Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

AWS Architecture.pdf

Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité

Consultez-les par la suite

1 sur 125 Publicité

AWS Architecture.pdf

Télécharger pour lire hors ligne

AWS has a huge product catalog, resulting in information overload when you try to begin. How do you know where to start?

I will take you on a step-by-step journey on how I approach AWS Architecture. In every step, I will show you the necessary considerations, how to make decisions about your design, and back this up with real-life experience. I will highlight often overlooked pitfalls that come with years of experience. If you make mistakes in the early design steps, you will face costly infrastructure migrations in the future and limit your company’s growth.

After this talk you will be able to design your own AWS cloud architecture first time right.

AWS has a huge product catalog, resulting in information overload when you try to begin. How do you know where to start?

I will take you on a step-by-step journey on how I approach AWS Architecture. In every step, I will show you the necessary considerations, how to make decisions about your design, and back this up with real-life experience. I will highlight often overlooked pitfalls that come with years of experience. If you make mistakes in the early design steps, you will face costly infrastructure migrations in the future and limit your company’s growth.

After this talk you will be able to design your own AWS cloud architecture first time right.

Publicité
Publicité

Plus De Contenu Connexe

Publicité

AWS Architecture.pdf

  1. 1. A PRACTICAL GUIDE AWS ARCHITECTURE
  2. 2. MY FIRST STEPS
  3. 3. OVERWHELMED
  4. 4. SLUGGISH
  5. 5. YOU ARE NOT ALONE
  6. 6. GURU
  7. 7. MOVING MOUNTAINS
  8. 8. SOLUTION
  9. 9. INTRODUCTION STEFFAN NORBERHUIS ▸ Freelance AWS & DevOps Consultant ▸ Twitter: @snorberhuis ▸ steffan@norberhuis.nl ▸ Feel free to contact me!
  10. 10. SYSTEMATIC APPROACH AWS ARCHITECTURE
  11. 11. DESIGN CHOICES
  12. 12. AWS ARCHITECTURE SYSTEMATIC APPROACH 1. Accounts + IAM 2. Regions 3. VPC + Networking 4. Endpoint 5. Storage 6. Compute 7. Events 8. CI/CD 9. Observability 10. Security 11. Reliability 12. Cost Savings
  13. 13. AWS ARCHITECTURE ACCOUNTS REGIONS VPC ENDPOINT STORAGE COMPUTE EVENTS CI/CD OBSERVABILITY SECURITY COSTS Juli Juli August RELIABILITY Week 1 Week 2 Week 3
  14. 14. FAILING TO PLAN, IS PLANNING TO FAIL Benjamin Franklin AWS ARCHITECTURE
  15. 15. AWS ARCHITECTURE AWS WELL-ARCHITECTED FRAMEWORK Operational Excellence Security Excellence Reliability Excellence Performance Ef fi ciency Excellence Cost Optimization Excellence Sustainability Excellence Well-Architected Framework
  16. 16. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  17. 17. ACCOUNTS & IAM AWS ARCHITECTURE
  18. 18. PURPOSE
  19. 19. AWS ARCHITECTURE AWS ACCOUNTS ▸ Billing Overview ▸ Transfer of Ownership ▸ Easy Naming ▸ Less Complexity ▸ Individual Account limits ▸ Security ▸ Data
  20. 20. AWS ARCHITECTURE ACCOUNTS ▸ Root Account
  21. 21. SINGLE SIGN ON
  22. 22. UNDERPANTS PROBLEM
  23. 23. AWS ARCHITECTURE ACCOUNTS ▸ Root Account ▸ Workloads ▸ Event Bus Account ▸ Network Account ▸ Log Archive Account ▸ Security Account
