Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

AWSome Day Bethesda - February 2019

2 000 vues

Publié le

This free, one-day training will provide a step-by-step introduction to the core AWS services for compute, storage, database, and networking.

AWS technical experts will explain key features and use cases, share best practices, walk through technical demos, and be available to answer your questions one-on-one.

AWSome Day is ideal for IT managers, system engineers, system administrators, and architects who are eager to learn more about cloud computing and how to get started on the AWS Cloud.

  • There are over 16,000 woodworking plans that comes with step-by-step instructions and detailed photos, Click here to take a look ♥♥♥ http://tinyurl.com/yy9yh8fu
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • On this training day instructor mentioned some more notes will be provided which are written in word doc while presenting. I don't see it here. Can you please upload here. Thanks,
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Hi How do i get a copy of the slides? it wont download from here!!
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

AWSome Day Bethesda - February 2019

  1. 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 02.05.19 AWSOME DAY B E T H E S D A
  2. 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda 8:00AM – 9:00AM Registration & Ask an AWS Expert 9:00AM – 9:15AM Welcome 9:15AM – 9:50AM AWS History and Introduction 9:50AM – 10:45AM AWS Foundational Services , Part 1 10:45AM – 11:15AM Break & Ask an AWS Expert 11:15AM – 12:30PM AWS Foundational Services, Part 2 12:30PM – 1:30PM Lunch & Ask an AWS Expert 1:30PM – 2:10PM Security, Identity, and Access Management 2:10PM – 2:55PM AWS Databases 2:55PM – 3:15PM Break & Ask an AWS Expert 3:15PM – 3:55PM AWS Elasticity & Management Tools 3:55PM – 4:00PM Closing Remarks
  3. 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Questions? Visit the Ask an Expert area or the Training and Cert booth. Available at Lunch and Breaks: • 10:45AM – 11:15AM • 12:30PM - 1:30PM • 2:55PM - 3:15PM • 4:00PM - 4:30PM
  4. 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Presenter Introduction Heiwad Osman Technical Trainer
  5. 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWSOME DAY
  6. 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Amazon Web Services (AWS) ComputeMessaging Mobile App Services Database Networking Development and Management Tools Payments VPC On-Demand Workforce Analytics Content Delivery StorageEnable businesses and developers to use web services to build scalable, sophisticated applications.
  7. 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Amazon History 1994: Jeff Bezos incorporated the company. 1995: Amazon.com launched its online bookstore. 2005: Amazon Publishing was launched. 2006: Amazon Web Services (AWS) was launched. 2007: Kindle was launched. 2011: Amazon Fresh was launched. 2012: Amazon Game Studios was launched. 2013: Amazon Art was launched. 2014: Amazon Prime Now was launched. 2015: Amazon Home Services and Amazon Echo were launched.
  8. 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS Pace of Innovation AWS offers over 129 fully featured services for compute, storage, databases, networking, analytics, machine learning and artificial intelligence (AI), Internet of Things (IoT), mobile, security, hybrid, and application development, deployment, and management. * As of 31 March 2018 2011 82 722 1,430 280 2013 2015 2017
  9. 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification 5,089 AWS Direct Connect AWS Elastic Beanstalk Schema Conversion Tool AWS Shield EFS WorkSpaces Amazon Lumberyard Amazon Pinpoint AWS IoT AWS Managed Services Amazon Route 53 AWS OpsWorks for Chef Automate Redshift Dynamo DB Amazon Polly AWS Snowball AWS Organizations Device Farm Amazon Config Amazon RDS for Aurora WorkDocs AWS Snowball Edge CodeCommit AWS CodePipeline AWS Service Catalog CloudWatch Logs Amazon Lex AWS Greengrass Amazon EC2 Systems Manager AWS WAF Amazon Appstream 2.0 Amazon Athena AWS Glue Amazon Lightsail Amazon Rekognition AWS Step Functions AWS Discovery Services AWS Certificate Manager Amazon ElastiCache Mobile Analytics AWS Mobile Hub AWS Storage Gateway AWS OpsWorks AWS Batch Amazon Inspector Amazon Cognito AWS CodeDeploy AWS Personal Health Dashboard AWS Snowmobile Lambda * As of 31 March 2018 AWS Codebuild AWS X-Ray Amazon QuickSight Amazon Kinesis Firehose Amazon Workmail Amazon Inspector Machine Learning
  10. 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Infrastructure Regions Edge LocationsAvailability Zones Foundation Services Compute (Virtual, Auto-scaling and Load Balancing) Networking Applications Virtual Desktops Collaboration and Sharing Platform Services Databases Relational NoSQL Caching Analytics Cluster Computing Real-time Data Warehouse Data Workflows App Services Queuing Orchestration App Streaming Transcoding Email Search Deployment and Management Containers Dev/ops Tools Resource Templates Usage Tracking Monitoring and Logs Mobile Services Identity Sync Mobile Analytics Notifications Storage (Object, Block and Archive) AWS Cloud Computing
  11. 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Traditional Infrastructure Amazon Web Services AWS Core Infrastructure and Services Security Network Security Network VPCVPC ELB Servers AMI Amazon EC2 InstancesOn-Premises Servers Security Security Groups Network ACLs AWS IAMFirewalls ACLs Administrators Storage and Database RDBMSDAS SAN NAS Amazon EBS Amazon EFS Amazon S3 Amazon RDS Networking VPCELBRouter Network Pipeline Switch
  12. 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS Customers Public Sector Paving the way for innovation and supporting world-changing projects in government, education and nonprofit organizations. Startups From the spark of an idea, to your first customer, to IPO and beyond, let Amazon Web Services help you build and grow your startup. Enterprise Customers Amazon Web Services delivers a mature set of services specifically designed for the unique security, compliance, privacy, and governance requirements of large organizations.
  13. 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Advantages and Benefits of AWS Cloud Computing Trade capital expense for flexible expense. Benefit from massive economies of scale. Eliminate guessing on your capacity needs. Go global in minutes. Increase speed and agility. Stop spending money on running and maintaining data centers.
