managed Services
and Databases. This module will focus on key aspects of Amazon Relational
Database Service (RDS) and how to execute Amazon RDS.

AWS Cloud School
Managed Services & Database | Learning Objectives
1 Describe Amazon DynamoDB.
2 Verify the key aspects of Amazon Relational Database Service (RDS).
Execute Amazon Relational Database Service.
3

AWS Cloud School
Managed Services & Database | Product and Services
Amazon
ElastiCache
Amazon
Relational
Database
Service
Amazon
DynamoDB Amazon Redshift

AWS Cloud School
Managed Services & Database | Amazon Relational Database Service
Cost-efficient and resizable capacity
Access to the full capabilities of familiar MySQL,
PostgreSQL, Oracle and SQL Server databases
Manages time-consuming
database administration tasks
Amazon
Relational
Database
Service

AWS Cloud School
Managed Services & Database | Amazon RDS
Amazon Relational Database Services (RDS)
Easy to set up, operate, and scale a relational database in the cloud
Cost-efficient and resizable capacity while managing time-consuming database
administration tasks
Access to the full capabilities of a familiar SQL database
Automatically patches the database software and backs up your database
Ability to scale the compute resources or storage capacity associated with
your relational database instance via a single API call

AWS Cloud School
Managed Services & Database | Amazon RDS & VPC
Amazon RDS & VPC
You can select your own IP address range.
Create subnets, and configure routing and access control lists.
The basic functionality of Amazon RDS is the same whether it is running in a
VPC or not: Amazon RDS manages backups, software patching, automatic
failure detection, and recovery.
There is no additional cost to run your DB instance in a VPC.

AWS Cloud School
Managed Services & Database | Amazon DynamoDB
Store any amount of
data – no limits
Easily provision and change the request
capacity needed for each table
Fast, predictable performance
using SSDs
Amazon
DynamoDB

AWS Cloud School
If You Need Consider Using
A relational database service
with minimal administration
Amazon RDS, a fully managed service that
offers a choice of MySQL, Oracle or SQL Server
database engines, scale compute & storage,
Multi-AZ availability and more.
A fast, highly scalable NoSQL
database service
Amazon DynamoDB, a fully managed service
that offers extremely fast performance, seamless
scalability and reliability, low cost and more.
A relational database you can
manage on your own
Your choice of relational AMIs on Amazon EC2
and Amazon EBS that provide scale compute &
storage, complete control over instances, and more.
Managed Services & Database | Database Considerations

AWS Cloud School
Managed Services & Database | Amazon RDS and DynamoDB
Factors Relational (RDS) NoSQL (DynamoDB)
Application
Type
• Existing database apps
• Business process-centric apps
Example: Financial transactions,
ERP apps, Multi-stage approval
flows
• New Web scale applications
• Large # of small writes and reads
Example: Web, social, mobile apps,
shopping cart, order mgt, user
preferences
Application
Characteristic
s
• Relational data models,
transactions
• Complex queries, joins and
updates
• Simple data models, transactions
• Range queries, simple updates
Scaling
Application or DBA architected
(clustering, partitions, sharding)
Seamless, on-demand scaling per
application needs
QoS
• Performance – depends on
data model, indexing, query,
and storage optimization
• Reliability and availability –
Managed Durability – Managed
• Performance – Automatically optimized
by the system
• Reliability and availability – Managed
• Durability – Managed
Skill Set
Existing programming skills –
SQL + Programming languages
Web style programming – queries managed
through programming and developers

AWS Cloud School
Amazon
ElastiCache
Managed Services & Database | Amazon ElastiCache
Seamlessly caches
in front of Amazon
RDS instances
Manages patching, cache node
failure detection and recovery
Memcached and Redis compliant
cache cluster on-demand

AWS Cloud School
Amazon Redshift
Managed Services & Database | Amazon Redshift
Petabyte-scale service that manages all
the work need to set up, operate, and scale
a data warehouse cluster
Dramatically reduces IO
Continuously monitors the health of the
cluster and replaces any component

AWS Cloud School
Managed Services & Database | Amazon Redshift Facts
Amazon Redshift
Amazon Redshift manages all the work needed to set up, operate, and scale a
data warehouse cluster, from provisioning capacity to monitoring and backing
up the cluster, to applying patches and upgrades. Scaling a cluster to improve
performance or increase capacity is simple and incurs no downtime. The service
continuously monitors the health of the cluster and automatically replaces any
component, if needed.
Redshift
Redshift
Redshift

AWS Cloud School
Amazon RDS Demo

AWS Cloud School
Managed Services & Database | Additional Resources
Service Documentation: http://aws.amazon.com/documentation
Pricing Calculator: http://aws.amazon.com/calculator/
Economics: http://aws.amazon.com/economics/
Pricing details for all services: http://aws.amazon.com/pricing/
Solutions Case Studies: http://aws.amazon.com/solutions/case-studies
Marketing Overview Materials: http://aws.amazon.com
Videos & Webinars: http://www.youtube.com/AmazonWebServices
AWS Blog: http://aws.typepad.com/

AWS Cloud School
Summary
Describe Amazon DynamoDB
Verify key aspects of Amazon Relational Database Service (RDS)
How to execute Amazon RDS
Managed Services & Database | Module Completion

AWS Cloud School
Deployment & Management
Module 5

AWS Cloud School
Deployment & Management | Overview
Module Overview
This module describes the fundamental elements of AWS Deployment &
Management products and services.

