Contenu connexe Similaire à Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Invent 2018 (20) Plus de Amazon Web Services (20) Simplifying Microsoft Architectures with AWS Services (WIN306) - AWS re:Invent 20182. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Simplifying Microsoft Architectures
with AWS Services
Zlatan Dzinic
Senior Solution Architect
Amazon Web Services
W I N 3 0 6
3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
About me
Cape Town-ian in Orange County 🇧🇦🇿🇦🇺🇸
Alma Mater – University of Cape Town
zlatan@amazon.com, @ZlatanDzinic
Senior Solution Architect – Amazon Web Services
Zlatan Dzinic
Focus
Serverless
Containers
AI
Machine Learning
Previously
Director – Consulting Services
Worked with:
Microsoft Ranger Teams
Microsoft Research
microsoft.com
AWS – Professional services
4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Challenge
Can AWS simplify the infrastructure environment that I already know well?
• Active Directory?
• Corporate applications
• Office 365
• Exchange
• SharePoint
• Dynamics
• System Center
• SQL?
• How do I deploy all of this?
Any good migration suggestions for simplifying my Microsoft workloads?
Can AWS help me simplify my legacy .NET architecture?
• I want to innovate!
• I want to use the latest architectural concepts and platforms!
• I want an efficient, fully supported CD/CI!
Can AWS make management of my Windows workloads more simple?
5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon VPC Design Patterns
Single VPN—Multi-VPC
Shared Services Amazon VPC
Corporate Data Center
Shared Services Amazon VPC
B
Replicated
Services
Application
Proxies
CA B CA
Corporate Data Center
Transit Amazon VPC
Transit Amazon VPC
7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Transit Gateway
8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AD Pattern
Extending Active Directory Domain to AWS
Existing Active Directory domain extended to AWS; new Active Directory sites configured in each AZ; domain controllers on Amazon Elastic
Compute Cloud (Amazon EC2) Windows servers; site-link costs correctly configured; and “try next closest site” configured
VPN/DX
AD Replication
Private subnet
Availability Zone 1
DC3
AD Domain:amazon.com
AZ1: AwsEastAZ1
Private subnet
Availability Zone 2
DC4
AD Domain:amazon.com
AZ2: AwsEastAZ2
Cost 10
Cost 50
San Francisco
AD Domain: amazon.com
AD Site: SanFran
DC1
New York Corporate Network
AD Domain: amazon.com
AD Site: New York
DC2
Cost 100
Cost 100
Cost 100
Cost 100
9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AD Pattern
Federated Trust
Identities mastered on premises; Federated Trust (AD FS) configured between on-premises Active Directory
and domain controllers running on Amazon EC2 Windows servers
Private subnet
Availability Zone 1
DC3
AD Domain Cloud
Private subnet
Availability Zone 2
DC4
AD Domain Cloud
Cost 50
San Francisco
AD Domain: amazon.com
AD Site: SanFran
ADFS1
New York Corporate Network
AD Domain: amazon.com
AD Site: New York
ADFS2
ADFS1 ADFS2
or or
Federated Trust
Internet
DC1
DC2
AWS SSO AWS SSO
10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AD Pattern
Forest Trusts
Identities mastered on premises; Forest Trusts configured between on-premises Active Directory
and AWS Directory Service for managed Active Directory
Private subnet
Availability Zone 1
DC3
AD Domain: Cloud A
Private subnet
Availability Zone 2
DC4
AD Domain: Cloud A
Cost 50
San Francisco
AD Domain: Domain B
AD Site: SanFran
New York Corporate Network
AD Domain: Domain B
AD Site: New York
or or
DC1
DC2VPN/DX
AD Authentication
AD Trust
11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AD Trust
AD Trust
Corporate Data Center
Shared Services Amazon VPC
B
Managed AD
CA
Managed AD
B CA
Corporate Data Center
Support for multiple accounts and Amazon VPCs within a region
12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key features
Actual Microsoft
Active Directory Trust support Group policy support
Support multiple accounts