  14. 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWSOME DAY
  15. 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification A single data center typically houses several thousands of servers. All data centers are online. No data center is “cold”. AWS custom network equipment: Multi-ODM sourced. Amazon custom network protocol stack. AWS Data Centers Data center
  16. 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Each Availability Zone is: Made up of one or more data centers. Designed for fault isolation. Interconnected with other Availability Zones using high-speed private links. You choose your Availability Zones. AWS recommends replicating across AZs for resiliency. AWS Availability Zones (AZ) Availability Zone
  17. 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Each region is made up of two or more Availability Zones. AWS has 20 regions worldwide. You enable and control data replication across regions. Communication between regions uses AWS backbone network connections infrastructure. AWS Regions AWS Region Availability Zone Data center Data center Data center Data center Data center Data center Data center Data center Data center Data center Data center Data center Availability Zone Availability Zone
  18. 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS Global Infrastructure Map # AWS Regions Availability Zones Planned Regions #
  19. 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS Global Infrastructure – Edge Locations 149* Edge Locations in 65 cities Local points of presence that support AWS services like: Amazon Route 53 Amazon CloudFront AWS WAF AWS Shield Lambda@Edge *as of January 2019
  20. 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS Global Infrastructure: Edge Locations and Regional Edge Caches
  21. 21. Instructor Demo AWS Management Console
  22. 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification By the end of the day, you’ll understand this Region: us-east-2 Availability Zone A: us-east-2a awsome-vpc (10.10.0.0/16) Availability Zone B: us-east-2b Public Subnet A (10.0.0.0/24) internet-gateway Public Subnet B (10.0.1.0/24) Private Subnet A (10.0.2.0/23) Private Subnet B (10.0.4.0/23) web-server webserver-security-group my-s3-bucket webserver-ami ec2-s3-access-role Browser http://IPv4PublicIP Web Servers NAT Gateway A NAT Gateway B
  23. 23. Module 2 AWS Foundational Services
  24. 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Amazon Elastic Compute Cloud (EC2) Amazon Elastic Block Store (EBS) Amazon Virtual Private Cloud (VPC) Demo: Launching a Web Server Amazon Simple Storage Service (S3) Demo: Amazon S3 Module 2 Layout
  25. 25. Amazon Elastic Compute Cloud (EC2)
  26. 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Amazon Elastic Compute Cloud (EC2) Resizable compute capacity Complete control of your computing resources Reduced time required to obtain and boot new server instances Amazon EC2
  27. 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Amazon EC2 Facts Scale capacity as your computing requirements change Pay only for capacity that you actually use Choose Linux or Windows Deploy across AWS Regions and Availability Zones for reliability Use tags to help manage your Amazon EC2 resources
  28. 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification 1. Determine the AWS Region in which you want to launch the Amazon EC2 instance. 2. Launch an Amazon EC2 instance from a pre-configured Amazon Machine Image (AMI). 3. Choose an instance type based on CPU, memory, storage, and network requirements. 4. Configure network, IP address, security groups, storage volume, tags, and key pair. Launching an Amazon EC2 Instance
  29. 29. 1. Determine the AWS Region
  30. 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS Global Infrastructure Map # AWS Regions Availability Zones Planned Regions #
  31. 31. 2. Launch from an AMI
  32. 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification An AMI includes the following: A template for the root volume for the instance (for example, an operating system, an application server, and applications). Launch permissions that control which AWS accounts can use the AMI to launch instances. A block device mapping that specifies the volumes to attach to the instance when it is launched. Amazon Machine Image (AMI) Details
  33. 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Instances and AMIs Select an AMI based on: Region Operating system Architecture (32/64bit x86 or 64-bit ARM) Launch permissions Storage for the root device AMI Instances Instance Launch instances of any type Host computer Host computer
  34. 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Online store to discover, purchase, and deploy IT software on top of the AWS infrastructure. Catalog of 4,500+ IT software solutions including Paid, BYOL, Open Source, SaaS, and free-to-try options. Pre-configured to operate on AWS. Software checked by AWS for security and operability. Deploys to AWS environment in minutes. Flexible, usage-based billing models. Software charges billed to AWS account. Includes AWS Test Drive. AWS Marketplace – IT Software Optimized for the Cloud https://aws.amazon.com/marketplace
  35. 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification OS, Applications, and Configuration AMI Running or Stopped VM Instances AZ Region AZ Instances Instances Amazon EC2 Instances
  36. 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Instance Lifecycle AMI pending Launch runningrebooting Reboot Start terminated shutting down Terminate Terminate EBS-backed instances only Stop stopping stopped hibernated Stop-Hibernate
  37. 37. 3. Choose an Instance Type
  38. 38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification EC2 instance types are optimized for different use cases and workload requirements and come in multiple sizes. Consider the following when choosing your instances: Core count Memory size Storage size and type Network performance CPU technologies Choosing the Right Amazon EC2 Instance
  39. 39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Intel Processor Technologies AWS customers can choose EC2 instances with Intel® Xeon® processors for high performance. Intel AVX (AVX, AVX2 and AVX-512) – Highly parallel HPC workloads. Intel AES-NI – Accelerates encryption/decryption of data. Intel Turbo Boost Technology – More computing power when you need it with performance that adapts to spikes in your workload. Intel Transactional Synchronization (TSX) Extensions – Enable execution of transactions that are independent to accelerate throughput. P state & C state control – Ability to individually tune each cores performance & sleep states to improve application performance.