AWS Cloud School
Deployment & Management | Learning Objectives
1 Identify AWS CloudFormation.
2 Describe Amazon CloudWatch metrics and alarms.
Describe Amazon Identity and Access Management (IAM).
3

AWS Cloud School
Deployment & Management | Product and Services
AWS Identity and
Access
Management
Amazon
CloudWatch
Amazon
Elastic
Beanstalk
Amazon
CloudFormation

AWS Cloud School
Deployment & Management | AWS Identity and Access Management (IAM)
AWS Identity and
Access
Management
(IAM)
Create and manage AWS users and groups
and use permissions to allow and deny their
permissions to AWS resources
Use existing corporate identities to grant
secure access to AWS resources, such as
Amazon S3 buckets, without creating new
AWS identities for those users
Enables identity federation between
your corporate directory and AWS
services

AWS Cloud School
Deployment & Management | Using AWS IAM
Enable identity
federation to allow
existing identities (e.g.
users) in your
enterprise to access
the AWS Management
Console, to call AWS
APIs, and to access
resources, without the
need to create an IAM
user for each identity..
3
Manage federated users
and their permissions
Create users in AWS
IAM, assign them
individual security
credentials or request
temporary security
credentials to provide
users access to AWS
services and resources.
Manage permissions
in order to control which
operations a user can
perform.
2
Manage AWS IAM users
and their access
1
Create roles in AWS
IAM, and manage
permissions to control
which operations can be
performed by the entity,
or AWS service, that
assumes the role.
Define which entity is
allowed to assume the
role.
Manage AWS IAM roles
and their permissions

AWS Cloud School
Deployment & Management | Amazon CloudWatch
Amazon
CloudWatch
Visibility into resource
utilization, operational
performance, and overall
demand patterns
Accessible via AWS Management
Console, APIs, SDK, or CLI
Custom application-
specific metrics of your
own

AWS Cloud School
Deployment & Management | AWS CloudWatch Facts
AWS CloudWatch
Visibility into resource utilization, operational performance, and overall
demand patterns
Metrics including CPU utilization, disk reads and writes, and network traffic
Custom application-specific metrics of your own
Accessible via AWS Management Console, APIs, SDK, or CLI

AWS Cloud School
Deployment & Management | Amazon Elastic Beanstalk
Amazon
Elastic
Beanstalk
Simply upload your
application
Automatically handles the
deployment details of capacity
provisioning, load balancing, auto
scaling, and application health
monitoring
Retain full control over the
AWS resources powering
your application

AWS Cloud School
Deployment & Management | AWS Elastic Beanstalk Facts
AWS Elastic Beanstalk
Quickly deploy and manage applications in the AWS cloud without worrying
about the infrastructure that runs those applications.
Reduce management complexity without restricting choice or control.

AWS Cloud School
Deployment & Management | Amazon CloudFormation
Create templates of stack
of resources
Use templates as a starting
point or create your own
Deploy stack from template
with runtime parameters
Amazon
CloudFormation

AWS Cloud School
Deployment & Management | Deployment and Management
Amazon CloudFormation Deployment and Management
Templates are simple JSON formatted text files
CloudFormer supports generating templates from running environments
"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI"
]},
"Tags" : [{
"Key" : "MyTag",
"Value" : "TagValue"
}]
}
},

AWS Cloud School
Deployment & Management | Deployment and Management
Amazon CloudFormation Deployment and Management
Use AWS CloudFormation’s sample templates or create your own
templates to describe the AWS resources, and any associated
dependencies or runtime parameters, required to run your application.
Deploy and update a template and its associated collection of resources
“called a stack” via the AWS Management Console, AWS CloudFormation
command line tools or APIs. CloudFormation is available at no additional
charge, and you pay only for the AWS resources needed.
Template AWS CloudFormation Stack

AWS Cloud School
Deployment & Management | Additional Resources
AWS CloudFormation Sample Templates:
https://aws.amazon.com/cloudformation/aws-cloudformation-templates/
AWS User Groups: http://aws.amazon.com/usergroups/
Introduction to AWS IAM Training Video: https://us-east-1-aws-
training.s3.amazonaws.com/intro/iam.html

AWS Cloud School
Summary
The key fundamental elements of AWS Deployment & Management
products and services.
Deployment & Management | Module Completion

AWS Cloud School
Certification
aws.amazon.com/certification
Demonstrate your
skills, knowledge, and
expertise with the
AWS platform
Self-Paced Labs
aws.amazon.com/training/
self-paced-labs
Try products, gain
new skills, and get
hands-on practice
working with AWS
technologies
aws.amazon.com/training
Training
Skill up and gain
confidence to design,
develop, deploy and
manage your
applications on AWS
Completion | Training Next Steps

AWS Cloud School
Thank You
Hope you enjoyed the training!
We value your feedback: #awsomedays
danilop@amazon.com
@danilop
alberto.quario@xpeppers.com
@realrealbot
filippo.liverani@xpeppers.com
@filippo

AWSome Day - Milan, July 24th 2014

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (20)

Similaire à AWSome Day - Milan, July 24th 2014

Similaire à AWSome Day - Milan, July 24th 2014 (20)

Plus de Amazon Web Services

Plus de Amazon Web Services (20)

AWSome Day - Milan, July 24th 2014

Notes de l'éditeur