and Amazon VPCs
Seamless domain join
13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key features (continued)
Single directory for all cloud
workloads
High availability and daily
snapshots
AWS-managed infrastructure Federated access to the AWS
Management Console
14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Microsoft AD as a resource directory
Amazon
WorkSpaces
RDS for SQL
Server
Amazon
WorkDocs
Amazon
WorkMail
Amazon
QuickSight
AWS Management
Console
Amazon
Chime
Amazon
Connect
AWS Apps & Services
AWS Microsoft
AD Directory
Enable, Authenticate, &
Authorize
Manage,
Authenticate, & Authorize
Manage, Authenticate,
& Authorize
.NET
Applications
Server
SharePoint
Server
AD-aware Workloads
SQL ServerRemote
Desktop
Licensing
Manager
.NET SharePoint
SQL
Server
RD
Licensing
Enterprise
Certificate
Authority
Certificate
Services
On-Premises
Microsoft Active
Directory
On-Premises User
Credentials
Corporate Data
Center
SaaS Applications
Azure AD
SAML
Authenticate
Synchronize
Users
VPN
DX
or
AD FS
Server
Azure AD
Connect
Server
Amazon EC2
Amazon
Windows EC2
Instances
Amazon
Linux EC2
Instances
15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Manage,
Authenticate, & Authorize
AWS Microsoft AD as a primary directory
Amazon
WorkSpaces
AWS Microsoft
AD Directory
RDS for SQL
Server
Amazon
WorkDocs
Amazon
WorkMail
Amazon
QuickSight
AWS Management
Console
Amazon
Chime
Amazon
Connect
AWS Apps & Services
.NET
Applications
Server
SharePoint
Server
AD-aware Workloads
SQL ServerRemote
Desktop
Licensing
Manager
.NET SharePoint
SQL
Server
RD
Licensing
SaaS Applications
Azure AD
Enable, Authenticate, &
Authorize
SAML
Authenticate
Synchronize
Users
Manage, Authenticate,
& Authorize
Enterprise
Certificate
Authority
Certificate
Services
Amazon
Windows EC2
Instances
Amazon
Linux EC2
Instances
Amazon EC2
AD FS
Server
Azure AD
Connect
Server
Federate
ADSync
AD FS
On-Premises
Microsoft Active
Directory
On-Premises User
Credentials
Corporate Data
CenterVPN
DX
or
AD FS
Server
Azure AD
Connect
Server
AWS SSO
16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Organizations – Account management
A6
Development Test Production
A8A1
A5
A4A3
A2
A9
A7
OU
Allows you to organize AWS accounts
Controls access to AWS services
Apply service
control policies
OU OU
Root
17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Challenges
Managing access to multiple AWS accounts and business
applications is expensive, hard, and time-consuming.
Managing multiple
AWS accounts
requires effort
Hard to set up,
operate, and use
SSO infrastructure
Numerous
credentials and no
centralized security
controls
Access to business
applications takes
time and effort, and
is expensive
18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS SSO
Centrally manage single sign-on (SSO) access to multiple AWS
accounts and business applications.
Centrally manage
access to multiple
AWS accounts
Easy to enable and
use
Use your existing
corporate identities
Single sign-on
access to business
applications
19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Centrally manage access to AWS accounts
• Connects to AWS Organizations and
lists your AWS accounts
• Allows filtering accounts by OU
• Automatic single sign-on setup to AWS
accounts
• Centralized management of account
permission sets
• Define, apply, and reapply permission
sets to all AWS accounts
AWS accounts managed in
AWS Organizations
AWS consoles
OU = Development OU = Production
Manage
permissions to
AWS accounts
SSO
access
Permissions
AWS SSO
20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Access to business applications
• Preintegrated with commonly
used cloud applications
• Set up using simple step-by-step
instructions
• Vendor changes to the
application configuration are
taken care by AWS
• Nuances of SAML integration
simplified
• Configure any SAML 2.0
application using application
configuration wizard
Adobe Creative
Cloud
DruvalnSync NewRelic Syncplicity