  40. 40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification C5n Instance Example c5n.18xlarge offers 72 vCPUs and 192 GiB of memory Up to 100 Gbps of network bandwidth 3.0 GHz Intel Xeon Platinum processors with Intel Advanced Vector Extension 512 (AVX-512) instruction set Run each core at up to 3.5 GHz using Intel Turbo Boost Technology Based on the next generation AWS Nitro System 42
  41. 41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Broad Set of Compute Instance Types General Purpose Compute optimized Storage and I/O optimized GPU- or FPGA- enabled Memory optimized C5 C5n M5 M5a A1 I3 D2 H1 X1 R4 X1e z1d P3 P2 G3 F1 Burstable Performance T3 T2
  42. 42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification On-Demand Instances Pay as you go. Reserved Instances Purchase, at a significant discount, instances that are always available 1-year to 3- year terms. Scheduled Instances Purchase instances that are always available on the specified recurring schedule, for a one-year term. Spot Instances Bid on unused instances, which can run as long as they are available and your bid is above the Spot price. Amazon EC2 Purchasing Models Dedicated Hosts Pay for a physical host that is fully dedicated to running your instances. By the instance By the host
  43. 43. 4. Configure your instance
  44. 44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Can be passed to the instance at launch. Can be used to perform common automated configuration tasks. Runs scripts after the instance starts. Instance User Data
  45. 45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification You can specify user data when launching an instance. User data can be: Linux script – executed by cloud-init Windows batch or PowerShell scripts – executed by EC2Launch or EC2Config service User data scripts run once per instance ID by default. Adding User Data
  46. 46. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification #!/bin/sh yum -y install httpd chkconfig httpd on /etc/init.d/httpd start User Data Example Linux User data shell scripts must start with the #! characters and the path to the interpreter you want to read the script. Install Apache web server Enable the web server Start the web server
  47. 47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification <powershell> Import-Module ServerManager Install-WindowsFeature web-server, web-webserver Install-WindowsFeature web-mgmt-tools </powershell> User Data Example Windows Import the Server Manager module for Windows PowerShell. Install IIS Install Web Management Tools
  48. 48. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Is data about your instance. Can be used to configure or manage a running instance. To get the instance metadata from within a running instance, use the following URI: http://169.254.169.254/latest/meta-data/ Instance Metadata Metadata: Availability Zone: us-east-1d Instance type: c5.18xlarge Public IP: 34.234.30.48 Metadata: Availability Zone: us-east-1a Instance type: i3.2xlarge Public IP: 52.7.197.98
  49. 49. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Other compute services AWS Lambda Run your Code in Response to Events Amazon Elastic Container Service Run and Manage Docker Containers Amazon Elastic Container Service for Kubernetes Run Managed Kubernetes on AWS AWS Fargate Run Containers without Managing Servers or Clusters VMware Cloud on AWS Build a Hybrid Cloud without Custom Hardware
  50. 50. Block Storage Service Amazon Elastic Block Store (EBS)
  51. 51. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Persistent block level storage volumes offer consistent and low-latency performance. Stored data is automatically replicated within its Availability Zone. Snapshots are stored durably in Amazon S3. Amazon Elastic Block Store (EBS) Amazon EBS
  52. 52. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification OS, Applications, and Configuration AMI Running or Stopped VM Instances AZ VPC Region EBS EBS EBS EBS EBS EBS AZ Instances Instances Persistent EC2 Instance storage
  53. 53. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Availability Zone B Amazon EBS volumes are in a single Availability Zone Volume data is replicated across multiple servers in an Availability Zone. Availability Zone A EBS Volume 1 EBS Volume 2 Amazon EBS Scope
  54. 54. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Vast amounts of unused space Create Call CreateVolume 1 GiB to 16 TiB Attach Call AttachVolume to affiliate with one Amazon EC2 instance Attached and In Use • Format from Amazon EC2 instance OS • Mount formatted drive CreateSnapshot Snapshot to Amazon S3 Detach Call DetachVolume Deleted Call DeleteVolume Amazon EBS Lifecycle
  55. 55. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification SSD-backed volumes are Optimized for transactional workloads that involve frequent read/write operations with small I/O size. Dominant in IOPS performance. HDD-backed volumes are Optimized for large streaming workloads. Dominant in throughput (measured in MiB/s). Amazon EBS Volume Types
  56. 56. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification EBS is recommended when data must be quickly accessible and requires long-term persistence. You can launch your EBS volumes as encrypted volumes – data stored at rest on the volume, disk I/O, and snapshots created from the volume are all encrypted. You can create point-in-time snapshots of EBS volumes, which are persisted to Amazon S3. Amazon EBS Facts
  57. 57. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Amazon EC2 Instances OS, Applications and Configuration AMI Running or Stopped VM Instances AZ VPC Region EBS EBS Snapshots EBS EBS EBS EBS EBS AZ Instances Instances
  58. 58. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Is local, complimentary direct attached block storage. Includes availability, number of disks, and size based on EC2 instance type. Is optimized for up to 3.3 million random Read IOPS and 1.4 million Write IOPS. (i3.16xlarge) Is SSD or HDD. Has no persistence. Automatically deletes data when an EC2 instance stops, fails or is terminated. Amazon EC2 Instance Store
  59. 59. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Amazon EBS Data stored on an Amazon EBS volume can persist independently of the life of the instance. Storage is persistent. Amazon EC2 Instance Store Data stored on a local instance store persists only as long as the instance is running or rebooting. Storage is ephemeral. Amazon EBS vs. Amazon EC2 Instance Store
  60. 60. Networking Amazon VPC
  61. 61. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Provision a private, isolated virtual network on the AWS cloud. Have complete control over your virtual networking environment. Amazon Virtual Private Cloud (VPC) Amazon VPC
  62. 62. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification OS, Applications, and Configuration AMI Running or Stopped VM Instances AZ VPC Region AZ Instances Instances EC2 networking with VPC
  63. 63. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification VPC Example Availability Zone A 10.0.0.0/16 Availability Zone B Internet Customer Network
  64. 64. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification A VPC resides within a single Region A subnet defines a range of IP addresses within your VPC. Each subnet must reside entirely within one Availability Zone and cannot span zones. You can launch AWS resources into a subnet that you select. A public subnet (DMZ) should be used for resources that will be accessed directly over the Internet. VPC and Subnets
  65. 65. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Public Subnet Example Public Subnet 2 (10.0.1.0/24)Public Subnet 1 (10.0.0.0/24) Availability Zone A 10.0.0.0/16 Availability Zone B Internet Customer Network
  66. 66. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Availability Zone A 10.0.0.0/16 Availability Zone B Instance in Public Subnet Example Public Subnet 2 (10.0.1.0/24)Public Subnet 1 (10.0.0.0/24) Web Server Internet Customer Network
  67. 67. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification An Internet Gateway allows communication to and from the Internet VPC and Gateways