  24. 24. AWS ARCHITECTURE EXAMPLE: ACCOUNTS CICD Accept Accept Root Account Network Event Bus DEV ACCEPT PROD CICD DEV ACCEPT PROD CICD DEV ACCEPT PROD
  25. 25. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  26. 26. REGIONS AWS ARCHITECTURE
  27. 27. FILTER
  28. 28. DATA SOVEREIGNTY
  29. 29. LATENCY
  30. 30. AWS ARCHITECTURE LATENCY CLASSIFICATION Real Time 0-80 ms Gaming Ultra low Latency 0-200 ms Video Conference Low Latency 200 ms - 2s E-Commerce Reduced Latency 2s-5s Small batch reporting
  31. 31. COST
  32. 32. INNOVATION SPEED
  33. 33. CHECK YOUR REGION
  34. 34. AWS ARCHITECTURE REGIONS ▸ EU-WEST-1 ▸ US-EAST-2 ▸ US-WEST-2 ▸ SA-EAST-1 ▸ AF-SOUTH-1 ▸ ME-SOUTH-1 ▸ AP-SOUTHEAST-1 ▸ AP SOUTHEAST-2
  35. 35. AWS ARCHITECTURE EXAMPLE: REGIONS DEV Region EU-CENTRAL-2 CICD ACCEPT Region EU-CENTRAL-2 PROD-EU Region EU-CENTRAL-1 Region EU-CENTRAL-2 ROOT PROD-US Region US-EAST-2
  36. 36. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  37. 37. VPC & NETWORKING AWS ARCHITECTURE
  38. 38. PLAN YOUR CIDR
  39. 39. PLAN YOUR TRAFFIC
  40. 40. NACLS IS FOR LANDING ZONES
  41. 41. VPC IS NOT CLOUD NATIVE
  42. 42. AWS ARCHITECTURE EXAMPLE: VPC Private PROD VPC Isolated Public NETWORK VPC Public Public
  43. 43. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  44. 44. ENDPOINT AWS ARCHITECTURE
  45. 45. PICK CUSTOMER ENDPOINT
  46. 46. AWS ARCHITECTURE ENDPOINT REQUIREMENTS ▸ Static IP ▸ Mutual TLS ▸ Authentication ▸ Rate Limit ▸ Integrations
  47. 47. AWS ARCHITECTURE ENDPOINT OPTIONS ▸ DNS Level: ▸ Route53 ▸ Server Level: ▸ Elastic Load Balancer ▸ API Gateway ▸ Client Level ▸ Cloud Map ▸ App Mesh
  48. 48. API GATEWAY
  49. 49. APPLICATION LOAD BALANCER
  50. 50. CONTENT DELIVERY NETWORK
  51. 51. PLAN URLS
  52. 52. AWS ARCHITECTURE EXAMPLE: ENDPOINTS & URLS Private PROD VPC Isolated Public api.eu.prod.foobar.com
  53. 53. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  54. 54. STORAGE AWS ARCHITECTURE
  55. 55. PICK THE STORAGE
  56. 56. AWS ARCHITECTURE STORAGE OPTIONS ▸ Online Transaction Processing (OLTP) ▸ Online Analytical Processing (OLAP) ▸ Blob Storage ▸ Timeseries ▸ File storage
  57. 57. OLTP
  58. 58. AWS ARCHITECTURE OLTP OPTIONS ▸ Relational ▸ Key-Value / Document ▸ Search ▸ Graph ▸ In-Memory
  59. 59. COMPUTE OLTP ▸ RDS: superseded by Aurora ▸ Aurora: Highly adaptable, Highly scaled ▸ DynamoDB: Great power comes great responsibility
  60. 60. AWS ARCHITECTURE EXAMPLE: STORAGE Isolated Private PROD VPC Isolated Public Public Private
  61. 61. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  62. 62. COMPUTE AWS ARCHITECTURE
  63. 63. PICK THE RIGHT TOOL
  64. 64. AWS ARCHITECTURE COMPUTE OPTIONS ▸ General Purpose ▸ Batch ▸ Streaming ▸ Machine Learning ▸ Frontend
  65. 65. SKILL LEVEL
  66. 66. TESTING MATURITY
  67. 67. BUILD INFRASTRUCTURE
  68. 68. SPEED CONTROL
  69. 69. BUSINESS SYNERGY
  70. 70. AWS ARCHITECTURE GENERAL PURPOSE ▸ Lightsail: Proof of Concept ▸ EC2: ignore, unless if you do HPC ▸ Elastic Beanstalk: Ignore ▸ ECS Fargate: Always a good choice ▸ Lambda: Adopt if: ▸ Mature in Automatic Testing ▸ Build your own Infrastructure
  71. 71. SCALING
  72. 72. AWS ARCHITECTURE EXAMPLE: COMPUTE Isolated Private PROD VPC Isolated Public Public Private
  73. 73. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  74. 74. EVENTS AWS ARCHITECTURE