AppDynamics Egnyte Office 365 Tableau
BambooHR Engagedly OpsGenie TalentLMS
Bonusly Expensify PagerDuty Trello
Box Freshdesk ProdPad UserEcho
Citrix ShareFile G Suite PurelyHR UserVoice
ClickTime GitHub Salesforce WeekDone
Convo GoToMeeting Samanage Workplace by
Facebook
Deputy IdeaScale ScreenSteps ZenDesk
Deskpro Igloo ServiceNow Zoho
DigiCert Jitbit Slack Zoom
DocuSign Keeper Security Sli.do 4me
Dome9 Kudos SmartSheet
Domo LiquidFiles SugarCRM
Dropbox Lucidchart SumoLogic
21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS SSO – Application configuration wizard
Pick a
preintegrated
application
Follow step-by-step
customized
instructions for each
application
Configure single
sign-on
Assign access
1 + 1 = 2C H S E
22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Options for Deploying SQL Server on AWS
Amazon RDS
for SQL Server
SQL Server
on Amazon EC2
Power, HVAC, net
OS Install/Maintenance
OS Patching
DBMS Install/Maintenance
DBMS Patching
Database Backups
High Availability
Scaling
Power, HVAC, net
OS Install/Maintenance
OS Patching
DBMS Install/Maintenance
DBMS Patching
Database Backups
High Availability
Scaling
23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Multi-AZ AlwaysOn Availability Group
AWS Region
Amazon
Virtual Private Cloud
Private Subnet: DB
10.0.10.0/24
File Share Witness
Private Subnet: DB
10.0.11.0/24
Active Directory DC1
Private Subnet: DB
10.0.20.0/24
1st SQL Replica
Private Subnet: DB
10.0.21.0/24
Active Directory DC2
Private Subnet: DB
10.0.30.0/24
2nd SQL Replica
AlwaysOn AG (Sync. Mode, Auto. Failover)
AZ A AZ B AZ C
24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Multi-Region AlwaysOn Availability Group
AWS Region
Amazon
Virtual Private Cloud
Private Subnet: DB
10.0.10.0/24
File Share Witness
Private Subnet: DB
10.0.11.0/24
Active Directory DC1
Private Subnet: DB
10.0.20.0/24
1st SQL Replica
Private Subnet: DB
10.0.21.0/24
Active Directory DC2
Private Subnet: DB
10.0.30.0/24
2nd SQL Replica
AZ A AZ B AZ C
AWS Region
Amazon
Virtual Private Cloud
Private Subnet: DB
10.1.10.0/24
Async Remote Replica
Private Subnet: DB
10.1.11.0/24
Active Directory DC3
AZ A
Multi-Region AlwaysOn Availability Group(Sync. Mode, Auto. Failover)
25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Interoperability with Windows-based availability groups
and replicas
26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Failover Cluster Instance
AWS Region
Amazon Virtual Private Cloud
Private Subnet: DB
10.0.10.0/24
1st SQL Replica
Private Subnet: DB
10.0.11.0/24
Active Directory DC1
Private Subnet: DB
10.0.20.0/24
2nd SQL Replica
Private Subnet: DB
10.0.21.0/24
Active Directory DC2
AZ A AZ B
Volume Volume
SIOS DataKeeper
Cluster Edition
Windows Server 2016
Storage Replica
27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security, Certificate,
and Key Management
Configuration and
Systems Management
Storage
and Archiving
Monitoring,
Auditing, and
Logging
DevOps
Availability Zone 2 (AZ2)
Availability Zone 1 (AZ1)
Security Group
Web Server
AutoScaling
AutoScaling
Private Subnet
Security Group
App Server
AutoScaling
AutoScaling
Security Group Security Group
Domain
Controller
AWS Managed
Active Directory
SQL
Server
or
RDS SQL Server
(Secondary)
or
Replica
Replica
Replica
Public Subnet
NAT
GW
Security Group
WAP/Proxy
/RDGW
Security Group
Web Server
AutoScaling
AutoScaling
Private Subnet
Security Group
App Server
AutoScaling
AutoScaling
Security Group
SQL
Server
Security Group
Domain
Controller
AWS Managed
Active Directory
or
RDS SQL Server
(Secondary)
or
Replica
Replica
Replica
Public Subnet
NAT
GW
Security Group
WAP/Proxy
/RDGW
Internet
Gateway
AlwaysOn
AG (Synchronous)
Domain
Controller
Domain
Controller
Denver
Domain
Controller
Domain
Controller
New York
VPN/
DX
IAM Systems Manager S3 AWS CloudTrail AWS
CodeDeploy
AWS
CodePipeline
AWS
CodeBuild
AWS
CodeCommit
Amazon
CloudWatch
Amazon
Glacier
VPN
Endpoint
Amazon
Inspector
AWS
Config
Cloud
HSM
ACM
CloudFront
(Content Dist.