  68. 68. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Availability Zone A 10.0.0.0/16 Availability Zone B Internet Gateway Internet Gateway Example Public Subnet 2 (10.0.1.0/24)Public Subnet 1 (10.0.0.0/24) Internet Customer Network Web Server Region – US East (Ohio)
  69. 69. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Availability Zone A 10.0.0.0/16 Availability Zone B Internet Gateway Internet Gateway Example Public Subnet 2 (10.0.1.0/24)Public Subnet 1 (10.0.0.0/24) Internet Customer Network Web Server Region – US East (Ohio)
  70. 70. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification A VPC resides within a single Region A subnet defines a range of IP addresses within your VPC. Each subnet must reside entirely within one Availability Zone and cannot span zones. You can launch AWS resources into a subnet that you select. A public subnet (DMZ) should be used for resources that will be accessed over the Internet. A private subnet should be used for resources that won’t be accessible over the Internet. VPC and Subnets
  71. 71. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Availability Zone A 10.0.0.0/16 Availability Zone B Internet Gateway Private Subnet Example Public Subnet 2 (10.0.1.0/24)Public Subnet 1 (10.0.0.0/24) Internet Customer Network Web Server Private Subnet 2 (10.0.4.0/23)Private Subnet 1 (10.0.2.0/23)
  72. 72. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Availability Zone A 10.0.0.0/16 Availability Zone B Internet Gateway Instance in Private Subnet Example Public Subnet 2 (10.0.1.0/24)Public Subnet 1 (10.0.0.0/24) Internet Customer Network Web Server Private Subnet 2 (10.0.4.0/23)Private Subnet 1 (10.0.2.0/23) App Server
  73. 73. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification An Internet Gateway allows communication to and from the Internet A NAT Gateway enables instances in the private subnets to initiate outbound traffic to the Internet VPC and Gateways
  74. 74. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Availability Zone A 10.0.0.0/16 Availability Zone B Internet Gateway NAT Gateway Example Public Subnet 2 (10.0.1.0/24)Public Subnet 1 (10.0.0.0/24) Internet Customer Network Web Server Private Subnet 2 (10.0.4.0/23)Private Subnet 1 (10.0.2.0/23) App Server NAT Gateway NAT Gateway
  75. 75. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Availability Zone A 10.0.0.0/16 Availability Zone B Internet Gateway Instance in Private Subnet Example Public Subnet 2 (10.0.1.0/24)Public Subnet 1 (10.0.0.0/24) Internet Customer Network Web Server Private Subnet 2 (10.0.4.0/23)Private Subnet 1 (10.0.2.0/23) App Server NAT Gateway NAT Gateway
  76. 76. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification An Internet Gateway allows communication to and from the Internet A NAT Gateway enables instances in the private subnets to initiate outbound traffic to the Internet A Virtual Private Gateway enables access to and from your remote network Hardware VPN Direct Connect VPC and Gateways
  77. 77. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Availability Zone A 10.0.0.0/16 Availability Zone B Internet Gateway Virtual Private Gateway Example Public Subnet 2 (10.0.1.0/24)Public Subnet 1 (10.0.0.0/24) Internet Customer Network Web Server Private Subnet 2 (10.0.4.0/23)Private Subnet 1 (10.0.2.0/23) App Server NAT Gateway NAT Gateway Virtual Private Gateway
  78. 78. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Availability Zone A 10.0.0.0/16 Availability Zone B Internet Gateway Instance to Customer Network Example Public Subnet 2 (10.0.1.0/24)Public Subnet 1 (10.0.0.0/24) Internet Customer Network Web Server Private Subnet 2 (10.0.4.0/23)Private Subnet 1 (10.0.2.0/23) App Server NAT Gateway NAT Gateway Virtual Private Gateway
  79. 79. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS Multi-Tier Security Groups www server www server www server app server app server app server DBTier security group db server db server db server Internet HTTP/S API port 8080 SQL port 3306 (all other ports are blocked) WebTier security group AppTier security group
  80. 80. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Internet Gateway Route Table Network access control lists (ACLs) Security groups EC2 Key Pairs Security in Your VPC Subnet 10.0.1.0/24 Internet Gateway VPC Router 10.0.0.0/16 Security Group Security Group Network ACL Network ACL Routing Table Routing Table Subnet 10.0.0.0/24 Security Group Security Group instance instance instance instance
  81. 81. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Security Groups Stateful Firewall for an EC2 Instance Network ACLs: Optional Stateless Firewall for a Subnet Layered Security Security Group Subnet Routing Network ACLs VPC Instance
  82. 82. Instructor Demo Launch a Web Server
  83. 83. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification What We’re Starting With Availability Zone A Public Subnet 2 (10.0.1.0/24) 10.0.0.0/16 Availability Zone B Private Subnet 2 (10.0.4.0/23) Public Subnet 1 (10.0.0.0/24) Private Subnet 1 (10.0.2.0/23) Internet Gateway
  84. 84. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Internet Gateway Launch a Web Server Availability Zone A Public Subnet 2 (10.0.1.0/24) 10.0.0.0/16 Web Server 1 Availability Zone B Private Subnet 2 (10.0.4.0/23) Public Subnet 1 (10.0.0.0/24) Private Subnet 1 (10.0.2.0/23) security group Configure a new security group (WebSecurityGroup)
  85. 85. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Internet Gateway Launch a Web Server Availability Zone A Public Subnet 2 (10.0.1.0/24) 10.0.0.0/16 Availability Zone B Private Subnet 2 (10.0.4.0/23) Public Subnet 1 (10.0.0.0/24) Private Subnet 1 (10.0.2.0/23) security group Web Server 1 Launch a new web server Instance
  86. 86. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Launch a Web Server Availability Zone A Web Server 1 Public Subnet 2 (10.0.1.0/24) 10.0.0.0/16 security group Availability Zone B Private Subnet 2 (10.0.4.0/23) Public Subnet 1 (10.0.0.0/24) Private Subnet 1 (10.0.2.0/23) Internet Gateway
  87. 87. Object Storage Service Amazon S3
  88. 88. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Storage for the Internet Natively online, HTTP/S access Storage that allows you to store and retrieve any amount of data, any time, from anywhere on the web Highly scalable, reliable, fast and durable Amazon Simple Storage Service (S3) Amazon S3
  89. 89. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Amazon S3 Bucket with Objects Bucket Object Amazon S3 Concepts Amazon S3 stores data as objects within buckets An object is composed of a file and optionally any metadata that describes that file You control access to the bucket and its objects
  90. 90. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification An object key is the unique identifier for an object in a bucket. Object Keys http://doc.s3.amazonaws.com/2018-06-07/photo.gif Bucket Object Key
  91. 91. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Storage and backup Application file hosting Media hosting Software delivery Store AMIs and snapshots Common Use Scenarios
  92. 92. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Can store an unlimited number of objects in a bucket Objects can be up to 5 TB; no bucket size limit Designed for 99.999999999% durability and 99.99% availability of objects over a given year for S3 Standard Can use HTTP/S endpoints to store and retrieve any amount of data, at any time, from anywhere on the web Can use optional server-side encryption using AWS or customer-managed provided client-side encryption Auditing is provided by access logs Amazon S3 Facts
  93. 93. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification OS, Applications, and Configuration AMI Running or Stopped VM Instances AZ VPC Region EBS EBS EBS EBS EBS EBS AZ Instances Instances S3 Data is stored within the AWS Region S3 EBS Snapshots S3 Buckets
  94. 94. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Amazon S3 creates a bucket in the region you select. You can choose a region to: Optimize latency Minimize costs Address regulatory requirements Objects stored in a region never leave the region unless you explicitly transfer them to another region. Amazon S3 Region Considerations