  75. 75. ORGANISATIONAL SCALE
  76. 76. INTEGRATIONS
  77. 77. LATENCY / THROUGHPUT
  78. 78. OPERATIONAL
  79. 79. AWS ARCHITECTURE EVENTS ▸ SNS / SQS: Event Driven Architecture in 1 Domain ▸ Event Bridge: Event Bus across teams ▸ Kinesis: Data streams with high capacity ▸ Kafka: Integration with heterogeneous environment
  80. 80. AWS ARCHITECTURE EXAMPLE: EVENTS Isolated Private PROD VPC Isolated Public Public Private Event
  81. 81. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  82. 82. CI / CD PIPELINES AWS ARCHITECTURE
  83. 83. MANUAL
  84. 84. BUILD
  85. 85. DEPLOY
  86. 86. ENVIRONMENT PER DEVELOPER
  87. 87. SECRETS
  88. 88. AWS INFRASTRUCTURETEXT PIPELINE TYPES ▸ Manual ▸ CICD Bootstrap ▸ Secrets ▸ Build ▸ Infrastructure ▸ Application ▸ Deploy ▸ Infrastructure ▸ Application ▸ Database Schema
  89. 89. AWS ARCHITECTURE EXAMPLE: CICD CICD DEV ACCEPT PROD GitHub
  90. 90. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  91. 91. OBSERVABILITY AWS ARCHITECTURE
  92. 92. OBSERVE CUSTOMER EXPERIENCE
  93. 93. ALARMS TICKETS
  94. 94. RUNBOOKS
  95. 95. STRUCTURED LOGS
  96. 96. AWS ARCHITECTURE STRUCTURED LOGS { "trace_id": "252B1931-5B14-4B22-BB9A-2B089ABC52B4", "customer_id": "D64923EA-0D74-4DD9-9299-2C73DDD4A79A", "user_flow": "payment_subscription", "info": "Requesting payment at Credit Card Provider" } { "trace_id": "252B1931-5B14-4B22-BB9A-2B089ABC52B4", "customer_id": "D64923EA-0D74-4DD9-9299-2C73DDD4A79A", "user_flow": "payment_subscription", "error": "Insufficient balance" },
  97. 97. AWS ARCHITECTURE EXAMPLE: OBSERVABILITY Isolated Private PROD VPC Isolated Public Public Private
  98. 98. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  99. 99. SECURITY AWS ARCHITECTURE
  100. 100. SECURITY SPECIFIC
  101. 101. MAINTENANCE STRATEGY
  102. 102. ENDPOINT SECURITY
  103. 103. LEAST PRIVILEGE
  104. 104. DETECTION
  105. 105. THREAT MODELLING
  106. 106. AWS ARCHITECTURE EXAMPLE: SECURITY PROD VPC Public Public Amazon Inspector Amazon GuardDuty Amazon Macie Security
  107. 107. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  108. 108. RELIABILITY AWS ARCHITECTURE
  109. 109. RELIABILITY THROUGH CLOUD NATIVE
  110. 110. FAILURE POINTS
  111. 111. RECOVERY PROCEDURE
  112. 112. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  113. 113. COST OPTIMISATION AWS ARCHITECTURE
  114. 114. RESOURCE BILLING
  115. 115. PUT IT IN YOUR TIMELINE
  116. 116. TIME CAP YOUR OPTIMIZATION
  117. 117. RESERVE YOUR REDUNDANCY
  118. 118. CHECK YOUR SCALING
  119. 119. TURN OFF/ON
  120. 120. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  121. 121. CONCLUSION AWS ARCHITECTURE
  122. 122. AWS ARCHITECTURE AWS ARCHITECTURE FRAMEWORK 1. Accounts + IAM 2. Regions 3. VPC + Networking 4. Endpoint 5. Storage 6. Compute 7. Events 8. CI/CD 9. Observability 10. Security 11. Reliability 12. Cost Savings
  123. 123. AWS ARCHITECTURE WORKSHOP ▸ 3 day workshop ▸ Hands on experience ▸ Infrastructure as Code NORBERHUIS.NL/AWS-ARCHITECTURE-WORKSHOP/ Dates: 21/12/22 - 23/12/22 18/01/23 - 20/01/23
  124. 124. ? ANY QUESTIONS @snorberhuis norberhuis.nl
  125. 125. INTRODUCTION STEFFAN NORBERHUIS ▸ Freelance AWS & DevOps Consultant ▸ Twitter: @snorberhuis ▸ steffan@norberhuis.nl ▸ Feel free to contact me!

×