Network)
AWS Shield
(DDOS)
AWS WAF (Web
Application
Firewall
Route 53 (DNS)
Internet
28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon FSx for Windows File Server
Lift and shift your Windows file storage with fully managed windows file servers
Fully managed
Fast and flexible
performance
Native Windows
compatibility
Broad accessibility
Enterprise-ready
29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Native Windows compatibility and features
Native Windows
compatibility
DFS
Namespaces
and
DFS Replication
Integrates with
Microsoft AD
and supports
Windows ACLs
AD
NTFS
Windows Server
Native SMB
2.0 to 3.1.1
SMB
30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS CloudFormation—Components and
Technology
Template AWS CloudFormation Stack
JSON/YAML formatted file
Parameter definition
Resource creation
Configuration actions
Configured AWS resources
Comprehensive service support
Service event aware
Customizable
Framework
Stack creation
Stack updates
Error detection and rollback
32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How AWS CloudFormation Works
1 2 3
33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Quick Starts
Microsoft & SAP
Microsoft servers
Exchange Server
Sharepoint Server
SQL Server
Lync Server
WAP & AD FS
DevOps
PowerShell DSC
Chef Server
Puppet
Ansible Tower
Swift web apps
Docker EE
Databases & storage
MongoDB
SQL Server
Oracle Database
SAP HANA
ONTAP Cloud
SIOS DataKeeper
34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon
CloudWatch
AWS Config
Data
transfer
Server and database
migrations
Application
monitoring/profiling
Discovery
and planning
AWS Application
Discovery Service
AWS Database
Migration Service
(AWS DMS)
AWS Server
Migration Service
(AWS SMS)
AWS Storage
Gateway
Amazon S3 Transfer
Acceleration
AWS Direct
Connect
Amazon Kinesis
Data Firehose
AWS Snowball and
AWS Snowmobile
Migration Tools from AWS and Partners
36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Example Migration Sequence
Step 1 Landing zone
Account structure
Network/Amazon VPC Web
Server
Web
Server
Web
Server
Web
Server
Domain
Controller
Domain
Controller
SQL
Server
SQL
Server
On-Premises Data Center
CloudTrail
CloudWatch
VPC Flow Logs
Systems Manager
Amazon Inspector
AWS Config
AWS WAFAWS Shield
Amazon
Route S3
Root
Prod DevSecurity
Private Subnet, 10.0.0.64/18
Public Subnet, 10.0.0.0/18
VPN/
DX
10.0.0.0/16
37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Example Migration Sequence
Step 1 Landing zone
Account structure
Network/Amazon VPC
Security
Web
Server
Web
Server
Web
Server
Web
Server
Domain
Controller
Domain
Controller
SQL
Server
SQL
Server
On-Premises Data Center
CloudTrail
CloudWatch
VPC Flow Logs
Systems Manager
Amazon Inspector
AWS Config
AWS WAFAWS Shield
Amazon
Route S3
Root
Prod DevSecurity
Security Group
Security Group
Private Subnet, 10.0.0.64/18
Security Group
Public Subnet, 10.0.0.0/18
VPN/
DX
10.0.0.0/16
38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Example Migration Sequence
Step 1 Landing zone
Account structure
Network/Amazon VPC
Security
Active Directory
Web
Server
Web
Server
Web
Server
Web
Server
Domain
Controller
Domain
Controller
SQL
Server
SQL
Server
On-Premises Data Center
CloudTrail
CloudWatch
VPC Flow Logs
Systems Manager
Amazon Inspector
AWS Config
AWS WAFAWS Shield
Amazon
Route S3
Root
Prod DevSecurity
Active Directory
on EC2
AWS Managed
Active Directory
or
VPN/
DX
10.0.0.0/16
39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Example Migration Sequence
Step 2 Database tier
Build out your DBMS infrastructure
Choose a database replication and
synchronization strategy
One-step migration
(suitable for smaller databases
and good connectivity)
Full-diff migration
(suitable for larger databases
and good connectivity)
Zero-downtime migration
(software tool-based solution)
Web
Server
Web
Server
Web
Server
Web
Server
Domain
Controller
Domain
Controller
SQL
Server
SQL
Server
On-Premises Data Center
CloudTrail
CloudWatch
VPC Flow Logs
Systems Manager
Amazon Inspector
AWS Config
AWS WAFAWS Shield
Amazon
Route S3
Root
Prod DevSecurity
Active Directory
on EC2
AWS Managed
Active Directory
or
VPN/
DX
10.0.0.0/16
SQL Server
on EC2
SQL Server
on Amazon RDS
or
40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Example Migration Sequence
Step 3 Server/app
migration
Choose a server/app
migration strategy
Manual migration
(build new servers—migrate app)
Tool-based migration
(block-level migration
and synchronization)
Perform extensive testing
at this stage
Always maintain