  95. 95. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification You can control access to buckets and objects with: Access Control Lists (ACLs) Bucket policies Identity and Access Management (IAM) policies You can upload or download data to Amazon S3 via SSL/TLS encrypted endpoints. You can encrypt data Client-Side and/or Server-Side. Amazon S3 Security
  96. 96. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Protects from accidental overwrites and deletes with no performance penalty. Generates a new version with every upload. Allows easily retrieval of deleted objects or roll back to previous versions. Two states of an Amazon S3 bucket Versioning-suspended Versioning-enabled Amazon S3 Versioning Versioning Enabled Key: photo.gif ID: 121212 Key: photo.gif ID: 111111
  97. 97. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Pay only for what you use No minimum fee Estimate monthly bill using the AWS Simple Monthly Calculator (https://calculator.s3.amazonaws.com/index.html) Pricing is available as: Storage Pricing Request Pricing Data Transfer Pricing: data transferred out of Amazon S3 Amazon S3 Pricing
  98. 98. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Lifecycle management defines how Amazon S3 manages objects during their lifetime. Some objects might have a well-defined lifecycle: Log files Archive documents & digital media Financial and healthcare records Raw genomics sequence data Long-term database backups Data that must be retained for regulatory compliance Amazon S3 Object Lifecycle
  99. 99. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification S3 Lifecycle policies allow you to delete or move objects based on age and set rules per S3 bucket. Amazon S3 + Amazon Glacier bucket with objects 30 Days Glacier archive 365 Days
  100. 100. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Storage Class Durability Availability Other Considerations Amazon S3 Standard 99.999999999% 99.99% • For frequently accessed data Amazon S3 Standard - Infrequent Access (IA) 99.999999999% 99.9% • For infrequently accessed data • Retrieval fee associated with objects Intelligent Tiering 99.999999999% 99.9% • Data with changing or unknown access patterns • Monitoring and automation fees per object apply. No retrieval fees. One Zone-IA 99.999999999% 99.5% • Infrequently accessed data • Retrieval fee associated with objects • No physical AZ lost resiliency Amazon S3 Storage Classes
  101. 101. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Long term low-cost archiving service Optimal for infrequently accessed data Designed for 99.999999999% durability Retrieval time: Expedited: 1 – 5 minutes Standard: 3 – 5 hours Bulk: 5 – 12 hours Amazon Glacier
  102. 102. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Storage Class Durability Availability Other Considerations Amazon S3 Standard 99.999999999% 99.99% • For frequently accessed data Amazon S3 Standard - Infrequent Access (IA) 99.999999999% 99.9% • For infrequently accessed data • Retrieval fee associated with objects Intelligent Tiering 99.999999999% 99.9% • Data with changing or unknown access patterns • Monitoring and automation fees per object apply. No retrieval fees. One Zone-IA 99.999999999% 99.5% • Infrequently accessed data • Retrieval fee associated with objects • No physical AZ lost resiliency Glacier 99.999999999% N/A • Long term data archiving • Per GB retrieval fees apply. • 99.99% availability once restored Amazon S3 + Glacier
  103. 103. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Amazon EBS Amazon S3 Paradigm Block storage with file system Object store Performance Very fast Fast Redundancy Across multiple servers in an Availability Zone Across multiple facilities in a Region Security EBS Encryption – Data volumes and Snapshots Encryption Direct Access from the Internet? No Yes (with proper credentials or ACL) Typical use case It is a disk drive Online storage Amazon EBS and Amazon S3
  104. 104. Instructor Demo Amazon S3
  105. 105. Module 3 Security, Identity, and Access Management
  106. 106. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification CustomerAWS Customer Data Platform, Applications, Identity and Access Management Operating System, Network, and Firewall Configuration Client-Side Data Encryption and Data Integrity Authentication Server-Side Encryption (File System and Data) Network Traffic Protection (Encryption/Integrity/Identity) Compute Storage Database Networking Edge Locations Regions Availability Zones AWS Global Infrastructure Responsible For Security “IN” The Cloud Responsible For Security “OF” The Cloud Shared Responsibility ModelShared Responsibility Model
  107. 107. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification 24/7 trained security staff AWS data centers in nondescript and undisclosed facilities Two-factor authentication for authorized staff Authorization for data center access Physical Security
  108. 108. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Automated change-control process Bastion servers that record all access attempts Firewall and other boundary devices AWS monitoring tools Hardware, Software, and Network
  109. 109. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Assurance Programs
  110. 110. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Network Security VPC Secure Transmission Use secure endpoints to establish secure communication sessions (HTTPS). Instance Firewalls Use security groups to configure firewall rules for instances. Security Groups Network Control Use public and private subnets, NAT, and VPN support in your virtual private cloud to create low- level networking constraints for resource access. SSL EndpointsSSL Endpoints
  111. 111. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS Identity and Access Management (IAM) AWS IAM 3 Manage federated users and their permissions 2 Manage AWS IAM roles and their permissions 1 Manage AWS IAM users and their access
  112. 112. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS Management Console: User Name and Password AWS IAM Authentication IAM User
  113. 113. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS CLI or SDK API: Access Key and Secret Key AWS IAM Authentication Access Key ID: AKIAIOSFODNN7EXAMPLE Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Java Python .NET AWS SDK & APIAWS CLI IAM User
  114. 114. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS IAM User Management - Groups User D DevOps Group User C AWS Account Admin Group User BUser A
  115. 115. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Authorization Policies: Are JSON documents to describe permissions. Are assigned to users or groups. AWS IAM Authorization IAM User IAM Group
  116. 116. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS IAM Policy Elements{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1453690971587", "Action": [ "ec2:Describe*", "ec2:StartInstances", "ec2:StopInstances” ], "Effect": "Allow", "Resource": "*", "Condition": { "IpAddress": { "aws:SourceIp": "54.64.34.65/32” } } }, { "Sid": "Stmt1453690998327", "Action": [ "s3:GetObject*” ], "Effect": "Allow", "Resource": "arn:aws:s3:::example_bucket/*” } ] } IAM Policy
  117. 117. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS IAM Policy Assignment IAM User IAM Group IAM Roles Assigned Assigned Assigned IAM Policy
  118. 118. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification An IAM role uses a policy. An IAM role has no associated credentials. IAM users, applications, and services may assume IAM roles. AWS IAM Roles IAM Roles
  119. 119. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS IAM Policy Assignment IAM User IAM Group IAM Roles Assigned Assigned Assigned IAM Policy IAM User Assumed Assumed AWS Resources
  120. 120. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Python application hosted on an Amazon EC2 Instance needs to interact with Amazon S3. AWS credentials are required: Option 1: Store AWS Credentials on the Amazon EC2 instance. Option 2: Securely distribute AWS credentials to AWS Services and Applications. Example: Application Access to AWS Resources IAM Roles