rollback capability
Web
Server
Web
Server
Web
Server
Web
Server
Domain
Controller
Domain
Controller
SQL
Server
SQL
Server
On-Premises Data Center
CloudTrail
CloudWatch
VPC Flow Logs
Systems Manager
Amazon Inspector
AWS Config
AWS WAFAWS Shield
Amazon
Route S3
Root
Prod DevSecurity
Active Directory
on EC2
AWS Managed
Active Directory
or
VPN/
DX
10.0.0.0/16
SQL Server
on EC2
SQL Server
on Amazon RDS
or
Web Server
App Server
Web Server
App Server
41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Example Migration Sequence
Step 4
Production cutover
Plan your final cutoff carefully
Ensure any final replication and/or
synchronization occurs
Test your cutover mechanism (DNS
TTL, and so on)
Maintain rollback after cutoff,
if possible
Web
Server
Web
Server
Web
Server
Web
Server
Domain
Controller
Domain
Controller
SQL
Server
SQL
Server
On-Premises Data Center
CloudTrail
CloudWatch
VPC Flow Logs
Systems Manager
Amazon Inspector
AWS Config
AWS WAFAWS Shield
Amazon
Route S3
Root
Prod DevSecurity
Active Directory
on EC2
AWS Managed
Active Directory
or
VPN/
DX
10.0.0.0/16
SQL Server
on EC2
SQL Server
on Amazon RDS
or
Web Server
App Server
Web Server
App Server
42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Server Migration Service Overview
HIPAA Eligible Service which makes it easier and faster for you to migrate on-premises
workloads to AWS from VMware vSphere and Microsoft Hyper-V environments.
Agentless VM migration
Capture incremental change made to on-premises VMs and automatically transfer to AWS
Supports Resuming Failed Replication Jobs, with Hourly Replication Intervals
Migrate a group of VMs simultaneously and orchestrate multiple migrations
AWS Management Console and API/CLI access
Each replicated server volume is saved as a new Amazon Machine Image (AMI), which can be
launched as an EC2 instance.
AWS SMS uses AWS Key Management Service (AWS KMS) customer master keys (CMKs) to
encrypt AMIs, providing you all the benefits associated with using AWS KMS. You can specify
your own CMK identifier or leverage the default CMK used by Amazon Elastic Block Store
(Amazon EBS).
Source:
on-premises
server
AWS Server
Migration Service
(AWS SMS)
Target: Amazon
Machine Image
43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Migration Hub
Better understand your application portfolio
Streamline application portfolio migration planning and tracking
Track migration progress from multiple tools in one place
Reduce time spent determining current status and next steps
Discover Migrate Track
44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Tracking Status Made Easy
45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS DataSync
46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Code Services
Software release steps:
AWS CodeCommit AWS CodeBuild Third-Party Tooling AWS CodeDeploy
AWS CodePipeline
48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CI/CD Pipeline
Continuous integration/continuous deployment
Pull source code from: Build with: Test with: Deploy with:
AWS CodePipeline
Automated continuous integration and continuous delivery release workflow
49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Tooling for .NET
AWS SDK for .NET
AWS Tools for PowerShell
AWS Tools for PowerShell Core
AWS Toolkit for Visual Studio
AWS Tools for Microsoft Visual Studio Team Services
Extensions for the .NET CLI
50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Running AWS Toolkit for Visual Studio
51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Tools for VSTS, what’s included
AWS Elastic
Beanstalk
AWS
Lambda
AWS
CloudFormation
Amazon
S3
AWS
CodeDeploy
AWS
CLI
AWS Tools for
PowerShell
Amazon
SNS
Amazon ECR
Systems Manager
Parameter Store
Systems Manager
Run Command
AWS Lambda
Deployment
52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
.NET Web Applications in AWS Elastic Beanstalk
Enables you to quickly deploy and manage applications in
the AWS Cloud without worrying about the infrastructure
Visual Studio 2013, 2015, and 2017 support
application deployment to Elastic Beanstalk
Support for deploying .NET Core 1.0, 1.1, 2.0 and 2.1 web
applications
Support for deploying .NET Framework web applications
53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS CodeStar
54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Container-Based .NET Core Applications in ECS
1
2
56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon ECS Cluster
ECS cluster
Container Instances → EC2 instances
Task definition
Defines Docker images, memory, CPU, etc.
Running tasks
Transitory process
Container Registry (Amazon ECR)
Services
Long-lived process
Load balancer
ECS registers tasks
Traffic flows to tasks
Cluster
Container registry
(Amazon ECR, Docker hub)
Task definition
T1
T2
T4
T3
Service
Task definition
Service definition
T1
T2
T3
T4
T5
Load balancer
Container instances
57. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What about AWS Fargate?
No managing of EC2 instances
The compute capacity is auto provisioned
Tasks reserve CPU and memory
Billing based on CPU and memory allocated for cluster
Cluster creation simplified
Name
Launch tasks with Amazon VPC configuration and EC2 security group
Supports Time and Event-Based Task Scheduling
58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Fargate Cluster
Cluster
Container registry
(Amazon ECR, Docker hub)
Task definition
T1
T2
T4
T3
Service
Task definition
Service definition
T1
T2
T3
T4
T5
Load balancer
Container instances
59. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Stateless
Highly scalable, self-healing, available
Containerized microservices
AWS serverless platform
• AWS Lambda
• AWS Step Functions
• Amazon API Gateway
• Amazon DynamoDB
• Amazon Simple Notification Service (Amazon SNS)
• Amazon Simple Queue Service (Amazon SQS)
Dynamic/managed allocation of resources
Amazon Route 53—DNS
Serverless Architecture
C#
C#
C#
User/Client
Alexa
Mobile
Phone
S3
HTTPS
REST
REST
REST
Workflow
Steps
SQS
SNS
Workflow
Steps
ElastiCache
RDS
DynamoDB
S3CloudFront
HTTP
Step FunctionsWorker Process
API Gateway
Instance
Workflow
60. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS CloudFormation Template
AWSTemplateFormatVersion: '2010-09-09'
Resources:
GetHtmlFunctionGetHtmlPermissionProd:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/*
ServerlessRestApiProdStage:
Type: AWS::ApiGateway::Stage
Properties:
DeploymentId:
Ref: ServerlessRestApiDeployment
RestApiId:
Ref: ServerlessRestApi
StageName: Prod
ListTable:
Type: AWS::DynamoDB::Table
Properties:
ProvisionedThroughput:
WriteCapacityUnits: 5
ReadCapacityUnits: 5
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- KeyType: HASH
AttributeName: id
GetHtmlFunction:
Type: AWS::Lambda::Function
Properties:
Handler: index.gethtml
Code:
S3Bucket: flourish-demo-bucket
S3Key: todo_list.zip
Role:
Fn::GetAtt:
- GetHtmlFunctionRole
- Arn
Runtime: nodejs4.3
GetHtmlFunctionRole:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
ServerlessRestApiDeployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId:
Ref: ServerlessRestApi
Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d'
StageName: Stage
GetHtmlFunctionGetHtmlPermissionTest:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/*
ServerlessRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Body:
info:
version: '1.0'
title:
Ref: AWS::StackName
paths:
"/{proxy+}":
x-amazon-apigateway-any-method:
x-amazon-apigateway-integration:
httpMethod: ANY
type: aws_proxy
uri:
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetHtmlFunction.Arn}/invocations
responses: {}
swagger: '2.0'
61. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS CloudFormation Template
AWSTemplateFormatVersion: '2010-09-09'
Resources:
GetHtmlFunctionGetHtmlPermissionProd:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/*
ServerlessRestApiProdStage:
Type: AWS::ApiGateway::Stage
Properties:
DeploymentId:
Ref: ServerlessRestApiDeployment
RestApiId:
Ref: ServerlessRestApi
StageName: Prod
ListTable:
Type: AWS::DynamoDB::Table
Properties:
ProvisionedThroughput:
WriteCapacityUnits: 5
ReadCapacityUnits: 5
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- KeyType: HASH
AttributeName: id
GetHtmlFunction:
Type: AWS::Lambda::Function
Properties:
Handler: index.gethtml
Code:
S3Bucket: flourish-demo-bucket
S3Key: todo_list.zip
Role:
Fn::GetAtt:
- GetHtmlFunctionRole
- Arn
Runtime: nodejs4.3