  121. 121. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS IAM Roles - Instance Profiles Amazon EC2 App & EC2 MetaData Service http://169.254.169.254/latest/meta-data/iam/security-credentials/rolename Amazon S3 1 2 3 4 Create Instance SelectIAMRole ApplicationinteractswithS3
  122. 122. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS IAM Roles – Assume Role IAM Restricted Policy IAM User A-1 AWS Account A IAM Admin RoleIAM Admin Policy Assigned Assume Assigned 1 2 IAM User B-1 AWS Account B Amazon S3 Assume 4 Access 53 Access 1
  123. 123. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Application Authentication AWS IAM Application No Support No Support OS
  124. 124. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Authentication AWS Management Console User Name and Password AWS CLI or SDK API Access Key and Secret Key Authorization Policies AWS IAM Authentication and Authorization IAM User IAM Group IAM Roles IAM Policy
  125. 125. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Records AWS API calls for accounts. Delivers log files with information to an Amazon S3 bucket. Logs calls made using the AWS Management Console, AWS SDKs, AWS CLI and higher-level AWS services. AWS CloudTrail AWS CloudTrail Amazon S3 Bucket Logs
  126. 126. Instructor Demo IAM
  127. 127. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Delete AWS account (root) access keys. Create individual IAM users. Use groups to assign permissions to IAM users. Grant least privilege. Configure a strong password policy. Enable MFA for privileged users. Use roles for applications that run on Amazon EC2 instances. Delegate by using roles instead of by sharing credentials. AWS IAM Best Practices
  128. 128. Break & Ask an AWS Expert until 3:30PM
  129. 129. Module 4 Databases
  130. 130. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS Managed Database Services Compute Storage AWS Global Infrastructure Database App Services Deployment and Administration Networking Amazon DynamoDB Amazon ElastiCache Amazon RDS Amazon Redshift Amazon Neptune Amazon DocumentDB
  131. 131. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification No one size fits all. Analyze your data requirements by considering: Data formats Data size Query frequency Data access speed Data retention period Data Storage Considerations
  132. 132. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Cost-efficient and resizable capacity Manages time-consuming database administration tasks Access to the full capabilities of Amazon Aurora, MySQL, MariaDB, Microsoft SQL Server, Oracle, and PostgreSQL databases Deployable on-premises on Vmware (in preview) Amazon Relational Database Service (RDS) Amazon RDS
  133. 133. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Simple and fast to deploy Manages common database administrative tasks Compatible with your applications Fast, predictable performance Simple and fast to scale Secure Cost-effective Amazon RDS
  134. 134. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification DB Instances are the basic building blocks of Amazon RDS. They are an isolated database environment in the cloud. They can contain multiple user-created databases. DB Instances
  135. 135. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Automatic Backups: Restore your database to a point in time. Are enabled by default. Let you choose a retention period up to 35 days. Manual Snapshots: Let you build a new database instance from a snapshot. Are initiated by the user. Persist until the user deletes them. Are stored in Amazon S3. How Amazon RDS Backups Work
  136. 136. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Are a copy of a database snapshot stored in a different AWS Region. Provide a backup for disaster recovery. Can be used as a base for migration to a different region. Cross-Region Snapshots
  137. 137. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Use IAM policies to grant access to RDS resources. Use Security Groups. Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora, Oracle, MySQL, MariaDB, PostgreSQL, Microsoft SQL Server). Use RDS encryption to secure instances and snapshots at rest. Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances. Use security features of your DB engine to control access to DB instance. Amazon RDS Security
  138. 138. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification A Simple Application Architecture Amazon RDS database instance Amazon EC2 Application Servers DB snapshots in Amazon S3
  139. 139. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification With Multi-AZ operation, your database is synchronously replicated to another Availability Zone in the same AWS Region. Failover to the standby automatically occurs in case of master database failure. Planned maintenance is applied first to standby databases. Multi-AZ RDS Deployment
  140. 140. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification A Resilient, Durable Application Architecture Amazon RDS database instances: Master and Multi-AZ standby Application, in Amazon EC2 instances DB snapshots in Amazon S3
  141. 141. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Monitor your memory, CPU, and storage usage. Use Multi-AZ deployments. Enable automatic backups. Set the backup window to occur during the daily low in WriteIOPS. To increase the I/O capacity of a DB instance: Migrate to a DB instance class with high I/O capacity. Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS. Provision additional throughput capacity (if using provisioned IOPS storage). Test failover for your DB instance. Amazon RDS Best Practices
  142. 142. Instructor Demo (Part 1) Build a database cluster
  143. 143. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification What We’re Starting With Availability Zone A Web Server 1 Public Subnet 2 (10.0.1.0/24) 10.0.0.0/16 security group Availability Zone B Private Subnet 2 (10.0.4.0/23) Public Subnet 1 (10.0.0.0/24) Private Subnet 1 (10.0.2.0/23) Internet Gateway
  144. 144. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Build a Database Cluster Availability Zone A Public Subnet 2 (10.0.1.0/24) 10.0.0.0/16 security group Availability Zone B Private Subnet 2 (10.0.4.0/23) Public Subnet 1 (10.0.0.0/24) Private Subnet 1 (10.0.2.0/23) Internet Gateway RDS DB SecondaryRDS DB Master Web Server 1 Create a security group for the RDS instances security group security group
  145. 145. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification security group security group Build a Database Cluster Availability Zone A Public Subnet 2 (10.0.1.0/24) 10.0.0.0/16 security group Availability Zone B Private Subnet 2 (10.0.4.0/23) Public Subnet 1 (10.0.0.0/24) Private Subnet 1 (10.0.2.0/23) Internet Gateway Web Server 1 RDS DB SecondaryRDS DB Master Deploy Amazon RDS in a multi-AZ configuration
  146. 146. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Allows you to store any amount of data with no limits. Provides fast, predictable performance using SSDs. Allows you to easily provision and change the request capacity needed for each table. Is a fully managed, NoSQL database service. Amazon DynamoDB Amazon DynamoDB
  147. 147. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification DynamoDB Data Model Table: Music Items Attributes (name-value pairs) Artist Song Title Album Title Year Genre
  148. 148. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Primary Keys Partition Key Sort Key Table: Music Partition Key: Artist Sort Key: Song Title Table: Music Artist Song Title Album Title Year Genre
  149. 149. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Query: Query a table using the partition key and an optional sort key filter. If the table has a secondary index, query using its key. It is the most efficient way to retrieve items from a table or secondary index. Scan: You can scan a table or secondary index. Scan reads every item – slower than querying. Supported Operations