GetHtmlFunctionRole:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
ServerlessRestApiDeployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId:
Ref: ServerlessRestApi
Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d'
StageName: Stage
GetHtmlFunctionGetHtmlPermissionTest:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/*
ServerlessRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Body:
info:
version: '1.0'
title:
Ref: AWS::StackName
paths:
"/{proxy+}":
x-amazon-apigateway-any-method:
x-amazon-apigateway-integration:
httpMethod: ANY
type: aws_proxy
uri:
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetHtmlFunction.Arn}/invocations
responses: {}
swagger: '2.0'
62. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Serverless Application Model (AWS SAM)
AWS CloudFormation extension optimized for
serverless
New serverless resource types: functions, APIs, and
tables
Supports anything AWS CloudFormation supports
Open specification (Apache 2.0)
https://github.com/awslabs/serverless-application-
model
63. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS SAM Template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable
Tells AWS CloudFormation that this is
an AWS SAM template it needs to
“transform”
Creates a Lambda function with the
referenced managed IAM policy,
runtime, code at the referenced zip
location, and handler as defined. Also
creates an API Gateway and takes care
of all mapping/permissions necessary
Creates a DynamoDB table
with five read and write units
64. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
This pipeline:
Five stages
Builds code artifact
Three deployed to “environments”
Uses AWS CloudFormation to deploy
artifact and other AWS resources
Has Lambda custom actions for
running my own testing functions
Integrates with a third-party tool/service
Has a manual approval before
deploying to production
An Example Minimal Pipeline
Source
Source
CodeCommit
MyApplication
Build
test-build-source
CodeBuild
Deploy Testing
create-changeset
AWS CloudFormation
execute-changeset
AWS CloudFormation
Run-stubs
AWS Lambda
Deploy Staging
create-changeset
AWS CloudFormation
execute-changeset
AWS CloudFormation
Run-API-test
Runscope
QA-Sign-off
Manual Approval
Review
Deploy Prod
create-changeset
AWS CloudFormation
execute-changeset
AWS CloudFormation
Post-Deploy-Slack
AWS Lambda
65. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
66. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Systems Manager Capabilities
Run Command Maintenance Window Inventory
State Manager Parameter Store Patch Manager
Automation
Deploy, configure,
and administer
Track and
update
Shared
capabilities
Distributor
67. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Managing Your Environment
with AWS Systems Manager
Availability Zone
Web security group
Private subnet
Accept traffic
from Systems Manager
WEB2WEB1
AWS Systems
Manager
Amazon S3
bucket
SNS topic CloudWatch
metric
AWS administrator
Corporate data center
IAM policy
68. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon CloudWatch and CloudWatch Logs
Monitor EC2 metrics
(CPU, disk usage, and so on)
Monitor AWS resources
(EBS volumes, Elastic Load
Balancers, and so on)
Monitor logs and
configure alerts
Store logs and perform analytics
CloudWatch/
CloudWatch Logs
Availability Zone
SharePoint
Front-end
SQL
Server
Domain
Controller
Amazon
Kinesis
AWS
Lambda
Amazon
S3
Amazon
Redshift
CloudWatch/
CloudWatch Logs
Availability Zone
SharePoint
Front-end
SQL
Server
Domain
Controller
CloudWatch
Alarms
Amazon SWF
Emails
Amazon
SES
69. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Monitoring
Amazon
CloudWatch
AWS
CloudTrail
AWS
Config
AWS Trusted
Advisor
Amazon VPC
AWS
Lambda
Amazon ES
EC2
Amazon Kinesis
Flow logs
Amazon
QuickSight
70. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
71. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.