  150. 150. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification You specify how much provisioned throughput capacity you need for reads and writes with optional auto-scaling. Alternatively, use on-demand capacity mode Amazon DynamoDB allocates the necessary machine resources to meet your needs. Provisioned Throughput
  151. 151. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Architecture Elastic Load Balancing Amazon EC2 application instances Clients Amazon DynamoDB Business logic
  152. 152. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Amazon RDS and Amazon DynamoDB Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB) Application Type Existing database apps Business process–centric apps New web-scale applications Large number of small writes and reads Application Characteristics Relational data models, transactions Complex queries, joins, and updates Simple data models, transactions Range queries, simple updates Scaling Application or DBA–architected (clustering, partitions, sharding) Seamless, on-demand scaling based on application requirements QoS Performance–depends on data model, indexing, query, and storage optimization Reliability and availability Durability Performance–Automatically optimized by the system Reliability and availability Durability
  153. 153. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification If You Need Consider Using A relational database service with minimal administration Amazon RDS Choice of Amazon Aurora, MySQL, MariaDB, Microsoft SQL Server, Oracle, or PostgreSQL database engines Scale compute and storage Multi-AZ availability A fast, highly scalable NoSQL database service Amazon DynamoDB Extremely fast performance Seamless scalability and reliability Low cost A database you can manage on your own Your choice of AMIs on Amazon EC2 and EBS that provide scaling for compute and storage, complete control over instances, and more. Database Considerations
  154. 154. Instructor Demo (Part 2) Interact with the database using an application
  155. 155. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Build a Database Cluster and Connect to It Availability Zone A Public Subnet 2 (10.0.1.0/24) 10.0.0.0/16 security group Availability Zone B Private Subnet 2 (10.0.4.0/23) Public Subnet 1 (10.0.0.0/24) Private Subnet 1 (10.0.2.0/23) Internet Gateway RDS DB Secondary security group RDS DB Master security group Web Server 1 Navigate to the Web Server and configure the ODBC connection
  156. 156. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Build a Database Cluster and Connect to It Availability Zone A Public Subnet 2 (10.0.1.0/24) 10.0.0.0/16 security group Availability Zone B Private Subnet 2 (10.0.4.0/23) Public Subnet 1 (10.0.0.0/24) Private Subnet 1 (10.0.2.0/23) Internet Gateway RDS DB Secondary security group RDS DB Master security group Web Server 1
  157. 157. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWSOME DAY
  158. 158. Module 5 AWS Elasticity and Management Tools
  159. 159. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Latency Utilization CloudWatch Elastic Load Balancing Auto Scaling group Execute AS Policy Trio of Services EC2 Auto Scaling
  160. 160. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Distributes traffic across multiple EC2 instances, in multiple Availability Zones Supports health checks to detect unhealthy Amazon EC2 instances Supports the routing and load balancing of HTTP, HTTPS, SSL, and TCP traffic to Amazon EC2 instances Elastic Load Balancing Elastic Load Balancing
  161. 161. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Elastic Load Balancing types Application Load Balancer (ALB) • Flexible application management • Advanced load balancing of HTTP and HTTPS traffic • Operates at the request level (layer 7) Network Load Balancer (NLB) • Extreme performance and static IP for your application • Load balancing of TCP traffic • Operates at the connection level (Layer 4) Classic Load Balancer (CLB) PREVIOUS GENERATION for HTTP, HTTPS, and TCP • Existing application that was built within the EC2-Classic network • Operates at both the request level and connection level HTTP HTTPS TCP
  162. 162. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Register instances as targets in a target group, and route traffic to a target group. Application Load Balancer Target Group /mobile load balancer Listener ListenerRule Rule Rule Target Group Target Group /api Target Target Target Target Target Target Target Health Check Health Check Health Check
  163. 163. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Register instances as targets in a target group, and route traffic to a target group based on port. Network Load Balancer load balancer Listener :80 Target Group Target Target Health Check Listener :443 Target Group Target Target Health Check
  164. 164. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification A monitoring service for AWS cloud resources and the applications you run on AWS Visibility into resource utilization, operational performance, and overall demand patterns Custom application-specific metrics of your own Accessible via AWS Management Console, APIs, SDK, or CLI Amazon CloudWatch Amazon CloudWatch
  165. 165. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Collects metrics from other AWS resources View graphics and statistics Set and Trigger Alarms Collect Logs Amazon CloudWatch Facts
  166. 166. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification CloudWatch Metrics Examples
  167. 167. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Amazon CloudWatch Architecture AWS resources that support CloudWatch Amazon CloudWatch Amazon CloudWatch Alarm Auto Scaling Available Statistics Statistics Consumer AWS Management Console CloudWatch Metrics CPUUtilization StatusCheckFailed Custom Application- Specific Metrics PageViewCount
  168. 168. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Scale your Amazon EC2 capacity automatically Well-suited for applications that experience variability in usage Available at no additional charge EC2 Auto Scaling Auto Scaling
  169. 169. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification EC2 Auto Scaling Benefits Better Cost Management Better Availability Better Fault Tolerance
  170. 170. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification EC2 Auto Scaling Components Auto Scaling GroupLaunch Configuration Scaling Plan
  171. 171. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances. When you create a launch configuration, you can specify: AMI ID Instance type User data Block device mapping Security groups Key pair EC2 Auto Scaling Launch Configurations
  172. 172. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Contain a collection of EC2 instances that share similar characteristics. Instances in an Auto Scaling group are treated as a logical grouping for the purpose of instance scaling and management. EC2 Auto Scaling Groups Auto Scaling group Minimum size Desired capacity Maximum size Scale out as needed
  173. 173. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Auto Scaling Minimum Health Check monitors running instances within an Auto Scaling group. If an unhealthy instance is found, it can be replaced. Manual Scaling Specify a new minimum for your Auto Scaling group. Manually invoke Auto Scaling policies. Scheduled Scaling Scaling functions are performed as a function of time and date. On Demand Scaling Create a policy to scale your resources. Define when to scale using CloudWatch Alarms. Predictive Scaling Automatically forecast load Proactively schedule capacity EC2 Auto Scaling
  174. 174. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification EC2 Auto Scaling Basic Lifecycle instances Auto Scaling group Scale Out Amazon CloudWatch Scheduled Event Scale In Amazon CloudWatch Scheduled Event Launch Instance Attach to Group Detach from Group Terminate Instance X
  175. 175. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Monitors your applications and adjusts capacity Build scaling plans for resources including: Amazon EC2 instances and Spot Fleets Amazon ECS tasks Amazon DynamoDB tables and indexes Amazon Aurora Replicas Amazon EC2 Auto Scaling is part of AWS Auto Scaling AWS Auto Scaling
  176. 176. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Latency Utilization CloudWatch Elastic Load Balancing Auto Scaling group Execute AS Policy Trio of Services EC2 Auto Scaling
  177. 177. Instructor Demo Scale and Load Balance the Architecture
  178. 178. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification What We’re Starting With Availability Zone A Public Subnet 2 (10.0.2.0/24) 10.0.0.0/16 security group Availability Zone B Private Subnet 2 (10.0.4.0/24) Public Subnet 1 (10.0.1.0/24) Private Subnet 1 (10.0.3.0/24) Internet Gateway RDS DB Secondary security group RDS DB Master security group Web Server 1
  179. 179. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Scale and Load Balance the Architecture Availability Zone A Public Subnet 2 (10.0.2.0/24) 10.0.0.0/16 security group Availability Zone B Private Subnet 2 (10.0.4.0/24) Public Subnet 1 (10.0.1.0/24) Private Subnet 1 (10.0.3.0/24) Internet Gateway RDS DB Secondary security group RDS DB Master security group Application Load Balancer Web Instance Web Instance security group Web Server 1 Create an AMI image from an existing instance
  180. 180. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Scale and Load Balance the Architecture Availability Zone A Public Subnet 2 (10.0.2.0/24) 10.0.0.0/16 security group Availability Zone B Private Subnet 2 (10.0.4.0/24) Public Subnet 1 (10.0.1.0/24) Private Subnet 1 (10.0.3.0/24) Internet Gateway RDS DB Secondary security group RDS DB Master security group Application Load Balancer Web Instance Web Instance security group Web Server 1 Deploy an Application Load Balancer
  181. 181. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Scale and Load Balance the Architecture Availability Zone A Public Subnet 2 (10.0.2.0/24) 10.0.0.0/16 security group Availability Zone B Private Subnet 2 (10.0.4.0/24) Public Subnet 1 (10.0.1.0/24) Private Subnet 1 (10.0.3.0/24) Internet Gateway RDS DB Secondary security group RDS DB Master security group Application Load Balancer Web Instance Web Instance security group Web Server 1Configure a Launch Configuration and Auto Scaling Group
  182. 182. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Scale and Load Balance the Architecture Availability Zone A Public Subnet 2 (10.0.2.0/24) 10.0.0.0/16 security group Availability Zone B Private Subnet 2 (10.0.4.0/24) Public Subnet 1 (10.0.1.0/24) Private Subnet 1 (10.0.3.0/24) Internet Gateway RDS DB Secondary security group RDS DB Master security group Application Load Balancer Web Instance Web Instance security group Web Server 1 Test and monitor your Auto Scaling Group Application Load Balancer
  183. 183. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Scale and Load Balance the Architecture Availability Zone A Public Subnet 2 (10.0.2.0/24) 10.0.0.0/16 security group Availability Zone B Private Subnet 2 (10.0.4.0/24) Public Subnet 1 (10.0.1.0/24) Private Subnet 1 (10.0.3.0/24) Internet Gateway RDS DB Secondary security group RDS DB Master security group Application Load Balancer Web Instance Web Instance security group Web Server 1Application Load Balancer
  184. 184. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Best practice and recommendation engine. Provides AWS customers with performance and security recommendations in four categories: Cost optimization Security Fault tolerance Performance improvement. AWS Trusted Advisor AWS Trusted Advisor
  185. 185. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS Trusted Advisor? A service providing guidance to help you reduce cost, increase performance, and improve security
  186. 186. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Trusted Advisor: Core vs. Full Core Checks and Recommendations (included) • Seven core checks around security and performance • Service Limits Full Trusted Advisor Benefits (With Business or Enterprise support) • Full set of checks • Notifications • Programmatic Access via API
  187. 187. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Cost Optimization Amazon EC2 Reserved Instance Optimization Low-utilization Amazon EC2 Instances Idle load balancers Underutilized Amazon EBS volumes Amazon RDS idle DB instances Amazon EC2 Reserved Instance Lease Expiration
  188. 188. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Security Security groups – Unrestricted Access AWS IAM use Amazon S3 bucket permissions MFA on Root Account AWS IAM password policy Amazon RDS security group access risk
  189. 189. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Fault Tolerance Amazon EBS Snapshots Load balancer optimization Auto Scaling Group Resources Amazon RDS Multi-AZ Amazon RDS Backups ELB connection draining
  190. 190. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Performance Improvement High-utilization Amazon EC2 instances Service limits Large number of rules in EC2 security group Overutilized Amazon EBS Magnetic volumes Amazon EC2 to EBS throughput optimization
  191. 191. AWS Support
  192. 192. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Support Comparison Basic Developer Business Enterprise Customer Service and Communities 24x7 access to customer service, documentation, whitepapers, and support forums 24x7 access to customer service, documentation, whitepapers, and support forums 24x7 access to customer service, documentation, whitepapers, and support forums 24x7 access to customer service, documentation, whitepapers, and support forums Best Practices Access to 7 core Trusted Advisor checks Access to 7 core Trusted Advisor checks Access to full set of Trusted Advisor checks Access to full set of Trusted Advisor checks Technical Support Business hours access to Cloud Support Associates via email 24x7 access to Cloud Support Engineers via email, chat & phone 24x7 access to Sr. Cloud Support Engineers via email, chat & phone Case Severity/ Response Times Production system impaired: < 4 hours Production system down: < 1 hour Production system impaired: < 4 hours Production system down: < 1 hour Business-critical system down: < 15 minutes Pricing Included Starts at $29 per month Starts at $100 per month Starts at $15k per month
  193. 193. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Scale and Load Balance the Architecture Availability Zone A Public Subnet 2 (10.0.2.0/24) 10.0.0.0/16 security group Availability Zone B Private Subnet 2 (10.0.4.0/24) Public Subnet 1 (10.0.1.0/24) Private Subnet 1 (10.0.3.0/24) Internet Gateway RDS DB Secondary security group RDS DB Master security group Application Load Balancer Web Instance Web Instance security group Web Server 1Application Load Balancer
  194. 194. Module 6 Course Wrap-Up
  195. 195. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification Expand Your Cloud Skills with AWS aws.amazon.com/certificationaws.training aws.amazon.com/training Digital Training Free, self-paced online courses built by AWS experts Classroom Training Classes taught by accredited AWS instructors AWS Certification Exams to validate expertise with an industry-recognized credential
  196. 196. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS ILT Training Courses 204 AWS Technical Essentials 1 day Architecting on AWS 3 days Developing on AWS 3 days Systems Operations on AWS 3 days Big Data on AWS 3 days Advanced Architecting on AWS 3 days DevOps Engineering on AWS 3 days Security Operations on AWS 3 days Migrating to AWS 2 days Data Warehousing on AWS 3 days https://aws.training
  197. 197. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification AWS Certification 205
  198. 198. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. training and certification A Scalable Architecture Availability Zone A Public Subnet 2 (10.0.1.0/24) 10.0.0.0/16 Availability Zone B Private Subnet 2 (10.0.4.0/23) Public Subnet 1 (10.0.0.0/24) Private Subnet 1 (10.0.2.0/23) Internet Gateway RDS DB Secondary security group RDS DB Master security group Application Load Balancer Web Instance Web Instance security group
  199. 199. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWSOME DAY
  200. 200. Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWSOME DAY Heiwad Osman

×